Chromium Code Reviews Chromium Code Reviews
Issue 493603003:
sandbox: Update known syscalls to kernel 3.17 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 #include "sandbox/linux/services/linux_syscalls.h" | 8 #include "sandbox/linux/services/linux_syscalls.h" |
| 9 | 9 |
| 10 namespace sandbox { | 10 namespace sandbox { |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 100 case __NR_link: | 100 case __NR_link: |
| 101 case __NR_linkat: | 101 case __NR_linkat: |
| 102 case __NR_lookup_dcookie: // ENOENT not a valid errno. | 102 case __NR_lookup_dcookie: // ENOENT not a valid errno. |
| 103 case __NR_lstat: // EPERM not a valid errno. | 103 case __NR_lstat: // EPERM not a valid errno. |
| 104 #if defined(__i386__) | 104 #if defined(__i386__) |
| 105 case __NR_oldlstat: | 105 case __NR_oldlstat: |
| 106 #endif | 106 #endif |
| 107 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 107 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 108 case __NR_lstat64: | 108 case __NR_lstat64: |
| 109 #endif | 109 #endif |
| 110 #if !defined(__mips__) | |
| 111 case __NR_memfd_create: | |
| 112 #endif | |
| 110 case __NR_mkdir: | 113 case __NR_mkdir: |
| 111 case __NR_mkdirat: | 114 case __NR_mkdirat: |
| 112 case __NR_mknod: | 115 case __NR_mknod: |
| 113 case __NR_mknodat: | 116 case __NR_mknodat: |
| 114 case __NR_open: | 117 case __NR_open: |
| 115 case __NR_openat: | 118 case __NR_openat: |
| 116 case __NR_readlink: // EPERM not a valid errno. | 119 case __NR_readlink: // EPERM not a valid errno. |
| 117 case __NR_readlinkat: | 120 case __NR_readlinkat: |
| 118 case __NR_rename: | 121 case __NR_rename: |
| 119 case __NR_renameat: | 122 case __NR_renameat: |
| 123 case __NR_renameat2: | |
| 120 case __NR_rmdir: | 124 case __NR_rmdir: |
| 121 case __NR_stat: // EPERM not a valid errno. | 125 case __NR_stat: // EPERM not a valid errno. |
| 122 #if defined(__i386__) | 126 #if defined(__i386__) |
| 123 case __NR_oldstat: | 127 case __NR_oldstat: |
| 124 #endif | 128 #endif |
| 125 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 129 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 126 case __NR_stat64: | 130 case __NR_stat64: |
| 127 #endif | 131 #endif |
| 128 case __NR_statfs: // EPERM not a valid errno. | 132 case __NR_statfs: // EPERM not a valid errno. |
| 129 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 133 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| (...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 557 #if defined(__x86_64__) | 561 #if defined(__x86_64__) |
| 558 case __NR_arch_prctl: | 562 case __NR_arch_prctl: |
| 559 #endif | 563 #endif |
| 560 case __NR_prctl: | 564 case __NR_prctl: |
| 561 return true; | 565 return true; |
| 562 default: | 566 default: |
| 563 return false; | 567 return false; |
| 564 } | 568 } |
| 565 } | 569 } |
| 566 | 570 |
| 571 bool SyscallSets::IsSeccomp(int sysno) { | |
| 572 switch (sysno) { | |
| 573 case __NR_seccomp: | |
| 574 return true; | |
| 575 default: | |
| 576 return false; | |
| 577 } | |
| 578 } | |
| 579 | |
| 567 bool SyscallSets::IsAllowedBasicScheduler(int sysno) { | 580 bool SyscallSets::IsAllowedBasicScheduler(int sysno) { |
| 568 switch (sysno) { | 581 switch (sysno) { |
| 569 case __NR_sched_yield: | 582 case __NR_sched_yield: |
| 570 case __NR_pause: | 583 case __NR_pause: |
| 571 case __NR_nanosleep: | 584 case __NR_nanosleep: |
| 572 return true; | 585 return true; |
| 573 case __NR_getpriority: | 586 case __NR_getpriority: |
| 574 #if defined(__i386__) || defined(__arm__) || defined(__mips__) | 587 #if defined(__i386__) || defined(__arm__) || defined(__mips__) |
| 575 case __NR_nice: | 588 case __NR_nice: |
| 576 #endif | 589 #endif |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 598 | 611 |
| 599 bool SyscallSets::IsKernelModule(int sysno) { | 612 bool SyscallSets::IsKernelModule(int sysno) { |
| 600 switch (sysno) { | 613 switch (sysno) { |
| 601 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 614 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 602 case __NR_create_module: | 615 case __NR_create_module: |
| 603 case __NR_get_kernel_syms: // Should ENOSYS. | 616 case __NR_get_kernel_syms: // Should ENOSYS. |
| 604 case __NR_query_module: | 617 case __NR_query_module: |
| 605 #endif | 618 #endif |
| 606 case __NR_delete_module: | 619 case __NR_delete_module: |
| 607 case __NR_init_module: | 620 case __NR_init_module: |
| 621 case __NR_finit_module: | |
| 608 return true; | 622 return true; |
| 609 default: | 623 default: |
| 610 return false; | 624 return false; |
| 611 } | 625 } |
| 612 } | 626 } |
