Chromium Code Reviews Chromium Code Reviews
Issue 670603002:
Linux sandbox: Tighten up the NaCl sandbox policy. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" | 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(USE_SECCOMP_BPF) | 9 #if defined(USE_SECCOMP_BPF) |
| 10 | 10 |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 46 | 46 |
| 47 private: | 47 private: |
| 48 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> baseline_policy_; | 48 scoped_ptr<sandbox::bpf_dsl::SandboxBPFDSLPolicy> baseline_policy_; |
| 49 | 49 |
| 50 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); | 50 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); |
| 51 }; | 51 }; |
| 52 | 52 |
| 53 ResultExpr NaClBPFSandboxPolicy::EvaluateSyscall(int sysno) const { | 53 ResultExpr NaClBPFSandboxPolicy::EvaluateSyscall(int sysno) const { |
| 54 DCHECK(baseline_policy_); | 54 DCHECK(baseline_policy_); |
| 55 switch (sysno) { | 55 switch (sysno) { |
| 56 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, | |
| 57 // see if it can be restricted a bit. | |
| 58 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) | |
| 59 // transport_common.cc needs this. | |
| 60 case __NR_accept: | |
|
Mark Seaborn
2014/10/21 22:08:40
Could we conditionalise these based on whether the
rickyz (no longer on Chrome)
2014/10/22 03:25:05
Yeah, this sounds like a better approach, done.
| |
| 61 case __NR_setsockopt: | |
| 62 #elif defined(__i386__) | |
| 63 case __NR_socketcall: | |
| 64 #endif | |
| 65 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is | |
|
Mark Seaborn
2014/10/21 22:08:40
We may end up using thread suspension outside of t
rickyz (no longer on Chrome)
2014/10/22 03:25:05
Ah, good to know - I left this one enabled by defa
| |
| 66 // used by NaCl's GDB debug stub. | |
| 67 case __NR_rt_sigtimedwait: | |
| 68 #if defined(__i386__) || defined(__mips__) | 56 #if defined(__i386__) || defined(__mips__) |
| 69 // Needed on i386 to set-up the custom segments. | 57 // Needed on i386 to set-up the custom segments. |
| 70 case __NR_modify_ldt: | 58 case __NR_modify_ldt: |
| 71 #endif | 59 #endif |
| 72 // NaClAddrSpaceBeforeAlloc needs prlimit64. | 60 // NaClAddrSpaceBeforeAlloc needs prlimit64. |
| 73 case __NR_prlimit64: | 61 case __NR_prlimit64: |
| 74 // NaCl uses custom signal stacks. | 62 // NaCl uses custom signal stacks. |
| 75 case __NR_sigaltstack: | 63 case __NR_sigaltstack: |
| 76 // Below is fairly similar to the policy for a Chromium renderer. | 64 // Below is fairly similar to the policy for a Chromium renderer. |
| 77 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) | 65 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 134 new NaClBPFSandboxPolicy)); | 122 new NaClBPFSandboxPolicy)); |
| 135 if (sandbox_is_initialized) { | 123 if (sandbox_is_initialized) { |
| 136 RunSandboxSanityChecks(); | 124 RunSandboxSanityChecks(); |
| 137 return true; | 125 return true; |
| 138 } | 126 } |
| 139 #endif // defined(USE_SECCOMP_BPF) | 127 #endif // defined(USE_SECCOMP_BPF) |
| 140 return false; | 128 return false; |
| 141 } | 129 } |
| 142 | 130 |
| 143 } // namespace nacl | 131 } // namespace nacl |
| OLD | NEW |
