| Index: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| index e3db231502db4e768d306087992990624fad49b9..b89cda7f4135abcb6a1e1ed24f4799072d232174 100644
|
| --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| @@ -29,7 +29,7 @@ bool SyscallSets::IsAllowedGettime(int sysno) {
|
| switch (sysno) {
|
| case __NR_clock_gettime:
|
| case __NR_gettimeofday:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_time:
|
| #endif
|
| return true;
|
| @@ -38,11 +38,11 @@ bool SyscallSets::IsAllowedGettime(int sysno) {
|
| case __NR_clock_getres: // Could be allowed.
|
| case __NR_clock_nanosleep: // Could be allowed.
|
| case __NR_clock_settime: // Privileged.
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_ftime: // Obsolete.
|
| #endif
|
| case __NR_settimeofday: // Privileged.
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_stime:
|
| #endif
|
| default:
|
| @@ -89,7 +89,7 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| case __NR_fchownat: // Should be called chownat ?
|
| #if defined(__x86_64__)
|
| case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
|
| -#elif defined(__i386__) || defined(__arm__)
|
| +#elif defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_fstatat64:
|
| #endif
|
| case __NR_futimesat: // Should be called utimesat ?
|
| @@ -104,7 +104,7 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| #if defined(__i386__)
|
| case __NR_oldlstat:
|
| #endif
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_lstat64:
|
| #endif
|
| case __NR_mkdir:
|
| @@ -122,24 +122,24 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| #if defined(__i386__)
|
| case __NR_oldstat:
|
| #endif
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_stat64:
|
| #endif
|
| case __NR_statfs: // EPERM not a valid errno.
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_statfs64:
|
| #endif
|
| case __NR_symlink:
|
| case __NR_symlinkat:
|
| case __NR_truncate:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_truncate64:
|
| #endif
|
| case __NR_unlink:
|
| case __NR_unlinkat:
|
| case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
|
| case __NR_ustat: // Same as above. Deprecated.
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_utime:
|
| #endif
|
| case __NR_utimensat: // New.
|
| @@ -153,12 +153,12 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) {
|
| switch (sysno) {
|
| case __NR_fstat:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_fstat64:
|
| #endif
|
| return true;
|
| // TODO(jln): these should be denied gracefully as well (moved below).
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_fadvise64: // EPERM not a valid errno.
|
| #endif
|
| #if defined(__i386__)
|
| @@ -170,14 +170,14 @@ bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) {
|
| case __NR_fdatasync: // EPERM not a valid errno.
|
| case __NR_flock: // EPERM not a valid errno.
|
| case __NR_fstatfs: // Give information about the whole filesystem.
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_fstatfs64:
|
| #endif
|
| case __NR_fsync: // EPERM not a valid errno.
|
| #if defined(__i386__)
|
| case __NR_oldfstat:
|
| #endif
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_sync_file_range: // EPERM not a valid errno.
|
| #elif defined(__arm__)
|
| case __NR_arm_sync_file_range: // EPERM not a valid errno.
|
| @@ -196,11 +196,13 @@ bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) {
|
| case __NR_ftruncate:
|
| #if defined(__i386__) || defined(__arm__)
|
| case __NR_fchown32:
|
| +#endif
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_ftruncate64:
|
| #endif
|
| case __NR_getdents: // EPERM not a valid errno.
|
| case __NR_getdents64: // EPERM not a valid errno.
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_readdir:
|
| #endif
|
| return true;
|
| @@ -241,7 +243,7 @@ bool SyscallSets::IsGetSimpleId(int sysno) {
|
| bool SyscallSets::IsProcessPrivilegeChange(int sysno) {
|
| switch (sysno) {
|
| case __NR_capset:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_ioperm: // Intel privilege.
|
| case __NR_iopl: // Intel privilege.
|
| #endif
|
| @@ -288,7 +290,7 @@ bool SyscallSets::IsAllowedSignalHandling(int sysno) {
|
| case __NR_rt_sigaction:
|
| case __NR_rt_sigprocmask:
|
| case __NR_rt_sigreturn:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_sigaction:
|
| case __NR_sigprocmask:
|
| case __NR_sigreturn:
|
| @@ -302,11 +304,11 @@ bool SyscallSets::IsAllowedSignalHandling(int sysno) {
|
| case __NR_sigaltstack:
|
| case __NR_signalfd:
|
| case __NR_signalfd4:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_sigpending:
|
| case __NR_sigsuspend:
|
| #endif
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_signal:
|
| case __NR_sgetmask: // Obsolete.
