| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/public/common/sandbox_init.h" | 5 #include "content/public/common/sandbox_init.h" |
| 6 | 6 |
| 7 #if defined(OS_LINUX) && defined(__x86_64__) | 7 #if defined(OS_LINUX) && defined(__x86_64__) |
| 8 | 8 |
| 9 #include <asm/unistd.h> | 9 #include <asm/unistd.h> |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 static void EmitFailSyscall(int nr, int err, | 175 static void EmitFailSyscall(int nr, int err, |
| 176 std::vector<struct sock_filter>* program) { | 176 std::vector<struct sock_filter>* program) { |
| 177 EmitJEQJF(nr, 1, program); | 177 EmitJEQJF(nr, 1, program); |
| 178 EmitRet(SECCOMP_RET_ERRNO | err, program); | 178 EmitRet(SECCOMP_RET_ERRNO | err, program); |
| 179 } | 179 } |
| 180 | 180 |
| 181 static void EmitTrap(std::vector<struct sock_filter>* program) { | 181 static void EmitTrap(std::vector<struct sock_filter>* program) { |
| 182 EmitRet(SECCOMP_RET_TRAP, program); | 182 EmitRet(SECCOMP_RET_TRAP, program); |
| 183 } | 183 } |
| 184 | 184 |
| 185 static void EmitAllowKillSelf(int signal, | 185 // TODO(cevans) -- only really works as advertised once we restrict clone() |
| 186 std::vector<struct sock_filter>* program) { | 186 // to CLONE_THREAD. |
| 187 EmitAllowSyscallArgN(__NR_kill, 2, signal, program); | 187 static void EmitAllowSignalSelf(std::vector<struct sock_filter>* program) { |
| 188 EmitAllowSyscallArgN(__NR_kill, 1, getpid(), program); |
| 189 EmitAllowSyscallArgN(__NR_tgkill, 1, getpid(), program); |
| 188 } | 190 } |
| 189 | 191 |
| 190 static void EmitAllowGettime(std::vector<struct sock_filter>* program) { | 192 static void EmitAllowGettime(std::vector<struct sock_filter>* program) { |
| 191 EmitAllowSyscall(__NR_clock_gettime, program); | 193 EmitAllowSyscall(__NR_clock_gettime, program); |
| 192 EmitAllowSyscall(__NR_gettimeofday, program); | 194 EmitAllowSyscall(__NR_gettimeofday, program); |
| 193 } | 195 } |
| 194 | 196 |
| 195 static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { | 197 static void ApplyGPUPolicy(std::vector<struct sock_filter>* program) { |
| 196 // "Hot" syscalls go first. | 198 // "Hot" syscalls go first. |
| 197 EmitAllowSyscall(__NR_read, program); | 199 EmitAllowSyscall(__NR_read, program); |
| 198 EmitAllowSyscall(__NR_ioctl, program); | 200 EmitAllowSyscall(__NR_ioctl, program); |
| 199 EmitAllowSyscall(__NR_poll, program); | 201 EmitAllowSyscall(__NR_poll, program); |
| 200 EmitAllowSyscall(__NR_epoll_wait, program); | 202 EmitAllowSyscall(__NR_epoll_wait, program); |
| 201 EmitAllowSyscall(__NR_recvfrom, program); | 203 EmitAllowSyscall(__NR_recvfrom, program); |
| 202 EmitAllowSyscall(__NR_write, program); | 204 EmitAllowSyscall(__NR_write, program); |
| 203 EmitAllowSyscall(__NR_writev, program); | 205 EmitAllowSyscall(__NR_writev, program); |
| 204 EmitAllowSyscall(__NR_gettid, program); | 206 EmitAllowSyscall(__NR_gettid, program); |
| 205 EmitAllowSyscall(__NR_sched_yield, program); // Nvidia binary driver. | 207 EmitAllowSyscall(__NR_sched_yield, program); // Nvidia binary driver. |
