| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 #include <linux/futex.h> | 25 #include <linux/futex.h> |
| 26 | 26 |
| 27 #include "base/bind.h" | 27 #include "base/bind.h" |
| 28 #include "base/logging.h" | 28 #include "base/logging.h" |
| 29 #include "base/macros.h" | 29 #include "base/macros.h" |
| 30 #include "base/memory/scoped_ptr.h" | 30 #include "base/memory/scoped_ptr.h" |
| 31 #include "base/posix/eintr_wrapper.h" | 31 #include "base/posix/eintr_wrapper.h" |
| 32 #include "base/synchronization/waitable_event.h" | 32 #include "base/synchronization/waitable_event.h" |
| 33 #include "base/threading/thread.h" | 33 #include "base/threading/thread.h" |
| 34 #include "build/build_config.h" | 34 #include "build/build_config.h" |
| 35 #include "sandbox/linux/bpf_dsl/policy.h" |
| 35 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 36 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 36 #include "sandbox/linux/seccomp-bpf/die.h" | 37 #include "sandbox/linux/seccomp-bpf/die.h" |
| 37 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 38 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 38 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" | 39 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" |
| 39 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 40 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 40 #include "sandbox/linux/seccomp-bpf/syscall.h" | 41 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 41 #include "sandbox/linux/seccomp-bpf/trap.h" | 42 #include "sandbox/linux/seccomp-bpf/trap.h" |
| 42 #include "sandbox/linux/services/broker_process.h" | 43 #include "sandbox/linux/services/broker_process.h" |
| 43 #include "sandbox/linux/services/linux_syscalls.h" | 44 #include "sandbox/linux/services/linux_syscalls.h" |
| 44 #include "sandbox/linux/tests/scoped_temporary_file.h" | 45 #include "sandbox/linux/tests/scoped_temporary_file.h" |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 // and it helps us accidentally forgetting any of the crucial steps in | 102 // and it helps us accidentally forgetting any of the crucial steps in |
| 102 // setting up the sandbox. But it wouldn't hurt to have at least one test | 103 // setting up the sandbox. But it wouldn't hurt to have at least one test |
| 103 // that explicitly walks through all these steps. | 104 // that explicitly walks through all these steps. |
| 104 | 105 |
| 105 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { | 106 intptr_t IncreaseCounter(const struct arch_seccomp_data& args, void* aux) { |
| 106 BPF_ASSERT(aux); | 107 BPF_ASSERT(aux); |
| 107 int* counter = static_cast<int*>(aux); | 108 int* counter = static_cast<int*>(aux); |
| 108 return (*counter)++; | 109 return (*counter)++; |
| 109 } | 110 } |
| 110 | 111 |
| 111 class VerboseAPITestingPolicy : public SandboxBPFDSLPolicy { | 112 class VerboseAPITestingPolicy : public Policy { |
| 112 public: | 113 public: |
| 113 explicit VerboseAPITestingPolicy(int* counter_ptr) | 114 explicit VerboseAPITestingPolicy(int* counter_ptr) |
| 114 : counter_ptr_(counter_ptr) {} | 115 : counter_ptr_(counter_ptr) {} |
| 115 virtual ~VerboseAPITestingPolicy() {} | 116 virtual ~VerboseAPITestingPolicy() {} |
| 116 | 117 |
| 117 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 118 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 118 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 119 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 119 if (sysno == __NR_uname) { | 120 if (sysno == __NR_uname) { |
| 120 return Trap(IncreaseCounter, counter_ptr_); | 121 return Trap(IncreaseCounter, counter_ptr_); |
| 121 } | 122 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 140 BPF_ASSERT_EQ(0, counter); | 141 BPF_ASSERT_EQ(0, counter); |
| 141 BPF_ASSERT_EQ(0, syscall(__NR_uname, 0)); | 142 BPF_ASSERT_EQ(0, syscall(__NR_uname, 0)); |
| 142 BPF_ASSERT_EQ(1, counter); | 143 BPF_ASSERT_EQ(1, counter); |
| 143 BPF_ASSERT_EQ(1, syscall(__NR_uname, 0)); | 144 BPF_ASSERT_EQ(1, syscall(__NR_uname, 0)); |
| 144 BPF_ASSERT_EQ(2, counter); | 145 BPF_ASSERT_EQ(2, counter); |
| 145 } | 146 } |
| 146 } | 147 } |
| 147 | 148 |
| 148 // A simple blacklist test | 149 // A simple blacklist test |
| 149 | 150 |
| 150 class BlacklistNanosleepPolicy : public SandboxBPFDSLPolicy { | 151 class BlacklistNanosleepPolicy : public Policy { |
| 151 public: | 152 public: |
| 152 BlacklistNanosleepPolicy() {} | 153 BlacklistNanosleepPolicy() {} |
| 153 virtual ~BlacklistNanosleepPolicy() {} | 154 virtual ~BlacklistNanosleepPolicy() {} |
| 154 | 155 |
| 155 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 156 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 156 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 157 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 157 switch (sysno) { | 158 switch (sysno) { |
| 158 case __NR_nanosleep: | 159 case __NR_nanosleep: |
| 159 return Error(EACCES); | 160 return Error(EACCES); |
| 160 default: | 161 default: |
| (...skipping 11 matching lines...) Expand all Loading... |
| 172 private: | 173 private: |
| 173 DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy); | 174 DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy); |
| 174 }; | 175 }; |
| 175 | 176 |
