Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / crosvm / 5d0617cd8882efd70e776da8ca6f7aa8a519252e
commit5d0617cd8882efd70e776da8ca6f7aa8a519252e[log] [tgz]
authorDaniel Verkamp <dverkamp@chromium.org>Tue Feb 22 15:24:52 2022 -0800
committerCommit Bot <commit-bot@chromium.org>Wed Feb 23 19:23:31 2022 +0000
treeda5351783e77a3e160115a22b5b8c54832febda3
parent6dce4fa0d40dd11d4d65042384ec5f10eed21a60 [diff]
seccomp: use common_device.policy in tpm_device.policy

The TPM device was changed to manually include an edited subset of
common_device.policy in commit 25a86d99cca8 ("tpm: Update tpm device
policy to support libtpm2") because common_device.policy included rules
for open and openat at the time, and the TPM device needed to override
those rules. Now that common_device.policy no longer defines rules for
open and openat, it is safe to include the common policy instead of
duplicating it.

BUG=None
TEST=build with features=tpm and run with --software-tpm

Change-Id: Ia79d63fcf2cd2c5303384f4d0607b3b543406098
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3482029
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
3 files changed
tree: da5351783e77a3e160115a22b5b8c54832febda3
  1. .cargo/
  2. .devcontainer/
  3. .github/
  4. aarch64/
  5. acpi_tables/
  6. arch/
  7. bin/
  8. bit_field/
  9. ci/
  10. common/
  11. crosvm-fuzz/
  12. crosvm_control/
  13. crosvm_plugin/
  14. devices/
  15. disk/
  16. docs/
  17. fuse/
  18. gpu_display/
  19. hypervisor/
  20. integration_tests/
  21. kernel_cmdline/
  22. kernel_loader/
  23. kvm/
  24. kvm_sys/
  25. libcras_stub/
  26. libvda/
  27. linux_input_sys/
  28. logo/
  29. net_sys/
  30. net_util/
  31. power_monitor/
  32. protos/
  33. qcow_utils/
  34. resources/
  35. rutabaga_gfx/
  36. seccomp/
  37. src/
  38. system_api_stub/
  39. tests/
  40. third_party/
  41. tools/
  42. tpm2/
  43. tpm2-sys/
  44. usb_sys/
  45. usb_util/
  46. vfio_sys/
  47. vhost/
  48. virtio_sys/
  49. vm_control/
  50. vm_memory/
  51. x86_64/
  52. .dockerignore
  53. .gitignore
  54. .gitmodules
  55. .rustfmt.toml
  56. ARCHITECTURE.md
  57. Cargo.toml
  58. CONTRIBUTING.md
  59. LICENSE
  60. navbar.md
  61. OWNERS
  62. README.chromeos.md
  63. README.md
  64. run_tests
  65. rust-toolchain
  66. setup_cros_cargo.sh
  67. test_all
  68. unblocked_terms.txt
README.md

crosvm - The Chrome OS Virtual Machine Monitor

crosvm is a virtual machine monitor (VMM) based on Linux’s KVM hypervisor, with a focus on simplicity, security, and speed. crosvm is intended to run Linux guests, originally as a security boundary for running native applications on the Chrome OS platform. Compared to QEMU, crosvm doesn’t emulate architectures or real hardware, instead concentrating on paravirtualized devices, such as the virtio standard.

crosvm is currently used to run Linux/Android guests on Chrome OS devices.

Logo