| 206 EmitAllowGettime(program); | 208 EmitAllowGettime(program); |
| 207 | 209 |
| 208 // Less hot syscalls. | 210 // Less hot syscalls. |
| 209 EmitAllowSyscall(__NR_futex, program); | 211 EmitAllowSyscall(__NR_futex, program); |
| 210 EmitAllowSyscall(__NR_madvise, program); | 212 EmitAllowSyscall(__NR_madvise, program); |
| 211 EmitAllowSyscall(__NR_sendmsg, program); | 213 EmitAllowSyscall(__NR_sendmsg, program); |
| 212 EmitAllowSyscall(__NR_recvmsg, program); | 214 EmitAllowSyscall(__NR_recvmsg, program); |
| 213 EmitAllowSyscall(__NR_eventfd2, program); | 215 EmitAllowSyscall(__NR_eventfd2, program); |
| 214 EmitAllowSyscall(__NR_pipe, program); | 216 EmitAllowSyscall(__NR_pipe, program); |
| 215 EmitAllowSyscall(__NR_mmap, program); | 217 EmitAllowSyscall(__NR_mmap, program); |
| 216 EmitAllowSyscall(__NR_mprotect, program); | 218 EmitAllowSyscall(__NR_mprotect, program); |
| 219 // TODO(cevans): restrict flags. |
| 217 EmitAllowSyscall(__NR_clone, program); | 220 EmitAllowSyscall(__NR_clone, program); |
| 218 EmitAllowSyscall(__NR_set_robust_list, program); | 221 EmitAllowSyscall(__NR_set_robust_list, program); |
| 219 EmitAllowSyscall(__NR_getuid, program); | 222 EmitAllowSyscall(__NR_getuid, program); |
| 220 EmitAllowSyscall(__NR_geteuid, program); | 223 EmitAllowSyscall(__NR_geteuid, program); |
| 221 EmitAllowSyscall(__NR_getgid, program); | 224 EmitAllowSyscall(__NR_getgid, program); |
| 222 EmitAllowSyscall(__NR_getegid, program); | 225 EmitAllowSyscall(__NR_getegid, program); |
| 223 EmitAllowSyscall(__NR_epoll_create, program); | 226 EmitAllowSyscall(__NR_epoll_create, program); |
| 224 EmitAllowSyscall(__NR_fcntl, program); | 227 EmitAllowSyscall(__NR_fcntl, program); |
| 225 EmitAllowSyscall(__NR_socketpair, program); | 228 EmitAllowSyscall(__NR_socketpair, program); |
| 226 EmitAllowSyscall(__NR_epoll_ctl, program); | 229 EmitAllowSyscall(__NR_epoll_ctl, program); |
| 227 EmitAllowSyscall(__NR_prctl, program); | 230 EmitAllowSyscall(__NR_prctl, program); |
| 228 EmitAllowSyscall(__NR_fstat, program); | 231 EmitAllowSyscall(__NR_fstat, program); |
| 229 EmitAllowSyscall(__NR_close, program); | 232 EmitAllowSyscall(__NR_close, program); |
| 230 EmitAllowSyscall(__NR_restart_syscall, program); | 233 EmitAllowSyscall(__NR_restart_syscall, program); |
| 231 EmitAllowSyscall(__NR_rt_sigreturn, program); | 234 EmitAllowSyscall(__NR_rt_sigreturn, program); |
| 232 EmitAllowSyscall(__NR_brk, program); | 235 EmitAllowSyscall(__NR_brk, program); |
| 233 EmitAllowSyscall(__NR_rt_sigprocmask, program); | 236 EmitAllowSyscall(__NR_rt_sigprocmask, program); |
| 234 EmitAllowSyscall(__NR_munmap, program); | 237 EmitAllowSyscall(__NR_munmap, program); |
| 235 EmitAllowSyscall(__NR_dup, program); | 238 EmitAllowSyscall(__NR_dup, program); |
| 236 EmitAllowSyscall(__NR_mlock, program); | 239 EmitAllowSyscall(__NR_mlock, program); |
| 237 EmitAllowSyscall(__NR_munlock, program); | 240 EmitAllowSyscall(__NR_munlock, program); |
