| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <sys/ptrace.h> | 9 #include <sys/ptrace.h> |
| 10 | 10 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 scoped_ptr<SandboxBPFPolicy> baseline_policy_; | 41 scoped_ptr<SandboxBPFPolicy> baseline_policy_; |
| 42 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); | 42 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); |
| 43 }; | 43 }; |
| 44 | 44 |
| 45 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( | 45 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( |
| 46 sandbox::SandboxBPF* sb, int sysno) const { | 46 sandbox::SandboxBPF* sb, int sysno) const { |
| 47 DCHECK(baseline_policy_); | 47 DCHECK(baseline_policy_); |
| 48 switch (sysno) { | 48 switch (sysno) { |
| 49 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, | 49 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, |
| 50 // see if it can be restricted a bit. | 50 // see if it can be restricted a bit. |
| 51 #if defined(__x86_64__) || defined(__arm__) | 51 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 52 // transport_common.cc needs this. | 52 // transport_common.cc needs this. |
| 53 case __NR_accept: | 53 case __NR_accept: |
| 54 case __NR_setsockopt: | 54 case __NR_setsockopt: |
| 55 #elif defined(__i386__) | 55 #elif defined(__i386__) || defined(__mips__) |
| 56 case __NR_socketcall: | 56 case __NR_socketcall: |
| 57 #endif | 57 #endif |
| 58 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is | 58 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is |
| 59 // used by NaCl's GDB debug stub. | 59 // used by NaCl's GDB debug stub. |
| 60 case __NR_rt_sigtimedwait: | 60 case __NR_rt_sigtimedwait: |
| 61 #if defined(__i386__) | 61 #if defined(__i386__) || defined(__mips__) |
| 62 // Needed on i386 to set-up the custom segments. | 62 // Needed on i386 to set-up the custom segments. |
| 63 case __NR_modify_ldt: | 63 case __NR_modify_ldt: |
| 64 #endif | 64 #endif |
| 65 // NaClAddrSpaceBeforeAlloc needs prlimit64. | 65 // NaClAddrSpaceBeforeAlloc needs prlimit64. |
| 66 case __NR_prlimit64: | 66 case __NR_prlimit64: |
| 67 // NaCl uses custom signal stacks. | 67 // NaCl uses custom signal stacks. |
| 68 case __NR_sigaltstack: | 68 case __NR_sigaltstack: |
| 69 // Below is fairly similar to the policy for a Chromium renderer. | 69 // Below is fairly similar to the policy for a Chromium renderer. |
| 70 #if defined(__i386__) || defined(__x86_64__) | 70 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 71 case __NR_getrlimit: | 71 case __NR_getrlimit: |
| 72 #endif | 72 #endif |
| 73 #if defined(__i386__) || defined(__arm__) | 73 #if defined(__i386__) || defined(__arm__) |
| 74 case __NR_ugetrlimit: | 74 case __NR_ugetrlimit: |
| 75 #endif | 75 #endif |
| 76 // NaCl runtime exposes clock_getres to untrusted code. | 76 // NaCl runtime exposes clock_getres to untrusted code. |
| 77 case __NR_clock_getres: | 77 case __NR_clock_getres: |
| 78 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. | 78 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. |
| 79 case __NR_flock: | 79 case __NR_flock: |
| 80 case __NR_pread64: | 80 case __NR_pread64: |
| (...skipping 29 matching lines...) Expand all Loading... |
| 110 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); | 110 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); |
| 111 CHECK_EQ(-1, ptrace_ret); | 111 CHECK_EQ(-1, ptrace_ret); |
| 112 // Without the sandbox on, this ptrace call would ESRCH instead. | 112 // Without the sandbox on, this ptrace call would ESRCH instead. |
| 113 CHECK_EQ(EPERM, errno); | 113 CHECK_EQ(EPERM, errno); |
| 114 } | 114 } |
| 115 | 115 |
| 116 } // namespace | 116 } // namespace |
| 117 | 117 |
| 118 #else | 118 #else |
| 119 | 119 |
| 120 #if !defined(ARCH_CPU_MIPS_FAMILY) | |
| 121 #error "Seccomp-bpf disabled on supported architecture!" | 120 #error "Seccomp-bpf disabled on supported architecture!" |
| 122 #endif | |
| 123 | 121 |
| 124 #endif // defined(USE_SECCOMP_BPF) | 122 #endif // defined(USE_SECCOMP_BPF) |
| 125 | 123 |
| 126 bool InitializeBPFSandbox() { | 124 bool InitializeBPFSandbox() { |
| 127 #if defined(USE_SECCOMP_BPF) | 125 #if defined(USE_SECCOMP_BPF) |
| 128 bool sandbox_is_initialized = content::InitializeSandbox( | 126 bool sandbox_is_initialized = content::InitializeSandbox( |
| 129 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy())); | 127 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy())); |
| 130 if (sandbox_is_initialized) { | 128 if (sandbox_is_initialized) { |
| 131 RunSandboxSanityChecks(); | 129 RunSandboxSanityChecks(); |
| 132 return true; | 130 return true; |
| 133 } | 131 } |
| 134 #endif // defined(USE_SECCOMP_BPF) | 132 #endif // defined(USE_SECCOMP_BPF) |
| 135 return false; | 133 return false; |
| 136 } | 134 } |
| 137 | 135 |
| 138 } // namespace nacl | 136 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master