Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 10826254: Seccomp: merge i386 and x86_64 architectures in system call sets. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Adapt some comments. Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <asm/unistd.h> 5 #include <asm/unistd.h>
6 #include <dlfcn.h> 6 #include <dlfcn.h>
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <linux/audit.h> 9 #include <linux/audit.h>
10 #include <linux/filter.h> 10 #include <linux/filter.h>
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 int flags = static_cast<int>(arg1); 140 int flags = static_cast<int>(arg1);
141 141
142 if (strcmp(pathname, kDriRcPath) == 0) { 142 if (strcmp(pathname, kDriRcPath) == 0) {
143 int ret = OpenWithCache(pathname, flags); 143 int ret = OpenWithCache(pathname, flags);
144 return (ret == -1) ? -errno : ret; 144 return (ret == -1) ? -errno : ret;
145 } else { 145 } else {
146 return -ENOENT; 146 return -ENOENT;
147 } 147 }
148 } 148 }
149 149
150 #if defined(__x86_64__) 150 #if defined(__i386__) || defined(__x86_64__)
151 151
152 // The functions below cover all existing x86_64 system calls. 152 // The functions below cover all existing x86_64 and i386 system calls.
153 // The implicitly defined sets form a partition of the sets of 153 // The implicitly defined sets form a partition of the sets of
154 // system calls. 154 // system calls.
155 155
156 // TODO(jln) we need to restrict the first parameter! 156 // TODO(jln) we need to restrict the first parameter!
157 bool IsKill(int sysno) { 157 bool IsKill(int sysno) {
158 switch (sysno) { 158 switch (sysno) {
159 case __NR_kill: 159 case __NR_kill:
160 case __NR_tkill: 160 case __NR_tkill:
161 case __NR_tgkill: 161 case __NR_tgkill:
162 return true; 162 return true;
163 default: 163 default:
164 return false; 164 return false;
165 } 165 }
166 } 166 }
167 167
168 bool IsAllowedGettime(int sysno) { 168 bool IsAllowedGettime(int sysno) {
169 switch (sysno) { 169 switch (sysno) {
170 case __NR_clock_gettime: 170 case __NR_clock_gettime:
171 case __NR_gettimeofday: 171 case __NR_gettimeofday:
172 case __NR_time: 172 case __NR_time:
173 return true; 173 return true;
174 case __NR_adjtimex: // Privileged. 174 case __NR_adjtimex: // Privileged.
175 case __NR_clock_adjtime: // Privileged. 175 case __NR_clock_adjtime: // Privileged.
176 case __NR_clock_getres: // Could be allowed. 176 case __NR_clock_getres: // Could be allowed.
177 case __NR_clock_nanosleep: // Could be allowed. 177 case __NR_clock_nanosleep: // Could be allowed.
178 case __NR_clock_settime: // Privileged. 178 case __NR_clock_settime: // Privileged.
179 #if defined(__i386__)
180 case __NR_ftime: // Obsolete.
181 #endif
179 case __NR_settimeofday: // Privileged. 182 case __NR_settimeofday: // Privileged.
183 #if defined(__i386__)
184 case __NR_stime:
185 #endif
180 default: 186 default:
181 return false; 187 return false;
182 } 188 }
183 } 189 }
184 190
185 bool IsCurrentDirectory(int sysno) { 191 bool IsCurrentDirectory(int sysno) {
186 switch (sysno) { 192 switch (sysno) {
187 case __NR_getcwd: 193 case __NR_getcwd:
188 case __NR_chdir: 194 case __NR_chdir:
189 case __NR_fchdir: 195 case __NR_fchdir:
(...skipping 14 matching lines...) Expand all
204 210
205 // System calls that directly access the file system. They might acquire 211 // System calls that directly access the file system. They might acquire
206 // a new file descriptor or otherwise perform an operation directly 212 // a new file descriptor or otherwise perform an operation directly
207 // via a path. 213 // via a path.
208 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment. 214 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
209 bool IsFileSystem(int sysno) { 215 bool IsFileSystem(int sysno) {
210 switch (sysno) { 216 switch (sysno) {
211 case __NR_access: // EPERM not a valid errno. 217 case __NR_access: // EPERM not a valid errno.
