| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <sys/mman.h> | 8 #include <sys/mman.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 45 SyscallSets::IsAllowedProcessStartOrDeath(sysno) || | 45 SyscallSets::IsAllowedProcessStartOrDeath(sysno) || |
| 46 SyscallSets::IsAllowedSignalHandling(sysno) || | 46 SyscallSets::IsAllowedSignalHandling(sysno) || |
| 47 SyscallSets::IsGetSimpleId(sysno) || | 47 SyscallSets::IsGetSimpleId(sysno) || |
| 48 SyscallSets::IsKernelInternalApi(sysno) || | 48 SyscallSets::IsKernelInternalApi(sysno) || |
| 49 #if defined(__arm__) | 49 #if defined(__arm__) |
| 50 SyscallSets::IsArmPrivate(sysno) || | 50 SyscallSets::IsArmPrivate(sysno) || |
| 51 #endif | 51 #endif |
| 52 #if defined(__mips__) | 52 #if defined(__mips__) |
| 53 SyscallSets::IsMipsPrivate(sysno) || | 53 SyscallSets::IsMipsPrivate(sysno) || |
| 54 #endif | 54 #endif |
| 55 SyscallSets::IsAllowedOperationOnFd(sysno); | 55 SyscallSets::IsAllowedOperationOnFd(sysno) || |
| 56 SyscallSets::IsSeccomp(sysno); |
| 56 } | 57 } |
| 57 | 58 |
| 58 // System calls that will trigger the crashing SIGSYS handler. | 59 // System calls that will trigger the crashing SIGSYS handler. |
| 59 bool IsBaselinePolicyWatched(int sysno) { | 60 bool IsBaselinePolicyWatched(int sysno) { |
| 60 return SyscallSets::IsAdminOperation(sysno) || | 61 return SyscallSets::IsAdminOperation(sysno) || |
| 61 SyscallSets::IsAdvancedScheduler(sysno) || | 62 SyscallSets::IsAdvancedScheduler(sysno) || |
| 62 SyscallSets::IsAdvancedTimer(sysno) || | 63 SyscallSets::IsAdvancedTimer(sysno) || |
| 63 SyscallSets::IsAsyncIo(sysno) || | 64 SyscallSets::IsAsyncIo(sysno) || |
| 64 SyscallSets::IsDebug(sysno) || | 65 SyscallSets::IsDebug(sysno) || |
| 65 SyscallSets::IsEventFd(sysno) || | 66 SyscallSets::IsEventFd(sysno) || |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 // defined(MEMORY_SANITIZER) | 118 // defined(MEMORY_SANITIZER) |
| 118 | 119 |
| 119 if (IsBaselinePolicyAllowed(sysno)) { | 120 if (IsBaselinePolicyAllowed(sysno)) { |
| 120 return Allow(); | 121 return Allow(); |
| 121 } | 122 } |
| 122 | 123 |
| 123 if (sysno == __NR_clone) { | 124 if (sysno == __NR_clone) { |
| 124 return RestrictCloneToThreadsAndEPERMFork(); | 125 return RestrictCloneToThreadsAndEPERMFork(); |
| 125 } | 126 } |
| 126 | 127 |
| 128 #if defined(__aarch64__) |
| 129 // These are needed for thread creation. |
| 130 // TODO(leecam): Check jln's fix for this and remove these 'allows'. |
| 131 if (sysno == __NR_sigaltstack || sysno == __NR_setpriority) |
| 132 return Allow(); |
| 133 #endif |
| 134 |
| 127 if (sysno == __NR_fcntl) | 135 if (sysno == __NR_fcntl) |
| 128 return RestrictFcntlCommands(); | 136 return RestrictFcntlCommands(); |
| 129 | 137 |
| 130 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 138 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 131 if (sysno == __NR_fcntl64) | 139 if (sysno == __NR_fcntl64) |
| 132 return RestrictFcntlCommands(); | 140 return RestrictFcntlCommands(); |
| 133 #endif | 141 #endif |
| 134 | 142 |
| 143 #if !defined(__aarch64__) |
| 135 // fork() is never used as a system call (clone() is used instead), but we | 144 // fork() is never used as a system call (clone() is used instead), but we |
| 136 // have seen it in fallback code on Android. | 145 // have seen it in fallback code on Android. |
| 137 if (sysno == __NR_fork) { | 146 if (sysno == __NR_fork) { |
| 138 return Error(EPERM); | 147 return Error(EPERM); |
| 139 } | 148 } |
| 149 #endif |
| 140 | 150 |
| 141 if (sysno == __NR_futex) | 151 if (sysno == __NR_futex) |
| 142 return RestrictFutex(); | 152 return RestrictFutex(); |
| 143 | 153 |
| 144 if (sysno == __NR_madvise) { | 154 if (sysno == __NR_madvise) { |
| 145 // Only allow MADV_DONTNEED (aka MADV_FREE). | 155 // Only allow MADV_DONTNEED (aka MADV_FREE). |
| 146 const Arg<int> advice(2); | 156 const Arg<int> advice(2); |
| 147 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM)); | 157 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM)); |
| 148 } | 158 } |
| 149 | 159 |
| 150 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 160 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| 161 defined(__aarch64__) |
| 151 if (sysno == __NR_mmap) | 162 if (sysno == __NR_mmap) |
| 152 return RestrictMmapFlags(); | 163 return RestrictMmapFlags(); |
| 153 #endif | 164 #endif |
| 154 | 165 |
| 155 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 166 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 156 if (sysno == __NR_mmap2) | 167 if (sysno == __NR_mmap2) |
| 157 return RestrictMmapFlags(); | 168 return RestrictMmapFlags(); |
| 158 #endif | 169 #endif |
| 159 | 170 |
| 160 if (sysno == __NR_mprotect) | 171 if (sysno == __NR_mprotect) |
| 161 return RestrictMprotectFlags(); | 172 return RestrictMprotectFlags(); |
| 162 | 173 |
| 163 if (sysno == __NR_prctl) | 174 if (sysno == __NR_prctl) |
| 164 return sandbox::RestrictPrctl(); | 175 return sandbox::RestrictPrctl(); |
| 165 | 176 |
| 166 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) | 177 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| 178 defined(__aarch64__) |
| 167 if (sysno == __NR_socketpair) { | 179 if (sysno == __NR_socketpair) { |
| 168 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. | 180 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. |
| 169 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); | 181 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); |
| 170 const Arg<int> domain(0); | 182 const Arg<int> domain(0); |
| 171 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS()); | 183 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS()); |
| 172 } | 184 } |
| 173 #endif | 185 #endif |
| 174 | 186 |
| 175 if (SyscallSets::IsKill(sysno)) { | 187 if (SyscallSets::IsKill(sysno)) { |
| 176 return RestrictKillTarget(current_pid, sysno); | 188 return RestrictKillTarget(current_pid, sysno); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 231 DCHECK_EQ(syscall(__NR_getpid), current_pid_); | 243 DCHECK_EQ(syscall(__NR_getpid), current_pid_); |
| 232 } | 244 } |
| 233 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); | 245 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); |
| 234 } | 246 } |
| 235 | 247 |
| 236 ResultExpr BaselinePolicy::InvalidSyscall() const { | 248 ResultExpr BaselinePolicy::InvalidSyscall() const { |
| 237 return CrashSIGSYS(); | 249 return CrashSIGSYS(); |
| 238 } | 250 } |
| 239 | 251 |
| 240 } // namespace sandbox. | 252 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 487143003:
sandbox: Add Arm64 support for seccomp-BPF (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src