Revert "Enable Seccomp-BPF sandbox for renderers/workers and PPAPI processes on i386."

content/common/sandbox_seccomp_bpf_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <asm/unistd.h>
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/audit.h>
 #include <linux/filter.h>
@@ skipping 30 matching lines @@
 namespace {
 
 inline bool IsChromeOS() {
 #if defined(OS_CHROMEOS)
   return true;
 #else
   return false;
 #endif
 }
 
-inline bool IsArchitectureI386() {
-#if defined(__i386__)
-  return true;
-#else
-  return false;
-#endif
-}
-
 inline bool IsArchitectureArm() {
 #if defined(__arm__)
   return true;
 #else
   return false;
 #endif
 }
 
 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
   int syscall = args.nr;
@@ skipping 1125 matching lines @@
 #if defined(__arm__)
       IsArmPciConfig(sysno) ||
 #endif
       IsTimer(sysno)) {
     return true;
   } else {
     return false;
   }
 }
 
+// x86_64 and ARM for now. Needs to be adapted and tested for i386.
 ErrorCode BaselinePolicy(int sysno) {
   if (IsBaselinePolicyAllowed(sysno)) {
     return ErrorCode(ErrorCode::ERR_ALLOWED);
   }
-
-#if defined(__i386__)
-  // socketcall(2) should be tightened.
-  if (IsSocketCall(sysno)) {
-    return ErrorCode(ErrorCode::ERR_ALLOWED);
-  }
-#endif
-
   // TODO(jln): some system calls in those sets are not supposed to
   // return ENOENT. Return the appropriate error.
   if (IsFileSystem(sysno) || IsCurrentDirectory(sysno)) {
     return ErrorCode(ENOENT);
   }
 
   if (IsUmask(sysno) || IsDeniedFileSystemAccessViaFd(sysno) ||
       IsDeniedGetOrModifySocket(sysno)) {
     return ErrorCode(EPERM);
   }
@@ skipping 54 matching lines @@
     case __NR_sched_getscheduler:
     case __NR_sched_setscheduler:
     case __NR_setpriority:
     case __NR_sysinfo:
     case __NR_times:
     case __NR_uname:
       return ErrorCode(ErrorCode::ERR_ALLOWED);
     case __NR_prlimit64:
       return ErrorCode(EPERM);  // See crbug.com/160157.
     default:
-      // These need further tightening.
 #if defined(__x86_64__) || defined(__arm__)
       if (IsSystemVSharedMemory(sysno))
         return ErrorCode(ErrorCode::ERR_ALLOWED);
 #endif
-#if defined(__i386__)
-      if (IsSystemVIpc(sysno))
-        return ErrorCode(ErrorCode::ERR_ALLOWED);
-#endif
 
       // Default on the baseline policy.
       return BaselinePolicy(sysno);
   }
 }
 
+// x86_64 and ARM for now. Needs to be adapted and tested for i386.
 ErrorCode FlashProcessPolicy(int sysno, void *) {
   switch (sysno) {
     case __NR_sched_getaffinity:
     case __NR_sched_setscheduler:
     case __NR_times:
       return ErrorCode(ErrorCode::ERR_ALLOWED);
     case __NR_ioctl:
       return ErrorCode(ENOTTY);  // Flash Access.
     default:
-      // These need further tightening.
 #if defined(__x86_64__) || defined(__arm__)
+      // These are under investigation, and hopefully not here for the long
+      // term.
       if (IsSystemVSharedMemory(sysno))
         return ErrorCode(ErrorCode::ERR_ALLOWED);
 #endif
-#if defined(__i386__)
-      if (IsSystemVIpc(sysno))
-        return ErrorCode(ErrorCode::ERR_ALLOWED);
-#endif
 
       // Default on the baseline policy.
       return BaselinePolicy(sysno);
   }
 }
 
 ErrorCode BlacklistDebugAndNumaPolicy(int sysno, void *) {
   if (!Sandbox::isValidSyscallNumber(sysno)) {
     // TODO(jln) we should not have to do that in a trivial policy.
     return ErrorCode(ENOSYS);
@@ skipping 30 matching lines @@
           "/usr/lib64/va/drivers/i965_drv_video.so";
       dlopen(kI965DrvVideoPath_64, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
     }
   }
 #endif
 }
 
 Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
     const CommandLine& command_line,
     const std::string& process_type) {
+#if defined(__x86_64__) || defined(__arm__)
   if (process_type == switches::kGpuProcess) {
     // On Chrome OS, --enable-gpu-sandbox enables the more restrictive policy.
-    // However, we don't yet enable the more restrictive GPU process policy
-    // on i386 or ARM.
-    if (IsArchitectureI386() || IsArchitectureArm() ||
+    // However, we never enable the more restrictive GPU process policy on ARM.
+    if (IsArchitectureArm() ||
         (IsChromeOS() && !command_line.HasSwitch(switches::kEnableGpuSandbox)))
       return BlacklistDebugAndNumaPolicy;
     else
       return GpuProcessPolicy_x86_64;
   }
 
   if (process_type == switches::kPpapiPluginProcess) {
     // TODO(jln): figure out what to do with non-Flash PPAPI
     // out-of-process plug-ins.
     return FlashProcessPolicy;
   }
 
   if (process_type == switches::kRendererProcess ||
       process_type == switches::kWorkerProcess) {
     return RendererOrWorkerProcessPolicy;
   }
 
   if (process_type == switches::kUtilityProcess) {
     return BlacklistDebugAndNumaPolicy;
   }
 
   NOTREACHED();
   // This will be our default if we need one.
   return AllowAllPolicy;
+#else
+  // On other architectures (currently IA32),
+  // we only have a small blacklist at the moment.
+  (void) process_type;
+  return BlacklistDebugAndNumaPolicy;
+#endif  // __x86_64__ || __arm__
 }
 
 // Initialize the seccomp-bpf sandbox.
 bool StartBpfSandbox(const CommandLine& command_line,
                      const std::string& process_type) {
   Sandbox::EvaluateSyscall SyscallPolicy =
       GetProcessSyscallPolicy(command_line, process_type);
 
   // Warms up resources needed by the policy we're about to enable.
   WarmupPolicy(SyscallPolicy);
@@ skipping 53 matching lines @@
       // Process-specific policy.
       ShouldEnableSeccompBpf(process_type) &&
       SupportsSandbox()) {
     return StartBpfSandbox(command_line, process_type);
   }
 #endif
   return false;
 }
 
 }  // namespace content