Chromium Code Reviews Chromium Code Reviews
Issue 487143003:
sandbox: Add Arm64 support for seccomp-BPF (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc |
| diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc |
| index f31695ffe4c15b7760615d263f20555249848169..9b701653b70ba0e747c8e9de8dfe1681d3ebc26a 100644 |
| --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc |
| +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc |
| @@ -76,6 +76,7 @@ bool SyscallSets::IsUmask(int sysno) { |
| // Both EPERM and ENOENT are valid errno unless otherwise noted in comment. |
| bool SyscallSets::IsFileSystem(int sysno) { |
| switch (sysno) { |
| +#if !defined(__aarch64__) |
|
jln (very slow on Chromium)
2014/08/21 19:04:53
Alphabetical order is important.
But I also under
leecam
2014/08/22 10:44:17
Done
|
| case __NR_access: // EPERM not a valid errno. |
| case __NR_chmod: |
| case __NR_chown: |
| @@ -83,42 +84,48 @@ bool SyscallSets::IsFileSystem(int sysno) { |
| case __NR_chown32: |
| #endif |
| case __NR_creat: |
| + case __NR_futimesat: // Should be called utimesat ? |
| + case __NR_lchown: |
| + case __NR_link: |
| + case __NR_lstat: // EPERM not a valid errno. |
| + case __NR_mkdir: |
| + case __NR_mknod: |
| + case __NR_open: |
| + case __NR_readlink: // EPERM not a valid errno. |
| + case __NR_rename: |
| + case __NR_rmdir: |
| + case __NR_stat: // EPERM not a valid errno. |
| + case __NR_symlink: |
| + case __NR_unlink: |
| + case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. |
| + case __NR_ustat: // Same as above. Deprecated. |
| + case __NR_utimes: |
| +#endif |
| case __NR_execve: |
| case __NR_faccessat: // EPERM not a valid errno. |
| case __NR_fchmodat: |
| case __NR_fchownat: // Should be called chownat ? |
| -#if defined(__x86_64__) |
| +#if defined(__x86_64__) || defined(__aarch64__) |
| case __NR_newfstatat: // fstatat(). EPERM not a valid errno. |
| #elif defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_fstatat64: |
| #endif |
| - case __NR_futimesat: // Should be called utimesat ? |
| - case __NR_lchown: |
| #if defined(__i386__) || defined(__arm__) |
| case __NR_lchown32: |
| #endif |
| - case __NR_link: |
| case __NR_linkat: |
| case __NR_lookup_dcookie: // ENOENT not a valid errno. |
| - case __NR_lstat: // EPERM not a valid errno. |
| #if defined(__i386__) |
| case __NR_oldlstat: |
| #endif |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_lstat64: |
| #endif |
| - case __NR_mkdir: |
| case __NR_mkdirat: |
| - case __NR_mknod: |
| case __NR_mknodat: |
| - case __NR_open: |
| case __NR_openat: |
| - case __NR_readlink: // EPERM not a valid errno. |
| case __NR_readlinkat: |
| - case __NR_rename: |
| case __NR_renameat: |
| - case __NR_rmdir: |
| - case __NR_stat: // EPERM not a valid errno. |
| #if defined(__i386__) |
| case __NR_oldstat: |
| #endif |
| @@ -129,21 +136,17 @@ bool SyscallSets::IsFileSystem(int sysno) { |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_statfs64: |
| #endif |
| - case __NR_symlink: |
| case __NR_symlinkat: |
| case __NR_truncate: |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_truncate64: |
| #endif |
| - case __NR_unlink: |
| case __NR_unlinkat: |
| - case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. |
| - case __NR_ustat: // Same as above. Deprecated. |
| #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| case __NR_utime: |
| #endif |
| case __NR_utimensat: // New. |
| - case __NR_utimes: |
| + |
| return true; |
| default: |
| return false; |
| @@ -177,7 +180,8 @@ bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { |
| #if defined(__i386__) |
| case __NR_oldfstat: |
| #endif |
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_sync_file_range: // EPERM not a valid errno. |
| #elif defined(__arm__) |
| case __NR_arm_sync_file_range: // EPERM not a valid errno. |
| @@ -200,7 +204,9 @@ bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_ftruncate64: |
| #endif |
| +#if !defined(__aarch64__) |
| case __NR_getdents: // EPERM not a valid errno. |
| +#endif |
| case __NR_getdents64: // EPERM not a valid errno. |
