| Index: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| index 1adc465ff78c88dafee43d42444c25717178698e..c0a720a3b6fb0bf86d2c6c1fdf6e1b4c086530ba 100644
|
| --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
| @@ -76,6 +76,7 @@ bool SyscallSets::IsUmask(int sysno) {
|
| // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
|
| bool SyscallSets::IsFileSystem(int sysno) {
|
| switch (sysno) {
|
| +#if !defined(__aarch64__)
|
| case __NR_access: // EPERM not a valid errno.
|
| case __NR_chmod:
|
| case __NR_chown:
|
| @@ -83,49 +84,55 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| case __NR_chown32:
|
| #endif
|
| case __NR_creat:
|
| + case __NR_futimesat: // Should be called utimesat ?
|
| + case __NR_lchown:
|
| + case __NR_link:
|
| + case __NR_lstat: // EPERM not a valid errno.
|
| + case __NR_mkdir:
|
| + case __NR_mknod:
|
| + case __NR_open:
|
| + case __NR_readlink: // EPERM not a valid errno.
|
| + case __NR_rename:
|
| + case __NR_rmdir:
|
| + case __NR_stat: // EPERM not a valid errno.
|
| + case __NR_symlink:
|
| + case __NR_unlink:
|
| + case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
|
| + case __NR_ustat: // Same as above. Deprecated.
|
| + case __NR_utimes:
|
| +#endif // !defined(__aarch64__)
|
| +
|
| case __NR_execve:
|
| case __NR_faccessat: // EPERM not a valid errno.
|
| case __NR_fchmodat:
|
| case __NR_fchownat: // Should be called chownat ?
|
| -#if defined(__x86_64__)
|
| +#if defined(__x86_64__) || defined(__aarch64__)
|
| case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
|
| #elif defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_fstatat64:
|
| #endif
|
| - case __NR_futimesat: // Should be called utimesat ?
|
| - case __NR_lchown:
|
| #if defined(__i386__) || defined(__arm__)
|
| case __NR_lchown32:
|
| #endif
|
| - case __NR_link:
|
| case __NR_linkat:
|
| case __NR_lookup_dcookie: // ENOENT not a valid errno.
|
| - case __NR_lstat: // EPERM not a valid errno.
|
| -#if defined(__i386__)
|
| - case __NR_oldlstat:
|
| -#endif
|
| +
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_lstat64:
|
| #endif
|
| -#if !defined(__mips__)
|
| +#if defined(__i386__) || defined(__arm__) || defined(__x86_64__)
|
| case __NR_memfd_create:
|
| #endif
|
| - case __NR_mkdir:
|
| case __NR_mkdirat:
|
| - case __NR_mknod:
|
| case __NR_mknodat:
|
| - case __NR_open:
|
| +#if defined(__i386__)
|
| + case __NR_oldlstat:
|
| + case __NR_oldstat:
|
| +#endif
|
| case __NR_openat:
|
| - case __NR_readlink: // EPERM not a valid errno.
|
| case __NR_readlinkat:
|
| - case __NR_rename:
|
| case __NR_renameat:
|
| case __NR_renameat2:
|
| - case __NR_rmdir:
|
| - case __NR_stat: // EPERM not a valid errno.
|
| -#if defined(__i386__)
|
| - case __NR_oldstat:
|
| -#endif
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_stat64:
|
| #endif
|
| @@ -133,21 +140,16 @@ bool SyscallSets::IsFileSystem(int sysno) {
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_statfs64:
|
| #endif
|
| - case __NR_symlink:
|
| case __NR_symlinkat:
|
| case __NR_truncate:
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_truncate64:
|
| #endif
|
| - case __NR_unlink:
|
| case __NR_unlinkat:
|
| - case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
|
| - case __NR_ustat: // Same as above. Deprecated.
|
| #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| case __NR_utime:
|
| #endif
|
| case __NR_utimensat: // New.
|
| - case __NR_utimes:
|
| return true;
|
| default:
|
| return false;
|
| @@ -181,7 +183,8 @@ bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) {
|
| #if defined(__i386__)
|
| case __NR_oldfstat:
|
| #endif
|
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_sync_file_range: // EPERM not a valid errno.
|
| #elif defined(__arm__)
|
| case __NR_arm_sync_file_range: // EPERM not a valid errno.
|
| @@ -204,7 +207,9 @@ bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) {
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_ftruncate64:
|
| #endif
|
| +#if !defined(__aarch64__)
|
| case __NR_getdents: // EPERM not a valid errno.