212 case __NR_chmod: 218 case __NR_chmod:
213 case __NR_chown: 219 case __NR_chown:
220 #if defined(__i386__)
221 case __NR_chown32:
222 #endif
214 case __NR_creat: 223 case __NR_creat:
215 case __NR_execve: 224 case __NR_execve:
216 case __NR_faccessat: // EPERM not a valid errno. 225 case __NR_faccessat: // EPERM not a valid errno.
217 case __NR_fchmodat: 226 case __NR_fchmodat:
218 case __NR_fchownat: // Should be called chownat ? 227 case __NR_fchownat: // Should be called chownat ?
228 #if defined(__x86_64__)
229 case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
230 #elif defined(__i386__)
231 case __NR_fstatat64:
232 #endif
219 case __NR_futimesat: // Should be called utimesat ? 233 case __NR_futimesat: // Should be called utimesat ?
220 case __NR_lchown: 234 case __NR_lchown:
235 #if defined(__i386__)
236 case __NR_lchown32:
237 #endif
221 case __NR_link: 238 case __NR_link:
222 case __NR_linkat: 239 case __NR_linkat:
223 case __NR_lookup_dcookie: // ENOENT not a valid errno. 240 case __NR_lookup_dcookie: // ENOENT not a valid errno.
224 case __NR_lstat: // EPERM not a valid errno. 241 case __NR_lstat: // EPERM not a valid errno.
242 #if defined(__i386__)
243 case __NR_oldlstat:
244 case __NR_lstat64:
Jorge Lucangeli Obes 2012/08/13 23:55:12 Broke alphabetical ordering to keep lstat close to
jln (very slow on Chromium) 2012/08/14 00:22:54 Yes, I thought it would make sense and improve rea
245 #endif
225 case __NR_mkdir: 246 case __NR_mkdir:
226 case __NR_mkdirat: 247 case __NR_mkdirat:
227 case __NR_mknod: 248 case __NR_mknod:
228 case __NR_mknodat: 249 case __NR_mknodat:
229 case __NR_newfstatat: // EPERM not a valid errno.
230 // Should be called statat ?
231 case __NR_open: 250 case __NR_open:
232 case __NR_openat: 251 case __NR_openat:
233 case __NR_readlink: // EPERM not a valid errno. 252 case __NR_readlink: // EPERM not a valid errno.
234 case __NR_readlinkat: 253 case __NR_readlinkat:
235 case __NR_rename: 254 case __NR_rename:
236 case __NR_renameat: 255 case __NR_renameat:
237 case __NR_rmdir: 256 case __NR_rmdir:
238 case __NR_stat: // EPERM not a valid errno. 257 case __NR_stat: // EPERM not a valid errno.
258 #if defined(__i386__)
259 case __NR_oldstat:
260 case __NR_stat64:
261 #endif
239 case __NR_statfs: // EPERM not a valid errno. 262 case __NR_statfs: // EPERM not a valid errno.
263 #if defined(__i386__)
264 case __NR_statfs64:
265 #endif
240 case __NR_symlink: 266 case __NR_symlink:
241 case __NR_symlinkat: 267 case __NR_symlinkat:
242 case __NR_truncate: 268 case __NR_truncate:
269 #if defined(__i386__)
270 case __NR_truncate64:
271 #endif
243 case __NR_unlink: 272 case __NR_unlink:
244 case __NR_unlinkat: 273 case __NR_unlinkat:
245 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. 274 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
246 case __NR_ustat: // Same as above. Deprecated. 275 case __NR_ustat: // Same as above. Deprecated.
247 case __NR_utime: 276 case __NR_utime:
248 case __NR_utimensat: // New. 277 case __NR_utimensat: // New.
249 case __NR_utimes: 278 case __NR_utimes:
250 return true; 279 return true;
251 default: 280 default:
252 return false; 281 return false;
253 } 282 }
254 } 283 }
255 284
256 bool IsAllowedFileSystemAccessViaFd(int sysno) { 285 bool IsAllowedFileSystemAccessViaFd(int sysno) {
257 switch (sysno) { 286 switch (sysno) {
258 case __NR_fstat: 287 case __NR_fstat:
288 #if defined(__i386__)
289 case __NR_fstat64:
290 #endif
259 return true; 291 return true;
260 // TODO(jln): these should be denied gracefully as well (moved below). 292 // TODO(jln): these should be denied gracefully as well (moved below).
