Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(896)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

Issue 430363003: Linux sandbox: restrict setpriority() in baseline policy. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Better comment and rename. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc » ('j') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <sys/mman.h> 8 #include <sys/mman.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/syscall.h> 10 #include <sys/syscall.h>
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
143 // fork() is never used as a system call (clone() is used instead), but we 143 // fork() is never used as a system call (clone() is used instead), but we
144 // have seen it in fallback code on Android. 144 // have seen it in fallback code on Android.
145 if (sysno == __NR_fork) { 145 if (sysno == __NR_fork) {
146 return Error(EPERM); 146 return Error(EPERM);
147 } 147 }
148 #endif 148 #endif
149 149
150 if (sysno == __NR_futex) 150 if (sysno == __NR_futex)
151 return RestrictFutex(); 151 return RestrictFutex();
152 152
153 if (sysno == __NR_getpriority || sysno ==__NR_setpriority)
154 return RestrictGetSetpriority(current_pid);
155
153 if (sysno == __NR_madvise) { 156 if (sysno == __NR_madvise) {
154 // Only allow MADV_DONTNEED (aka MADV_FREE). 157 // Only allow MADV_DONTNEED (aka MADV_FREE).
155 const Arg<int> advice(2); 158 const Arg<int> advice(2);
156 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM)); 159 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM));
157 } 160 }
158 161
159 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ 162 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
160 defined(__aarch64__) 163 defined(__aarch64__)
161 if (sysno == __NR_mmap) 164 if (sysno == __NR_mmap)
162 return RestrictMmapFlags(); 165 return RestrictMmapFlags();
163 #endif 166 #endif
164 167
165 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 168 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
166 if (sysno == __NR_mmap2) 169 if (sysno == __NR_mmap2)
167 return RestrictMmapFlags(); 170 return RestrictMmapFlags();
168 #endif 171 #endif
169 172
170 if (sysno == __NR_mprotect) 173 if (sysno == __NR_mprotect)
171 return RestrictMprotectFlags(); 174 return RestrictMprotectFlags();
172 175
173 if (sysno == __NR_prctl) 176 if (sysno == __NR_prctl)
174 return sandbox::RestrictPrctl(); 177 return RestrictPrctl();
175 178
176 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 179 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
177 defined(__aarch64__) 180 defined(__aarch64__)
178 if (sysno == __NR_socketpair) { 181 if (sysno == __NR_socketpair) {
179 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. 182 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
180 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); 183 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different);
181 const Arg<int> domain(0); 184 const Arg<int> domain(0);
182 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS()); 185 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS());
183 } 186 }
184 #endif 187 #endif
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 DCHECK_EQ(syscall(__NR_getpid), current_pid_); 248 DCHECK_EQ(syscall(__NR_getpid), current_pid_);
246 } 249 }
247 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); 250 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno);
248 } 251 }
249 252
250 ResultExpr BaselinePolicy::InvalidSyscall() const { 253 ResultExpr BaselinePolicy::InvalidSyscall() const {
251 return CrashSIGSYS(); 254 return CrashSIGSYS();
252 } 255 }
253 256
254 } // namespace sandbox. 257 } // namespace sandbox.
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc » ('j') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698