| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <netinet/in.h> | 9 #include <netinet/in.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/utsname.h> | 12 #include <sys/utsname.h> |
| 13 #include <unistd.h> | 13 #include <unistd.h> |
| 14 | 14 |
| 15 #include "base/files/scoped_file.h" | 15 #include "base/files/scoped_file.h" |
| 16 #include "base/macros.h" | 16 #include "base/macros.h" |
| 17 #include "build/build_config.h" | 17 #include "build/build_config.h" |
| 18 #include "sandbox/linux/bpf_dsl/policy.h" |
| 18 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" | 19 #include "sandbox/linux/seccomp-bpf/bpf_tests.h" |
| 19 #include "sandbox/linux/seccomp-bpf/errorcode.h" | 20 #include "sandbox/linux/seccomp-bpf/errorcode.h" |
| 20 #include "sandbox/linux/seccomp-bpf/syscall.h" | 21 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 21 | 22 |
| 22 #define CASES SANDBOX_BPF_DSL_CASES | 23 #define CASES SANDBOX_BPF_DSL_CASES |
| 23 | 24 |
| 24 // Helper macro to assert that invoking system call |sys| directly via | 25 // Helper macro to assert that invoking system call |sys| directly via |
| 25 // Syscall::Call with arguments |...| returns |res|. | 26 // Syscall::Call with arguments |...| returns |res|. |
| 26 // Errors can be asserted by specifying a value like "-EINVAL". | 27 // Errors can be asserted by specifying a value like "-EINVAL". |
| 27 #define ASSERT_SYSCALL_RESULT(res, sys, ...) \ | 28 #define ASSERT_SYSCALL_RESULT(res, sys, ...) \ |
| (...skipping 25 matching lines...) Expand all Loading... |
| 53 return Syscall::Call(__NR_setresuid, ruid, euid, suid); | 54 return Syscall::Call(__NR_setresuid, ruid, euid, suid); |
| 54 } | 55 } |
| 55 | 56 |
| 56 #if !defined(ARCH_CPU_X86) | 57 #if !defined(ARCH_CPU_X86) |
| 57 static int socketpair(int domain, int type, int protocol, int sv[2]) { | 58 static int socketpair(int domain, int type, int protocol, int sv[2]) { |
| 58 return Syscall::Call(__NR_socketpair, domain, type, protocol, sv); | 59 return Syscall::Call(__NR_socketpair, domain, type, protocol, sv); |
| 59 } | 60 } |
| 60 #endif | 61 #endif |
| 61 }; | 62 }; |
| 62 | 63 |
| 63 class BasicPolicy : public SandboxBPFDSLPolicy { | 64 class BasicPolicy : public Policy { |
| 64 public: | 65 public: |
| 65 BasicPolicy() {} | 66 BasicPolicy() {} |
| 66 virtual ~BasicPolicy() {} | 67 virtual ~BasicPolicy() {} |
| 67 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 68 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 68 if (sysno == __NR_getpgid) { | 69 if (sysno == __NR_getpgid) { |
| 69 const Arg<pid_t> pid(0); | 70 const Arg<pid_t> pid(0); |
| 70 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL)); | 71 return If(pid == 0, Error(EPERM)).Else(Error(EINVAL)); |
| 71 } | 72 } |
| 72 if (sysno == __NR_setuid) { | 73 if (sysno == __NR_setuid) { |
| 73 const Arg<uid_t> uid(0); | 74 const Arg<uid_t> uid(0); |
| 74 return If(uid != 42, Error(ESRCH)).Else(Error(ENOMEM)); | 75 return If(uid != 42, Error(ESRCH)).Else(Error(ENOMEM)); |
| 75 } | 76 } |
| 76 return Allow(); | 77 return Allow(); |
| 77 } | 78 } |
| 78 | 79 |
| 79 private: | 80 private: |