261 case __NR_fadvise64: // EPERM not a valid errno. 293 case __NR_fadvise64: // EPERM not a valid errno.
294 #if defined(__i386__)
295 case __NR_fadvise64_64:
296 #endif
262 case __NR_fdatasync: // EPERM not a valid errno. 297 case __NR_fdatasync: // EPERM not a valid errno.
263 case __NR_flock: // EPERM not a valid errno. 298 case __NR_flock: // EPERM not a valid errno.
264 case __NR_fstatfs: // Give information about the whole filesystem. 299 case __NR_fstatfs: // Give information about the whole filesystem.
300 #if defined(__i386__)
301 case __NR_fstatfs64:
302 #endif
265 case __NR_fsync: // EPERM not a valid errno. 303 case __NR_fsync: // EPERM not a valid errno.
304 #if defined(__i386__)
305 case __NR_oldfstat:
306 #endif
266 case __NR_sync_file_range: // EPERM not a valid errno. 307 case __NR_sync_file_range: // EPERM not a valid errno.
267 default: 308 default:
268 return false; 309 return false;
269 } 310 }
270 } 311 }
271 312
272 // EPERM is a good errno for any of these. 313 // EPERM is a good errno for any of these.
273 bool IsDeniedFileSystemAccessViaFd(int sysno) { 314 bool IsDeniedFileSystemAccessViaFd(int sysno) {
274 switch (sysno) { 315 switch (sysno) {
275 case __NR_fallocate: 316 case __NR_fallocate:
276 case __NR_fchmod: 317 case __NR_fchmod:
277 case __NR_fchown: 318 case __NR_fchown:
319 #if defined(__i386__)
320 case __NR_fchown32:
321 #endif
278 case __NR_ftruncate: 322 case __NR_ftruncate:
323 #if defined(__i386__)
324 case __NR_ftruncate64:
325 #endif
279 case __NR_getdents: // EPERM not a valid errno. 326 case __NR_getdents: // EPERM not a valid errno.
280 case __NR_getdents64: // EPERM not a valid errno. 327 case __NR_getdents64: // EPERM not a valid errno.
328 #if defined(__i386__)
329 case __NR_readdir:
330 #endif
281 return true; 331 return true;
282 default: 332 default:
283 return false; 333 return false;
284 } 334 }
285 } 335 }
286 336
287 bool IsGetSimpleId(int sysno) { 337 bool IsGetSimpleId(int sysno) {
288 switch (sysno) { 338 switch (sysno) {
289 case __NR_capget: 339 case __NR_capget:
290 case __NR_getegid: 340 case __NR_getegid:
341 #if defined(__i386__)
342 case __NR_getegid32:
343 #endif
291 case __NR_geteuid: 344 case __NR_geteuid:
345 #if defined(__i386__)
346 case __NR_geteuid32:
347 #endif
292 case __NR_getgid: 348 case __NR_getgid:
349 #if defined(__i386__)
350 case __NR_getgid32:
351 #endif
293 case __NR_getgroups: 352 case __NR_getgroups:
353 #if defined(__i386__)
354 case __NR_getgroups32:
355 #endif
294 case __NR_getpid: 356 case __NR_getpid:
295 case __NR_getppid: 357 case __NR_getppid:
296 case __NR_getresgid: 358 case __NR_getresgid:
359 #if defined(__i386__)
360 case __NR_getresgid32:
361 #endif
297 case __NR_getresuid: 362 case __NR_getresuid:
363 #if defined(__i386__)
364 case __NR_getresuid32:
365 #endif
298 case __NR_getsid: 366 case __NR_getsid:
299 case __NR_gettid: 367 case __NR_gettid:
300 case __NR_getuid: 368 case __NR_getuid:
369 #if defined(__i386__)
370 case __NR_getuid32:
371 #endif
301 return true; 372 return true;
302 default: 373 default:
303 return false; 374 return false;
304 } 375 }
305 } 376 }
306 377
307 bool IsProcessPrivilegeChange(int sysno) { 378 bool IsProcessPrivilegeChange(int sysno) {
308 switch (sysno) { 379 switch (sysno) {
309 case __NR_capset: 380 case __NR_capset:
310 case __NR_ioperm: // Intel privilege. 381 case __NR_ioperm: // Intel privilege.
