OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <linux/net.h> | 10 #include <linux/net.h> |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
204 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 204 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
205 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), | 205 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), |
206 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 206 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
207 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 207 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
208 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 208 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
209 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 209 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
210 ErrorCode(EPERM))))))))); | 210 ErrorCode(EPERM))))))))); |
211 } | 211 } |
212 #endif | 212 #endif |
213 | 213 |
| 214 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { |
| 215 switch (sysno) { |
| 216 case __NR_kill: |
| 217 case __NR_tgkill: |
| 218 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 219 target_pid, |
| 220 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 221 sandbox->Trap(SIGSYSKillFailure, NULL)); |
| 222 case __NR_tkill: |
| 223 return sandbox->Trap(SIGSYSKillFailure, NULL); |
| 224 default: |
| 225 NOTREACHED(); |
| 226 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
| 227 } |
| 228 } |
| 229 |
214 } // namespace sandbox. | 230 } // namespace sandbox. |
OLD | NEW |