| #if defined(__i386__) || defined(__mips__) |
| case __NR_readdir: |
| @@ -276,7 +282,9 @@ bool SyscallSets::IsProcessPrivilegeChange(int sysno) { |
| bool SyscallSets::IsProcessGroupOrSession(int sysno) { |
| switch (sysno) { |
| case __NR_setpgid: |
| +#if !defined(__aarch64__) |
| case __NR_getpgrp: |
| +#endif |
| case __NR_setsid: |
| case __NR_getpgid: |
| return true; |
| @@ -302,7 +310,9 @@ bool SyscallSets::IsAllowedSignalHandling(int sysno) { |
| case __NR_rt_sigtimedwait: |
| case __NR_rt_tgsigqueueinfo: |
| case __NR_sigaltstack: |
| +#if !defined(__aarch64__) |
| case __NR_signalfd: |
| +#endif |
| case __NR_signalfd4: |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR_sigpending: |
| @@ -322,9 +332,12 @@ bool SyscallSets::IsAllowedOperationOnFd(int sysno) { |
| switch (sysno) { |
| case __NR_close: |
| case __NR_dup: |
| +#if !defined(__aarch64__) |
| case __NR_dup2: |
| +#endif |
| case __NR_dup3: |
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_shutdown: |
| #endif |
| return true; |
| @@ -362,7 +375,9 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { |
| return true; |
| case __NR_clone: // Should be parameter-restricted. |
| case __NR_setns: // Privileged. |
| +#if !defined(__aarch64__) |
| case __NR_fork: |
| +#endif |
| #if defined(__i386__) || defined(__x86_64__) |
| case __NR_get_thread_area: |
| #endif |
| @@ -371,7 +386,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { |
| #endif |
| case __NR_set_tid_address: |
| case __NR_unshare: |
| -#if !defined(__mips__) |
| +#if !defined(__mips__) && !defined(__aarch64__) |
| case __NR_vfork: |
| #endif |
| default: |
| @@ -393,10 +408,12 @@ bool SyscallSets::IsAllowedFutex(int sysno) { |
| bool SyscallSets::IsAllowedEpoll(int sysno) { |
| switch (sysno) { |
| +#if !defined(__aarch64__) |
| case __NR_epoll_create: |
| + case __NR_epoll_wait: |
| +#endif |
| case __NR_epoll_create1: |
| case __NR_epoll_ctl: |
| - case __NR_epoll_wait: |
| return true; |
| default: |
| #if defined(__x86_64__) |
| @@ -412,11 +429,14 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { |
| bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) { |
| switch (sysno) { |
| +#if !defined(__aarch64__) |
| case __NR_pipe: |
| +#endif |
| case __NR_pipe2: |
| return true; |
| default: |
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_socketpair: // We will want to inspect its argument. |
| #endif |
| return false; |
| @@ -425,7 +445,8 @@ bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) { |
| bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { |
| switch (sysno) { |
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_accept: |
| case __NR_accept4: |
| case __NR_bind: |
| @@ -475,7 +496,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { |
| case __NR_madvise: |
| case __NR_mincore: |
| case __NR_mlockall: |
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_mmap: |
| #endif |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| @@ -505,7 +527,9 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { |
| #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| case __NR__llseek: |
| #endif |
| +#if !defined(__aarch64__) |
| case __NR_poll: |
| +#endif |
| case __NR_ppoll: |
| case __NR_pselect6: |
| case __NR_read: |
| @@ -513,7 +537,8 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { |
| #if defined(__arm__) || defined(__mips__) |
| case __NR_recv: |
| #endif |
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_recvfrom: // Could specify source. |
| case __NR_recvmsg: // Could specify source. |
| #endif |
| @@ -526,7 +551,8 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) { |
| #if defined(__arm__) |
| case __NR_send: |
| #endif |
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_sendmsg: // Could specify destination. |
| case __NR_sendto: // Could specify destination. |
| #endif |
| @@ -564,10 +590,23 @@ bool SyscallSets::IsPrctl(int sysno) { |
| } |
| } |
| +bool SyscallSets::IsSeccomp(int sysno) { |
|
jln (very slow on Chromium)
2014/08/21 19:04:53
I don't think we need this for now, right?
