| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <linux/futex.h> | 10 #include <linux/futex.h> |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 #if defined(OS_ANDROID) | 30 #if defined(OS_ANDROID) |
| 31 #if !defined(F_DUPFD_CLOEXEC) | 31 #if !defined(F_DUPFD_CLOEXEC) |
| 32 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 32 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
| 33 #endif | 33 #endif |
| 34 #endif | 34 #endif |
| 35 | 35 |
| 36 #if defined(__arm__) && !defined(MAP_STACK) | 36 #if defined(__arm__) && !defined(MAP_STACK) |
| 37 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 37 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
| 38 #endif | 38 #endif |
| 39 | 39 |
| 40 #if defined(__mips__) && !defined(MAP_STACK) |
| 41 #define MAP_STACK 0x40000 |
| 42 #endif |
| 40 namespace { | 43 namespace { |
| 41 | 44 |
| 42 inline bool IsArchitectureX86_64() { | 45 inline bool IsArchitectureX86_64() { |
| 43 #if defined(__x86_64__) | 46 #if defined(__x86_64__) |
| 44 return true; | 47 return true; |
| 45 #else | 48 #else |
| 46 return false; | 49 return false; |
| 47 #endif | 50 #endif |
| 48 } | 51 } |
| 49 | 52 |
| 50 inline bool IsArchitectureI386() { | 53 inline bool IsArchitectureI386() { |
| 51 #if defined(__i386__) | 54 #if defined(__i386__) |
| 52 return true; | 55 return true; |
| 53 #else | 56 #else |
| 54 return false; | 57 return false; |
| 55 #endif | 58 #endif |
| 56 } | 59 } |
| 57 | 60 |
| 58 inline bool IsAndroid() { | 61 inline bool IsAndroid() { |
| 59 #if defined(OS_ANDROID) | 62 #if defined(OS_ANDROID) |
| 60 return true; | 63 return true; |
| 61 #else | 64 #else |
| 62 return false; | 65 return false; |
| 63 #endif | 66 #endif |
| 64 } | 67 } |
| 65 | 68 |
| 69 inline bool IsArchitectureMips() { |
| 70 #if defined(__mips__) |
| 71 return true; |
| 72 #else |
| 73 return false; |
| 74 #endif |
| 75 } |
| 76 |
| 66 } // namespace. | 77 } // namespace. |
| 67 | 78 |
| 68 namespace sandbox { | 79 namespace sandbox { |
| 69 | 80 |
| 70 // Allow Glibc's and Android pthread creation flags, crash on any other | 81 // Allow Glibc's and Android pthread creation flags, crash on any other |
| 71 // thread creation attempts and EPERM attempts to use neither | 82 // thread creation attempts and EPERM attempts to use neither |
| 72 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. | 83 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. |
| 73 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { | 84 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { |
| 74 if (!IsAndroid()) { | 85 if (!IsAndroid()) { |
| 75 const uint64_t kGlibcPthreadFlags = | 86 const uint64_t kGlibcPthreadFlags = |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 151 ErrorCode(ErrorCode::ERR_ALLOWED)); | 162 ErrorCode(ErrorCode::ERR_ALLOWED)); |
| 152 } | 163 } |
| 153 | 164 |
| 154 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { | 165 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { |
| 155 // We also restrict the flags in F_SETFL. We don't want to permit flags with | 166 // We also restrict the flags in F_SETFL. We don't want to permit flags with |
| 156 // a history of trouble such as O_DIRECT. The flags you see are actually the | 167 // a history of trouble such as O_DIRECT. The flags you see are actually the |
| 157 // allowed ones, and the variable is a "denied" mask because of the negation | 168 // allowed ones, and the variable is a "denied" mask because of the negation |
| 158 // operator. | 169 // operator. |
| 159 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. | 170 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. |
| 160 int kOLargeFileFlag = O_LARGEFILE; | 171 int kOLargeFileFlag = O_LARGEFILE; |
| 161 if (IsArchitectureX86_64() || IsArchitectureI386()) | 172 if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips()) |
| 162 kOLargeFileFlag = 0100000; | 173 kOLargeFileFlag = 0100000; |
| 163 | 174 |
| 164 // TODO(jln): add TP_LONG/TP_SIZET types. | 175 // TODO(jln): add TP_LONG/TP_SIZET types. |
| 165 ErrorCode::ArgType mask_long_type; | 176 ErrorCode::ArgType mask_long_type; |
| 166 if (sizeof(long) == 8) | 177 if (sizeof(long) == 8) |
| 167 mask_long_type = ErrorCode::TP_64BIT; | 178 mask_long_type = ErrorCode::TP_64BIT; |
| 168 else if (sizeof(long) == 4) | 179 else if (sizeof(long) == 4) |
| 169 mask_long_type = ErrorCode::TP_32BIT; | 180 mask_long_type = ErrorCode::TP_32BIT; |
| 170 else | 181 else |
| 171 NOTREACHED(); | 182 NOTREACHED(); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 198 ErrorCode(ErrorCode::ERR_ALLOWED), | 209 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 199 sandbox->Cond(1, ErrorCode::TP_32BIT, | 210 sandbox->Cond(1, ErrorCode::TP_32BIT, |
| 200 ErrorCode::OP_EQUAL, F_GETLK, | 211 ErrorCode::OP_EQUAL, F_GETLK, |
| 201 ErrorCode(ErrorCode::ERR_ALLOWED), | 212 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 202 sandbox->Cond(1, ErrorCode::TP_32BIT, | 213 sandbox->Cond(1, ErrorCode::TP_32BIT, |
| 203 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, | 214 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, |
| 204 ErrorCode(ErrorCode::ERR_ALLOWED), | 215 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 205 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); | 216 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); |
| 206 } | 217 } |
| 207 | 218 |
| 208 #if defined(__i386__) | 219 #if defined(__i386__) || defined(__mips__) |
| 209 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { | 220 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { |
| 210 // Unfortunately, we are unable to restrict the first parameter to | 221 // Unfortunately, we are unable to restrict the first parameter to |
| 211 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very | 222 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very |
| 212 // few protocols actually support socketpair(2). The scary call that we're | 223 // few protocols actually support socketpair(2). The scary call that we're |
| 213 // worried about, socket(2), remains blocked. | 224 // worried about, socket(2), remains blocked. |
| 214 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 225 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 215 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), | 226 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 216 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 227 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 217 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), | 228 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 218 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 229 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 267 sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 278 sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 268 FUTEX_CMP_REQUEUE_PI | FUTEX_CLOCK_REALTIME, | 279 FUTEX_CMP_REQUEUE_PI | FUTEX_CLOCK_REALTIME, |
| 269 sandbox->Trap(SIGSYSFutexFailure, NULL), | 280 sandbox->Trap(SIGSYSFutexFailure, NULL), |
| 270 sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 281 sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 271 FUTEX_CMP_REQUEUE_PI_PRIVATE | FUTEX_CLOCK_REALTIME, | 282 FUTEX_CMP_REQUEUE_PI_PRIVATE | FUTEX_CLOCK_REALTIME, |
| 272 sandbox->Trap(SIGSYSFutexFailure, NULL), | 283 sandbox->Trap(SIGSYSFutexFailure, NULL), |
| 273 ErrorCode(ErrorCode::ERR_ALLOWED))))); | 284 ErrorCode(ErrorCode::ERR_ALLOWED))))); |
| 274 } | 285 } |
| 275 | 286 |
| 276 } // namespace sandbox. | 287 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master