| 176 BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) { | 177 BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) { |
| 177 BlacklistNanosleepPolicy::AssertNanosleepFails(); | 178 BlacklistNanosleepPolicy::AssertNanosleepFails(); |
| 178 } | 179 } |
| 179 | 180 |
| 180 // Now do a simple whitelist test | 181 // Now do a simple whitelist test |
| 181 | 182 |
| 182 class WhitelistGetpidPolicy : public SandboxBPFDSLPolicy { | 183 class WhitelistGetpidPolicy : public Policy { |
| 183 public: | 184 public: |
| 184 WhitelistGetpidPolicy() {} | 185 WhitelistGetpidPolicy() {} |
| 185 virtual ~WhitelistGetpidPolicy() {} | 186 virtual ~WhitelistGetpidPolicy() {} |
| 186 | 187 |
| 187 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 188 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 188 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 189 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 189 switch (sysno) { | 190 switch (sysno) { |
| 190 case __NR_getpid: | 191 case __NR_getpid: |
| 191 case __NR_exit_group: | 192 case __NR_exit_group: |
| 192 return Allow(); | 193 return Allow(); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 211 } | 212 } |
| 212 | 213 |
| 213 // A simple blacklist policy, with a SIGSYS handler | 214 // A simple blacklist policy, with a SIGSYS handler |
| 214 intptr_t EnomemHandler(const struct arch_seccomp_data& args, void* aux) { | 215 intptr_t EnomemHandler(const struct arch_seccomp_data& args, void* aux) { |
| 215 // We also check that the auxiliary data is correct | 216 // We also check that the auxiliary data is correct |
| 216 SANDBOX_ASSERT(aux); | 217 SANDBOX_ASSERT(aux); |
| 217 *(static_cast<int*>(aux)) = kExpectedReturnValue; | 218 *(static_cast<int*>(aux)) = kExpectedReturnValue; |
| 218 return -ENOMEM; | 219 return -ENOMEM; |
| 219 } | 220 } |
| 220 | 221 |
| 221 class BlacklistNanosleepTrapPolicy : public SandboxBPFDSLPolicy { | 222 class BlacklistNanosleepTrapPolicy : public Policy { |
| 222 public: | 223 public: |
| 223 explicit BlacklistNanosleepTrapPolicy(int* aux) : aux_(aux) {} | 224 explicit BlacklistNanosleepTrapPolicy(int* aux) : aux_(aux) {} |
| 224 virtual ~BlacklistNanosleepTrapPolicy() {} | 225 virtual ~BlacklistNanosleepTrapPolicy() {} |
| 225 | 226 |
| 226 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 227 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 227 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 228 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 228 switch (sysno) { | 229 switch (sysno) { |
| 229 case __NR_nanosleep: | 230 case __NR_nanosleep: |
| 230 return Trap(EnomemHandler, aux_); | 231 return Trap(EnomemHandler, aux_); |
| 231 default: | 232 default: |
| (...skipping 21 matching lines...) Expand all Loading... |
| 253 const struct timespec ts = {0, 0}; | 254 const struct timespec ts = {0, 0}; |
| 254 BPF_ASSERT(syscall(__NR_nanosleep, &ts, NULL) == -1); | 255 BPF_ASSERT(syscall(__NR_nanosleep, &ts, NULL) == -1); |
| 255 BPF_ASSERT(errno == ENOMEM); | 256 BPF_ASSERT(errno == ENOMEM); |
| 256 | 257 |
| 257 // We expect the signal handler to modify AuxData | 258 // We expect the signal handler to modify AuxData |
| 258 BPF_ASSERT(*BPF_AUX == kExpectedReturnValue); | 259 BPF_ASSERT(*BPF_AUX == kExpectedReturnValue); |
| 259 } | 260 } |
| 260 | 261 |
| 261 // A simple test that verifies we can return arbitrary errno values. | 262 // A simple test that verifies we can return arbitrary errno values. |
| 262 | 263 |
| 263 class ErrnoTestPolicy : public SandboxBPFDSLPolicy { | 264 class ErrnoTestPolicy : public Policy { |
| 264 public: | 265 public: |
| 265 ErrnoTestPolicy() {} | 266 ErrnoTestPolicy() {} |
| 266 virtual ~ErrnoTestPolicy() {} | 267 virtual ~ErrnoTestPolicy() {} |
| 267 | 268 |
| 268 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 269 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 269 | 270 |
| 270 private: | 271 private: |
| 271 DISALLOW_COPY_AND_ASSIGN(ErrnoTestPolicy); | 272 DISALLOW_COPY_AND_ASSIGN(ErrnoTestPolicy); |
| 272 }; | 273 }; |
| 273 | 274 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 335 | 336 |
| 336 // Finally, test an errno in between the minimum and maximum. | 337 // Finally, test an errno in between the minimum and maximum. |
| 337 errno = 0; | 338 errno = 0; |
| 338 struct utsname uts_buf; | 339 struct utsname uts_buf; |
| 339 BPF_ASSERT(uname(&uts_buf) == -1); | 340 BPF_ASSERT(uname(&uts_buf) == -1); |
| 340 BPF_ASSERT(errno == 42); | 341 BPF_ASSERT(errno == 42); |
| 341 } | 342 } |
| 342 | 343 |
| 343 // Testing the stacking of two sandboxes | 344 // Testing the stacking of two sandboxes |
| 344 | 345 |
| 345 class StackingPolicyPartOne : public SandboxBPFDSLPolicy { | 346 class StackingPolicyPartOne : public Policy { |
| 346 public: | 347 public: |
| 347 StackingPolicyPartOne() {} | 348 StackingPolicyPartOne() {} |
| 348 virtual ~StackingPolicyPartOne() {} | 349 virtual ~StackingPolicyPartOne() {} |
| 349 | 350 |
| 350 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 351 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 351 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 352 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 352 switch (sysno) { | 353 switch (sysno) { |
| 353 case __NR_getppid: { | 354 case __NR_getppid: { |
