| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Note: any code in this file MUST be async-signal safe. | 5 // Note: any code in this file MUST be async-signal safe. |
| 6 | 6 |
| 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 7 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 8 | 8 |
| 9 #include <sys/syscall.h> |
| 9 #include <unistd.h> | 10 #include <unistd.h> |
| 10 | 11 |
| 11 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 13 #include "base/logging.h" |
| 12 #include "base/posix/eintr_wrapper.h" | 14 #include "base/posix/eintr_wrapper.h" |
| 13 #include "build/build_config.h" | 15 #include "build/build_config.h" |
| 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 16 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 17 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 18 #include "sandbox/linux/services/linux_syscalls.h" |
| 15 | 19 |
| 16 #if defined(__mips__) | 20 #if defined(__mips__) |
| 17 // __NR_Linux, is defined in <asm/unistd.h>. | 21 // __NR_Linux, is defined in <asm/unistd.h>. |
| 18 #include <asm/unistd.h> | 22 #include <asm/unistd.h> |
| 19 #endif | 23 #endif |
| 20 | 24 |
| 21 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure" | 25 #define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure" |
| 22 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure" | 26 #define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure" |
| 23 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure" | 27 #define SECCOMP_MESSAGE_PRCTL_CONTENT "prctl() failure" |
| 24 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure" | 28 #define SECCOMP_MESSAGE_IOCTL_CONTENT "ioctl() failure" |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 199 static const char kSeccompFutexError[] = | 203 static const char kSeccompFutexError[] = |
| 200 __FILE__ ":**CRASHING**:" SECCOMP_MESSAGE_FUTEX_CONTENT "\n"; | 204 __FILE__ ":**CRASHING**:" SECCOMP_MESSAGE_FUTEX_CONTENT "\n"; |
| 201 WriteToStdErr(kSeccompFutexError, sizeof(kSeccompFutexError) - 1); | 205 WriteToStdErr(kSeccompFutexError, sizeof(kSeccompFutexError) - 1); |
| 202 volatile int futex_op = args.args[1]; | 206 volatile int futex_op = args.args[1]; |
| 203 volatile char* addr = reinterpret_cast<volatile char*>(futex_op & 0xFFF); | 207 volatile char* addr = reinterpret_cast<volatile char*>(futex_op & 0xFFF); |
| 204 *addr = '\0'; | 208 *addr = '\0'; |
| 205 for (;;) | 209 for (;;) |
| 206 _exit(1); | 210 _exit(1); |
| 207 } | 211 } |
| 208 | 212 |
| 213 intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args, |
| 214 void* aux) { |
| 215 switch (args.nr) { |
| 216 case __NR_sched_getaffinity: |
| 217 case __NR_sched_getattr: |
| 218 case __NR_sched_getparam: |
| 219 case __NR_sched_getscheduler: |
| 220 case __NR_sched_rr_get_interval: |
| 221 case __NR_sched_setaffinity: |
| 222 case __NR_sched_setattr: |
| 223 case __NR_sched_setparam: |
| 224 case __NR_sched_setscheduler: |
| 225 const pid_t tid = syscall(__NR_gettid); |
| 226 // The first argument is the pid. If is our thread id, then replace it |
| 227 // with 0, which is equivalent and allowed by the policy. |
| 228 if (args.args[0] == static_cast<uint64_t>(tid)) { |
| 229 return Syscall::Call(args.nr, |
| 230 0, |
| 231 static_cast<intptr_t>(args.args[1]), |
| 232 static_cast<intptr_t>(args.args[2]), |
| 233 static_cast<intptr_t>(args.args[3]), |
| 234 static_cast<intptr_t>(args.args[4]), |
| 235 static_cast<intptr_t>(args.args[5])); |
