Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(783)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

Issue 272083002: Linux NaCl BPF sandbox : restrict clone() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <sys/ptrace.h> 9 #include <sys/ptrace.h>
10 10
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 67
68 private: 68 private:
69 scoped_ptr<SandboxBPFPolicy> baseline_policy_; 69 scoped_ptr<SandboxBPFPolicy> baseline_policy_;
70 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); 70 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy);
71 }; 71 };
72 72
73 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( 73 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
74 sandbox::SandboxBPF* sb, int sysno) const { 74 sandbox::SandboxBPF* sb, int sysno) const {
75 DCHECK(baseline_policy_); 75 DCHECK(baseline_policy_);
76 switch (sysno) { 76 switch (sysno) {
77 case __NR_clone: // TODO(jln): restrict parameters.
78 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, 77 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls,
79 // see if it can be restricted a bit. 78 // see if it can be restricted a bit.
80 #if defined(__x86_64__) || defined(__arm__) 79 #if defined(__x86_64__) || defined(__arm__)
81 // transport_common.cc needs this. 80 // transport_common.cc needs this.
82 case __NR_accept: 81 case __NR_accept:
83 case __NR_setsockopt: 82 case __NR_setsockopt:
84 #elif defined(__i386__) 83 #elif defined(__i386__)
85 case __NR_socketcall: 84 case __NR_socketcall:
86 #endif 85 #endif
87 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is 86 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is
88 // used by NaCl's GDB debug stub. 87 // used by NaCl's GDB debug stub.
89 case __NR_rt_sigtimedwait: 88 case __NR_rt_sigtimedwait:
90 #if defined(__i386__) 89 #if defined(__i386__)
91 // Needed on i386 to set-up the custom segments. 90 // Needed on i386 to set-up the custom segments.
92 case __NR_modify_ldt: 91 case __NR_modify_ldt:
93 #endif 92 #endif
94 // NaClAddrSpaceBeforeAlloc needs prlimit64. 93 // NaClAddrSpaceBeforeAlloc needs prlimit64.
95 case __NR_prlimit64: 94 case __NR_prlimit64:
96 // NaCl uses custom signal stacks. 95 // NaCl uses custom signal stacks.
97 case __NR_sigaltstack: 96 case __NR_sigaltstack:
98 // Below is fairly similar to the policy for a Chromium renderer. 97 // Below is fairly similar to the policy for a Chromium renderer.
99 // TODO(jln): restrict clone(), ioctl() and prctl(). 98 // TODO(jln): restrict ioctl() and prctl().
100 case __NR_ioctl: 99 case __NR_ioctl:
101 #if defined(__i386__) || defined(__x86_64__) 100 #if defined(__i386__) || defined(__x86_64__)
102 case __NR_getrlimit: 101 case __NR_getrlimit:
103 #endif 102 #endif
104 #if defined(__i386__) || defined(__arm__) 103 #if defined(__i386__) || defined(__arm__)
105 case __NR_ugetrlimit: 104 case __NR_ugetrlimit:
106 #endif 105 #endif
107 // NaCl runtime exposes clock_getres to untrusted code. 106 // NaCl runtime exposes clock_getres to untrusted code.
108 case __NR_clock_getres: 107 case __NR_clock_getres:
109 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. 108 // NaCl runtime uses flock to simulate POSIX behavior for pwrite.
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
170 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy())); 169 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy()));
171 if (sandbox_is_initialized) { 170 if (sandbox_is_initialized) {
172 RunSandboxSanityChecks(); 171 RunSandboxSanityChecks();
173 return true; 172 return true;
174 } 173 }
175 #endif // defined(USE_SECCOMP_BPF) 174 #endif // defined(USE_SECCOMP_BPF)
176 return false; 175 return false;
177 } 176 }
178 177
179 } // namespace nacl 178 } // namespace nacl
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698