| 354 const Arg<int> arg(0); | 355 const Arg<int> arg(0); |
| 355 return If(arg == 0, Allow()).Else(Error(EPERM)); | 356 return If(arg == 0, Allow()).Else(Error(EPERM)); |
| 356 } | 357 } |
| 357 default: | 358 default: |
| 358 return Allow(); | 359 return Allow(); |
| 359 } | 360 } |
| 360 } | 361 } |
| 361 | 362 |
| 362 private: | 363 private: |
| 363 DISALLOW_COPY_AND_ASSIGN(StackingPolicyPartOne); | 364 DISALLOW_COPY_AND_ASSIGN(StackingPolicyPartOne); |
| 364 }; | 365 }; |
| 365 | 366 |
| 366 class StackingPolicyPartTwo : public SandboxBPFDSLPolicy { | 367 class StackingPolicyPartTwo : public Policy { |
| 367 public: | 368 public: |
| 368 StackingPolicyPartTwo() {} | 369 StackingPolicyPartTwo() {} |
| 369 virtual ~StackingPolicyPartTwo() {} | 370 virtual ~StackingPolicyPartTwo() {} |
| 370 | 371 |
| 371 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 372 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 372 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 373 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 373 switch (sysno) { | 374 switch (sysno) { |
| 374 case __NR_getppid: { | 375 case __NR_getppid: { |
| 375 const Arg<int> arg(0); | 376 const Arg<int> arg(0); |
| 376 return If(arg == 0, Error(EINVAL)).Else(Allow()); | 377 return If(arg == 0, Error(EINVAL)).Else(Allow()); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 414 // We try to make sure we exercise optimizations in the BPF compiler. We make | 415 // We try to make sure we exercise optimizations in the BPF compiler. We make |
| 415 // sure that the compiler can have an opportunity to coalesce syscalls with | 416 // sure that the compiler can have an opportunity to coalesce syscalls with |
| 416 // contiguous numbers and we also make sure that disjoint sets can return the | 417 // contiguous numbers and we also make sure that disjoint sets can return the |
| 417 // same errno. | 418 // same errno. |
| 418 int SysnoToRandomErrno(int sysno) { | 419 int SysnoToRandomErrno(int sysno) { |
| 419 // Small contiguous sets of 3 system calls return an errno equal to the | 420 // Small contiguous sets of 3 system calls return an errno equal to the |
| 420 // index of that set + 1 (so that we never return a NUL errno). | 421 // index of that set + 1 (so that we never return a NUL errno). |
| 421 return ((sysno & ~3) >> 2) % 29 + 1; | 422 return ((sysno & ~3) >> 2) % 29 + 1; |
| 422 } | 423 } |
| 423 | 424 |
| 424 class SyntheticPolicy : public SandboxBPFDSLPolicy { | 425 class SyntheticPolicy : public Policy { |
| 425 public: | 426 public: |
| 426 SyntheticPolicy() {} | 427 SyntheticPolicy() {} |
| 427 virtual ~SyntheticPolicy() {} | 428 virtual ~SyntheticPolicy() {} |
| 428 | 429 |
| 429 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 430 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 430 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 431 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 431 if (sysno == __NR_exit_group || sysno == __NR_write) { | 432 if (sysno == __NR_exit_group || sysno == __NR_write) { |
| 432 // exit_group() is special, we really need it to work. | 433 // exit_group() is special, we really need it to work. |
| 433 // write() is needed for BPF_ASSERT() to report a useful error message. | 434 // write() is needed for BPF_ASSERT() to report a useful error message. |
| 434 return Allow(); | 435 return Allow(); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 467 // MIN_PRIVATE_SYSCALL plus 1 (to avoid NUL errno). | 468 // MIN_PRIVATE_SYSCALL plus 1 (to avoid NUL errno). |
| 468 int ArmPrivateSysnoToErrno(int sysno) { | 469 int ArmPrivateSysnoToErrno(int sysno) { |
| 469 if (sysno >= static_cast<int>(MIN_PRIVATE_SYSCALL) && | 470 if (sysno >= static_cast<int>(MIN_PRIVATE_SYSCALL) && |
| 470 sysno <= static_cast<int>(MAX_PRIVATE_SYSCALL)) { | 471 sysno <= static_cast<int>(MAX_PRIVATE_SYSCALL)) { |
| 471 return (sysno - MIN_PRIVATE_SYSCALL) + 1; | 472 return (sysno - MIN_PRIVATE_SYSCALL) + 1; |
| 472 } else { | 473 } else { |
| 473 return ENOSYS; | 474 return ENOSYS; |
| 474 } | 475 } |
| 475 } | 476 } |
| 476 | 477 |
| 477 class ArmPrivatePolicy : public SandboxBPFDSLPolicy { | 478 class ArmPrivatePolicy : public Policy { |
| 478 public: | 479 public: |
| 479 ArmPrivatePolicy() {} | 480 ArmPrivatePolicy() {} |
| 480 virtual ~ArmPrivatePolicy() {} | 481 virtual ~ArmPrivatePolicy() {} |
| 481 | 482 |
| 482 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 483 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 483 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 484 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 484 // Start from |__ARM_NR_set_tls + 1| so as not to mess with actual | 485 // Start from |__ARM_NR_set_tls + 1| so as not to mess with actual |
| 485 // ARM private system calls. | 486 // ARM private system calls. |
| 486 if (sysno >= static_cast<int>(__ARM_NR_set_tls + 1) && | 487 if (sysno >= static_cast<int>(__ARM_NR_set_tls + 1) && |
| 487 sysno <= static_cast<int>(MAX_PRIVATE_SYSCALL)) { | 488 sysno <= static_cast<int>(MAX_PRIVATE_SYSCALL)) { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 511 | 512 |
| 512 // Verify that within the callback function all filtering is temporarily | 513 // Verify that within the callback function all filtering is temporarily |