| 80 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); | 81 DISALLOW_COPY_AND_ASSIGN(BasicPolicy); |
| 81 }; | 82 }; |
| 82 | 83 |
| 83 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) { | 84 BPF_TEST_C(BPFDSL, Basic, BasicPolicy) { |
| 84 ASSERT_SYSCALL_RESULT(-EPERM, getpgid, 0); | 85 ASSERT_SYSCALL_RESULT(-EPERM, getpgid, 0); |
| 85 ASSERT_SYSCALL_RESULT(-EINVAL, getpgid, 1); | 86 ASSERT_SYSCALL_RESULT(-EINVAL, getpgid, 1); |
| 86 | 87 |
| 87 ASSERT_SYSCALL_RESULT(-ENOMEM, setuid, 42); | 88 ASSERT_SYSCALL_RESULT(-ENOMEM, setuid, 42); |
| 88 ASSERT_SYSCALL_RESULT(-ESRCH, setuid, 43); | 89 ASSERT_SYSCALL_RESULT(-ESRCH, setuid, 43); |
| 89 } | 90 } |
| 90 | 91 |
| 91 /* On IA-32, socketpair() is implemented via socketcall(). :-( */ | 92 /* On IA-32, socketpair() is implemented via socketcall(). :-( */ |
| 92 #if !defined(ARCH_CPU_X86) | 93 #if !defined(ARCH_CPU_X86) |
| 93 class BooleanLogicPolicy : public SandboxBPFDSLPolicy { | 94 class BooleanLogicPolicy : public Policy { |
| 94 public: | 95 public: |
| 95 BooleanLogicPolicy() {} | 96 BooleanLogicPolicy() {} |
| 96 virtual ~BooleanLogicPolicy() {} | 97 virtual ~BooleanLogicPolicy() {} |
| 97 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 98 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 98 if (sysno == __NR_socketpair) { | 99 if (sysno == __NR_socketpair) { |
| 99 const Arg<int> domain(0), type(1), protocol(2); | 100 const Arg<int> domain(0), type(1), protocol(2); |
| 100 return If(domain == AF_UNIX && | 101 return If(domain == AF_UNIX && |
| 101 (type == SOCK_STREAM || type == SOCK_DGRAM) && | 102 (type == SOCK_STREAM || type == SOCK_DGRAM) && |
| 102 protocol == 0, | 103 protocol == 0, |
| 103 Error(EPERM)).Else(Error(EINVAL)); | 104 Error(EPERM)).Else(Error(EINVAL)); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 121 ASSERT_SYSCALL_RESULT(-EINVAL, socketpair, AF_UNIX, SOCK_SEQPACKET, 0, sv); | 122 ASSERT_SYSCALL_RESULT(-EINVAL, socketpair, AF_UNIX, SOCK_SEQPACKET, 0, sv); |
| 122 ASSERT_SYSCALL_RESULT( | 123 ASSERT_SYSCALL_RESULT( |
| 123 -EINVAL, socketpair, AF_UNIX, SOCK_STREAM, IPPROTO_TCP, sv); | 124 -EINVAL, socketpair, AF_UNIX, SOCK_STREAM, IPPROTO_TCP, sv); |
| 124 | 125 |
| 125 // Completely unacceptable combination; should also return EINVAL. | 126 // Completely unacceptable combination; should also return EINVAL. |
| 126 ASSERT_SYSCALL_RESULT( | 127 ASSERT_SYSCALL_RESULT( |
| 127 -EINVAL, socketpair, AF_INET, SOCK_SEQPACKET, IPPROTO_UDP, sv); | 128 -EINVAL, socketpair, AF_INET, SOCK_SEQPACKET, IPPROTO_UDP, sv); |
| 128 } | 129 } |
| 129 #endif // !ARCH_CPU_X86 | 130 #endif // !ARCH_CPU_X86 |
| 130 | 131 |
| 131 class MoreBooleanLogicPolicy : public SandboxBPFDSLPolicy { | 132 class MoreBooleanLogicPolicy : public Policy { |
| 132 public: | 133 public: |
| 133 MoreBooleanLogicPolicy() {} | 134 MoreBooleanLogicPolicy() {} |
| 134 virtual ~MoreBooleanLogicPolicy() {} | 135 virtual ~MoreBooleanLogicPolicy() {} |
| 135 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 136 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 136 if (sysno == __NR_setresuid) { | 137 if (sysno == __NR_setresuid) { |