|
| case __NR_ssetmask:
|
| @@ -322,12 +324,12 @@ bool SyscallSets::IsAllowedOperationOnFd(int sysno) {
|
| case __NR_dup:
|
| case __NR_dup2:
|
| case __NR_dup3:
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| case __NR_shutdown:
|
| #endif
|
| return true;
|
| case __NR_fcntl:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_fcntl64:
|
| #endif
|
| default:
|
| @@ -363,11 +365,15 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
|
| case __NR_fork:
|
| #if defined(__i386__) || defined(__x86_64__)
|
| case __NR_get_thread_area:
|
| +#endif
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_set_thread_area:
|
| #endif
|
| case __NR_set_tid_address:
|
| case __NR_unshare:
|
| +#if !defined(__mips__)
|
| case __NR_vfork:
|
| +#endif
|
| default:
|
| return false;
|
| }
|
| @@ -410,7 +416,7 @@ bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
|
| case __NR_pipe2:
|
| return true;
|
| default:
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| case __NR_socketpair: // We will want to inspect its argument.
|
| #endif
|
| return false;
|
| @@ -419,7 +425,7 @@ bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
|
|
|
| bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
|
| switch (sysno) {
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| case __NR_accept:
|
| case __NR_accept4:
|
| case __NR_bind:
|
| @@ -433,7 +439,7 @@ bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
|
| }
|
| }
|
|
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| // Big multiplexing system call for sockets.
|
| bool SyscallSets::IsSocketCall(int sysno) {
|
| switch (sysno) {
|
| @@ -445,7 +451,7 @@ bool SyscallSets::IsSocketCall(int sysno) {
|
| }
|
| #endif
|
|
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| bool SyscallSets::IsNetworkSocketInformation(int sysno) {
|
| switch (sysno) {
|
| case __NR_getpeername:
|
| @@ -469,13 +475,13 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
|
| case __NR_madvise:
|
| case __NR_mincore:
|
| case __NR_mlockall:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_mmap:
|
| #endif
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_mmap2:
|
| #endif
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_modify_ldt:
|
| #endif
|
| case __NR_mprotect:
|
| @@ -484,8 +490,10 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
|
| case __NR_munlockall:
|
| case __NR_readahead:
|
| case __NR_remap_file_pages:
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_vm86:
|
| +#endif
|
| +#if defined(__i386__)
|
| case __NR_vm86old:
|
| #endif
|
| default:
|
| @@ -496,7 +504,7 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
|
| bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| switch (sysno) {
|
| case __NR_lseek:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR__llseek:
|
| #endif
|
| case __NR_poll:
|
| @@ -504,23 +512,23 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| case __NR_pselect6:
|
| case __NR_read:
|
| case __NR_readv:
|
| -#if defined(__arm__)
|
| +#if defined(__arm__) || defined(__mips__)
|
| case __NR_recv:
|
| #endif
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| case __NR_recvfrom: // Could specify source.
|
| case __NR_recvmsg: // Could specify source.
|
| #endif
|
| #if defined(__i386__) || defined(__x86_64__)
|
| case __NR_select:
|
| #endif
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR__newselect:
|
| #endif
|
| #if defined(__arm__)
|
| case __NR_send:
|
| #endif
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| case __NR_sendmsg: // Could specify destination.
|
| case __NR_sendto: // Could specify destination.
|
| #endif
|
| @@ -534,7 +542,7 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| case __NR_pwritev:
|
| case __NR_recvmmsg: // Could specify source.
|
| case __NR_sendfile:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_sendfile64:
|
| #endif
|
| case __NR_sendmmsg: // Could specify destination.
|
| @@ -565,7 +573,7 @@ bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
|
| case __NR_nanosleep:
|
| return true;
|
| case __NR_getpriority:
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_nice:
|
| #endif
|
| case __NR_setpriority:
|
| @@ -576,7 +584,7 @@ bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
|
|
|
| bool SyscallSets::IsAdminOperation(int sysno) {
|
| switch (sysno) {
|
| -#if defined(__i386__) || defined(__arm__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_bdflush:
|
| #endif
|
| case __NR_kexec_load:
|
| @@ -592,7 +600,7 @@ bool SyscallSets::IsAdminOperation(int sysno) {
|
|
|
| bool SyscallSets::IsKernelModule(int sysno) {
|
| switch (sysno) {
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_create_module:
|
| case __NR_get_kernel_syms: // Should ENOSYS.