| 513 // disabled. | 514 // disabled. |
| 514 BPF_ASSERT(syscall(__NR_getpid) > 1); | 515 BPF_ASSERT(syscall(__NR_getpid) > 1); |
| 515 | 516 |
| 516 // Verify that we can now call the underlying system call without causing | 517 // Verify that we can now call the underlying system call without causing |
| 517 // infinite recursion. | 518 // infinite recursion. |
| 518 return SandboxBPF::ForwardSyscall(args); | 519 return SandboxBPF::ForwardSyscall(args); |
| 519 } | 520 } |
| 520 | 521 |
| 521 class GreyListedPolicy : public SandboxBPFDSLPolicy { | 522 class GreyListedPolicy : public Policy { |
| 522 public: | 523 public: |
| 523 explicit GreyListedPolicy(int* aux) : aux_(aux) { | 524 explicit GreyListedPolicy(int* aux) : aux_(aux) { |
| 524 // Set the global environment for unsafe traps once. | 525 // Set the global environment for unsafe traps once. |
| 525 EnableUnsafeTraps(); | 526 EnableUnsafeTraps(); |
| 526 } | 527 } |
| 527 virtual ~GreyListedPolicy() {} | 528 virtual ~GreyListedPolicy() {} |
| 528 | 529 |
| 529 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 530 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 530 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 531 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 531 // Some system calls must always be allowed, if our policy wants to make | 532 // Some system calls must always be allowed, if our policy wants to make |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 580 intptr_t PrctlHandler(const struct arch_seccomp_data& args, void*) { | 581 intptr_t PrctlHandler(const struct arch_seccomp_data& args, void*) { |
| 581 if (args.args[0] == PR_CAPBSET_DROP && static_cast<int>(args.args[1]) == -1) { | 582 if (args.args[0] == PR_CAPBSET_DROP && static_cast<int>(args.args[1]) == -1) { |
| 582 // prctl(PR_CAPBSET_DROP, -1) is never valid. The kernel will always | 583 // prctl(PR_CAPBSET_DROP, -1) is never valid. The kernel will always |
| 583 // return an error. But our handler allows this call. | 584 // return an error. But our handler allows this call. |
| 584 return 0; | 585 return 0; |
| 585 } else { | 586 } else { |
| 586 return SandboxBPF::ForwardSyscall(args); | 587 return SandboxBPF::ForwardSyscall(args); |
| 587 } | 588 } |
| 588 } | 589 } |
| 589 | 590 |
| 590 class PrctlPolicy : public SandboxBPFDSLPolicy { | 591 class PrctlPolicy : public Policy { |
| 591 public: | 592 public: |
| 592 PrctlPolicy() {} | 593 PrctlPolicy() {} |
| 593 virtual ~PrctlPolicy() {} | 594 virtual ~PrctlPolicy() {} |
| 594 | 595 |
| 595 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 596 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 596 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 597 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 597 setenv(kSandboxDebuggingEnv, "t", 0); | 598 setenv(kSandboxDebuggingEnv, "t", 0); |
| 598 Die::SuppressInfoMessages(true); | 599 Die::SuppressInfoMessages(true); |
| 599 | 600 |
| 600 if (sysno == __NR_prctl) { | 601 if (sysno == __NR_prctl) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 634 // unaffected by our policy. | 635 // unaffected by our policy. |
| 635 struct utsname uts = {}; | 636 struct utsname uts = {}; |
| 636 BPF_ASSERT(!uname(&uts)); | 637 BPF_ASSERT(!uname(&uts)); |
| 637 BPF_ASSERT(!strcmp(uts.sysname, "Linux")); | 638 BPF_ASSERT(!strcmp(uts.sysname, "Linux")); |
| 638 } | 639 } |
| 639 | 640 |
| 640 intptr_t AllowRedirectedSyscall(const struct arch_seccomp_data& args, void*) { | 641 intptr_t AllowRedirectedSyscall(const struct arch_seccomp_data& args, void*) { |
| 641 return SandboxBPF::ForwardSyscall(args); | 642 return SandboxBPF::ForwardSyscall(args); |
| 642 } | 643 } |
| 643 | 644 |
| 644 class RedirectAllSyscallsPolicy : public SandboxBPFDSLPolicy { | 645 class RedirectAllSyscallsPolicy : public Policy { |
| 645 public: | 646 public: |
| 646 RedirectAllSyscallsPolicy() {} | 647 RedirectAllSyscallsPolicy() {} |
| 647 virtual ~RedirectAllSyscallsPolicy() {} | 648 virtual ~RedirectAllSyscallsPolicy() {} |
| 648 | 649 |
| 649 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 650 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 650 | 651 |
| 651 private: | 652 private: |
| 652 DISALLOW_COPY_AND_ASSIGN(RedirectAllSyscallsPolicy); | 653 DISALLOW_COPY_AND_ASSIGN(RedirectAllSyscallsPolicy); |
| 653 }; | 654 }; |
| 654 | 655 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 798 // the openat() system call. | 799 // the openat() system call. |
| 799 BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); | 800 BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD); |
| 800 return broker_process->Open(reinterpret_cast<const char*>(args.args[1]), | 801 return broker_process->Open(reinterpret_cast<const char*>(args.args[1]), |
| 801 static_cast<int>(args.args[2])); | 802 static_cast<int>(args.args[2])); |
| 802 default: | 803 default: |
| 803 BPF_ASSERT(false); | 804 BPF_ASSERT(false); |
| 804 return -ENOSYS; | 805 return -ENOSYS; |
| 805 } | 806 } |
| 806 } | 807 } |
| 807 | 808 |
| 808 class DenyOpenPolicy : public SandboxBPFDSLPolicy { | 809 class DenyOpenPolicy : public Policy { |
| 809 public: | 810 public: |
| 810 explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} | 811 explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {} |