| 137 const Arg<uid_t> ruid(0), euid(1), suid(2); | 138 const Arg<uid_t> ruid(0), euid(1), suid(2); |
| 138 return If(ruid == 0 || euid == 0 || suid == 0, Error(EPERM)) | 139 return If(ruid == 0 || euid == 0 || suid == 0, Error(EPERM)) |
| 139 .ElseIf(ruid == 1 && euid == 1 && suid == 1, Error(EAGAIN)) | 140 .ElseIf(ruid == 1 && euid == 1 && suid == 1, Error(EAGAIN)) |
| 140 .Else(Error(EINVAL)); | 141 .Else(Error(EINVAL)); |
| 141 } | 142 } |
| (...skipping 16 matching lines...) Expand all Loading... |
| 158 // Expect EINVAL for anything else. | 159 // Expect EINVAL for anything else. |
| 159 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 5, 1, 1); | 160 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 5, 1, 1); |
| 160 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 1, 5, 1); | 161 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 1, 5, 1); |
| 161 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 1, 1, 5); | 162 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 1, 1, 5); |
| 162 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 3, 4, 5); | 163 ASSERT_SYSCALL_RESULT(-EINVAL, setresuid, 3, 4, 5); |
| 163 } | 164 } |
| 164 | 165 |
| 165 static const uintptr_t kDeadBeefAddr = | 166 static const uintptr_t kDeadBeefAddr = |
| 166 static_cast<uintptr_t>(0xdeadbeefdeadbeefULL); | 167 static_cast<uintptr_t>(0xdeadbeefdeadbeefULL); |
| 167 | 168 |
| 168 class ArgSizePolicy : public SandboxBPFDSLPolicy { | 169 class ArgSizePolicy : public Policy { |
| 169 public: | 170 public: |
| 170 ArgSizePolicy() {} | 171 ArgSizePolicy() {} |
| 171 virtual ~ArgSizePolicy() {} | 172 virtual ~ArgSizePolicy() {} |
| 172 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 173 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 173 if (sysno == __NR_uname) { | 174 if (sysno == __NR_uname) { |
| 174 const Arg<uintptr_t> addr(0); | 175 const Arg<uintptr_t> addr(0); |
| 175 return If(addr == kDeadBeefAddr, Error(EPERM)).Else(Allow()); | 176 return If(addr == kDeadBeefAddr, Error(EPERM)).Else(Allow()); |
| 176 } | 177 } |
| 177 return Allow(); | 178 return Allow(); |
| 178 } | 179 } |
| 179 | 180 |
| 180 private: | 181 private: |
| 181 DISALLOW_COPY_AND_ASSIGN(ArgSizePolicy); | 182 DISALLOW_COPY_AND_ASSIGN(ArgSizePolicy); |
| 182 }; | 183 }; |
| 183 | 184 |
| 184 BPF_TEST_C(BPFDSL, ArgSizeTest, ArgSizePolicy) { | 185 BPF_TEST_C(BPFDSL, ArgSizeTest, ArgSizePolicy) { |
| 185 struct utsname buf; | 186 struct utsname buf; |
| 186 ASSERT_SYSCALL_RESULT(0, uname, &buf); | 187 ASSERT_SYSCALL_RESULT(0, uname, &buf); |
| 187 ASSERT_SYSCALL_RESULT( | 188 ASSERT_SYSCALL_RESULT( |
| 188 -EPERM, uname, reinterpret_cast<struct utsname*>(kDeadBeefAddr)); | 189 -EPERM, uname, reinterpret_cast<struct utsname*>(kDeadBeefAddr)); |
| 189 } | 190 } |
| 190 | 191 |
| 191 class TrappingPolicy : public SandboxBPFDSLPolicy { | 192 class TrappingPolicy : public Policy { |
| 192 public: | 193 public: |
| 193 TrappingPolicy() {} | 194 TrappingPolicy() {} |
| 194 virtual ~TrappingPolicy() {} | 195 virtual ~TrappingPolicy() {} |
