Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(431)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mojo/runner/linux_sandbox.cc

Issue 1318063006: mandoline: lock down the linux sandbox more. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Restrict getaffinity. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "mojo/runner/linux_sandbox.h" 5 #include "mojo/runner/linux_sandbox.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/syscall.h> 8 #include <sys/syscall.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/debug/leak_annotations.h" 11 #include "base/debug/leak_annotations.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "base/rand_util.h" 13 #include "base/rand_util.h"
14 #include "base/sys_info.h" 14 #include "base/sys_info.h"
15 #include "sandbox/linux/bpf_dsl/policy.h" 15 #include "sandbox/linux/bpf_dsl/policy.h"
16 #include "sandbox/linux/bpf_dsl/trap_registry.h" 16 #include "sandbox/linux/bpf_dsl/trap_registry.h"
17 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
17 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 18 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
19 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
18 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 20 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
19 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 21 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
20 #include "sandbox/linux/services/credentials.h" 22 #include "sandbox/linux/services/credentials.h"
21 #include "sandbox/linux/services/namespace_sandbox.h" 23 #include "sandbox/linux/services/namespace_sandbox.h"
22 #include "sandbox/linux/services/proc_util.h" 24 #include "sandbox/linux/services/proc_util.h"
23 #include "sandbox/linux/services/thread_helpers.h" 25 #include "sandbox/linux/services/thread_helpers.h"
24 26
25 using sandbox::syscall_broker::BrokerFilePermission; 27 using sandbox::syscall_broker::BrokerFilePermission;
26 28
27 namespace mandoline { 29 namespace mandoline {
(...skipping 27 matching lines...) Expand all
55 static_cast<int>(args.args[2])); 57 static_cast<int>(args.args[2]));
56 } else { 58 } else {
57 return -EPERM; 59 return -EPERM;
58 } 60 }
59 default: 61 default:
60 RAW_CHECK(false); 62 RAW_CHECK(false);
61 return -ENOSYS; 63 return -ENOSYS;
62 } 64 }
63 } 65 }
64 66
65 class SandboxPolicy : public sandbox::bpf_dsl::Policy { 67 class SandboxPolicy : public sandbox::BaselinePolicy {
66 public: 68 public:
67 explicit SandboxPolicy(sandbox::syscall_broker::BrokerProcess* broker_process) 69 explicit SandboxPolicy(sandbox::syscall_broker::BrokerProcess* broker_process)
68 : broker_process_(broker_process) {} 70 : broker_process_(broker_process) {}
69 ~SandboxPolicy() override {} 71 ~SandboxPolicy() override {}
70 72
71 // Overridden from sandbox::bpf_dsl::Policy: 73 // Overridden from sandbox::bpf_dsl::Policy:
72 sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override { 74 sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
73 // This policy is only advisory/for noticing FS access for the moment. 75 // This policy is only advisory/for noticing FS access for the moment.
74 switch (sysno) { 76 switch (sysno) {
75 case __NR_access: 77 case __NR_access:
76 case __NR_open: 78 case __NR_open:
77 case __NR_faccessat: 79 case __NR_faccessat:
78 case __NR_openat: 80 case __NR_openat:
79 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_); 81 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_);
82 case __NR_sched_getaffinity:
83 return sandbox::RestrictSchedTarget(policy_pid(), sysno);
84 case __NR_ftruncate:
85 case __NR_getrlimit:
86 case __NR_uname:
87 return sandbox::bpf_dsl::Allow();
80 } 88 }
81 89
82 return sandbox::bpf_dsl::Allow(); 90 return BaselinePolicy::EvaluateSyscall(sysno);
83 } 91 }
84 92
85 private: 93 private:
86 // Not owned. 94 // Not owned.
87 const sandbox::syscall_broker::BrokerProcess* broker_process_; 95 const sandbox::syscall_broker::BrokerProcess* broker_process_;
88 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy); 96 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy);
89 }; 97 };
90 98
91 } // namespace 99 } // namespace
92 100
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 // The Broker is now bound to this process and should only be destroyed when 140 // The Broker is now bound to this process and should only be destroyed when
133 // the process exits or is killed. 141 // the process exits or is killed.
134 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release()); 142 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release());
135 } 143 }
136 144
137 void LinuxSandbox::Seal() { 145 void LinuxSandbox::Seal() {
138 proc_fd_.reset(); 146 proc_fd_.reset();
139 } 147 }
140 148
141 } // namespace mandoline 149 } // namespace mandoline
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698