| 811 virtual ~DenyOpenPolicy() {} | 812 virtual ~DenyOpenPolicy() {} |
| 812 | 813 |
| 813 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 814 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 814 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 815 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 815 | 816 |
| 816 switch (sysno) { | 817 switch (sysno) { |
| 817 case __NR_faccessat: | 818 case __NR_faccessat: |
| 818 #if defined(__NR_access) | 819 #if defined(__NR_access) |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 878 int cpu_info_access = access("/proc/cpuinfo", R_OK); | 879 int cpu_info_access = access("/proc/cpuinfo", R_OK); |
| 879 BPF_ASSERT(cpu_info_access == 0); | 880 BPF_ASSERT(cpu_info_access == 0); |
| 880 int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY); | 881 int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY); |
| 881 BPF_ASSERT(cpu_info_fd >= 0); | 882 BPF_ASSERT(cpu_info_fd >= 0); |
| 882 char buf[1024]; | 883 char buf[1024]; |
| 883 BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); | 884 BPF_ASSERT(read(cpu_info_fd, buf, sizeof(buf)) > 0); |
| 884 } | 885 } |
| 885 | 886 |
| 886 // Simple test demonstrating how to use SandboxBPF::Cond() | 887 // Simple test demonstrating how to use SandboxBPF::Cond() |
| 887 | 888 |
| 888 class SimpleCondTestPolicy : public SandboxBPFDSLPolicy { | 889 class SimpleCondTestPolicy : public Policy { |
| 889 public: | 890 public: |
| 890 SimpleCondTestPolicy() {} | 891 SimpleCondTestPolicy() {} |
| 891 virtual ~SimpleCondTestPolicy() {} | 892 virtual ~SimpleCondTestPolicy() {} |
| 892 | 893 |
| 893 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 894 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 894 | 895 |
| 895 private: | 896 private: |
| 896 DISALLOW_COPY_AND_ASSIGN(SimpleCondTestPolicy); | 897 DISALLOW_COPY_AND_ASSIGN(SimpleCondTestPolicy); |
| 897 }; | 898 }; |
| 898 | 899 |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1235 // increased too much, the test will start failing. | 1236 // increased too much, the test will start failing. |
| 1236 #if defined(__aarch64__) | 1237 #if defined(__aarch64__) |
| 1237 static const int kNumTestCases = 30; | 1238 static const int kNumTestCases = 30; |
| 1238 #else | 1239 #else |
| 1239 static const int kNumTestCases = 40; | 1240 static const int kNumTestCases = 40; |
| 1240 #endif | 1241 #endif |
| 1241 static const int kMaxFanOut = 3; | 1242 static const int kMaxFanOut = 3; |
| 1242 static const int kMaxArgs = 6; | 1243 static const int kMaxArgs = 6; |
| 1243 }; | 1244 }; |
| 1244 | 1245 |
| 1245 class EqualityStressTestPolicy : public SandboxBPFDSLPolicy { | 1246 class EqualityStressTestPolicy : public Policy { |
| 1246 public: | 1247 public: |
| 1247 explicit EqualityStressTestPolicy(EqualityStressTest* aux) : aux_(aux) {} | 1248 explicit EqualityStressTestPolicy(EqualityStressTest* aux) : aux_(aux) {} |
| 1248 virtual ~EqualityStressTestPolicy() {} | 1249 virtual ~EqualityStressTestPolicy() {} |
| 1249 | 1250 |
| 1250 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 1251 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 1251 return aux_->Policy(sysno); | 1252 return aux_->Policy(sysno); |
| 1252 } | 1253 } |
| 1253 | 1254 |
| 1254 private: | 1255 private: |
| 1255 EqualityStressTest* aux_; | 1256 EqualityStressTest* aux_; |
| 1256 | 1257 |
| 1257 DISALLOW_COPY_AND_ASSIGN(EqualityStressTestPolicy); | 1258 DISALLOW_COPY_AND_ASSIGN(EqualityStressTestPolicy); |
| 1258 }; | 1259 }; |
| 1259 | 1260 |
| 1260 BPF_TEST(SandboxBPF, | 1261 BPF_TEST(SandboxBPF, |
| 1261 EqualityTests, | 1262 EqualityTests, |
| 1262 EqualityStressTestPolicy, | 1263 EqualityStressTestPolicy, |
| 1263 EqualityStressTest /* (*BPF_AUX) */) { | 1264 EqualityStressTest /* (*BPF_AUX) */) { |
| 1264 BPF_AUX->VerifyFilter(); | 1265 BPF_AUX->VerifyFilter(); |
| 1265 } | 1266 } |
| 1266 | 1267 |
| 1267 class EqualityArgumentWidthPolicy : public SandboxBPFDSLPolicy { | 1268 class EqualityArgumentWidthPolicy : public Policy { |
| 1268 public: | 1269 public: |
| 1269 EqualityArgumentWidthPolicy() {} | 1270 EqualityArgumentWidthPolicy() {} |
| 1270 virtual ~EqualityArgumentWidthPolicy() {} | 1271 virtual ~EqualityArgumentWidthPolicy() {} |
| 1271 | 1272 |
| 1272 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1273 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1273 | 1274 |
| 1274 private: | 1275 private: |
| 1275 DISALLOW_COPY_AND_ASSIGN(EqualityArgumentWidthPolicy); | 1276 DISALLOW_COPY_AND_ASSIGN(EqualityArgumentWidthPolicy); |
| 1276 }; | 1277 }; |
| 1277 | 1278 |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1310 // syscall interface. So, we have to skip the part of the test that requires | 1311 // syscall interface. So, we have to skip the part of the test that requires |
| 1311 // 64bit arguments. | 1312 // 64bit arguments. |
| 1312 BPF_DEATH_TEST_C(SandboxBPF, | 1313 BPF_DEATH_TEST_C(SandboxBPF, |
| 1313 EqualityArgumentUnallowed64bit, | 1314 EqualityArgumentUnallowed64bit, |
| 1314 DEATH_MESSAGE("Unexpected 64bit argument detected"), | 1315 DEATH_MESSAGE("Unexpected 64bit argument detected"), |
| 1315 EqualityArgumentWidthPolicy) { | 1316 EqualityArgumentWidthPolicy) { |
