| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" | 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h
" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/net.h> | 9 #include <linux/net.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 return sandbox::RestrictClockID(); | 149 return sandbox::RestrictClockID(); |
| 150 } | 150 } |
| 151 | 151 |
| 152 #if defined(__x86_64__) | 152 #if defined(__x86_64__) |
| 153 if (sysno == __NR_arch_prctl) { | 153 if (sysno == __NR_arch_prctl) { |
| 154 const Arg<int> code(0); | 154 const Arg<int> code(0); |
| 155 return If(code == ARCH_SET_GS, Allow()).Else(Error(EPERM)); | 155 return If(code == ARCH_SET_GS, Allow()).Else(Error(EPERM)); |
| 156 } | 156 } |
| 157 #endif | 157 #endif |
| 158 | 158 |
| 159 // Restrict socket-related operations. On non-i386 platforms, these are |
| 160 // individual syscalls. On i386, the socketcall syscall demultiplexes many |
| 161 // socket operations. |
| 159 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ | 162 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ |
| 160 defined(__mips__) | 163 defined(__mips__) |
| 161 if (sysno == __NR_socket) { | 164 if (sysno == __NR_socket) { |
| 162 const Arg<int> domain(0); | 165 const Arg<int> domain(0); |
| 163 const Arg<int> type(1); | 166 const Arg<int> type(1); |
| 164 const Arg<int> protocol(2); | 167 const Arg<int> protocol(2); |
| 165 return If(RestrictSocketArguments(domain, type, protocol), Allow()) | 168 return If(RestrictSocketArguments(domain, type, protocol), Allow()) |
| 166 .Else(Error(EPERM)); | 169 .Else(Error(EPERM)); |
| 167 } | 170 } |
| 171 |
| 172 // https://crbug.com/655300 |
| 173 if (sysno == __NR_getsockname) { |
| 174 // Rather than blocking with SIGSYS, just return an error. This is not |
| 175 // documented to be a valid errno, but we will use it anyways. |
| 176 return Error(EPERM); |
| 177 } |
| 168 #elif defined(__i386__) | 178 #elif defined(__i386__) |
| 169 if (sysno == __NR_socketcall) { | 179 if (sysno == __NR_socketcall) { |
| 170 const Arg<int> socketcall(0); | 180 const Arg<int> socketcall(0); |
| 171 const Arg<int> domain(1); | 181 const Arg<int> domain(1); |
| 172 const Arg<int> type(2); | 182 const Arg<int> type(2); |
| 173 const Arg<int> protocol(3); | 183 const Arg<int> protocol(3); |
| 174 return If(socketcall == SYS_CONNECT, Allow()) | 184 return If(socketcall == SYS_CONNECT, Allow()) |
| 175 .ElseIf(AllOf(socketcall == SYS_SOCKET, | 185 .ElseIf(socketcall == SYS_SOCKET, Allow()) |
| 176 RestrictSocketArguments(domain, type, protocol)), | |
| 177 Allow()) | |
| 178 .ElseIf(socketcall == SYS_GETSOCKOPT, Allow()) | 186 .ElseIf(socketcall == SYS_GETSOCKOPT, Allow()) |
| 179 .Else(Error(EPERM)); | 187 .Else(Error(EPERM)); |
| 180 } | 188 } |
| 181 #endif | 189 #endif |
| 182 | 190 |
| 183 if (override_and_allow) | 191 if (override_and_allow) |
| 184 return Allow(); | 192 return Allow(); |
| 185 | 193 |
| 186 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); | 194 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); |
| 187 } | 195 } |
| 188 | 196 |
| 189 } // namespace content | 197 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2483953003:
[Android] Block __NR_getsockname via EPERM rather than SIGSYS. (Closed)
