OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <linux/net.h> | 10 #include <linux/net.h> |
(...skipping 16 matching lines...) Expand all Loading... |
27 #if defined(OS_ANDROID) | 27 #if defined(OS_ANDROID) |
28 #if !defined(F_DUPFD_CLOEXEC) | 28 #if !defined(F_DUPFD_CLOEXEC) |
29 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 29 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
30 #endif | 30 #endif |
31 #endif | 31 #endif |
32 | 32 |
33 #if defined(__arm__) && !defined(MAP_STACK) | 33 #if defined(__arm__) && !defined(MAP_STACK) |
34 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 34 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
35 #endif | 35 #endif |
36 | 36 |
| 37 #if defined(__mips__) && !defined(MAP_STACK) |
| 38 #define MAP_STACK 0x40000 |
| 39 #endif |
37 namespace { | 40 namespace { |
38 | 41 |
39 inline bool IsArchitectureX86_64() { | 42 inline bool IsArchitectureX86_64() { |
40 #if defined(__x86_64__) | 43 #if defined(__x86_64__) |
41 return true; | 44 return true; |
42 #else | 45 #else |
43 return false; | 46 return false; |
44 #endif | 47 #endif |
45 } | 48 } |
46 | 49 |
47 inline bool IsArchitectureI386() { | 50 inline bool IsArchitectureI386() { |
48 #if defined(__i386__) | 51 #if defined(__i386__) |
49 return true; | 52 return true; |
50 #else | 53 #else |
51 return false; | 54 return false; |
52 #endif | 55 #endif |
53 } | 56 } |
54 | 57 |
55 inline bool IsAndroid() { | 58 inline bool IsAndroid() { |
56 #if defined(OS_ANDROID) | 59 #if defined(OS_ANDROID) |
57 return true; | 60 return true; |
58 #else | 61 #else |
59 return false; | 62 return false; |
60 #endif | 63 #endif |
61 } | 64 } |
62 | 65 |
| 66 inline bool IsArchitectureMips() { |
| 67 #if defined(__mips__) |
| 68 return true; |
| 69 #else |
| 70 return false; |
| 71 #endif |
| 72 } |
| 73 |
63 } // namespace. | 74 } // namespace. |
64 | 75 |
65 namespace sandbox { | 76 namespace sandbox { |
66 | 77 |
67 // Allow Glibc's and Android pthread creation flags, crash on any other | 78 // Allow Glibc's and Android pthread creation flags, crash on any other |
68 // thread creation attempts and EPERM attempts to use neither | 79 // thread creation attempts and EPERM attempts to use neither |
69 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. | 80 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. |
70 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { | 81 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { |
71 if (!IsAndroid()) { | 82 if (!IsAndroid()) { |
72 const uint64_t kGlibcPthreadFlags = | 83 const uint64_t kGlibcPthreadFlags = |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
148 ErrorCode(ErrorCode::ERR_ALLOWED)); | 159 ErrorCode(ErrorCode::ERR_ALLOWED)); |
149 } | 160 } |
150 | 161 |
151 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { | 162 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { |
152 // We also restrict the flags in F_SETFL. We don't want to permit flags with | 163 // We also restrict the flags in F_SETFL. We don't want to permit flags with |
153 // a history of trouble such as O_DIRECT. The flags you see are actually the | 164 // a history of trouble such as O_DIRECT. The flags you see are actually the |
154 // allowed ones, and the variable is a "denied" mask because of the negation | 165 // allowed ones, and the variable is a "denied" mask because of the negation |
155 // operator. | 166 // operator. |
156 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. | 167 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. |
157 int kOLargeFileFlag = O_LARGEFILE; | 168 int kOLargeFileFlag = O_LARGEFILE; |
158 if (IsArchitectureX86_64() || IsArchitectureI386()) | 169 if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips()) |
159 kOLargeFileFlag = 0100000; | 170 kOLargeFileFlag = 0100000; |
160 | 171 |
161 // TODO(jln): add TP_LONG/TP_SIZET types. | 172 // TODO(jln): add TP_LONG/TP_SIZET types. |
162 ErrorCode::ArgType mask_long_type; | 173 ErrorCode::ArgType mask_long_type; |
163 if (sizeof(long) == 8) | 174 if (sizeof(long) == 8) |
164 mask_long_type = ErrorCode::TP_64BIT; | 175 mask_long_type = ErrorCode::TP_64BIT; |
165 else if (sizeof(long) == 4) | 176 else if (sizeof(long) == 4) |
166 mask_long_type = ErrorCode::TP_32BIT; | 177 mask_long_type = ErrorCode::TP_32BIT; |
167 else | 178 else |
168 NOTREACHED(); | 179 NOTREACHED(); |
(...skipping 26 matching lines...) Expand all Loading... |
195 ErrorCode(ErrorCode::ERR_ALLOWED), | 206 ErrorCode(ErrorCode::ERR_ALLOWED), |
196 sandbox->Cond(1, ErrorCode::TP_32BIT, | 207 sandbox->Cond(1, ErrorCode::TP_32BIT, |
197 ErrorCode::OP_EQUAL, F_GETLK, | 208 ErrorCode::OP_EQUAL, F_GETLK, |
198 ErrorCode(ErrorCode::ERR_ALLOWED), | 209 ErrorCode(ErrorCode::ERR_ALLOWED), |
199 sandbox->Cond(1, ErrorCode::TP_32BIT, | 210 sandbox->Cond(1, ErrorCode::TP_32BIT, |
200 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, | 211 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, |
201 ErrorCode(ErrorCode::ERR_ALLOWED), | 212 ErrorCode(ErrorCode::ERR_ALLOWED), |
202 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); | 213 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); |
203 } | 214 } |
204 | 215 |
205 #if defined(__i386__) | 216 #if defined(__i386__) || defined(__mips__) |
206 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { | 217 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { |
207 // Unfortunately, we are unable to restrict the first parameter to | 218 // Unfortunately, we are unable to restrict the first parameter to |
208 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very | 219 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very |
209 // few protocols actually support socketpair(2). The scary call that we're | 220 // few protocols actually support socketpair(2). The scary call that we're |
210 // worried about, socket(2), remains blocked. | 221 // worried about, socket(2), remains blocked. |
211 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 222 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
212 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), | 223 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), |
213 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 224 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
214 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), | 225 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), |
215 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 226 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
(...skipping 24 matching lines...) Expand all Loading... |
240 sandbox->Trap(SIGSYSKillFailure, NULL)); | 251 sandbox->Trap(SIGSYSKillFailure, NULL)); |
241 case __NR_tkill: | 252 case __NR_tkill: |
242 return sandbox->Trap(SIGSYSKillFailure, NULL); | 253 return sandbox->Trap(SIGSYSKillFailure, NULL); |
243 default: | 254 default: |
244 NOTREACHED(); | 255 NOTREACHED(); |
245 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | 256 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
246 } | 257 } |
247 } | 258 } |
248 | 259 |
249 } // namespace sandbox. | 260 } // namespace sandbox. |
OLD | NEW |