| 1316 Syscall::Call(__NR_uname, 0, 0x5555555555555555ULL); | 1317 Syscall::Call(__NR_uname, 0, 0x5555555555555555ULL); |
| 1317 } | 1318 } |
| 1318 #endif | 1319 #endif |
| 1319 | 1320 |
| 1320 class EqualityWithNegativeArgumentsPolicy : public SandboxBPFDSLPolicy { | 1321 class EqualityWithNegativeArgumentsPolicy : public Policy { |
| 1321 public: | 1322 public: |
| 1322 EqualityWithNegativeArgumentsPolicy() {} | 1323 EqualityWithNegativeArgumentsPolicy() {} |
| 1323 virtual ~EqualityWithNegativeArgumentsPolicy() {} | 1324 virtual ~EqualityWithNegativeArgumentsPolicy() {} |
| 1324 | 1325 |
| 1325 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 1326 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 1326 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 1327 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 1327 if (sysno == __NR_uname) { | 1328 if (sysno == __NR_uname) { |
| 1328 // TODO(mdempsky): This currently can't be Arg<int> because then | 1329 // TODO(mdempsky): This currently can't be Arg<int> because then |
| 1329 // 0xFFFFFFFF will be treated as a (signed) int, and then when | 1330 // 0xFFFFFFFF will be treated as a (signed) int, and then when |
| 1330 // Arg::EqualTo casts it to uint64_t, it will be sign extended. | 1331 // Arg::EqualTo casts it to uint64_t, it will be sign extended. |
| (...skipping 20 matching lines...) Expand all Loading... |
| 1351 EqualityWithNegative64bitArguments, | 1352 EqualityWithNegative64bitArguments, |
| 1352 DEATH_MESSAGE("Unexpected 64bit argument detected"), | 1353 DEATH_MESSAGE("Unexpected 64bit argument detected"), |
| 1353 EqualityWithNegativeArgumentsPolicy) { | 1354 EqualityWithNegativeArgumentsPolicy) { |
| 1354 // When expecting a 32bit system call argument, we look at the MSB of the | 1355 // When expecting a 32bit system call argument, we look at the MSB of the |
| 1355 // 64bit value and allow both "0" and "-1". But the latter is allowed only | 1356 // 64bit value and allow both "0" and "-1". But the latter is allowed only |
| 1356 // iff the LSB was negative. So, this death test should error out. | 1357 // iff the LSB was negative. So, this death test should error out. |
| 1357 BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1); | 1358 BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1); |
| 1358 } | 1359 } |
| 1359 #endif | 1360 #endif |
| 1360 | 1361 |
| 1361 class AllBitTestPolicy : public SandboxBPFDSLPolicy { | 1362 class AllBitTestPolicy : public Policy { |
| 1362 public: | 1363 public: |
| 1363 AllBitTestPolicy() {} | 1364 AllBitTestPolicy() {} |
| 1364 virtual ~AllBitTestPolicy() {} | 1365 virtual ~AllBitTestPolicy() {} |
| 1365 | 1366 |
| 1366 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1367 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1367 | 1368 |
| 1368 private: | 1369 private: |
| 1369 static ResultExpr HasAllBits32(uint32_t bits); | 1370 static ResultExpr HasAllBits32(uint32_t bits); |
| 1370 static ResultExpr HasAllBits64(uint64_t bits); | 1371 static ResultExpr HasAllBits64(uint64_t bits); |
| 1371 | 1372 |
| (...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1537 // 64bit test: all of 0x100000001 | 1538 // 64bit test: all of 0x100000001 |
| 1538 BITMASK_TEST(10, 0x000000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1539 BITMASK_TEST(10, 0x000000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1539 BITMASK_TEST(10, 0x000000001LL, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1540 BITMASK_TEST(10, 0x000000001LL, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1540 BITMASK_TEST(10, 0x100000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1541 BITMASK_TEST(10, 0x100000000LL, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1541 BITMASK_TEST(10, 0x100000001LL, ALLBITS64,0x100000001, EXPT64_SUCCESS); | 1542 BITMASK_TEST(10, 0x100000001LL, ALLBITS64,0x100000001, EXPT64_SUCCESS); |
| 1542 BITMASK_TEST(10, 0xFFFFFFFFU, ALLBITS64,0x100000001, EXPECT_FAILURE); | 1543 BITMASK_TEST(10, 0xFFFFFFFFU, ALLBITS64,0x100000001, EXPECT_FAILURE); |
| 1543 BITMASK_TEST(10, -1L, ALLBITS64,0x100000001, EXPT64_SUCCESS); | 1544 BITMASK_TEST(10, -1L, ALLBITS64,0x100000001, EXPT64_SUCCESS); |
| 1544 #endif | 1545 #endif |
| 1545 } | 1546 } |
| 1546 | 1547 |
| 1547 class AnyBitTestPolicy : public SandboxBPFDSLPolicy { | 1548 class AnyBitTestPolicy : public Policy { |
| 1548 public: | 1549 public: |
| 1549 AnyBitTestPolicy() {} | 1550 AnyBitTestPolicy() {} |
| 1550 virtual ~AnyBitTestPolicy() {} | 1551 virtual ~AnyBitTestPolicy() {} |
| 1551 | 1552 |
| 1552 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1553 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1553 | 1554 |
| 1554 private: | 1555 private: |
| 1555 static ResultExpr HasAnyBits32(uint32_t); | 1556 static ResultExpr HasAnyBits32(uint32_t); |
| 1556 static ResultExpr HasAnyBits64(uint64_t); | 1557 static ResultExpr HasAnyBits64(uint64_t); |
| 1557 | 1558 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1701 // 64bit test: any of 0x100000001 | 1702 // 64bit test: any of 0x100000001 |
| 1702 BITMASK_TEST( 10, 0x000000000LL, ANYBITS64,0x100000001, EXPECT_FAILURE); | 1703 BITMASK_TEST( 10, 0x000000000LL, ANYBITS64,0x100000001, EXPECT_FAILURE); |
