Chromium Code Reviews Chromium Code Reviews
Issue 10383274:
Sandbox policy fixes for all known remaining issues. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/public/common/sandbox_init.h" | 5 #include "content/public/common/sandbox_init.h" |
| 6 | 6 |
| 7 #if defined(OS_LINUX) && defined(__x86_64__) | 7 #if defined(OS_LINUX) && defined(__x86_64__) |
| 8 | 8 |
| 9 #include <asm/unistd.h> | 9 #include <asm/unistd.h> |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 175 static void EmitFailSyscall(int nr, int err, | 175 static void EmitFailSyscall(int nr, int err, |
| 176 std::vector<struct sock_filter>* program) { | 176 std::vector<struct sock_filter>* program) { |
| 177 EmitJEQJF(nr, 1, program); | 177 EmitJEQJF(nr, 1, program); |
| 178 EmitRet(SECCOMP_RET_ERRNO | err, program); | 178 EmitRet(SECCOMP_RET_ERRNO | err, program); |
| 179 } | 179 } |
| 180 | 180 |
| 181 static void EmitTrap(std::vector<struct sock_filter>* program) { | 181 static void EmitTrap(std::vector<struct sock_filter>* program) { |
| 182 EmitRet(SECCOMP_RET_TRAP, program); | 182 EmitRet(SECCOMP_RET_TRAP, program); |
| 183 } | 183 } |
| 184 | 184 |
| 185 static void EmitAllowKillSelf(int signal, | 185 static void EmitAllowSignalSelf(std::vector<struct sock_filter>* program) { |
| 186 std::vector<struct sock_filter>* program) { | 186 EmitAllowSyscallArgN(__NR_kill, 1, getpid(), program); |
| 187 EmitAllowSyscallArgN(__NR_kill, 2, signal, program); | 187 EmitAllowSyscallArgN(__NR_tgkill, 1, getpid(), program); |
| 188 } | 188 } |
| 189 | 189 |
| 190 static void EmitAllowGettime(std::vector<struct sock_filter>* program) { | 190 static void EmitAllowGettime(std::vector<struct sock_filter>* program) { |
| 191 EmitAllowSyscall(__NR_clock_gettime, program); | 191 EmitAllowSyscall(__NR_clock_gettime, program); |
| 192 EmitAllowSyscall(__NR_gettimeofday, program); | 192 EmitAllowSyscall(__NR_gettimeofday, program); |
| 193 } | 193 } |
| 194 | 194 |
| 195 static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { | 195 static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { |
| 196 // "Hot" syscalls go first. | 196 // "Hot" syscalls go first. |
| 197 EmitAllowSyscall(__NR_read, program); | 197 EmitAllowSyscall(__NR_read, program); |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 233 EmitAllowSyscall(__NR_rt_sigprocmask, program); | 233 EmitAllowSyscall(__NR_rt_sigprocmask, program); |
| 234 EmitAllowSyscall(__NR_munmap, program); | 234 EmitAllowSyscall(__NR_munmap, program); |
| 235 EmitAllowSyscall(__NR_dup, program); | 235 EmitAllowSyscall(__NR_dup, program); |
| 236 EmitAllowSyscall(__NR_mlock, program); | 236 EmitAllowSyscall(__NR_mlock, program); |
| 237 EmitAllowSyscall(__NR_munlock, program); | 237 EmitAllowSyscall(__NR_munlock, program); |
| 238 EmitAllowSyscall(__NR_exit, program); | 238 EmitAllowSyscall(__NR_exit, program); |
| 239 EmitAllowSyscall(__NR_exit_group, program); | 239 EmitAllowSyscall(__NR_exit_group, program); |
| 240 EmitAllowSyscall(__NR_getpid, program); // Nvidia binary driver. | 240 EmitAllowSyscall(__NR_getpid, program); // Nvidia binary driver. |
| 241 EmitAllowSyscall(__NR_getppid, program); // ATI binary driver. | 241 EmitAllowSyscall(__NR_getppid, program); // ATI binary driver. |
| 242 EmitAllowSyscall(__NR_lseek, program); // Nvidia binary driver. | 242 EmitAllowSyscall(__NR_lseek, program); // Nvidia binary driver. |
| 243 EmitAllowKillSelf(SIGTERM, program); // GPU watchdog. | 243 EmitAllowSyscall(__NR_shutdown, program); // Virtual driver. |
| 244 EmitAllowSyscall(__NR_rt_sigaction, program); // Breakpad signal handler. | |
| 245 EmitAllowSignalSelf(program); // GPU watchdog. | |
| 244 | 246 |
| 245 // Generally, filename-based syscalls will fail with ENOENT to behave | 247 // Generally, filename-based syscalls will fail with ENOENT to behave |
| 246 // similarly to a possible future setuid sandbox. | 248 // similarly to a possible future setuid sandbox. |
| 247 EmitFailSyscall(__NR_open, ENOENT, program); | 249 EmitFailSyscall(__NR_open, ENOENT, program); |
| 248 EmitFailSyscall(__NR_access, ENOENT, program); | 250 EmitFailSyscall(__NR_access, ENOENT, program); |
| 249 EmitFailSyscall(__NR_mkdir, ENOENT, program); // Nvidia binary driver. | 251 EmitFailSyscall(__NR_mkdir, ENOENT, program); // Nvidia binary driver. |
| 250 EmitFailSyscall(__NR_readlink, ENOENT, program); // ATI binary driver. | 252 EmitFailSyscall(__NR_readlink, ENOENT, program); // ATI binary driver. |