|
| case __NR_query_module:
|
| @@ -623,7 +631,7 @@ bool SyscallSets::IsFsControl(int sysno) {
|
| case __NR_quotactl:
|
| case __NR_swapoff:
|
| case __NR_swapon:
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_umount:
|
| #endif
|
| case __NR_umount2:
|
| @@ -638,7 +646,7 @@ bool SyscallSets::IsNuma(int sysno) {
|
| case __NR_get_mempolicy:
|
| case __NR_getcpu:
|
| case __NR_mbind:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_migrate_pages:
|
| #endif
|
| case __NR_move_pages:
|
| @@ -666,13 +674,13 @@ bool SyscallSets::IsMessageQueue(int sysno) {
|
| bool SyscallSets::IsGlobalProcessEnvironment(int sysno) {
|
| switch (sysno) {
|
| case __NR_acct: // Privileged.
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_getrlimit:
|
| #endif
|
| #if defined(__i386__) || defined(__arm__)
|
| case __NR_ugetrlimit:
|
| #endif
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_ulimit:
|
| #endif
|
| case __NR_getrusage:
|
| @@ -691,7 +699,7 @@ bool SyscallSets::IsDebug(int sysno) {
|
| case __NR_ptrace:
|
| case __NR_process_vm_readv:
|
| case __NR_process_vm_writev:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_kcmp:
|
| #endif
|
| return true;
|
| @@ -794,7 +802,7 @@ bool SyscallSets::IsSystemVMessageQueue(int sysno) {
|
| }
|
| #endif
|
|
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| // Big system V multiplexing system call.
|
| bool SyscallSets::IsSystemVIpc(int sysno) {
|
| switch (sysno) {
|
| @@ -810,7 +818,7 @@ bool SyscallSets::IsAnySystemV(int sysno) {
|
| #if defined(__x86_64__) || defined(__arm__)
|
| return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
|
| IsSystemVSharedMemory(sysno);
|
| -#elif defined(__i386__)
|
| +#elif defined(__i386__) || defined(__mips__)
|
| return IsSystemVIpc(sysno);
|
| #endif
|
| }
|
| @@ -859,7 +867,7 @@ bool SyscallSets::IsFaNotify(int sysno) {
|
| bool SyscallSets::IsTimer(int sysno) {
|
| switch (sysno) {
|
| case __NR_getitimer:
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_alarm:
|
| #endif
|
| case __NR_setitimer:
|
| @@ -915,16 +923,16 @@ bool SyscallSets::IsMisc(int sysno) {
|
| case __NR_syncfs:
|
| case __NR_vhangup:
|
| // The system calls below are not implemented.
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_afs_syscall:
|
| #endif
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_break:
|
| #endif
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_getpmsg:
|
| #endif
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_gtty:
|
| case __NR_idle:
|
| case __NR_lock:
|
| @@ -932,13 +940,13 @@ bool SyscallSets::IsMisc(int sysno) {
|
| case __NR_prof:
|
| case __NR_profil:
|
| #endif
|
| -#if defined(__i386__) || defined(__x86_64__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_putpmsg:
|
| #endif
|
| #if defined(__x86_64__)
|
| case __NR_security:
|
| #endif
|
| -#if defined(__i386__)
|
| +#if defined(__i386__) || defined(__mips__)
|
| case __NR_stty:
|
| #endif
|
| #if defined(__x86_64__)
|
| @@ -977,4 +985,25 @@ bool SyscallSets::IsArmPrivate(int sysno) {
|
| }
|
| #endif // defined(__arm__)
|
|
|
| +#if defined(__mips__)
|
| +bool SyscallSets::IsMipsPrivate(int sysno) {
|
| + switch (sysno) {
|
| + case __NR_cacheflush:
|
| + case __NR_cachectl:
|
| + return true;
|
| + default:
|
| + return false;
|
| + }
|
| +}
|
| +
|
| +bool SyscallSets::IsMipsMisc(int sysno) {
|
| + switch (sysno) {
|
| + case __NR_sysmips:
|
| + case __NR_unused150:
|
| + return true;
|
| + default:
|
| + return false;
|
| + }
|
| +}
|
| +#endif // defined(__mips__)
|
| } // namespace sandbox.
|
|
|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master