| 1703 BITMASK_TEST( 10, 0x000000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1704 BITMASK_TEST( 10, 0x000000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1704 BITMASK_TEST( 10, 0x100000000LL, ANYBITS64,0x100000001, EXPT64_SUCCESS); | 1705 BITMASK_TEST( 10, 0x100000000LL, ANYBITS64,0x100000001, EXPT64_SUCCESS); |
| 1705 BITMASK_TEST( 10, 0x100000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1706 BITMASK_TEST( 10, 0x100000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1706 BITMASK_TEST( 10, 0xFFFFFFFFU, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1707 BITMASK_TEST( 10, 0xFFFFFFFFU, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1707 BITMASK_TEST( 10, -1L, ANYBITS64,0x100000001, EXPECT_SUCCESS); | 1708 BITMASK_TEST( 10, -1L, ANYBITS64,0x100000001, EXPECT_SUCCESS); |
| 1708 #endif | 1709 #endif |
| 1709 } | 1710 } |
| 1710 | 1711 |
| 1711 class MaskedEqualTestPolicy : public SandboxBPFDSLPolicy { | 1712 class MaskedEqualTestPolicy : public Policy { |
| 1712 public: | 1713 public: |
| 1713 MaskedEqualTestPolicy() {} | 1714 MaskedEqualTestPolicy() {} |
| 1714 virtual ~MaskedEqualTestPolicy() {} | 1715 virtual ~MaskedEqualTestPolicy() {} |
| 1715 | 1716 |
| 1716 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1717 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1717 | 1718 |
| 1718 private: | 1719 private: |
| 1719 static ResultExpr MaskedEqual32(uint32_t mask, uint32_t value); | 1720 static ResultExpr MaskedEqual32(uint32_t mask, uint32_t value); |
| 1720 static ResultExpr MaskedEqual64(uint64_t mask, uint64_t value); | 1721 static ResultExpr MaskedEqual64(uint64_t mask, uint64_t value); |
| 1721 | 1722 |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1828 (long long)args.args[1], | 1829 (long long)args.args[1], |
| 1829 (long long)args.args[2], | 1830 (long long)args.args[2], |
| 1830 (long long)args.args[3], | 1831 (long long)args.args[3], |
| 1831 (long long)args.args[4], | 1832 (long long)args.args[4], |
| 1832 (long long)args.args[5], | 1833 (long long)args.args[5], |
| 1833 msg); | 1834 msg); |
| 1834 } | 1835 } |
| 1835 return -EPERM; | 1836 return -EPERM; |
| 1836 } | 1837 } |
| 1837 | 1838 |
| 1838 class PthreadPolicyEquality : public SandboxBPFDSLPolicy { | 1839 class PthreadPolicyEquality : public Policy { |
| 1839 public: | 1840 public: |
| 1840 PthreadPolicyEquality() {} | 1841 PthreadPolicyEquality() {} |
| 1841 virtual ~PthreadPolicyEquality() {} | 1842 virtual ~PthreadPolicyEquality() {} |
| 1842 | 1843 |
| 1843 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1844 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1844 | 1845 |
| 1845 private: | 1846 private: |
| 1846 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); | 1847 DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality); |
| 1847 }; | 1848 }; |
| 1848 | 1849 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 1872 const Arg<unsigned long> flags(0); | 1873 const Arg<unsigned long> flags(0); |
| 1873 return If(flags == kGlibcCloneMask || | 1874 return If(flags == kGlibcCloneMask || |
| 1874 flags == (kBaseAndroidCloneMask | CLONE_DETACHED) || | 1875 flags == (kBaseAndroidCloneMask | CLONE_DETACHED) || |
| 1875 flags == kBaseAndroidCloneMask, | 1876 flags == kBaseAndroidCloneMask, |
| 1876 Allow()).Else(Trap(PthreadTrapHandler, "Unknown mask")); | 1877 Allow()).Else(Trap(PthreadTrapHandler, "Unknown mask")); |
| 1877 } | 1878 } |
| 1878 | 1879 |
| 1879 return Allow(); | 1880 return Allow(); |
| 1880 } | 1881 } |
| 1881 | 1882 |
| 1882 class PthreadPolicyBitMask : public SandboxBPFDSLPolicy { | 1883 class PthreadPolicyBitMask : public Policy { |
| 1883 public: | 1884 public: |
| 1884 PthreadPolicyBitMask() {} | 1885 PthreadPolicyBitMask() {} |
| 1885 virtual ~PthreadPolicyBitMask() {} | 1886 virtual ~PthreadPolicyBitMask() {} |
| 1886 | 1887 |
| 1887 virtual ResultExpr EvaluateSyscall(int sysno) const override; | 1888 virtual ResultExpr EvaluateSyscall(int sysno) const override; |
| 1888 | 1889 |
| 1889 private: | 1890 private: |
| 1890 static BoolExpr HasAnyBits(const Arg<unsigned long>& arg, unsigned long bits); | 1891 static BoolExpr HasAnyBits(const Arg<unsigned long>& arg, unsigned long bits); |
| 1891 static BoolExpr HasAllBits(const Arg<unsigned long>& arg, unsigned long bits); | 1892 static BoolExpr HasAllBits(const Arg<unsigned long>& arg, unsigned long bits); |
| 1892 | 1893 |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2043 // PTRACE_SET_SYSCALL may not be in the enum. | 2044 // PTRACE_SET_SYSCALL may not be in the enum. |
| 2044 return syscall(__NR_ptrace, PTRACE_SET_SYSCALL, pid, NULL, syscall_number); | 2045 return syscall(__NR_ptrace, PTRACE_SET_SYSCALL, pid, NULL, syscall_number); |
| 2045 #endif | 2046 #endif |
| 2046 | 2047 |
| 2047 SECCOMP_PT_SYSCALL(*regs) = syscall_number; | 2048 SECCOMP_PT_SYSCALL(*regs) = syscall_number; |
| 2048 return 0; | 2049 return 0; |
| 2049 } | 2050 } |
| 2050 | 2051 |
| 2051 const uint16_t kTraceData = 0xcc; | 2052 const uint16_t kTraceData = 0xcc; |
| 2052 | 2053 |
| 2053 class TraceAllPolicy : public SandboxBPFDSLPolicy { | 2054 class TraceAllPolicy : public Policy { |
| 2054 public: | 2055 public: |
| 2055 TraceAllPolicy() {} | 2056 TraceAllPolicy() {} |
| 2056 virtual ~TraceAllPolicy() {} | 2057 virtual ~TraceAllPolicy() {} |
| 2057 | 2058 |
