stupdate/policies/amd64/stupdate.read.policy - chromiumos/platform/touch_updater - Git at Google

 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # These seccomp rules specify only the syscalls used by st-touch-fw-updater
 # when reading a firmware image file to retrieve its version.

 openat: 1
 stat: 1
 mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 read: 1
 fstat: 1
 newfstatat: 1
 mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 brk: 1
 close: 1
 execve: 1
 access: 1
 arch_prctl: 1
 munmap: 1
 write: 1
 exit_group: 1
 restart_syscall: 1
 exit: 1
 rt_sigreturn: 1
 fstatfs: 1
	# Copyright 2019 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# These seccomp rules specify only the syscalls used by st-touch-fw-updater
	# when reading a firmware image file to retrieve its version.

	openat: 1
	stat: 1
	mmap: arg2 in ~PROT_EXEC \|\| arg2 in ~PROT_WRITE
	read: 1
	fstat: 1
	newfstatat: 1
	mprotect: arg2 in ~PROT_EXEC \|\| arg2 in ~PROT_WRITE
	brk: 1
	close: 1
	execve: 1
	access: 1
	arch_prctl: 1
	munmap: 1
	write: 1
	exit_group: 1
	restart_syscall: 1
	exit: 1
	rt_sigreturn: 1
	fstatfs: 1