Chromium Code Reviews Chromium Code Reviews
Issue 2417673002:
[Android] Allow __NR_sysinfo and __NR_clock_getres under seccomp. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h " | 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h " |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/net.h> | 9 #include <linux/net.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/types.h> | 12 #include <sys/types.h> |
| 13 | 13 |
| 14 #include "build/build_config.h" | 14 #include "build/build_config.h" |
| 15 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 15 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 16 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | |
| 16 | 17 |
| 17 using sandbox::bpf_dsl::AllOf; | 18 using sandbox::bpf_dsl::AllOf; |
| 18 using sandbox::bpf_dsl::Allow; | 19 using sandbox::bpf_dsl::Allow; |
| 19 using sandbox::bpf_dsl::AnyOf; | 20 using sandbox::bpf_dsl::AnyOf; |
| 20 using sandbox::bpf_dsl::Arg; | 21 using sandbox::bpf_dsl::Arg; |
| 21 using sandbox::bpf_dsl::BoolExpr; | 22 using sandbox::bpf_dsl::BoolExpr; |
| 22 using sandbox::bpf_dsl::If; | 23 using sandbox::bpf_dsl::If; |
| 23 using sandbox::bpf_dsl::Error; | 24 using sandbox::bpf_dsl::Error; |
| 24 using sandbox::bpf_dsl::ResultExpr; | 25 using sandbox::bpf_dsl::ResultExpr; |
| 25 | 26 |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 96 case __NR_sched_getscheduler: | 97 case __NR_sched_getscheduler: |
| 97 case __NR_sched_setscheduler: | 98 case __NR_sched_setscheduler: |
| 98 case __NR_setpriority: | 99 case __NR_setpriority: |
| 99 case __NR_set_tid_address: | 100 case __NR_set_tid_address: |
| 100 case __NR_sigaltstack: | 101 case __NR_sigaltstack: |
| 101 #if defined(__i386__) || defined(__arm__) | 102 #if defined(__i386__) || defined(__arm__) |
| 102 case __NR_ugetrlimit: | 103 case __NR_ugetrlimit: |
| 103 #else | 104 #else |
| 104 case __NR_getrlimit: | 105 case __NR_getrlimit: |
| 105 #endif | 106 #endif |
| 107 case __NR_sysinfo: // https://crbug.com/655277 | |
| 106 case __NR_uname: | 108 case __NR_uname: |
| 107 | 109 |
| 108 // Permit socket operations so that renderers can connect to logd and | 110 // Permit socket operations so that renderers can connect to logd and |
| 109 // debuggerd. The arguments to socket() are further restricted below. | 111 // debuggerd. The arguments to socket() are further restricted below. |
| 110 // Note that on i386, both of these calls map to __NR_socketcall, which | 112 // Note that on i386, both of these calls map to __NR_socketcall, which |
| 111 // is demultiplexed below. | 113 // is demultiplexed below. |
| 112 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ | 114 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ |
| 113 defined(__mips__) | 115 defined(__mips__) |
| 114 case __NR_getsockopt: | 116 case __NR_getsockopt: |
| 115 case __NR_connect: | 117 case __NR_connect: |
| 116 case __NR_socket: | 118 case __NR_socket: |
| 117 #endif | 119 #endif |
| 118 | 120 |
| 119 // Ptrace is allowed so the Breakpad Microdumper can fork in a renderer | 121 // Ptrace is allowed so the Breakpad Microdumper can fork in a renderer |
| 120 // and then ptrace the parent. | 122 // and then ptrace the parent. |
| 121 case __NR_ptrace: | 123 case __NR_ptrace: |
| 122 override_and_allow = true; | 124 override_and_allow = true; |
|
rickyz (no longer on Chrome)
2016/10/12 22:24:50
This doesn't have anything to do with your change,
Robert Sesek
2016/10/12 23:24:01
I don't know why. It goes back to the initial vers
| |
| 123 break; | 125 break; |
| 124 } | 126 } |
| 125 | 127 |
| 126 // https://crbug.com/644759 | 128 // https://crbug.com/644759 |
| 127 if (sysno == __NR_rt_tgsigqueueinfo) { | 129 if (sysno == __NR_rt_tgsigqueueinfo) { |
| 128 const Arg<pid_t> tgid(0); | 130 const Arg<pid_t> tgid(0); |
| 129 return If(tgid == pid_, Allow()) | 131 return If(tgid == pid_, Allow()) |
| 130 .Else(Error(EPERM)); | 132 .Else(Error(EPERM)); |
| 131 } | 133 } |
| 132 | 134 |
| 135 // https://crbug.com/655299 | |
| 136 if (sysno == __NR_clock_getres) { | |
| 137 return sandbox::RestrictClockID(); | |
| 138 } | |
| 139 | |
| 133 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ | 140 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ |
| 134 defined(__mips__) | 141 defined(__mips__) |
| 135 if (sysno == __NR_socket) { | 142 if (sysno == __NR_socket) { |
| 136 const Arg<int> domain(0); | 143 const Arg<int> domain(0); |
| 137 const Arg<int> type(1); | 144 const Arg<int> type(1); |
| 138 const Arg<int> protocol(2); | 145 const Arg<int> protocol(2); |
| 139 return If(RestrictSocketArguments(domain, type, protocol), Allow()) | 146 return If(RestrictSocketArguments(domain, type, protocol), Allow()) |
| 140 .Else(Error(EPERM)); | 147 .Else(Error(EPERM)); |
| 141 } | 148 } |
| 142 #elif defined(__i386__) | 149 #elif defined(__i386__) |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 154 } | 161 } |
| 155 #endif | 162 #endif |
| 156 | 163 |
| 157 if (override_and_allow) | 164 if (override_and_allow) |
| 158 return Allow(); | 165 return Allow(); |
| 159 | 166 |
| 160 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); | 167 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); |
| 161 } | 168 } |
| 162 | 169 |
| 163 } // namespace content | 170 } // namespace content |
| OLD | NEW |