311 case __NR_iopl: // Intel privilege. 382 case __NR_iopl: // Intel privilege.
312 case __NR_setfsgid: 383 case __NR_setfsgid:
313 case __NR_setfsuid: 384 case __NR_setfsuid:
314 case __NR_setgid: 385 case __NR_setgid:
315 case __NR_setgroups: 386 case __NR_setgroups:
316 case __NR_setregid: 387 case __NR_setregid:
317 case __NR_setresgid: 388 case __NR_setresgid:
318 case __NR_setresuid: 389 case __NR_setresuid:
319 case __NR_setreuid: 390 case __NR_setreuid:
320 case __NR_setuid: 391 case __NR_setuid:
392 #if defined(__i386__)
393 case __NR_setfsgid32:
394 case __NR_setfsuid32:
395 case __NR_setgid32:
396 case __NR_setgroups32:
397 case __NR_setregid32:
398 case __NR_setresgid32:
399 case __NR_setresuid32:
400 case __NR_setreuid32:
401 case __NR_setuid32:
402 #endif
321 return true; 403 return true;
322 default: 404 default:
323 return false; 405 return false;
324 } 406 }
325 } 407 }
326 408
327 bool IsProcessGroupOrSession(int sysno) { 409 bool IsProcessGroupOrSession(int sysno) {
328 switch (sysno) { 410 switch (sysno) {
329 case __NR_setpgid: 411 case __NR_setpgid:
330 case __NR_getpgrp: 412 case __NR_getpgrp:
331 case __NR_setsid: 413 case __NR_setsid:
332 case __NR_getpgid: 414 case __NR_getpgid:
333 return true; 415 return true;
334 default: 416 default:
335 return false; 417 return false;
336 } 418 }
337 } 419 }
338 420
339 bool IsAllowedSignalHandling(int sysno) { 421 bool IsAllowedSignalHandling(int sysno) {
340 switch (sysno) { 422 switch (sysno) {
341 case __NR_rt_sigaction: 423 case __NR_rt_sigaction:
342 case __NR_rt_sigprocmask: 424 case __NR_rt_sigprocmask:
343 case __NR_rt_sigreturn: 425 case __NR_rt_sigreturn:
426 #if defined(__i386__)
427 case __NR_sigaction:
428 case __NR_sigprocmask:
429 case __NR_sigreturn:
430 #endif
344 return true; 431 return true;
345 case __NR_rt_sigpending: 432 case __NR_rt_sigpending:
346 case __NR_rt_sigqueueinfo: 433 case __NR_rt_sigqueueinfo:
347 case __NR_rt_sigsuspend: 434 case __NR_rt_sigsuspend:
348 case __NR_rt_sigtimedwait: 435 case __NR_rt_sigtimedwait:
349 case __NR_rt_tgsigqueueinfo: 436 case __NR_rt_tgsigqueueinfo:
350 case __NR_sigaltstack: 437 case __NR_sigaltstack:
351 case __NR_signalfd: 438 case __NR_signalfd:
352 case __NR_signalfd4: 439 case __NR_signalfd4:
440 #if defined(__i386__)
441 case __NR_signal:
442 case __NR_sigpending:
443 case __NR_sigsuspend:
444 case __NR_sgetmask: // Obsolete.
445 case __NR_ssetmask:
446 #endif
353 default: 447 default:
354 return false; 448 return false;
355 } 449 }
356 } 450 }
357 451
358 bool IsOperationOnFd(int sysno) { 452 bool IsOperationOnFd(int sysno) {
359 switch (sysno) { 453 switch (sysno) {
360 case __NR_close: 454 case __NR_close:
361 case __NR_dup: 455 case __NR_dup:
362 case __NR_dup2: 456 case __NR_dup2:
363 case __NR_dup3: 457 case __NR_dup3:
364 case __NR_fcntl: // TODO(jln): we may want to restrict arguments. 458 case __NR_fcntl: // TODO(jln): we may want to restrict arguments.