| 253 EmitFailSyscall(__NR_stat, ENOENT, program); // Nvidia binary driver. | |
| 251 } | 254 } |
| 252 | 255 |
| 253 static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) { | 256 static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) { |
| 254 // "Hot" syscalls go first. | 257 // "Hot" syscalls go first. |
| 255 EmitAllowSyscall(__NR_futex, program); | 258 EmitAllowSyscall(__NR_futex, program); |
| 256 EmitAllowSyscall(__NR_write, program); | 259 EmitAllowSyscall(__NR_write, program); |
| 257 EmitAllowSyscall(__NR_epoll_wait, program); | 260 EmitAllowSyscall(__NR_epoll_wait, program); |
| 258 EmitAllowSyscall(__NR_read, program); | 261 EmitAllowSyscall(__NR_read, program); |
| 259 EmitAllowSyscall(__NR_times, program); | 262 EmitAllowSyscall(__NR_times, program); |
| 260 | 263 |
| 261 // Less hot syscalls. | 264 // Less hot syscalls. |
| 262 EmitAllowGettime(program); | 265 EmitAllowGettime(program); |
| 263 EmitAllowSyscall(__NR_clone, program); | 266 EmitAllowSyscall(__NR_clone, program); |
|
jln (very slow on Chromium)
2012/05/22 00:04:34
We can't allow clone with EmitAllowSignalSelf I th
| |
| 264 EmitAllowSyscall(__NR_set_robust_list, program); | 267 EmitAllowSyscall(__NR_set_robust_list, program); |
| 265 EmitAllowSyscall(__NR_getuid, program); | 268 EmitAllowSyscall(__NR_getuid, program); |
| 266 EmitAllowSyscall(__NR_geteuid, program); | 269 EmitAllowSyscall(__NR_geteuid, program); |
| 267 EmitAllowSyscall(__NR_getgid, program); | 270 EmitAllowSyscall(__NR_getgid, program); |
| 268 EmitAllowSyscall(__NR_getegid, program); | 271 EmitAllowSyscall(__NR_getegid, program); |
| 269 EmitAllowSyscall(__NR_epoll_create, program); | 272 EmitAllowSyscall(__NR_epoll_create, program); |
| 270 EmitAllowSyscall(__NR_fcntl, program); | 273 EmitAllowSyscall(__NR_fcntl, program); |
| 271 EmitAllowSyscall(__NR_socketpair, program); | 274 EmitAllowSyscall(__NR_socketpair, program); |
| 272 EmitAllowSyscall(__NR_pipe, program); | 275 EmitAllowSyscall(__NR_pipe, program); |
| 273 EmitAllowSyscall(__NR_epoll_ctl, program); | 276 EmitAllowSyscall(__NR_epoll_ctl, program); |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 284 EmitAllowSyscall(__NR_wait4, program); | 287 EmitAllowSyscall(__NR_wait4, program); |
| 285 EmitAllowSyscall(__NR_exit_group, program); | 288 EmitAllowSyscall(__NR_exit_group, program); |
| 286 EmitAllowSyscall(__NR_exit, program); | 289 EmitAllowSyscall(__NR_exit, program); |
| 287 EmitAllowSyscall(__NR_rt_sigreturn, program); | 290 EmitAllowSyscall(__NR_rt_sigreturn, program); |
| 288 EmitAllowSyscall(__NR_restart_syscall, program); | 291 EmitAllowSyscall(__NR_restart_syscall, program); |
| 289 EmitAllowSyscall(__NR_close, program); | 292 EmitAllowSyscall(__NR_close, program); |
| 290 EmitAllowSyscall(__NR_recvmsg, program); | 293 EmitAllowSyscall(__NR_recvmsg, program); |
| 291 EmitAllowSyscall(__NR_lseek, program); | 294 EmitAllowSyscall(__NR_lseek, program); |
| 292 EmitAllowSyscall(__NR_brk, program); | 295 EmitAllowSyscall(__NR_brk, program); |
| 293 EmitAllowSyscall(__NR_sched_yield, program); | 296 EmitAllowSyscall(__NR_sched_yield, program); |
| 297 EmitAllowSyscall(__NR_shutdown, program); | |
| 298 EmitAllowSyscall(__NR_sched_getaffinity, program); // 3D | |
| 299 EmitAllowSignalSelf(program); | |
| 294 | 300 |
| 295 // These are under investigation, and hopefully not here for the long term. | 301 // These are under investigation, and hopefully not here for the long term. |
| 296 EmitAllowSyscall(__NR_shmctl, program); | 302 EmitAllowSyscall(__NR_shmctl, program); |
| 297 EmitAllowSyscall(__NR_shmat, program); | 303 EmitAllowSyscall(__NR_shmat, program); |
| 298 EmitAllowSyscall(__NR_shmdt, program); | 304 EmitAllowSyscall(__NR_shmdt, program); |
| 299 | 305 |
| 300 EmitFailSyscall(__NR_open, ENOENT, program); | 306 EmitFailSyscall(__NR_open, ENOENT, program); |
| 301 EmitFailSyscall(__NR_execve, ENOENT, program); | 307 EmitFailSyscall(__NR_execve, ENOENT, program); |
| 302 EmitFailSyscall(__NR_access, ENOENT, program); | 308 EmitFailSyscall(__NR_access, ENOENT, program); |
| 303 } | 309 } |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 365 | 371 |
| 366 namespace content { | 372 namespace content { |
| 367 | 373 |
| 368 void InitializeSandbox() { | 374 void InitializeSandbox() { |
| 369 } | 375 } |
| 370 | 376 |
| 371 } // namespace content | 377 } // namespace content |
| 372 | 378 |
| 373 #endif | 379 #endif |
| 374 | 380 |
| OLD | NEW |
