Linux Sandbox: Whitelist prlimit64 when used as getrlimit

sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 43f633ed78e398654441e2c182b1614ce0176360..83b7c8b784f7d210df5dadb0340fd9486539f4a6 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -361,4 +361,12 @@ ResultExpr RestrictGetRandom() {
   return If((flags & ~kGoodFlags) == 0, Allow()).Else(CrashSIGSYS());
 }
 
+ResultExpr RestrictPrlimitToGetrlimit(pid_t target_pid) {
+  const Arg<pid_t> pid(0);
+  const Arg<uintptr_t> new_limit(0);

[Jorge Lucangeli Obes, 2016/11/22 16:06:39]

They cannot both be argument index 0, can they?

int prlimit(pid_t pid, int resource, const struct rlimit *new_limit, struct
rlimit *old_limit);

const Arg<pid_t> pid(0);
const Arg<intptr_t> new_limit(2);

https://codesearch.chromium.org/chromium/src/sandbox/linux/bpf_dsl/bpf_dsl.h?...
for reference.

[Daniel Kurtz, 2016/11/23 00:21:14]

https://codesearch.chromium.org/chromium/src/sandbox/linux/bpf_dsl/bpf_dsl.h?...

  // Initializes the Arg to represent the |num|th system call
  // argument (indexed from 0), which is of type |T|.

I read this as "the |num|th ... argument which is of type |T|" =>
  f(T1 a, T2, b, T1 c, T2 d)

So, Arg<T2> d(1) would be |d|.

I guess the ',' in the documentation is significant :-).


Will fix.

+  // Only allow 'get' operations, and only for the current process
+  return If(AllOf(new_limit == 0, AnyOf(pid == 0, pid == target_pid)), Allow())
+      .Else(Error(EPERM));
+}
+
 }  // namespace sandbox.