459 #if defined(__i386__)
460 case __NR_fcntl64:
461 #endif
462 #if defined(__x86_64__)
365 case __NR_shutdown: 463 case __NR_shutdown:
464 #endif
366 return true; 465 return true;
367 default: 466 default:
368 return false; 467 return false;
369 } 468 }
370 } 469 }
371 470
372 bool IsKernelInteralApi(int sysno) { 471 bool IsKernelInteralApi(int sysno) {
373 switch (sysno) { 472 switch (sysno) {
374 case __NR_restart_syscall: 473 case __NR_restart_syscall:
375 return true; 474 return true;
376 default: 475 default:
377 return false; 476 return false;
378 } 477 }
379 } 478 }
380 479
381 // This should be thought through in conjunction with IsFutex(). 480 // This should be thought through in conjunction with IsFutex().
382 bool IsAllowedProcessStartOrDeath(int sysno) { 481 bool IsAllowedProcessStartOrDeath(int sysno) {
383 switch (sysno) { 482 switch (sysno) {
384 case __NR_clone: // TODO(jln): restrict flags. 483 case __NR_clone: // TODO(jln): restrict flags.
385 case __NR_exit: 484 case __NR_exit:
386 case __NR_exit_group: 485 case __NR_exit_group:
387 case __NR_wait4: 486 case __NR_wait4:
388 case __NR_waitid: 487 case __NR_waitid:
488 #if defined(__i386__)
489 case __NR_waitpid:
490 #endif
389 return true; 491 return true;
390 case __NR_setns: // Privileged. 492 case __NR_setns: // Privileged.
391 case __NR_fork: 493 case __NR_fork:
392 case __NR_get_thread_area: 494 case __NR_get_thread_area:
393 case __NR_set_thread_area: 495 case __NR_set_thread_area:
394 case __NR_set_tid_address: 496 case __NR_set_tid_address:
395 case __NR_unshare: 497 case __NR_unshare:
396 case __NR_vfork: 498 case __NR_vfork:
397 default: 499 default:
398 return false; 500 return false;
(...skipping 13 matching lines...) Expand all
412 } 514 }
413 515
414 bool IsAllowedEpoll(int sysno) { 516 bool IsAllowedEpoll(int sysno) {
415 switch (sysno) { 517 switch (sysno) {
416 case __NR_epoll_create: 518 case __NR_epoll_create:
417 case __NR_epoll_create1: 519 case __NR_epoll_create1:
418 case __NR_epoll_ctl: 520 case __NR_epoll_ctl:
419 case __NR_epoll_wait: 521 case __NR_epoll_wait:
420 return true; 522 return true;
421 default: 523 default:
524 #if defined(__x86_64__)
422 case __NR_epoll_ctl_old: 525 case __NR_epoll_ctl_old:
526 #endif
423 case __NR_epoll_pwait: 527 case __NR_epoll_pwait:
528 #if defined(__x86_64__)
424 case __NR_epoll_wait_old: 529 case __NR_epoll_wait_old:
530 #endif
425 return false; 531 return false;
426 } 532 }
427 } 533 }
428 534
429 bool IsAllowedGetOrModifySocket(int sysno) { 535 bool IsAllowedGetOrModifySocket(int sysno) {
430 switch (sysno) { 536 switch (sysno) {
431 case __NR_pipe: 537 case __NR_pipe:
432 case __NR_pipe2: 538 case __NR_pipe2:
539 #if defined(__x86_64__)
433 case __NR_socketpair: // We will want to inspect its argument. 540 case __NR_socketpair: // We will want to inspect its argument.
541 #endif
434 return true; 542 return true;
435 default: 543 default:
544 #if defined(__x86_64__)
436 case __NR_accept: 545 case __NR_accept:
437 case __NR_accept4: 546 case __NR_accept4:
438 case __NR_bind: 547 case __NR_bind:
439 case __NR_connect: 548 case __NR_connect:
440 case __NR_socket: 549 case __NR_socket:
441 case __NR_listen: 550 case __NR_listen:
551 #endif
442 return false; 552 return false;
443 } 553 }
444 } 554 }
445 555
556 #if defined(__i386__)
557 // Big multiplexing system call for sockets.
