sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc - Issue 569713004: Linux sandbox: Disallow get_robust_list and set_robust_list.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc

Issue 569713004: Linux sandbox: Disallow get_robust_list and set_robust_list. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Make it explicit that get_robust_list is not allowed. Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"	5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"

6	6

7 #include "build/build_config.h"	7 #include "build/build_config.h"

8 #include "sandbox/linux/services/linux_syscalls.h"	8 #include "sandbox/linux/services/linux_syscalls.h"

9	9

10 namespace sandbox {	10 namespace sandbox {

(...skipping 384 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
395 default:	395 default:

396 return false;	396 return false;

397 }	397 }

398 }	398 }

399	399

400 // It's difficult to restrict those, but there is attack surface here.	400 // It's difficult to restrict those, but there is attack surface here.

401 bool SyscallSets::IsAllowedFutex(int sysno) {	401 bool SyscallSets::IsAllowedFutex(int sysno) {

402 switch (sysno) {	402 switch (sysno) {

403 case __NR_get_robust_list:	403 case __NR_get_robust_list:

404 case __NR_set_robust_list:	404 case __NR_set_robust_list:

405 return true;

406 case __NR_futex:	405 case __NR_futex:

407 default:	406 default:

408 return false;	407 return false;

409 }	408 }

410 }	409 }

411	410

412 bool SyscallSets::IsAllowedEpoll(int sysno) {	411 bool SyscallSets::IsAllowedEpoll(int sysno) {

413 switch (sysno) {	412 switch (sysno) {

414 #if !defined(__aarch64__)	413 #if !defined(__aarch64__)

415 case __NR_epoll_create:	414 case __NR_epoll_create:

(...skipping 636 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1052 switch (sysno) {	1051 switch (sysno) {

1053 case __NR_sysmips:	1052 case __NR_sysmips:

1054 case __NR_unused150:	1053 case __NR_unused150:

1055 return true;	1054 return true;

1056 default:	1055 default:

1057 return false;	1056 return false;

1058 }	1057 }

1059 }	1058 }

1060 #endif // defined(__mips__)	1059 #endif // defined(__mips__)

1061 } // namespace sandbox.	1060 } // namespace sandbox.

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ('k') | no next file » | no next file with comments »