| 195 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 196 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 196 if (sysno == __NR_uname) { | 197 if (sysno == __NR_uname) { |
| 197 return Trap(UnameTrap, &count_); | 198 return Trap(UnameTrap, &count_); |
| 198 } | 199 } |
| 199 return Allow(); | 200 return Allow(); |
| 200 } | 201 } |
| 201 | 202 |
| 202 private: | 203 private: |
| 203 static intptr_t count_; | 204 static intptr_t count_; |
| 204 | 205 |
| 205 static intptr_t UnameTrap(const struct arch_seccomp_data& data, void* aux) { | 206 static intptr_t UnameTrap(const struct arch_seccomp_data& data, void* aux) { |
| 206 BPF_ASSERT_EQ(&count_, aux); | 207 BPF_ASSERT_EQ(&count_, aux); |
| 207 return ++count_; | 208 return ++count_; |
| 208 } | 209 } |
| 209 | 210 |
| 210 DISALLOW_COPY_AND_ASSIGN(TrappingPolicy); | 211 DISALLOW_COPY_AND_ASSIGN(TrappingPolicy); |
| 211 }; | 212 }; |
| 212 | 213 |
| 213 intptr_t TrappingPolicy::count_; | 214 intptr_t TrappingPolicy::count_; |
| 214 | 215 |
| 215 BPF_TEST_C(BPFDSL, TrapTest, TrappingPolicy) { | 216 BPF_TEST_C(BPFDSL, TrapTest, TrappingPolicy) { |
| 216 ASSERT_SYSCALL_RESULT(1, uname, NULL); | 217 ASSERT_SYSCALL_RESULT(1, uname, NULL); |
| 217 ASSERT_SYSCALL_RESULT(2, uname, NULL); | 218 ASSERT_SYSCALL_RESULT(2, uname, NULL); |
| 218 ASSERT_SYSCALL_RESULT(3, uname, NULL); | 219 ASSERT_SYSCALL_RESULT(3, uname, NULL); |
| 219 } | 220 } |
| 220 | 221 |
| 221 class MaskingPolicy : public SandboxBPFDSLPolicy { | 222 class MaskingPolicy : public Policy { |
| 222 public: | 223 public: |
| 223 MaskingPolicy() {} | 224 MaskingPolicy() {} |
| 224 virtual ~MaskingPolicy() {} | 225 virtual ~MaskingPolicy() {} |
| 225 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 226 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 226 if (sysno == __NR_setuid) { | 227 if (sysno == __NR_setuid) { |
| 227 const Arg<uid_t> uid(0); | 228 const Arg<uid_t> uid(0); |
| 228 return If((uid & 0xf) == 0, Error(EINVAL)).Else(Error(EACCES)); | 229 return If((uid & 0xf) == 0, Error(EINVAL)).Else(Error(EACCES)); |
| 229 } | 230 } |
| 230 if (sysno == __NR_setgid) { | 231 if (sysno == __NR_setgid) { |
| 231 const Arg<gid_t> gid(0); | 232 const Arg<gid_t> gid(0); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 252 const int expect_errno = (gid & 0xf0) == 0xf0 ? EINVAL : EACCES; | 253 const int expect_errno = (gid & 0xf0) == 0xf0 ? EINVAL : EACCES; |
| 253 ASSERT_SYSCALL_RESULT(-expect_errno, setgid, gid); | 254 ASSERT_SYSCALL_RESULT(-expect_errno, setgid, gid); |
| 254 } | 255 } |
| 255 | 256 |
| 256 for (pid_t pid = 0; pid < 0x100; ++pid) { | 257 for (pid_t pid = 0; pid < 0x100; ++pid) { |
| 257 const int expect_errno = (pid & 0xa5) == 0xa0 ? EINVAL : EACCES; | 258 const int expect_errno = (pid & 0xa5) == 0xa0 ? EINVAL : EACCES; |
| 258 ASSERT_SYSCALL_RESULT(-expect_errno, setpgid, pid, 0); | 259 ASSERT_SYSCALL_RESULT(-expect_errno, setpgid, pid, 0); |
| 259 } | 260 } |
| 260 } | 261 } |
| 261 | 262 |
| 262 class ElseIfPolicy : public SandboxBPFDSLPolicy { | 263 class ElseIfPolicy : public Policy { |
| 263 public: | 264 public: |
| 264 ElseIfPolicy() {} | 265 ElseIfPolicy() {} |