558 bool IsSocketCall(int sysno) {
559 switch (sysno) {
560 case __NR_socketcall:
561 return true;
562 default:
563 return false;
564 }
565 }
566 #endif
567
568 #if defined(__x86_64__)
446 bool IsNetworkSocketInformation(int sysno) { 569 bool IsNetworkSocketInformation(int sysno) {
447 switch (sysno) { 570 switch (sysno) {
448 case __NR_getpeername: 571 case __NR_getpeername:
449 case __NR_getsockname: 572 case __NR_getsockname:
450 case __NR_getsockopt: 573 case __NR_getsockopt:
451 case __NR_setsockopt: 574 case __NR_setsockopt:
452 return true; 575 return true;
453 default: 576 default:
454 return false; 577 return false;
455 } 578 }
456 } 579 }
580 #endif
457 581
458 bool IsAllowedAddressSpaceAccess(int sysno) { 582 bool IsAllowedAddressSpaceAccess(int sysno) {
459 switch (sysno) { 583 switch (sysno) {
460 case __NR_brk: 584 case __NR_brk:
461 case __NR_madvise: 585 case __NR_madvise:
462 case __NR_mlock: 586 case __NR_mlock:
463 case __NR_mmap: // TODO(jln): to restrict flags. 587 case __NR_mmap: // TODO(jln): to restrict flags.
588 #if defined(__i386__)
589 case __NR_mmap2:
590 #endif
464 case __NR_mprotect: 591 case __NR_mprotect:
465 case __NR_munlock: 592 case __NR_munlock:
466 case __NR_munmap: 593 case __NR_munmap:
467 return true; 594 return true;
468 case __NR_mincore: 595 case __NR_mincore:
469 case __NR_mlockall: 596 case __NR_mlockall:
470 case __NR_modify_ldt: 597 case __NR_modify_ldt:
471 case __NR_mremap: 598 case __NR_mremap:
472 case __NR_msync: 599 case __NR_msync:
473 case __NR_munlockall: 600 case __NR_munlockall:
474 case __NR_readahead: 601 case __NR_readahead:
475 case __NR_remap_file_pages: 602 case __NR_remap_file_pages:
603 #if defined(__i386__)
604 case __NR_vm86:
605 case __NR_vm86old:
606 #endif
476 default: 607 default:
477 return false; 608 return false;
478 } 609 }
479 } 610 }
480 611
481 bool IsAllowedGeneralIo(int sysno) { 612 bool IsAllowedGeneralIo(int sysno) {
482 switch (sysno) { 613 switch (sysno) {
483 case __NR_lseek: 614 case __NR_lseek:
615 #if defined(__i386__)
616 case __NR__llseek:
617 #endif
484 case __NR_poll: 618 case __NR_poll:
485 case __NR_ppoll: 619 case __NR_ppoll:
486 case __NR_pselect6: 620 case __NR_pselect6:
487 case __NR_read: 621 case __NR_read:
488 case __NR_readv: 622 case __NR_readv:
623 #if defined(__x86_64__)
489 case __NR_recvfrom: // Could specify source. 624 case __NR_recvfrom: // Could specify source.
490 case __NR_recvmsg: // Could specify source. 625 case __NR_recvmsg: // Could specify source.
626 #endif
491 case __NR_select: 627 case __NR_select:
628 #if defined(__i386__)
629 case __NR__newselect:
630 #endif
631 #if defined(__x86_64__)
492 case __NR_sendmsg: // Could specify destination. 632 case __NR_sendmsg: // Could specify destination.
493 case __NR_sendto: // Could specify destination. 633 case __NR_sendto: // Could specify destination.
634 #endif
494 case __NR_write: 635 case __NR_write:
495 case __NR_writev: 636 case __NR_writev:
496 return true; 637 return true;
497 case __NR_ioctl: // Can be very powerful. 638 case __NR_ioctl: // Can be very powerful.