| 613 | 627 |
| 614 bool SyscallSets::IsGlobalFSViewChange(int sysno) { | 628 bool SyscallSets::IsGlobalFSViewChange(int sysno) { |
| 615 switch (sysno) { | 629 switch (sysno) { |
| 616 case __NR_pivot_root: | 630 case __NR_pivot_root: |
| 617 case __NR_chroot: | 631 case __NR_chroot: |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 690 default: | 704 default: |
| 691 return false; | 705 return false; |
| 692 } | 706 } |
| 693 } | 707 } |
| 694 | 708 |
| 695 bool SyscallSets::IsDebug(int sysno) { | 709 bool SyscallSets::IsDebug(int sysno) { |
| 696 switch (sysno) { | 710 switch (sysno) { |
| 697 case __NR_ptrace: | 711 case __NR_ptrace: |
| 698 case __NR_process_vm_readv: | 712 case __NR_process_vm_readv: |
| 699 case __NR_process_vm_writev: | 713 case __NR_process_vm_writev: |
| 700 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | |
| 701 case __NR_kcmp: | 714 case __NR_kcmp: |
| 702 #endif | |
| 703 return true; | 715 return true; |
| 704 default: | 716 default: |
| 705 return false; | 717 return false; |
| 706 } | 718 } |
| 707 } | 719 } |
| 708 | 720 |
| 709 bool SyscallSets::IsGlobalSystemStatus(int sysno) { | 721 bool SyscallSets::IsGlobalSystemStatus(int sysno) { |
| 710 switch (sysno) { | 722 switch (sysno) { |
| 711 case __NR__sysctl: | 723 case __NR__sysctl: |
| 712 case __NR_sysfs: | 724 case __NR_sysfs: |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 827 case __NR_ioprio_set: | 839 case __NR_ioprio_set: |
| 828 case __NR_sched_get_priority_max: | 840 case __NR_sched_get_priority_max: |
| 829 case __NR_sched_get_priority_min: | 841 case __NR_sched_get_priority_min: |
| 830 case __NR_sched_getaffinity: | 842 case __NR_sched_getaffinity: |
| 831 case __NR_sched_getparam: | 843 case __NR_sched_getparam: |
| 832 case __NR_sched_getscheduler: | 844 case __NR_sched_getscheduler: |
| 833 case __NR_sched_rr_get_interval: | 845 case __NR_sched_rr_get_interval: |
| 834 case __NR_sched_setaffinity: | 846 case __NR_sched_setaffinity: |
| 835 case __NR_sched_setparam: | 847 case __NR_sched_setparam: |
| 836 case __NR_sched_setscheduler: | 848 case __NR_sched_setscheduler: |
| 849 case __NR_sched_setattr: | |
|
jln (very slow on Chromium)
2014/08/21 23:36:05
Please, alphabetize.
| |
| 850 case __NR_sched_getattr: | |
| 837 return true; | 851 return true; |
| 838 default: | 852 default: |
| 839 return false; | 853 return false; |
| 840 } | 854 } |
| 841 } | 855 } |
| 842 | 856 |
| 843 bool SyscallSets::IsInotify(int sysno) { | 857 bool SyscallSets::IsInotify(int sysno) { |
| 844 switch (sysno) { | 858 switch (sysno) { |
| 845 case __NR_inotify_add_watch: | 859 case __NR_inotify_add_watch: |
| 846 case __NR_inotify_init: | 860 case __NR_inotify_init: |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 908 return true; | 922 return true; |
| 909 default: | 923 default: |
| 910 return false; | 924 return false; |
| 911 } | 925 } |
| 912 } | 926 } |
| 913 | 927 |
| 914 // Various system calls that need to be researched. | 928 // Various system calls that need to be researched. |
| 915 // TODO(jln): classify this better. | 929 // TODO(jln): classify this better. |
| 916 bool SyscallSets::IsMisc(int sysno) { | 930 bool SyscallSets::IsMisc(int sysno) { |
| 917 switch (sysno) { | 931 switch (sysno) { |
| 932 #if !defined(_mips_) | |
| 933 case __NR_getrandom: | |
| 934 #endif | |
| 918 case __NR_name_to_handle_at: | 935 case __NR_name_to_handle_at: |
| 919 case __NR_open_by_handle_at: | 936 case __NR_open_by_handle_at: |
| 920 case __NR_perf_event_open: | 937 case __NR_perf_event_open: |
| 921 case __NR_syncfs: | 938 case __NR_syncfs: |
| 922 case __NR_vhangup: | 939 case __NR_vhangup: |
| 923 // The system calls below are not implemented. | 940 // The system calls below are not implemented. |
| 924 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 941 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| 925 case __NR_afs_syscall: | 942 case __NR_afs_syscall: |
| 926 #endif | 943 #endif |
| 927 #if defined(__i386__) || defined(__mips__) | 944 #if defined(__i386__) || defined(__mips__) |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 998 switch (sysno) { | 1015 switch (sysno) { |
| 999 case __NR_sysmips: | 1016 case __NR_sysmips: |
| 1000 case __NR_unused150: | 1017 case __NR_unused150: |
| 1001 return true; | 1018 return true; |
| 1002 default: | 1019 default: |
| 1003 return false; | 1020 return false; |
| 1004 } | 1021 } |
| 1005 } | 1022 } |
| 1006 #endif // defined(__mips__) | 1023 #endif // defined(__mips__) |
| 1007 } // namespace sandbox. | 1024 } // namespace sandbox. |
| OLD | NEW |
