OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <sys/mman.h> | 8 #include <sys/mman.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 // non-ASan builds. | 113 // non-ASan builds. |
114 return Allow(); | 114 return Allow(); |
115 } | 115 } |
116 #endif // defined(ADDRESS_SANITIZER) || defined(THREAD_SANITIZER) || | 116 #endif // defined(ADDRESS_SANITIZER) || defined(THREAD_SANITIZER) || |
117 // defined(MEMORY_SANITIZER) | 117 // defined(MEMORY_SANITIZER) |
118 | 118 |
119 if (IsBaselinePolicyAllowed(sysno)) { | 119 if (IsBaselinePolicyAllowed(sysno)) { |
120 return Allow(); | 120 return Allow(); |
121 } | 121 } |
122 | 122 |
| 123 #if defined(__aarch64__) |
| 124 // These are needed for thread creation. |
| 125 // TODO(leecam): Check jln's fix for this and remove these 'allows'. |
| 126 if (sysno == __NR_sigaltstack || sysno == __NR_setpriority) |
| 127 return Allow(); |
| 128 #endif |
| 129 |
123 if (sysno == __NR_clone) { | 130 if (sysno == __NR_clone) { |
124 return RestrictCloneToThreadsAndEPERMFork(); | 131 return RestrictCloneToThreadsAndEPERMFork(); |
125 } | 132 } |
126 | 133 |
127 if (sysno == __NR_fcntl) | 134 if (sysno == __NR_fcntl) |
128 return RestrictFcntlCommands(); | 135 return RestrictFcntlCommands(); |
129 | 136 |
130 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 137 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
131 if (sysno == __NR_fcntl64) | 138 if (sysno == __NR_fcntl64) |
132 return RestrictFcntlCommands(); | 139 return RestrictFcntlCommands(); |
133 #endif | 140 #endif |
134 | 141 |
| 142 #if !defined(__aarch64__) |
135 // fork() is never used as a system call (clone() is used instead), but we | 143 // fork() is never used as a system call (clone() is used instead), but we |
136 // have seen it in fallback code on Android. | 144 // have seen it in fallback code on Android. |
137 if (sysno == __NR_fork) { | 145 if (sysno == __NR_fork) { |
138 return Error(EPERM); | 146 return Error(EPERM); |
139 } | 147 } |
| 148 #endif |
140 | 149 |
141 if (sysno == __NR_futex) | 150 if (sysno == __NR_futex) |
142 return RestrictFutex(); | 151 return RestrictFutex(); |
143 | 152 |
144 if (sysno == __NR_madvise) { | 153 if (sysno == __NR_madvise) { |
145 // Only allow MADV_DONTNEED (aka MADV_FREE). | 154 // Only allow MADV_DONTNEED (aka MADV_FREE). |
146 const Arg<int> advice(2); | 155 const Arg<int> advice(2); |
147 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM)); | 156 return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM)); |
148 } | 157 } |
149 | 158 |
150 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 159 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| 160 defined(__aarch64__) |
151 if (sysno == __NR_mmap) | 161 if (sysno == __NR_mmap) |
152 return RestrictMmapFlags(); | 162 return RestrictMmapFlags(); |
153 #endif | 163 #endif |
154 | 164 |
155 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 165 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
156 if (sysno == __NR_mmap2) | 166 if (sysno == __NR_mmap2) |
157 return RestrictMmapFlags(); | 167 return RestrictMmapFlags(); |
158 #endif | 168 #endif |
159 | 169 |
160 if (sysno == __NR_mprotect) | 170 if (sysno == __NR_mprotect) |
161 return RestrictMprotectFlags(); | 171 return RestrictMprotectFlags(); |
162 | 172 |
163 if (sysno == __NR_prctl) | 173 if (sysno == __NR_prctl) |
164 return sandbox::RestrictPrctl(); | 174 return sandbox::RestrictPrctl(); |
165 | 175 |
166 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) | 176 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| 177 defined(__aarch64__) |
167 if (sysno == __NR_socketpair) { | 178 if (sysno == __NR_socketpair) { |
168 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. | 179 // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. |
169 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); | 180 COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different); |
170 const Arg<int> domain(0); | 181 const Arg<int> domain(0); |
171 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS()); | 182 return If(domain == AF_UNIX, Allow()).Else(CrashSIGSYS()); |
172 } | 183 } |
173 #endif | 184 #endif |
174 | 185 |
175 if (SyscallSets::IsKill(sysno)) { | 186 if (SyscallSets::IsKill(sysno)) { |
176 return RestrictKillTarget(current_pid, sysno); | 187 return RestrictKillTarget(current_pid, sysno); |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
234 DCHECK_EQ(syscall(__NR_getpid), current_pid_); | 245 DCHECK_EQ(syscall(__NR_getpid), current_pid_); |
235 } | 246 } |
236 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); | 247 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); |
237 } | 248 } |
238 | 249 |
239 ResultExpr BaselinePolicy::InvalidSyscall() const { | 250 ResultExpr BaselinePolicy::InvalidSyscall() const { |
240 return CrashSIGSYS(); | 251 return CrashSIGSYS(); |
241 } | 252 } |
242 | 253 |
243 } // namespace sandbox. | 254 } // namespace sandbox. |
OLD | NEW |