498 case __NR_pread64: 639 case __NR_pread64:
499 case __NR_preadv: 640 case __NR_preadv:
500 case __NR_pwrite64: 641 case __NR_pwrite64:
501 case __NR_pwritev: 642 case __NR_pwritev:
502 case __NR_recvmmsg: // Could specify source. 643 case __NR_recvmmsg: // Could specify source.
503 case __NR_sendfile: 644 case __NR_sendfile:
645 #if defined(__i386__)
646 case __NR_sendfile64:
647 #endif
504 case __NR_sendmmsg: // Could specify destination. 648 case __NR_sendmmsg: // Could specify destination.
505 case __NR_splice: 649 case __NR_splice:
506 case __NR_tee: 650 case __NR_tee:
507 case __NR_vmsplice: 651 case __NR_vmsplice:
508 default: 652 default:
509 return false; 653 return false;
510 } 654 }
511 } 655 }
512 656
513 bool IsAllowedPrctl(int sysno) { 657 bool IsAllowedPrctl(int sysno) {
514 switch (sysno) { 658 switch (sysno) {
515 case __NR_prctl: 659 case __NR_prctl:
516 return true; 660 return true;
517 default: 661 default:
662 #if defined(__x86_64__)
518 case __NR_arch_prctl: 663 case __NR_arch_prctl:
664 #endif
519 return false; 665 return false;
520 } 666 }
521 } 667 }
522 668
523 bool IsAllowedBasicScheduler(int sysno) { 669 bool IsAllowedBasicScheduler(int sysno) {
524 switch (sysno) { 670 switch (sysno) {
525 case __NR_sched_yield: 671 case __NR_sched_yield:
526 case __NR_pause: 672 case __NR_pause:
527 case __NR_nanosleep: 673 case __NR_nanosleep:
528 return true; 674 return true;
529 case __NR_getpriority: 675 case __NR_getpriority:
676 #if defined(__i386__)
677 case __NR_nice:
678 #endif
530 case __NR_setpriority: 679 case __NR_setpriority:
531 default: 680 default:
532 return false; 681 return false;
533 } 682 }
534 } 683 }
535 684
536 bool IsAdminOperation(int sysno) { 685 bool IsAdminOperation(int sysno) {
537 switch (sysno) { 686 switch (sysno) {
687 #if defined(__i386__)
688 case __NR_bdflush:
689 #endif
538 case __NR_kexec_load: 690 case __NR_kexec_load:
539 case __NR_reboot: 691 case __NR_reboot:
540 case __NR_setdomainname: 692 case __NR_setdomainname:
541 case __NR_sethostname: 693 case __NR_sethostname:
542 case __NR_syslog: 694 case __NR_syslog:
543 return true; 695 return true;
544 default: 696 default:
545 return false; 697 return false;
546 } 698 }
547 } 699 }
(...skipping 22 matching lines...) Expand all
570 } 722 }
571 } 723 }
572 724
573 bool IsFsControl(int sysno) { 725 bool IsFsControl(int sysno) {
574 switch (sysno) { 726 switch (sysno) {
575 case __NR_mount: 727 case __NR_mount:
576 case __NR_nfsservctl: 728 case __NR_nfsservctl:
577 case __NR_quotactl: 729 case __NR_quotactl:
578 case __NR_swapoff: 730 case __NR_swapoff:
579 case __NR_swapon: 731 case __NR_swapon:
732 #if defined(__i386__)
733 case __NR_umount:
734 #endif
580 case __NR_umount2: 735 case __NR_umount2:
581 return true; 736 return true;
582 default: 737 default:
583 return false; 738 return false;
584 } 739 }
585 } 740 }
586 741
587 bool IsNuma(int sysno) { 742 bool IsNuma(int sysno) {
588 switch (sysno) { 743 switch (sysno) {
589 case __NR_get_mempolicy: 744 case __NR_get_mempolicy:
(...skipping 19 matching lines...) Expand all
609 return true; 764 return true;
610 default: 765 default:
611 return false; 766 return false;
612 } 767 }
613 } 768 }
614 769
615 bool IsGlobalProcessEnvironment(int sysno) { 770 bool IsGlobalProcessEnvironment(int sysno) {
616 switch (sysno) { 771 switch (sysno) {
617 case __NR_acct: // Privileged. 772 case __NR_acct: // Privileged.