| 238 EmitAllowSyscall(__NR_exit, program); | 241 EmitAllowSyscall(__NR_exit, program); |
| 239 EmitAllowSyscall(__NR_exit_group, program); | 242 EmitAllowSyscall(__NR_exit_group, program); |
| 240 EmitAllowSyscall(__NR_getpid, program); // Nvidia binary driver. | 243 EmitAllowSyscall(__NR_getpid, program); // Nvidia binary driver. |
| 241 EmitAllowSyscall(__NR_getppid, program); // ATI binary driver. | 244 EmitAllowSyscall(__NR_getppid, program); // ATI binary driver. |
| 242 EmitAllowSyscall(__NR_lseek, program); // Nvidia binary driver. | 245 EmitAllowSyscall(__NR_lseek, program); // Nvidia binary driver. |
| 243 EmitAllowKillSelf(SIGTERM, program); // GPU watchdog. | 246 EmitAllowSyscall(__NR_shutdown, program); // Virtual driver. |
| 247 EmitAllowSyscall(__NR_rt_sigaction, program); // Breakpad signal handler. |
| 248 EmitAllowSignalSelf(program); // GPU watchdog. |
| 244 | 249 |
| 245 // Generally, filename-based syscalls will fail with ENOENT to behave | 250 // Generally, filename-based syscalls will fail with ENOENT to behave |
| 246 // similarly to a possible future setuid sandbox. | 251 // similarly to a possible future setuid sandbox. |
| 247 EmitFailSyscall(__NR_open, ENOENT, program); | 252 EmitFailSyscall(__NR_open, ENOENT, program); |
| 248 EmitFailSyscall(__NR_access, ENOENT, program); | 253 EmitFailSyscall(__NR_access, ENOENT, program); |
| 249 EmitFailSyscall(__NR_mkdir, ENOENT, program); // Nvidia binary driver. | 254 EmitFailSyscall(__NR_mkdir, ENOENT, program); // Nvidia binary driver. |
| 250 EmitFailSyscall(__NR_readlink, ENOENT, program); // ATI binary driver. | 255 EmitFailSyscall(__NR_readlink, ENOENT, program); // ATI binary driver. |
| 256 EmitFailSyscall(__NR_stat, ENOENT, program); // Nvidia binary driver. |
| 251 } | 257 } |
| 252 | 258 |
| 253 static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) { | 259 static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) { |
| 254 // "Hot" syscalls go first. | 260 // "Hot" syscalls go first. |
| 255 EmitAllowSyscall(__NR_futex, program); | 261 EmitAllowSyscall(__NR_futex, program); |
| 256 EmitAllowSyscall(__NR_write, program); | 262 EmitAllowSyscall(__NR_write, program); |
| 257 EmitAllowSyscall(__NR_epoll_wait, program); | 263 EmitAllowSyscall(__NR_epoll_wait, program); |
| 258 EmitAllowSyscall(__NR_read, program); | 264 EmitAllowSyscall(__NR_read, program); |
| 259 EmitAllowSyscall(__NR_times, program); | 265 EmitAllowSyscall(__NR_times, program); |
| 260 | 266 |
| 261 // Less hot syscalls. | 267 // Less hot syscalls. |
| 262 EmitAllowGettime(program); | 268 EmitAllowGettime(program); |
| 269 // TODO(cevans): restrict flags. |
| 263 EmitAllowSyscall(__NR_clone, program); | 270 EmitAllowSyscall(__NR_clone, program); |
| 264 EmitAllowSyscall(__NR_set_robust_list, program); | 271 EmitAllowSyscall(__NR_set_robust_list, program); |
| 265 EmitAllowSyscall(__NR_getuid, program); | 272 EmitAllowSyscall(__NR_getuid, program); |
| 266 EmitAllowSyscall(__NR_geteuid, program); | 273 EmitAllowSyscall(__NR_geteuid, program); |
