1# Copyright 2018 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# common policy 6brk: 1 7clone: arg0 & CLONE_THREAD 8close: 1 9dup2: 1 10dup: 1 11epoll_create1: 1 12epoll_ctl: 1 13epoll_wait: 1 14eventfd2: 1 15exit: 1 16exit_group: 1 17futex: 1 18getpid: 1 19gettimeofday: 1 20kill: 1 21madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 22mmap: arg2 in ~PROT_EXEC 23mprotect: arg2 in ~PROT_EXEC 24mremap: 1 25munmap: 1 26nanosleep: 1 27pipe2: 1 28poll: 1 29ppoll: 1 30prctl: arg0 == PR_SET_NAME 31read: 1 32recvfrom: 1 33recvmsg: 1 34restart_syscall: 1 35rt_sigaction: 1 36rt_sigprocmask: 1 37rt_sigreturn: 1 38sched_getaffinity: 1 39sendmsg: 1 40set_robust_list: 1 41sigaltstack: 1 42write: 1 43 44# tpm-specific policy 45chdir: 1 46fstat: 1 47fsync: 1 48ftruncate: 1 49getuid: 1 50lseek: 1 51mkdir: 1 52open: 1 53openat: 1 54socket: return EACCES 55stat: 1 56statx: 1 57