OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <fcntl.h> | 9 #include <fcntl.h> |
10 #include <linux/net.h> | 10 #include <linux/net.h> |
(...skipping 17 matching lines...) Expand all Loading... |
28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
29 #endif | 29 #endif |
30 #endif | 30 #endif |
31 | 31 |
32 #if defined(__arm__) && !defined(MAP_STACK) | 32 #if defined(__arm__) && !defined(MAP_STACK) |
33 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 33 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
34 #endif | 34 #endif |
35 | 35 |
36 namespace { | 36 namespace { |
37 | 37 |
38 inline bool RunningOnASAN() { | |
39 #if defined(ADDRESS_SANITIZER) | |
40 return true; | |
41 #else | |
42 return false; | |
43 #endif | |
44 } | |
45 | |
46 inline bool IsArchitectureX86_64() { | 38 inline bool IsArchitectureX86_64() { |
47 #if defined(__x86_64__) | 39 #if defined(__x86_64__) |
48 return true; | 40 return true; |
49 #else | 41 #else |
50 return false; | 42 return false; |
51 #endif | 43 #endif |
52 } | 44 } |
53 | 45 |
54 inline bool IsArchitectureI386() { | 46 inline bool IsArchitectureI386() { |
55 #if defined(__i386__) | 47 #if defined(__i386__) |
56 return true; | 48 return true; |
57 #else | 49 #else |
58 return false; | 50 return false; |
59 #endif | 51 #endif |
60 } | 52 } |
61 | 53 |
62 } // namespace. | 54 } // namespace. |
63 | 55 |
64 namespace sandbox { | 56 namespace sandbox { |
65 | 57 |
66 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { | 58 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { |
67 // Glibc's pthread. | 59 // Glibc's pthread. |
68 // TODO(jln): fix this on ASAN. | 60 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
69 if (!RunningOnASAN()) { | 61 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | |
70 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 62 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS | |
71 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | | 63 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID, |
72 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS | | 64 ErrorCode(ErrorCode::ERR_ALLOWED), |
73 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID, | 65 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
74 ErrorCode(ErrorCode::ERR_ALLOWED), | 66 CLONE_PARENT_SETTID | SIGCHLD, |
75 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 67 ErrorCode(EPERM), |
76 CLONE_PARENT_SETTID | SIGCHLD, | 68 // ARM |
77 ErrorCode(EPERM), | 69 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
78 // ARM | 70 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, |
79 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 71 ErrorCode(EPERM), |
80 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, | 72 sandbox->Trap(SIGSYSCloneFailure, NULL)))); |
81 ErrorCode(EPERM), | |
82 sandbox->Trap(SIGSYSCloneFailure, NULL)))); | |
83 } else { | |
84 return ErrorCode(ErrorCode::ERR_ALLOWED); | |
85 } | |
86 } | 73 } |
87 | 74 |
88 ErrorCode RestrictPrctl(SandboxBPF* sandbox) { | 75 ErrorCode RestrictPrctl(SandboxBPF* sandbox) { |
89 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is | 76 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is |
90 // used by breakpad but not needed anymore. | 77 // used by breakpad but not needed anymore. |
91 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 78 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
92 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED), | 79 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED), |
93 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 80 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
94 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED), | 81 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED), |
95 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 82 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), | 193 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), |
207 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 194 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
208 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 195 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
209 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 196 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
210 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 197 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
211 ErrorCode(EPERM))))))))); | 198 ErrorCode(EPERM))))))))); |
212 } | 199 } |
213 #endif | 200 #endif |
214 | 201 |
215 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { | 202 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { |
216 if (!RunningOnASAN()) { | 203 switch (sysno) { |
217 switch (sysno) { | 204 case __NR_kill: |
218 case __NR_kill: | 205 case __NR_tgkill: |
219 case __NR_tgkill: | 206 return sandbox->Cond(0, |
220 return sandbox->Cond(0, | 207 ErrorCode::TP_32BIT, |
221 ErrorCode::TP_32BIT, | 208 ErrorCode::OP_EQUAL, |
222 ErrorCode::OP_EQUAL, | 209 target_pid, |
223 target_pid, | 210 ErrorCode(ErrorCode::ERR_ALLOWED), |
224 ErrorCode(ErrorCode::ERR_ALLOWED), | 211 sandbox->Trap(SIGSYSKillFailure, NULL)); |
225 sandbox->Trap(SIGSYSKillFailure, NULL)); | 212 case __NR_tkill: |
226 case __NR_tkill: | 213 return sandbox->Trap(SIGSYSKillFailure, NULL); |
227 return sandbox->Trap(SIGSYSKillFailure, NULL); | 214 default: |
228 default: | 215 NOTREACHED(); |
229 NOTREACHED(); | 216 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
230 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | |
231 } | |
232 } else { | |
233 switch (sysno) { | |
234 case __NR_kill: | |
235 case __NR_tgkill: | |
236 case __NR_tkill: | |
237 // On ASAN, fork() is not properly denied. This could lead to the | |
238 // strange failures we're observing with this policy on ASAN. | |
239 // TODO(jln): fix this. | |
240 return ErrorCode(ErrorCode::ERR_ALLOWED); | |
241 default: | |
242 NOTREACHED(); | |
243 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | |
244 } | |
245 } | 217 } |
246 } | 218 } |
247 | 219 |
248 } // namespace sandbox. | 220 } // namespace sandbox. |
OLD | NEW |