| # Copyright 2024 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # These seccomp rules specify only the syscalls used by the ftphid_ezupg_ap |
| # tool. The updater ftphid_ezupg_ap should only be used through minijail with |
| # these rules. |
| |
| # rseq should be first due to frequency and purpose to decrease nptl latency |
| rseq: 1 |
| arch_prctl: 1 |
| # ftphid_ezupg_ap : it's necessary for basic comminication |
| execve: 1 |
| exit_group: 1 |
| close: 1 |
| write: 1 |
| read: 1 |
| pselect6: 1 |
| # IOCTL Information: |
| # ftphid_ezupg_ap: |
| # HIDIOSCFEATURE: 0xc0404806 |
| # HIDIOGCFEATURE: 0xc0404807 |
| # HIDIOCGRAWINFO: 0x80084803 |
| # HIDIOCSOUTPUT: 0xC0404808 |
| # HIDIOCGOUTPUT: 0x8040480B |
| ioctl: arg1 == 0xc0404806 || arg1 == 0xc0404807 || arg1 == 0x80084803 || \ |
| arg1 == 0xC0404808 || arg1 == 0x8040480B |
| mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE |
| mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE |
| getrandom: arg2 in ~GRND_RANDOM |
| # ftphid_ezupg_ap : it's necessary for basic comminication |
| prctl: 1 |
| clock_nanosleep: 1 |
| openat: 1 |
| newfstatat: 1 |
| getdents: 1 |
| getdents64: 1 |
