policies/arm/wacom_flash.update.policy - chromiumos/platform/touch_updater - Git at Google

 # Copyright 2016 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # These seccomp rules specify only the syscalls used by the Wacom FW updater
 # tool.  The updater wacom_flash should only be used through minijail with
 # these rules.
 write: 1
 nanosleep: 1
 clock_gettime: 1
 clock_nanosleep: 1
 clock_nanosleep_time64: 1
 read: 1
 open: 1
 openat: 1
 stat64: 1
 statx: 1
 mmap2: 1
 fstat64: 1
 fstatat64: 1
 faccessat: 1
 faccessat2: 1
 mprotect: 1
 close: 1
 ioctl: arg1 == 0x706 || arg1 == 0x707
 brk: 1
 munmap: 1
 restart_syscall: 1
 exit: 1
 rt_sigreturn: 1
 access: 1
 exit_group: 1
 ARM_set_tls: 1
 uname: 1
 execve: 1
 _llseek: 1
 getpid: 1
 fstatfs: 1
 fstatfs64: 1
	# Copyright 2016 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	# These seccomp rules specify only the syscalls used by the Wacom FW updater
	# tool. The updater wacom_flash should only be used through minijail with
	# these rules.
	write: 1
	nanosleep: 1
	clock_gettime: 1
	clock_nanosleep: 1
	clock_nanosleep_time64: 1
	read: 1
	open: 1
	openat: 1
	stat64: 1
	statx: 1
	mmap2: 1
	fstat64: 1
	fstatat64: 1
	faccessat: 1
	faccessat2: 1
	mprotect: 1
	close: 1
	ioctl: arg1 == 0x706 \|\| arg1 == 0x707
	brk: 1
	munmap: 1
	restart_syscall: 1
	exit: 1
	rt_sigreturn: 1
	access: 1
	exit_group: 1
	ARM_set_tls: 1
	uname: 1
	execve: 1
	_llseek: 1
	getpid: 1
	fstatfs: 1
	fstatfs64: 1