| 267 EmitAllowSyscall(__NR_getgid, program); | 274 EmitAllowSyscall(__NR_getgid, program); |
| 268 EmitAllowSyscall(__NR_getegid, program); | 275 EmitAllowSyscall(__NR_getegid, program); |
| 269 EmitAllowSyscall(__NR_epoll_create, program); | 276 EmitAllowSyscall(__NR_epoll_create, program); |
| 270 EmitAllowSyscall(__NR_fcntl, program); | 277 EmitAllowSyscall(__NR_fcntl, program); |
| 271 EmitAllowSyscall(__NR_socketpair, program); | 278 EmitAllowSyscall(__NR_socketpair, program); |
| 272 EmitAllowSyscall(__NR_pipe, program); | 279 EmitAllowSyscall(__NR_pipe, program); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 284 EmitAllowSyscall(__NR_wait4, program); | 291 EmitAllowSyscall(__NR_wait4, program); |
| 285 EmitAllowSyscall(__NR_exit_group, program); | 292 EmitAllowSyscall(__NR_exit_group, program); |
| 286 EmitAllowSyscall(__NR_exit, program); | 293 EmitAllowSyscall(__NR_exit, program); |
| 287 EmitAllowSyscall(__NR_rt_sigreturn, program); | 294 EmitAllowSyscall(__NR_rt_sigreturn, program); |
| 288 EmitAllowSyscall(__NR_restart_syscall, program); | 295 EmitAllowSyscall(__NR_restart_syscall, program); |
| 289 EmitAllowSyscall(__NR_close, program); | 296 EmitAllowSyscall(__NR_close, program); |
| 290 EmitAllowSyscall(__NR_recvmsg, program); | 297 EmitAllowSyscall(__NR_recvmsg, program); |
| 291 EmitAllowSyscall(__NR_lseek, program); | 298 EmitAllowSyscall(__NR_lseek, program); |
| 292 EmitAllowSyscall(__NR_brk, program); | 299 EmitAllowSyscall(__NR_brk, program); |
| 293 EmitAllowSyscall(__NR_sched_yield, program); | 300 EmitAllowSyscall(__NR_sched_yield, program); |
| 301 EmitAllowSyscall(__NR_shutdown, program); |
| 302 EmitAllowSyscall(__NR_sched_getaffinity, program); // 3D |
| 303 EmitAllowSignalSelf(program); |
| 294 | 304 |
| 295 // These are under investigation, and hopefully not here for the long term. | 305 // These are under investigation, and hopefully not here for the long term. |
| 296 EmitAllowSyscall(__NR_shmctl, program); | 306 EmitAllowSyscall(__NR_shmctl, program); |
| 297 EmitAllowSyscall(__NR_shmat, program); | 307 EmitAllowSyscall(__NR_shmat, program); |
| 298 EmitAllowSyscall(__NR_shmdt, program); | 308 EmitAllowSyscall(__NR_shmdt, program); |
| 299 | 309 |
| 300 EmitFailSyscall(__NR_open, ENOENT, program); | 310 EmitFailSyscall(__NR_open, ENOENT, program); |
| 301 EmitFailSyscall(__NR_execve, ENOENT, program); | 311 EmitFailSyscall(__NR_execve, ENOENT, program); |
| 302 EmitFailSyscall(__NR_access, ENOENT, program); | 312 EmitFailSyscall(__NR_access, ENOENT, program); |
| 303 } | 313 } |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 | 375 |
| 366 namespace content { | 376 namespace content { |
| 367 | 377 |
| 368 void InitializeSandbox() { | 378 void InitializeSandbox() { |
| 369 } | 379 } |
| 370 | 380 |
| 371 } // namespace content | 381 } // namespace content |
| 372 | 382 |
| 373 #endif | 383 #endif |
| 374 | 384 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10383274:
Sandbox policy fixes for all known remaining issues. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/