| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" | 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" |
| 6 | 6 |
| 7 #include <errno.h> | |
| 8 #include <fcntl.h> | |
| 9 #include <sys/socket.h> | |
| 10 #include <sys/syscall.h> | 7 #include <sys/syscall.h> |
| 11 #include <sys/types.h> | 8 #include <sys/types.h> |
| 12 | 9 |
| 13 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 14 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 11 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 15 | 12 |
| 16 using sandbox::bpf_dsl::AllOf; | |
| 17 using sandbox::bpf_dsl::Allow; | 13 using sandbox::bpf_dsl::Allow; |
| 18 using sandbox::bpf_dsl::AnyOf; | |
| 19 using sandbox::bpf_dsl::Arg; | |
| 20 using sandbox::bpf_dsl::If; | |
| 21 using sandbox::bpf_dsl::Error; | |
| 22 using sandbox::bpf_dsl::ResultExpr; | 14 using sandbox::bpf_dsl::ResultExpr; |
| 23 | 15 |
| 24 namespace content { | 16 namespace content { |
| 25 | 17 |
| 26 #ifndef SOCK_CLOEXEC | |
| 27 #define SOCK_CLOEXEC O_CLOEXEC | |
| 28 #endif | |
| 29 | |
| 30 #ifndef SOCK_NONBLOCK | |
| 31 #define SOCK_NONBLOCK O_NONBLOCK | |
| 32 #endif | |
| 33 | |
| 34 SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid() | 18 SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid() |
| 35 : SandboxBPFBasePolicy() {} | 19 : SandboxBPFBasePolicy() {} |
| 36 | 20 |
| 37 SandboxBPFBasePolicyAndroid::~SandboxBPFBasePolicyAndroid() {} | 21 SandboxBPFBasePolicyAndroid::~SandboxBPFBasePolicyAndroid() {} |
| 38 | 22 |
| 39 ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const { | 23 ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const { |
| 40 bool override_and_allow = false; | 24 bool override_and_allow = false; |
| 41 | 25 |
| 42 switch (sysno) { | 26 switch (sysno) { |
| 43 // TODO(rsesek): restrict clone parameters. | 27 // TODO(rsesek): restrict clone parameters. |
| 44 case __NR_clone: | 28 case __NR_clone: |
| 45 case __NR_epoll_pwait: | 29 case __NR_epoll_pwait: |
| 46 case __NR_flock: | 30 case __NR_flock: |
| 47 #if defined(__x86_64__) || defined(__aarch64__) | 31 #if defined(__x86_64__) || defined(__aarch64__) |
| 48 case __NR_newfstatat: | 32 case __NR_newfstatat: |
| 49 case __NR_getdents64: | |
| 50 #elif defined(__i386__) || defined(__arm__) || defined(__mips__) | 33 #elif defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 51 case __NR_fstatat64: | 34 case __NR_fstatat64: |
| 52 case __NR_getdents: | |
| 53 #endif | 35 #endif |
| 54 case __NR_getpriority: | 36 case __NR_getpriority: |
| 55 case __NR_ioctl: | 37 case __NR_ioctl: |
| 56 case __NR_mremap: | 38 case __NR_mremap: |
| 57 // File system access cannot be restricted with seccomp-bpf on Android, | 39 // File system access cannot be restricted with seccomp-bpf on Android, |
| 58 // since the JVM classloader and other Framework features require file | 40 // since the JVM classloader and other Framework features require file |
| 59 // access. It may be possible to restrict the filesystem with SELinux. | 41 // access. It may be possible to restrict the filesystem with SELinux. |
| 60 // Currently we rely on the app/service UID isolation to create a | 42 // Currently we rely on the app/service UID isolation to create a |
| 61 // filesystem "sandbox". | 43 // filesystem "sandbox". |
| 62 #if !defined(ARCH_CPU_ARM64) | 44 #if !defined(ARCH_CPU_ARM64) |
| 63 case __NR_open: | 45 case __NR_open: |
| 64 #endif | 46 #endif |
| 65 case __NR_openat: | 47 case __NR_openat: |
| 66 case __NR_pread64: | 48 case __NR_pread64: |
| 67 case __NR_rt_sigtimedwait: | 49 case __NR_rt_sigtimedwait: |
| 68 case __NR_setpriority: | 50 case __NR_setpriority: |
| 69 case __NR_set_tid_address: | 51 case __NR_set_tid_address: |
| 70 case __NR_sigaltstack: | 52 case __NR_sigaltstack: |
| 71 #if defined(__i386__) || defined(__arm__) | 53 #if defined(__i386__) || defined(__arm__) |
| 72 case __NR_ugetrlimit: | 54 case __NR_ugetrlimit: |
| 73 #else | 55 #else |
| 74 case __NR_getrlimit: | 56 case __NR_getrlimit: |
| 75 #endif | 57 #endif |
| 76 case __NR_uname: | 58 case __NR_uname: |
| 77 | |
| 78 // Permit socket operations so that renderers can connect to logd and | |
| 79 // debuggerd. The arguments to socket() are further restricted below. | |
| 80 case __NR_socket: | |
| 81 case __NR_connect: | |
| 82 | |
| 83 // Ptrace is allowed so the Breakpad Microdumper can fork in a renderer | |
| 84 // and then ptrace the parent. | |
| 85 case __NR_ptrace: | |
| 86 override_and_allow = true; | 59 override_and_allow = true; |
| 87 break; | 60 break; |
| 88 } | 61 } |
| 89 | 62 |
| 90 if (sysno == __NR_socket) { | |
| 91 const Arg<int> domain(0); | |
| 92 const Arg<int> type(1); | |
| 93 const Arg<int> protocol(2); | |
| 94 const int kSockFlags = SOCK_CLOEXEC | SOCK_NONBLOCK; | |
| 95 return If(AllOf(domain == AF_UNIX, | |
| 96 AnyOf((type & ~kSockFlags) == SOCK_DGRAM, | |
| 97 (type & ~kSockFlags) == SOCK_STREAM), | |
| 98 protocol == 0), | |
| 99 Allow()) | |
| 100 .Else(Error(EPERM)); | |
| 101 } | |
| 102 | |
| 103 if (override_and_allow) | 63 if (override_and_allow) |
| 104 return Allow(); | 64 return Allow(); |
| 105 | 65 |
| 106 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); | 66 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); |
| 107 } | 67 } |
| 108 | 68 |
| 109 } // namespace content | 69 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1671333003:
Revert of [Android] Fix Microdump generation when Seccomp-BPF is enabled. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master