Chromium Code Reviews Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 #include <pthread.h> | 6 #include <pthread.h> |
| 7 #include <sched.h> | 7 #include <sched.h> |
| 8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
| 9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
| 10 #include <sys/time.h> | 10 #include <sys/time.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 #include <sys/utsname.h> | 12 #include <sys/utsname.h> |
| 13 #include <unistd.h> | 13 #include <unistd.h> |
| 14 #include <sys/socket.h> | |
| 14 | 15 |
| 15 #if defined(ANDROID) | 16 #if defined(ANDROID) |
| 16 // Work-around for buggy headers in Android's NDK | 17 // Work-around for buggy headers in Android's NDK |
| 17 #define __user | 18 #define __user |
| 18 #endif | 19 #endif |
| 19 #include <linux/futex.h> | 20 #include <linux/futex.h> |
| 20 | 21 |
| 21 #include <ostream> | 22 #include <ostream> |
| 22 | 23 |
| 23 #include "base/bind.h" | 24 #include "base/bind.h" |
| 24 #include "base/logging.h" | 25 #include "base/logging.h" |
| 25 #include "base/memory/scoped_ptr.h" | 26 #include "base/memory/scoped_ptr.h" |
| 26 #include "build/build_config.h" | 27 #include "build/build_config.h" |
| 27 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 28 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 28 #include "sandbox/linux/seccomp-bpf/syscall.h" | 29 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 29 #include "sandbox/linux/seccomp-bpf/trap.h" | 30 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 30 #include "sandbox/linux/seccomp-bpf/verifier.h" | 31 #include "sandbox/linux/seccomp-bpf/verifier.h" |
| 31 #include "sandbox/linux/services/broker_process.h" | 32 #include "sandbox/linux/services/broker_process.h" |
| 33 #include "sandbox/linux/services/kernel_to_errno.h" | |
| 32 #include "sandbox/linux/services/linux_syscalls.h" | 34 #include "sandbox/linux/services/linux_syscalls.h" |
| 33 #include "sandbox/linux/tests/unit_tests.h" | 35 #include "sandbox/linux/tests/unit_tests.h" |
| 34 #include "testing/gtest/include/gtest/gtest.h" | 36 #include "testing/gtest/include/gtest/gtest.h" |
| 35 | 37 |
| 36 // Workaround for Android's prctl.h file. | 38 // Workaround for Android's prctl.h file. |
| 37 #ifndef PR_GET_ENDIAN | 39 #ifndef PR_GET_ENDIAN |
| 38 #define PR_GET_ENDIAN 19 | 40 #define PR_GET_ENDIAN 19 |
| 39 #endif | 41 #endif |
| 40 #ifndef PR_CAPBSET_READ | 42 #ifndef PR_CAPBSET_READ |
| 41 #define PR_CAPBSET_READ 23 | 43 #define PR_CAPBSET_READ 23 |
| (...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 597 | 599 |
| 598 BPF_TEST(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { | 600 BPF_TEST(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) { |
| 599 // We use the SIGBUS bit in the signal mask as a thread-local boolean | 601 // We use the SIGBUS bit in the signal mask as a thread-local boolean |
| 600 // value in the implementation of UnsafeTrap(). This is obviously a bit | 602 // value in the implementation of UnsafeTrap(). This is obviously a bit |
| 601 // of a hack that could conceivably interfere with code that uses SIGBUS | 603 // of a hack that could conceivably interfere with code that uses SIGBUS |
| 602 // in more traditional ways. This test verifies that basic functionality | 604 // in more traditional ways. This test verifies that basic functionality |
| 603 // of SIGBUS is not impacted, but it is certainly possibly to construe | 605 // of SIGBUS is not impacted, but it is certainly possibly to construe |
| 604 // more complex uses of signals where our use of the SIGBUS mask is not | 606 // more complex uses of signals where our use of the SIGBUS mask is not |
| 605 // 100% transparent. This is expected behavior. | 607 // 100% transparent. This is expected behavior. |
| 606 int fds[2]; | 608 int fds[2]; |
| 607 BPF_ASSERT(pipe(fds) == 0); | 609 BPF_ASSERT(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) == 0); |
| 608 bus_handler_fd_ = fds[1]; | 610 bus_handler_fd_ = fds[1]; |
| 609 struct sigaction sa = {}; | 611 struct sigaction sa = {}; |
| 610 sa.sa_sigaction = SigBusHandler; | 612 sa.sa_sigaction = SigBusHandler; |