If we
leecam
2014/08/22 10:44:17
Moved to another CL
|
| + switch (sysno) { |
| +#if defined(__NR_seccomp) && defined(__aarch64__) |
| + case __NR_seccomp: |
| + return true; |
| +#endif |
| + default: |
| + return false; |
| + } |
| +} |
| + |
| bool SyscallSets::IsAllowedBasicScheduler(int sysno) { |
| switch (sysno) { |
| case __NR_sched_yield: |
| +#if !defined(__aarch64__) |
| case __NR_pause: |
|
jln (very slow on Chromium)
2014/08/21 19:04:53
I didn't realize that pause() was deprecated. Is i
leecam
2014/08/22 10:44:17
Yeah glibc just calls sigsuspend().
|
| +#endif |
| case __NR_nanosleep: |
| return true; |
| case __NR_getpriority: |
| @@ -605,6 +644,9 @@ bool SyscallSets::IsKernelModule(int sysno) { |
| #endif |
| case __NR_delete_module: |
| case __NR_init_module: |
| +#if defined(__aarch64__) |
| + case __NR_finit_module: |
|
jln (very slow on Chromium)
2014/08/21 19:04:53
This is not AARCH64 specific. Maybe add any missin
leecam
2014/08/22 10:44:17
Moved to another CL
|
| +#endif |
| return true; |
| default: |
| return false; |
| @@ -644,7 +686,8 @@ bool SyscallSets::IsNuma(int sysno) { |
| case __NR_get_mempolicy: |
| case __NR_getcpu: |
| case __NR_mbind: |
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_migrate_pages: |
| #endif |
| case __NR_move_pages: |
| @@ -672,7 +715,8 @@ bool SyscallSets::IsMessageQueue(int sysno) { |
| bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { |
| switch (sysno) { |
| case __NR_acct: // Privileged. |
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_getrlimit: |
| #endif |
| #if defined(__i386__) || defined(__arm__) |
| @@ -697,7 +741,8 @@ bool SyscallSets::IsDebug(int sysno) { |
| case __NR_ptrace: |
| case __NR_process_vm_readv: |
| case __NR_process_vm_writev: |
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ |
| + defined(__aarch64__) |
| case __NR_kcmp: |
| #endif |
| return true; |
| @@ -708,8 +753,10 @@ bool SyscallSets::IsDebug(int sysno) { |
| bool SyscallSets::IsGlobalSystemStatus(int sysno) { |
| switch (sysno) { |
| +#if !defined(__aarch64__) |
| case __NR__sysctl: |
| case __NR_sysfs: |
| +#endif |
| case __NR_sysinfo: |
| case __NR_uname: |
| #if defined(__i386__) |
| @@ -724,7 +771,9 @@ bool SyscallSets::IsGlobalSystemStatus(int sysno) { |
| bool SyscallSets::IsEventFd(int sysno) { |
| switch (sysno) { |
| +#if !defined(__aarch64__) |
| case __NR_eventfd: |
| +#endif |
| case __NR_eventfd2: |
| return true; |
| default: |
| @@ -757,7 +806,7 @@ bool SyscallSets::IsKeyManagement(int sysno) { |
| } |
| } |
| -#if defined(__x86_64__) || defined(__arm__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| bool SyscallSets::IsSystemVSemaphores(int sysno) { |
| switch (sysno) { |
| case __NR_semctl: |
| @@ -771,7 +820,7 @@ bool SyscallSets::IsSystemVSemaphores(int sysno) { |
| } |
| #endif |
| -#if defined(__x86_64__) || defined(__arm__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| // These give a lot of ambient authority and bypass the setuid sandbox. |
| bool SyscallSets::IsSystemVSharedMemory(int sysno) { |
| switch (sysno) { |
| @@ -786,7 +835,7 @@ bool SyscallSets::IsSystemVSharedMemory(int sysno) { |
| } |
| #endif |
| -#if defined(__x86_64__) || defined(__arm__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| bool SyscallSets::IsSystemVMessageQueue(int sysno) { |
| switch (sysno) { |
| case __NR_msgctl: |
| @@ -813,7 +862,7 @@ bool SyscallSets::IsSystemVIpc(int sysno) { |
| #endif |
| bool SyscallSets::IsAnySystemV(int sysno) { |
| -#if defined(__x86_64__) || defined(__arm__) |
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
| return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || |
| IsSystemVSharedMemory(sysno); |
| #elif defined(__i386__) || defined(__mips__) |
| @@ -843,7 +892,9 @@ bool SyscallSets::IsAdvancedScheduler(int sysno) { |
| bool SyscallSets::IsInotify(int sysno) { |
| switch (sysno) { |
| case __NR_inotify_add_watch: |
| +#if !defined(__aarch64__) |
| case __NR_inotify_init: |
| +#endif |
| case __NR_inotify_init1: |
| case __NR_inotify_rm_watch: |
| return true; |
| @@ -950,7 +1001,9 @@ bool SyscallSets::IsMisc(int sysno) { |
| #if defined(__x86_64__) |
| case __NR_tuxcall: |
| #endif |
| +#if !defined(__aarch64__) |
| case __NR_vserver: |
| +#endif |
| return true; |
| default: |
| return false; |
