OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(USE_SECCOMP_BPF) | 9 #if defined(USE_SECCOMP_BPF) |
10 | 10 |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_; | 44 scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_; |
45 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); | 45 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); |
46 }; | 46 }; |
47 | 47 |
48 sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( | 48 sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( |
49 sandbox::SandboxBPF* sb, int sysno) const { | 49 sandbox::SandboxBPF* sb, int sysno) const { |
50 DCHECK(baseline_policy_); | 50 DCHECK(baseline_policy_); |
51 switch (sysno) { | 51 switch (sysno) { |
52 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, | 52 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, |
53 // see if it can be restricted a bit. | 53 // see if it can be restricted a bit. |
54 #if defined(__x86_64__) || defined(__arm__) | 54 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
55 // transport_common.cc needs this. | 55 // transport_common.cc needs this. |
56 case __NR_accept: | 56 case __NR_accept: |
57 case __NR_setsockopt: | 57 case __NR_setsockopt: |
58 #elif defined(__i386__) | 58 #elif defined(__i386__) |
59 case __NR_socketcall: | 59 case __NR_socketcall: |
60 #endif | 60 #endif |
61 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is | 61 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is |
62 // used by NaCl's GDB debug stub. | 62 // used by NaCl's GDB debug stub. |
63 case __NR_rt_sigtimedwait: | 63 case __NR_rt_sigtimedwait: |
64 #if defined(__i386__) | 64 #if defined(__i386__) || defined(__mips__) |
65 // Needed on i386 to set-up the custom segments. | 65 // Needed on i386 to set-up the custom segments. |
66 case __NR_modify_ldt: | 66 case __NR_modify_ldt: |
67 #endif | 67 #endif |
68 // NaClAddrSpaceBeforeAlloc needs prlimit64. | 68 // NaClAddrSpaceBeforeAlloc needs prlimit64. |
69 case __NR_prlimit64: | 69 case __NR_prlimit64: |
70 // NaCl uses custom signal stacks. | 70 // NaCl uses custom signal stacks. |
71 case __NR_sigaltstack: | 71 case __NR_sigaltstack: |
72 // Below is fairly similar to the policy for a Chromium renderer. | 72 // Below is fairly similar to the policy for a Chromium renderer. |
73 #if defined(__i386__) || defined(__x86_64__) | 73 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
74 case __NR_getrlimit: | 74 case __NR_getrlimit: |
75 #endif | 75 #endif |
76 #if defined(__i386__) || defined(__arm__) | 76 #if defined(__i386__) || defined(__arm__) |
77 case __NR_ugetrlimit: | 77 case __NR_ugetrlimit: |
78 #endif | 78 #endif |
79 // NaCl runtime exposes clock_getres to untrusted code. | 79 // NaCl runtime exposes clock_getres to untrusted code. |
80 case __NR_clock_getres: | 80 case __NR_clock_getres: |
81 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. | 81 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. |
82 case __NR_flock: | 82 case __NR_flock: |
83 case __NR_pread64: | 83 case __NR_pread64: |
(...skipping 29 matching lines...) Expand all Loading... |
113 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); | 113 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); |
114 CHECK_EQ(-1, ptrace_ret); | 114 CHECK_EQ(-1, ptrace_ret); |
115 // Without the sandbox on, this ptrace call would ESRCH instead. | 115 // Without the sandbox on, this ptrace call would ESRCH instead. |
116 CHECK_EQ(EPERM, errno); | 116 CHECK_EQ(EPERM, errno); |
117 } | 117 } |
118 | 118 |
119 } // namespace | 119 } // namespace |
120 | 120 |
121 #else | 121 #else |
122 | 122 |
123 #if !defined(ARCH_CPU_MIPS_FAMILY) | |
124 #error "Seccomp-bpf disabled on supported architecture!" | 123 #error "Seccomp-bpf disabled on supported architecture!" |
125 #endif // !defined(ARCH_CPU_MIPS_FAMILY) | |
126 | 124 |
127 #endif // defined(USE_SECCOMP_BPF) | 125 #endif // defined(USE_SECCOMP_BPF) |
128 | 126 |
129 bool InitializeBPFSandbox() { | 127 bool InitializeBPFSandbox() { |
130 #if defined(USE_SECCOMP_BPF) | 128 #if defined(USE_SECCOMP_BPF) |
131 bool sandbox_is_initialized = content::InitializeSandbox( | 129 bool sandbox_is_initialized = content::InitializeSandbox( |
132 scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy)); | 130 scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy)); |
133 if (sandbox_is_initialized) { | 131 if (sandbox_is_initialized) { |
134 RunSandboxSanityChecks(); | 132 RunSandboxSanityChecks(); |
135 return true; | 133 return true; |
136 } | 134 } |
137 #endif // defined(USE_SECCOMP_BPF) | 135 #endif // defined(USE_SECCOMP_BPF) |
138 return false; | 136 return false; |
139 } | 137 } |
140 | 138 |
141 } // namespace nacl | 139 } // namespace nacl |
OLD | NEW |