| 236 } |
| 237 break; |
| 238 } |
| 239 |
| 240 CrashSIGSYS_Handler(args, aux); |
| 241 |
| 242 // Should never be reached. |
| 243 RAW_CHECK(false); |
| 244 return -ENOSYS; |
| 245 } |
| 246 |
| 209 bpf_dsl::ResultExpr CrashSIGSYS() { | 247 bpf_dsl::ResultExpr CrashSIGSYS() { |
| 210 return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); | 248 return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); |
| 211 } | 249 } |
| 212 | 250 |
| 213 bpf_dsl::ResultExpr CrashSIGSYSClone() { | 251 bpf_dsl::ResultExpr CrashSIGSYSClone() { |
| 214 return bpf_dsl::Trap(SIGSYSCloneFailure, NULL); | 252 return bpf_dsl::Trap(SIGSYSCloneFailure, NULL); |
| 215 } | 253 } |
| 216 | 254 |
| 217 bpf_dsl::ResultExpr CrashSIGSYSPrctl() { | 255 bpf_dsl::ResultExpr CrashSIGSYSPrctl() { |
| 218 return bpf_dsl::Trap(SIGSYSPrctlFailure, NULL); | 256 return bpf_dsl::Trap(SIGSYSPrctlFailure, NULL); |
| 219 } | 257 } |
| 220 | 258 |
| 221 bpf_dsl::ResultExpr CrashSIGSYSIoctl() { | 259 bpf_dsl::ResultExpr CrashSIGSYSIoctl() { |
| 222 return bpf_dsl::Trap(SIGSYSIoctlFailure, NULL); | 260 return bpf_dsl::Trap(SIGSYSIoctlFailure, NULL); |
| 223 } | 261 } |
| 224 | 262 |
| 225 bpf_dsl::ResultExpr CrashSIGSYSKill() { | 263 bpf_dsl::ResultExpr CrashSIGSYSKill() { |
| 226 return bpf_dsl::Trap(SIGSYSKillFailure, NULL); | 264 return bpf_dsl::Trap(SIGSYSKillFailure, NULL); |
| 227 } | 265 } |
| 228 | 266 |
| 229 bpf_dsl::ResultExpr CrashSIGSYSFutex() { | 267 bpf_dsl::ResultExpr CrashSIGSYSFutex() { |
| 230 return bpf_dsl::Trap(SIGSYSFutexFailure, NULL); | 268 return bpf_dsl::Trap(SIGSYSFutexFailure, NULL); |
| 231 } | 269 } |
| 232 | 270 |
| 271 bpf_dsl::ResultExpr RewriteSchedSIGSYS() { |
| 272 return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); |
| 273 } |
| 274 |
| 233 const char* GetErrorMessageContentForTests() { | 275 const char* GetErrorMessageContentForTests() { |
| 234 return SECCOMP_MESSAGE_COMMON_CONTENT; | 276 return SECCOMP_MESSAGE_COMMON_CONTENT; |
| 235 } | 277 } |
| 236 | 278 |
| 237 const char* GetCloneErrorMessageContentForTests() { | 279 const char* GetCloneErrorMessageContentForTests() { |
| 238 return SECCOMP_MESSAGE_CLONE_CONTENT; | 280 return SECCOMP_MESSAGE_CLONE_CONTENT; |
| 239 } | 281 } |
| 240 | 282 |
| 241 const char* GetPrctlErrorMessageContentForTests() { | 283 const char* GetPrctlErrorMessageContentForTests() { |
| 242 return SECCOMP_MESSAGE_PRCTL_CONTENT; | 284 return SECCOMP_MESSAGE_PRCTL_CONTENT; |
| 243 } | 285 } |
| 244 | 286 |
| 245 const char* GetIoctlErrorMessageContentForTests() { | 287 const char* GetIoctlErrorMessageContentForTests() { |
| 246 return SECCOMP_MESSAGE_IOCTL_CONTENT; | 288 return SECCOMP_MESSAGE_IOCTL_CONTENT; |
| 247 } | 289 } |
| 248 | 290 |
| 249 const char* GetKillErrorMessageContentForTests() { | 291 const char* GetKillErrorMessageContentForTests() { |
| 250 return SECCOMP_MESSAGE_KILL_CONTENT; | 292 return SECCOMP_MESSAGE_KILL_CONTENT; |
| 251 } | 293 } |
| 252 | 294 |
| 253 const char* GetFutexErrorMessageContentForTests() { | 295 const char* GetFutexErrorMessageContentForTests() { |
| 254 return SECCOMP_MESSAGE_FUTEX_CONTENT; | 296 return SECCOMP_MESSAGE_FUTEX_CONTENT; |
| 255 } | 297 } |
| 256 | 298 |
| 257 } // namespace sandbox. | 299 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 590213003:
Linux sandbox: Allow restricting sched_* on other processes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master