|
| +#endif
|
| case __NR_getdents64: // EPERM not a valid errno.
|
| #if defined(__i386__) || defined(__mips__)
|
| case __NR_readdir:
|
| @@ -280,7 +285,9 @@ bool SyscallSets::IsProcessPrivilegeChange(int sysno) {
|
| bool SyscallSets::IsProcessGroupOrSession(int sysno) {
|
| switch (sysno) {
|
| case __NR_setpgid:
|
| +#if !defined(__aarch64__)
|
| case __NR_getpgrp:
|
| +#endif
|
| case __NR_setsid:
|
| case __NR_getpgid:
|
| return true;
|
| @@ -306,7 +313,9 @@ bool SyscallSets::IsAllowedSignalHandling(int sysno) {
|
| case __NR_rt_sigtimedwait:
|
| case __NR_rt_tgsigqueueinfo:
|
| case __NR_sigaltstack:
|
| +#if !defined(__aarch64__)
|
| case __NR_signalfd:
|
| +#endif
|
| case __NR_signalfd4:
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR_sigpending:
|
| @@ -326,9 +335,12 @@ bool SyscallSets::IsAllowedOperationOnFd(int sysno) {
|
| switch (sysno) {
|
| case __NR_close:
|
| case __NR_dup:
|
| +#if !defined(__aarch64__)
|
| case __NR_dup2:
|
| +#endif
|
| case __NR_dup3:
|
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_shutdown:
|
| #endif
|
| return true;
|
| @@ -366,7 +378,9 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
|
| return true;
|
| case __NR_clone: // Should be parameter-restricted.
|
| case __NR_setns: // Privileged.
|
| +#if !defined(__aarch64__)
|
| case __NR_fork:
|
| +#endif
|
| #if defined(__i386__) || defined(__x86_64__)
|
| case __NR_get_thread_area:
|
| #endif
|
| @@ -375,7 +389,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
|
| #endif
|
| case __NR_set_tid_address:
|
| case __NR_unshare:
|
| -#if !defined(__mips__)
|
| +#if !defined(__mips__) && !defined(__aarch64__)
|
| case __NR_vfork:
|
| #endif
|
| default:
|
| @@ -397,10 +411,12 @@ bool SyscallSets::IsAllowedFutex(int sysno) {
|
|
|
| bool SyscallSets::IsAllowedEpoll(int sysno) {
|
| switch (sysno) {
|
| +#if !defined(__aarch64__)
|
| case __NR_epoll_create:
|
| + case __NR_epoll_wait:
|
| +#endif
|
| case __NR_epoll_create1:
|
| case __NR_epoll_ctl:
|
| - case __NR_epoll_wait:
|
| return true;
|
| default:
|
| #if defined(__x86_64__)
|
| @@ -416,11 +432,14 @@ bool SyscallSets::IsAllowedEpoll(int sysno) {
|
|
|
| bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
|
| switch (sysno) {
|
| +#if !defined(__aarch64__)
|
| case __NR_pipe:
|
| +#endif
|
| case __NR_pipe2:
|
| return true;
|
| default:
|
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_socketpair: // We will want to inspect its argument.
|
| #endif
|
| return false;
|
| @@ -429,7 +448,8 @@ bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
|
|
|
| bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
|
| switch (sysno) {
|
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_accept:
|
| case __NR_accept4:
|
| case __NR_bind:
|
| @@ -479,7 +499,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
|
| case __NR_madvise:
|
| case __NR_mincore:
|
| case __NR_mlockall:
|
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_mmap:
|
| #endif
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| @@ -509,7 +530,9 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| #if defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| case __NR__llseek:
|
| #endif
|
| +#if !defined(__aarch64__)
|
| case __NR_poll:
|
| +#endif
|
| case __NR_ppoll:
|
| case __NR_pselect6:
|
| case __NR_read:
|
| @@ -517,7 +540,8 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| #if defined(__arm__) || defined(__mips__)
|
| case __NR_recv:
|
| #endif
|
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_recvfrom: // Could specify source.
|
| case __NR_recvmsg: // Could specify source.
|
| #endif
|
| @@ -530,7 +554,8 @@ bool SyscallSets::IsAllowedGeneralIo(int sysno) {
|
| #if defined(__arm__)
|
| case __NR_send:
|
| #endif
|
| -#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_sendmsg: // Could specify destination.
