Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(412)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mojo/runner/linux_sandbox.cc

Issue 1318063006: mandoline: lock down the linux sandbox more. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "mojo/runner/linux_sandbox.h" 5 #include "mojo/runner/linux_sandbox.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/syscall.h> 8 #include <sys/syscall.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/debug/leak_annotations.h" 11 #include "base/debug/leak_annotations.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "base/rand_util.h" 13 #include "base/rand_util.h"
14 #include "base/sys_info.h" 14 #include "base/sys_info.h"
15 #include "sandbox/linux/bpf_dsl/policy.h" 15 #include "sandbox/linux/bpf_dsl/policy.h"
16 #include "sandbox/linux/bpf_dsl/trap_registry.h" 16 #include "sandbox/linux/bpf_dsl/trap_registry.h"
17 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
17 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 18 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
18 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 19 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
19 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
20 #include "sandbox/linux/services/credentials.h" 21 #include "sandbox/linux/services/credentials.h"
21 #include "sandbox/linux/services/namespace_sandbox.h" 22 #include "sandbox/linux/services/namespace_sandbox.h"
22 #include "sandbox/linux/services/proc_util.h" 23 #include "sandbox/linux/services/proc_util.h"
23 #include "sandbox/linux/services/thread_helpers.h" 24 #include "sandbox/linux/services/thread_helpers.h"
24 25
25 using sandbox::syscall_broker::BrokerFilePermission; 26 using sandbox::syscall_broker::BrokerFilePermission;
26 27
(...skipping 28 matching lines...) Expand all
55 static_cast<int>(args.args[2])); 56 static_cast<int>(args.args[2]));
56 } else { 57 } else {
57 return -EPERM; 58 return -EPERM;
58 } 59 }
59 default: 60 default:
60 RAW_CHECK(false); 61 RAW_CHECK(false);
61 return -ENOSYS; 62 return -ENOSYS;
62 } 63 }
63 } 64 }
64 65
65 class SandboxPolicy : public sandbox::bpf_dsl::Policy { 66 class SandboxPolicy : public sandbox::BaselinePolicy {
66 public: 67 public:
67 explicit SandboxPolicy(sandbox::syscall_broker::BrokerProcess* broker_process) 68 explicit SandboxPolicy(sandbox::syscall_broker::BrokerProcess* broker_process)
68 : broker_process_(broker_process) {} 69 : broker_process_(broker_process) {}
69 ~SandboxPolicy() override {} 70 ~SandboxPolicy() override {}
70 71
71 // Overridden from sandbox::bpf_dsl::Policy: 72 // Overridden from sandbox::bpf_dsl::Policy:
72 sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override { 73 sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
73 // This policy is only advisory/for noticing FS access for the moment. 74 // This policy is only advisory/for noticing FS access for the moment.
74 switch (sysno) { 75 switch (sysno) {
75 case __NR_access: 76 case __NR_access:
76 case __NR_open: 77 case __NR_open:
77 case __NR_faccessat: 78 case __NR_faccessat:
78 case __NR_openat: 79 case __NR_openat:
79 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_); 80 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_);
81 case __NR_ftruncate:
82 case __NR_getrlimit:
83 case __NR_sched_getaffinity:
84 case __NR_uname:
85 return sandbox::bpf_dsl::Allow();
rickyz (no longer on Chrome) 2015/08/31 20:42:42 ftruncate/getrlimit/uname look fine - for sched_ge
80 } 86 }
81 87
82 return sandbox::bpf_dsl::Allow(); 88 return BaselinePolicy::EvaluateSyscall(sysno);
83 } 89 }
84 90
85 private: 91 private:
86 // Not owned. 92 // Not owned.
87 const sandbox::syscall_broker::BrokerProcess* broker_process_; 93 const sandbox::syscall_broker::BrokerProcess* broker_process_;
88 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy); 94 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy);
89 }; 95 };
90 96
91 } // namespace 97 } // namespace
92 98
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 // The Broker is now bound to this process and should only be destroyed when 138 // The Broker is now bound to this process and should only be destroyed when
133 // the process exits or is killed. 139 // the process exits or is killed.
134 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release()); 140 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release());
135 } 141 }
136 142
137 void LinuxSandbox::Seal() { 143 void LinuxSandbox::Seal() {
138 proc_fd_.reset(); 144 proc_fd_.reset();
139 } 145 }
140 146
141 } // namespace mandoline 147 } // namespace mandoline
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698