| 611 sa.sa_flags = SA_SIGINFO; | 613 sa.sa_flags = SA_SIGINFO; |
| 612 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); | 614 BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0); |
| 613 raise(SIGBUS); | 615 raise(SIGBUS); |
| 614 char c = '\000'; | 616 char c = '\000'; |
| 615 BPF_ASSERT(read(fds[0], &c, 1) == 1); | 617 BPF_ASSERT(read(fds[0], &c, 1) == 1); |
| 616 BPF_ASSERT(close(fds[0]) == 0); | 618 BPF_ASSERT(close(fds[0]) == 0); |
| 617 BPF_ASSERT(close(fds[1]) == 0); | 619 BPF_ASSERT(close(fds[1]) == 0); |
| (...skipping 1051 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1669 "%s\n", | 1671 "%s\n", |
| 1670 args.nr, | 1672 args.nr, |
| 1671 (long long)args.args[0], | 1673 (long long)args.args[0], |
| 1672 (long long)args.args[1], | 1674 (long long)args.args[1], |
| 1673 (long long)args.args[2], | 1675 (long long)args.args[2], |
| 1674 (long long)args.args[3], | 1676 (long long)args.args[3], |
| 1675 (long long)args.args[4], | 1677 (long long)args.args[4], |
| 1676 (long long)args.args[5], | 1678 (long long)args.args[5], |
| 1677 msg); | 1679 msg); |
| 1678 } | 1680 } |
| 1679 return -EPERM; | 1681 return KernelRetToErrno(EPERM); |
|
jln (very slow on Chromium)
2014/05/16 19:30:17
ErrnoToKernelRet()
nedeljko
2014/05/22 17:38:55
Done.
| |
| 1680 } | 1682 } |
| 1681 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { | 1683 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { |
| 1682 // This policy allows creating threads with pthread_create(). But it | 1684 // This policy allows creating threads with pthread_create(). But it |
| 1683 // doesn't allow any other uses of clone(). Most notably, it does not | 1685 // doesn't allow any other uses of clone(). Most notably, it does not |
| 1684 // allow callers to implement fork() or vfork() by passing suitable flags | 1686 // allow callers to implement fork() or vfork() by passing suitable flags |
| 1685 // to the clone() system call. | 1687 // to the clone() system call. |
| 1686 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { | 1688 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { |
| 1687 // FIXME: we should really not have to do that in a trivial policy | 1689 // FIXME: we should really not have to do that in a trivial policy |
| 1688 return ErrorCode(ENOSYS); | 1690 return ErrorCode(ENOSYS); |
| 1689 } else if (sysno == __NR_clone) { | 1691 } else if (sysno == __NR_clone) { |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1792 // Attempt to fork() a process using clone(). This should fail. We use the | 1794 // Attempt to fork() a process using clone(). This should fail. We use the |
| 1793 // same flags that glibc uses when calling fork(). But we don't actually | 1795 // same flags that glibc uses when calling fork(). But we don't actually |
| 1794 // try calling the fork() implementation in the C run-time library, as | 1796 // try calling the fork() implementation in the C run-time library, as |
| 1795 // run-time libraries other than glibc might call __NR_fork instead of | 1797 // run-time libraries other than glibc might call __NR_fork instead of |
| 1796 // __NR_clone, and that would introduce a bogus test failure. | 1798 // __NR_clone, and that would introduce a bogus test failure. |
| 1797 int pid; | 1799 int pid; |
| 1798 BPF_ASSERT(SandboxSyscall(__NR_clone, | 1800 BPF_ASSERT(SandboxSyscall(__NR_clone, |
| 1799 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, | 1801 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, |
| 1800 0, | 1802 0, |
| 1801 0, | 1803 0, |
| 1802 &pid) == -EPERM); | 1804 &pid) == KernelRetToErrno(EPERM)); |
| 1803 } | 1805 } |
| 1804 | 1806 |
| 1805 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } | 1807 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } |
| 1806 | 1808 |
| 1807 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } | 1809 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } |
| 1808 | 1810 |
| 1809 } // namespace | 1811 } // namespace |
| 1810 | 1812 |
| 1811 } // namespace sandbox | 1813 } // namespace sandbox |
| OLD | NEW |
