crossvm/tests/plugin.policy

# Copyright 2017 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

close: 1
dup: 1
dup2: 1
execve: 1
exit_group: 1
futex: 1
kill: 1
lseek: 1
mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
munmap: 1
read: 1
recvfrom: 1
sched_getaffinity: 1
set_robust_list: 1
sigaltstack: 1
# Disallow clone's other than new threads.
clone: arg0 & 0x00010000
clone3: 1
write: 1
eventfd2: 1
poll: 1
getpid: 1
getppid: 1
# Allow PR_SET_NAME only.
prctl: arg0 == 15
rseq: 1
access: 1
arch_prctl: 1
brk: 1
exit: 1
fcntl: 1
fstat: 1
ftruncate: 1
getcwd: 1
getrlimit: 1
# TUNGETFEATURES
ioctl: arg1 == 0x800454CF
madvise: 1
memfd_create: 1
mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
open: 1
openat: 1
prlimit64: arg2 == 0 && arg3 != 0
recvmsg: 1
restart_syscall: 1
rt_sigaction: 1
rt_sigprocmask: 1
sendmsg: 1
set_tid_address: 1
stat: 1
writev: 1