Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1341)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h

Issue 98373007: Move more helpers to seccomp-bpf-helpers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Define MAP_STACK Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc ('K') | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
new file mode 100644
index 0000000000000000000000000000000000000000..c54291a34c90e2091485a10d40359c5df021a9df
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
@@ -0,0 +1,63 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_
+#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_
+
+#include "build/build_config.h"
+
+// These are helpers to build seccomp-bpf policies, i.e. policies for a
+// sandbox that reduces the Linux kernel's attack surface. They return an
+// ErrorCode suitable to restrict certain system call parameters.
+
+namespace playground2 {
+class ErrorCode;
+class Sandbox;
+}
+
+using playground2::ErrorCode;
+using playground2::Sandbox;
+
+namespace sandbox {
+
+// Allow clone(2) for threads.
+// Reject fork(2) attempts with EPERM.
+// Don't restrict on ASAN.
+// Crash if anything else is attempted.
+ErrorCode RestrictCloneToThreadsAndEPERMFork(Sandbox* sandbox);
+
+// Allow PR_SET_NAME, PR_SET_DUMPABLE, PR_GET_DUMPABLE.
+// Crash if anything else is attempted.
+ErrorCode RestrictPrctl(Sandbox* sandbox);
+
+// Allow TCGETS and FIONREAD.
+// Crash if anything else is attempted.
+ErrorCode RestrictIoctl(Sandbox* sandbox);
+
+// Restrict the flags argument in mmap(2).
+// Only allow: MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS |
+// MAP_STACK | MAP_NORESERVE | MAP_FIXED | MAP_DENYWRITE.
+// Crash if any other flag is used.
+ErrorCode RestrictMmapFlags(Sandbox* sandbox);
+
+// Restrict the prot argument in mprotect(2).
+// Only allow: PROT_READ | PROT_WRITE | PROT_EXEC.
+ErrorCode RestrictMprotectFlags(Sandbox* sandbox);
+
+// Restrict fcntl(2) cmd argument to:
+// We allow F_GETFL, F_SETFL, F_GETFD, F_SETFD, F_DUPFD, F_DUPFD_CLOEXEC,
+// F_SETLK, F_SETLKW and F_GETLK.
+// Also, in F_SETFL, restrict the allowed flags to: O_ACCMODE | O_APPEND |
+// O_NONBLOCK | O_SYNC | O_LARGEFILE | O_CLOEXEC | O_NOATIME.
+ErrorCode RestrictFcntlCommands(Sandbox* sandbox);
+
+#if defined(__i386__)
+// Restrict socketcall(2) to only allow socketpair(2), send(2), recv(2),
+// sendto(2), recvfrom(2), shutdown(2), sendmsg(2) and recvmsg(2).
+ErrorCode RestrictSocketcallCommand(Sandbox* sandbox);
+#endif
+
+} // namespace sandbox.
+
+#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_
« sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc ('K') | « sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc ('k') | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698