|
| case __NR_sendto: // Could specify destination.
|
| #endif
|
| @@ -580,7 +605,9 @@ bool SyscallSets::IsSeccomp(int sysno) {
|
| bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
|
| switch (sysno) {
|
| case __NR_sched_yield:
|
| +#if !defined(__aarch64__)
|
| case __NR_pause:
|
| +#endif
|
| case __NR_nanosleep:
|
| return true;
|
| case __NR_getpriority:
|
| @@ -658,7 +685,8 @@ bool SyscallSets::IsNuma(int sysno) {
|
| case __NR_get_mempolicy:
|
| case __NR_getcpu:
|
| case __NR_mbind:
|
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_migrate_pages:
|
| #endif
|
| case __NR_move_pages:
|
| @@ -686,7 +714,8 @@ bool SyscallSets::IsMessageQueue(int sysno) {
|
| bool SyscallSets::IsGlobalProcessEnvironment(int sysno) {
|
| switch (sysno) {
|
| case __NR_acct: // Privileged.
|
| -#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
|
| +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
|
| + defined(__aarch64__)
|
| case __NR_getrlimit:
|
| #endif
|
| #if defined(__i386__) || defined(__arm__)
|
| @@ -720,8 +749,10 @@ bool SyscallSets::IsDebug(int sysno) {
|
|
|
| bool SyscallSets::IsGlobalSystemStatus(int sysno) {
|
| switch (sysno) {
|
| +#if !defined(__aarch64__)
|
| case __NR__sysctl:
|
| case __NR_sysfs:
|
| +#endif
|
| case __NR_sysinfo:
|
| case __NR_uname:
|
| #if defined(__i386__)
|
| @@ -736,7 +767,9 @@ bool SyscallSets::IsGlobalSystemStatus(int sysno) {
|
|
|
| bool SyscallSets::IsEventFd(int sysno) {
|
| switch (sysno) {
|
| +#if !defined(__aarch64__)
|
| case __NR_eventfd:
|
| +#endif
|
| case __NR_eventfd2:
|
| return true;
|
| default:
|
| @@ -769,7 +802,7 @@ bool SyscallSets::IsKeyManagement(int sysno) {
|
| }
|
| }
|
|
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
| bool SyscallSets::IsSystemVSemaphores(int sysno) {
|
| switch (sysno) {
|
| case __NR_semctl:
|
| @@ -783,7 +816,7 @@ bool SyscallSets::IsSystemVSemaphores(int sysno) {
|
| }
|
| #endif
|
|
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
| // These give a lot of ambient authority and bypass the setuid sandbox.
|
| bool SyscallSets::IsSystemVSharedMemory(int sysno) {
|
| switch (sysno) {
|
| @@ -798,7 +831,7 @@ bool SyscallSets::IsSystemVSharedMemory(int sysno) {
|
| }
|
| #endif
|
|
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
| bool SyscallSets::IsSystemVMessageQueue(int sysno) {
|
| switch (sysno) {
|
| case __NR_msgctl:
|
| @@ -825,7 +858,7 @@ bool SyscallSets::IsSystemVIpc(int sysno) {
|
| #endif
|
|
|
| bool SyscallSets::IsAnySystemV(int sysno) {
|
| -#if defined(__x86_64__) || defined(__arm__)
|
| +#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
| return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
|
| IsSystemVSharedMemory(sysno);
|
| #elif defined(__i386__) || defined(__mips__)
|
| @@ -857,7 +890,9 @@ bool SyscallSets::IsAdvancedScheduler(int sysno) {
|
| bool SyscallSets::IsInotify(int sysno) {
|
| switch (sysno) {
|
| case __NR_inotify_add_watch:
|
| +#if !defined(__aarch64__)
|
| case __NR_inotify_init:
|
| +#endif
|
| case __NR_inotify_init1:
|
| case __NR_inotify_rm_watch:
|
| return true;
|
| @@ -967,7 +1002,9 @@ bool SyscallSets::IsMisc(int sysno) {
|
| #if defined(__x86_64__)
|
| case __NR_tuxcall:
|
| #endif
|
| +#if !defined(__aarch64__)
|
| case __NR_vserver:
|
| +#endif
|
| return true;
|
| default:
|
| return false;
|
|
|
Chromium Code Reviews
Issue 487143003:
sandbox: Add Arm64 support for seccomp-BPF (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src