From 363d6138f325e2f2f8c62843d35a047823d5868e Mon Sep 17 00:00:00 2001
From: Daniel Verkamp <dverkamp@chromium.org>
Date: Fri, 12 Jan 2024 11:27:16 -0800
Subject: [PATCH] jail: seccomp: fix missing syscall for fs on arm

The libc::getresuid() function uses the getresuid32 syscall on 32-bit
arm userspace (this allows for 32-bit uid_t instead of 16-bit uid_t),
resulting in a SIGSYS crash for seccomp syscall violation when the fs
device starts up.

BUG=b:319533848
BUG=b:231324557

Fixes: eeea9b93d214 ("devices: virtio: Skip setting SECBIT_NO_SETUID_FIXUP for regular user.")
Change-Id: Ifc1ed1526c7d9c9e8a831b4695a446ac392835f6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5193106
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Lepton Wu <lepton@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Lepton Wu <lepton@chromium.org>
---
 jail/seccomp/arm/fs_device.policy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jail/seccomp/arm/fs_device.policy b/jail/seccomp/arm/fs_device.policy
index cc3a40fe68..f540f253ae 100644
--- a/jail/seccomp/arm/fs_device.policy
+++ b/jail/seccomp/arm/fs_device.policy
@@ -28,7 +28,7 @@ getdents64: 1
 getegid32: 1
 geteuid32: 1
 getrandom: 1
-getresuid: 1
+getresuid32: 1
 # Use constants for verity ioctls since minijail doesn't understand them yet.
 # 0x40806685 = FS_IOC_ENABLE_VERITY
 # 0xc0046686 = FS_IOC_MEASURE_VERITY