| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(USE_SECCOMP_BPF) | 9 #if defined(USE_SECCOMP_BPF) |
| 10 | 10 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_; | 44 scoped_ptr<sandbox::SandboxBPFPolicy> baseline_policy_; |
| 45 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); | 45 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); |
| 46 }; | 46 }; |
| 47 | 47 |
| 48 sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( | 48 sandbox::ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( |
| 49 sandbox::SandboxBPF* sb, int sysno) const { | 49 sandbox::SandboxBPF* sb, int sysno) const { |
| 50 DCHECK(baseline_policy_); | 50 DCHECK(baseline_policy_); |
| 51 switch (sysno) { | 51 switch (sysno) { |
| 52 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, | 52 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, |
| 53 // see if it can be restricted a bit. | 53 // see if it can be restricted a bit. |
| 54 #if defined(__x86_64__) || defined(__arm__) | 54 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| 55 // transport_common.cc needs this. | 55 // transport_common.cc needs this. |
| 56 case __NR_accept: | 56 case __NR_accept: |
| 57 case __NR_setsockopt: | 57 case __NR_setsockopt: |
| 58 #elif defined(__i386__) | 58 #elif defined(__i386__) |
| 59 case __NR_socketcall: | 59 case __NR_socketcall: |
| 60 #endif | 60 #endif |
| 61 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is | 61 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is |
| 62 // used by NaCl's GDB debug stub. | 62 // used by NaCl's GDB debug stub. |
| 63 case __NR_rt_sigtimedwait: | 63 case __NR_rt_sigtimedwait: |
| 64 #if defined(__i386__) | 64 #if defined(__i386__) || defined(__mips__) |
| 65 // Needed on i386 to set-up the custom segments. | 65 // Needed on i386 to set-up the custom segments. |
| 66 case __NR_modify_ldt: | 66 case __NR_modify_ldt: |
| 67 #endif | 67 #endif |
| 68 // NaClAddrSpaceBeforeAlloc needs prlimit64. | 68 // NaClAddrSpaceBeforeAlloc needs prlimit64. |
| 69 case __NR_prlimit64: | 69 case __NR_prlimit64: |
| 70 // NaCl uses custom signal stacks. | 70 // NaCl uses custom signal stacks. |
| 71 case __NR_sigaltstack: | 71 case __NR_sigaltstack: |
| 72 // Below is fairly similar to the policy for a Chromium renderer. | 72 // Below is fairly similar to the policy for a Chromium renderer. |
| 73 #if defined(__i386__) || defined(__x86_64__) | 73 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 74 case __NR_getrlimit: | 74 case __NR_getrlimit: |
| 75 #endif | 75 #endif |
| 76 #if defined(__i386__) || defined(__arm__) | 76 #if defined(__i386__) || defined(__arm__) |
| 77 case __NR_ugetrlimit: | 77 case __NR_ugetrlimit: |
| 78 #endif | 78 #endif |
| 79 // NaCl runtime exposes clock_getres to untrusted code. | 79 // NaCl runtime exposes clock_getres to untrusted code. |
| 80 case __NR_clock_getres: | 80 case __NR_clock_getres: |
| 81 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. | 81 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. |
| 82 case __NR_flock: | 82 case __NR_flock: |
| 83 case __NR_pread64: | 83 case __NR_pread64: |
| (...skipping 29 matching lines...) Expand all Loading... |
| 113 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); | 113 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); |
| 114 CHECK_EQ(-1, ptrace_ret); | 114 CHECK_EQ(-1, ptrace_ret); |
| 115 // Without the sandbox on, this ptrace call would ESRCH instead. | 115 // Without the sandbox on, this ptrace call would ESRCH instead. |
| 116 CHECK_EQ(EPERM, errno); | 116 CHECK_EQ(EPERM, errno); |
| 117 } | 117 } |
| 118 | 118 |
| 119 } // namespace | 119 } // namespace |
| 120 | 120 |
| 121 #else | 121 #else |
| 122 | 122 |
| 123 #if !defined(ARCH_CPU_MIPS_FAMILY) | |
| 124 #error "Seccomp-bpf disabled on supported architecture!" | 123 #error "Seccomp-bpf disabled on supported architecture!" |
| 125 #endif // !defined(ARCH_CPU_MIPS_FAMILY) | |
| 126 | 124 |
| 127 #endif // defined(USE_SECCOMP_BPF) | 125 #endif // defined(USE_SECCOMP_BPF) |
| 128 | 126 |
| 129 bool InitializeBPFSandbox() { | 127 bool InitializeBPFSandbox() { |
| 130 #if defined(USE_SECCOMP_BPF) | 128 #if defined(USE_SECCOMP_BPF) |
| 131 bool sandbox_is_initialized = content::InitializeSandbox( | 129 bool sandbox_is_initialized = content::InitializeSandbox( |
| 132 scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy)); | 130 scoped_ptr<sandbox::SandboxBPFPolicy>(new NaClBPFSandboxPolicy)); |
| 133 if (sandbox_is_initialized) { | 131 if (sandbox_is_initialized) { |
| 134 RunSandboxSanityChecks(); | 132 RunSandboxSanityChecks(); |
| 135 return true; | 133 return true; |
| 136 } | 134 } |
| 137 #endif // defined(USE_SECCOMP_BPF) | 135 #endif // defined(USE_SECCOMP_BPF) |
| 138 return false; | 136 return false; |
| 139 } | 137 } |
| 140 | 138 |
| 141 } // namespace nacl | 139 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 409403003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master