| 265 virtual ~ElseIfPolicy() {} | 266 virtual ~ElseIfPolicy() {} |
| 266 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 267 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 267 if (sysno == __NR_setuid) { | 268 if (sysno == __NR_setuid) { |
| 268 const Arg<uid_t> uid(0); | 269 const Arg<uid_t> uid(0); |
| 269 return If((uid & 0xfff) == 0, Error(0)) | 270 return If((uid & 0xfff) == 0, Error(0)) |
| 270 .ElseIf((uid & 0xff0) == 0, Error(EINVAL)) | 271 .ElseIf((uid & 0xff0) == 0, Error(EINVAL)) |
| 271 .ElseIf((uid & 0xf00) == 0, Error(EEXIST)) | 272 .ElseIf((uid & 0xf00) == 0, Error(EEXIST)) |
| 272 .Else(Error(EACCES)); | 273 .Else(Error(EACCES)); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 284 ASSERT_SYSCALL_RESULT(-EINVAL, setuid, 0x0001); | 285 ASSERT_SYSCALL_RESULT(-EINVAL, setuid, 0x0001); |
| 285 ASSERT_SYSCALL_RESULT(-EINVAL, setuid, 0x0002); | 286 ASSERT_SYSCALL_RESULT(-EINVAL, setuid, 0x0002); |
| 286 | 287 |
| 287 ASSERT_SYSCALL_RESULT(-EEXIST, setuid, 0x0011); | 288 ASSERT_SYSCALL_RESULT(-EEXIST, setuid, 0x0011); |
| 288 ASSERT_SYSCALL_RESULT(-EEXIST, setuid, 0x0022); | 289 ASSERT_SYSCALL_RESULT(-EEXIST, setuid, 0x0022); |
| 289 | 290 |
| 290 ASSERT_SYSCALL_RESULT(-EACCES, setuid, 0x0111); | 291 ASSERT_SYSCALL_RESULT(-EACCES, setuid, 0x0111); |
| 291 ASSERT_SYSCALL_RESULT(-EACCES, setuid, 0x0222); | 292 ASSERT_SYSCALL_RESULT(-EACCES, setuid, 0x0222); |
| 292 } | 293 } |
| 293 | 294 |
| 294 class SwitchPolicy : public SandboxBPFDSLPolicy { | 295 class SwitchPolicy : public Policy { |
| 295 public: | 296 public: |
| 296 SwitchPolicy() {} | 297 SwitchPolicy() {} |
| 297 virtual ~SwitchPolicy() {} | 298 virtual ~SwitchPolicy() {} |
| 298 virtual ResultExpr EvaluateSyscall(int sysno) const override { | 299 virtual ResultExpr EvaluateSyscall(int sysno) const override { |
| 299 if (sysno == __NR_fcntl) { | 300 if (sysno == __NR_fcntl) { |
| 300 const Arg<int> cmd(1); | 301 const Arg<int> cmd(1); |
| 301 const Arg<unsigned long> long_arg(2); | 302 const Arg<unsigned long> long_arg(2); |
| 302 return Switch(cmd) | 303 return Switch(cmd) |
| 303 .CASES((F_GETFL, F_GETFD), Error(ENOENT)) | 304 .CASES((F_GETFL, F_GETFD), Error(ENOENT)) |
| 304 .Case(F_SETFD, If(long_arg == O_CLOEXEC, Allow()).Else(Error(EINVAL))) | 305 .Case(F_SETFD, If(long_arg == O_CLOEXEC, Allow()).Else(Error(EINVAL))) |
| (...skipping 18 matching lines...) Expand all Loading... |
| 323 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0); | 324 ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0); |
| 324 | 325 |
| 325 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY); | 326 ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY); |
| 326 | 327 |
| 327 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0); | 328 ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0); |
| 328 } | 329 } |
| 329 | 330 |
| 330 } // namespace | 331 } // namespace |
| 331 } // namespace bpf_dsl | 332 } // namespace bpf_dsl |
| 332 } // namespace sandbox | 333 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 681713002:
Update from chromium https://crrev.com/301315 (Closed)
Base URL: https://github.com/domokit/mojo.git@master