# Copyright 2020 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

@include /usr/share/policy/crosvm/common_device.policy

# Syscalls specific to video devices.
clock_getres: 1
connect: 1
getdents: 1
getdents64: 1
getegid: 1
geteuid: 1
getgid: 1
getresgid: 1
getresuid: 1
getsockname: 1
getuid: 1
# ioctl: arg1 == DRM_IOCTL_*
ioctl: arg1 & 0x6400
openat: 1
sched_yield: 1
setpriority: 1
socket: arg0 == AF_UNIX
stat: 1
fstat: 1

# Rules needed for minigbm on AMD devices.
getrandom: 1
lstat: 1
# mmap/mprotect differ from the common_device.policy
mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
readlink: 1
sched_setaffinity: 1
sched_setscheduler: arg1 == SCHED_IDLE || arg1 == SCHED_BATCH
uname: 1

# Required by mesa on AMD GPU
sysinfo: 1

prctl: arg0 == PR_SET_NAME