| 2058 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { | 2059 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { |
| 2059 return Trace(kTraceData); | 2060 return Trace(kTraceData); |
| 2060 } | 2061 } |
| 2061 | 2062 |
| 2062 private: | 2063 private: |
| 2063 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); | 2064 DISALLOW_COPY_AND_ASSIGN(TraceAllPolicy); |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2189 } | 2190 } |
| 2190 count -= transfered; | 2191 count -= transfered; |
| 2191 buffer += transfered; | 2192 buffer += transfered; |
| 2192 offset += transfered; | 2193 offset += transfered; |
| 2193 } | 2194 } |
| 2194 return true; | 2195 return true; |
| 2195 } | 2196 } |
| 2196 | 2197 |
| 2197 bool pread_64_was_forwarded = false; | 2198 bool pread_64_was_forwarded = false; |
| 2198 | 2199 |
| 2199 class TrapPread64Policy : public SandboxBPFDSLPolicy { | 2200 class TrapPread64Policy : public Policy { |
| 2200 public: | 2201 public: |
| 2201 TrapPread64Policy() {} | 2202 TrapPread64Policy() {} |
| 2202 virtual ~TrapPread64Policy() {} | 2203 virtual ~TrapPread64Policy() {} |
| 2203 | 2204 |
| 2204 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { | 2205 virtual ResultExpr EvaluateSyscall(int system_call_number) const override { |
| 2205 // Set the global environment for unsafe traps once. | 2206 // Set the global environment for unsafe traps once. |
| 2206 if (system_call_number == MIN_SYSCALL) { | 2207 if (system_call_number == MIN_SYSCALL) { |
| 2207 EnableUnsafeTraps(); | 2208 EnableUnsafeTraps(); |
| 2208 } | 2209 } |
| 2209 | 2210 |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2286 // This thread should have the filter applied as well. | 2287 // This thread should have the filter applied as well. |
| 2287 BlacklistNanosleepPolicy::AssertNanosleepFails(); | 2288 BlacklistNanosleepPolicy::AssertNanosleepFails(); |
| 2288 | 2289 |
| 2289 // Signal the condition to invoke the system call. | 2290 // Signal the condition to invoke the system call. |
| 2290 event.Signal(); | 2291 event.Signal(); |
| 2291 | 2292 |
| 2292 // Wait for the thread to finish. | 2293 // Wait for the thread to finish. |
| 2293 BPF_ASSERT_EQ(0, pthread_join(thread, NULL)); | 2294 BPF_ASSERT_EQ(0, pthread_join(thread, NULL)); |
| 2294 } | 2295 } |
| 2295 | 2296 |
| 2296 class AllowAllPolicy : public SandboxBPFDSLPolicy { | 2297 class AllowAllPolicy : public Policy { |
| 2297 public: | 2298 public: |
| 2298 AllowAllPolicy() {} | 2299 AllowAllPolicy() {} |
| 2299 virtual ~AllowAllPolicy() {} | 2300 virtual ~AllowAllPolicy() {} |
| 2300 | 2301 |
| 2301 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 2302 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 2302 return Allow(); | 2303 return Allow(); |
| 2303 } | 2304 } |
| 2304 | 2305 |
| 2305 private: | 2306 private: |
| 2306 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); | 2307 DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy); |
| (...skipping 23 matching lines...) Expand all Loading... |
| 2330 sandbox.SetSandboxPolicy(new AllowAllPolicy()); | 2331 sandbox.SetSandboxPolicy(new AllowAllPolicy()); |
| 2331 BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED)); | 2332 BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED)); |
| 2332 } | 2333 } |
| 2333 #endif // !defined(THREAD_SANITIZER) | 2334 #endif // !defined(THREAD_SANITIZER) |
| 2334 | 2335 |
| 2335 // A stub handler for the UnsafeTrap. Never called. | 2336 // A stub handler for the UnsafeTrap. Never called. |
| 2336 intptr_t NoOpHandler(const struct arch_seccomp_data& args, void*) { | 2337 intptr_t NoOpHandler(const struct arch_seccomp_data& args, void*) { |
| 2337 return -1; | 2338 return -1; |
| 2338 } | 2339 } |
| 2339 | 2340 |
| 2340 class UnsafeTrapWithCondPolicy : public SandboxBPFDSLPolicy { | 2341 class UnsafeTrapWithCondPolicy : public Policy { |
| 2341 public: | 2342 public: |
| 2342 UnsafeTrapWithCondPolicy() {} | 2343 UnsafeTrapWithCondPolicy() {} |
| 2343 virtual ~UnsafeTrapWithCondPolicy() {} | 2344 virtual ~UnsafeTrapWithCondPolicy() {} |
| 2344 | 2345 |
| 2345 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 2346 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 2346 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); | 2347 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); |
| 2347 setenv(kSandboxDebuggingEnv, "t", 0); | 2348 setenv(kSandboxDebuggingEnv, "t", 0); |
| 2348 Die::SuppressInfoMessages(true); | 2349 Die::SuppressInfoMessages(true); |
| 2349 | 2350 |
| 2350 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) | 2351 if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2391 BPF_ASSERT_EQ(ENOSYS, errno); | 2392 BPF_ASSERT_EQ(ENOSYS, errno); |
| 2392 | 2393 |
| 2393 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2394 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
| 2394 BPF_ASSERT_EQ(EPERM, errno); | 2395 BPF_ASSERT_EQ(EPERM, errno); |
| 2395 } | 2396 } |
| 2396 | 2397 |
| 2397 } // namespace | 2398 } // namespace |
| 2398 | 2399 |
| 2399 } // namespace bpf_dsl | 2400 } // namespace bpf_dsl |
| 2400 } // namespace sandbox | 2401 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 681713002:
Update from chromium https://crrev.com/301315 (Closed)
Base URL: https://github.com/domokit/mojo.git@master