618 case __NR_getrlimit: 773 case __NR_getrlimit:
774 #if defined(__i386__)
775 case __NR_ugetrlimit:
776 case __NR_ulimit:
777 #endif
619 case __NR_getrusage: 778 case __NR_getrusage:
620 case __NR_personality: // Can change its personality as well. 779 case __NR_personality: // Can change its personality as well.
621 case __NR_prlimit64: // Like setrlimit / getrlimit. 780 case __NR_prlimit64: // Like setrlimit / getrlimit.
622 case __NR_setrlimit: 781 case __NR_setrlimit:
623 case __NR_times: 782 case __NR_times:
624 return true; 783 return true;
625 default: 784 default:
626 return false; 785 return false;
627 } 786 }
628 } 787 }
629 788
630 bool IsDebug(int sysno) { 789 bool IsDebug(int sysno) {
631 switch (sysno) { 790 switch (sysno) {
632 case __NR_ptrace: 791 case __NR_ptrace:
633 case __NR_process_vm_readv: 792 case __NR_process_vm_readv:
634 case __NR_process_vm_writev: 793 case __NR_process_vm_writev:
635 case __NR_kcmp: 794 case __NR_kcmp:
636 return true; 795 return true;
637 default: 796 default:
638 return false; 797 return false;
639 } 798 }
640 } 799 }
641 800
642 bool IsGlobalSystemStatus(int sysno) { 801 bool IsGlobalSystemStatus(int sysno) {
643 switch (sysno) { 802 switch (sysno) {
644 case __NR__sysctl: 803 case __NR__sysctl:
645 case __NR_sysfs: 804 case __NR_sysfs:
646 case __NR_sysinfo: 805 case __NR_sysinfo:
647 case __NR_uname: 806 case __NR_uname:
807 #if defined(__i386__)
808 case __NR_olduname:
809 case __NR_oldolduname:
810 #endif
648 return true; 811 return true;
649 default: 812 default:
650 return false; 813 return false;
651 } 814 }
652 } 815 }
653 816
654 bool IsEventFd(int sysno) { 817 bool IsEventFd(int sysno) {
655 switch (sysno) { 818 switch (sysno) {
656 case __NR_eventfd: 819 case __NR_eventfd:
657 case __NR_eventfd2: 820 case __NR_eventfd2:
(...skipping 21 matching lines...) Expand all
679 switch (sysno) { 842 switch (sysno) {
680 case __NR_add_key: 843 case __NR_add_key:
681 case __NR_keyctl: 844 case __NR_keyctl:
682 case __NR_request_key: 845 case __NR_request_key:
683 return true; 846 return true;
684 default: 847 default:
685 return false; 848 return false;
686 } 849 }
687 } 850 }
688 851
852 #if defined(__x86_64__)
689 bool IsSystemVSemaphores(int sysno) { 853 bool IsSystemVSemaphores(int sysno) {
690 switch (sysno) { 854 switch (sysno) {
691 case __NR_semctl: 855 case __NR_semctl:
692 case __NR_semget: 856 case __NR_semget:
693 case __NR_semop: 857 case __NR_semop:
694 case __NR_semtimedop: 858 case __NR_semtimedop:
695 return true; 859 return true;
696 default: 860 default:
697 return false; 861 return false;
698 } 862 }
699 } 863 }
864 #endif
700 865
866 #if defined(__x86_64__)
701 // These give a lot of ambient authority and bypass the setuid sandbox. 867 // These give a lot of ambient authority and bypass the setuid sandbox.
702 bool IsAllowedSystemVSharedMemory(int sysno) { 868 bool IsAllowedSystemVSharedMemory(int sysno) {
703 switch (sysno) { 869 switch (sysno) {
704 case __NR_shmat: 870 case __NR_shmat:
705 case __NR_shmctl: 871 case __NR_shmctl:
706 case __NR_shmdt: 872 case __NR_shmdt:
707 return true; 873 return true;
708 case __NR_shmget: 874 case __NR_shmget:
709 default: 875 default:
710 return false; 876 return false;
711 } 877 }
712 } 878 }
879 #endif
713 880
881 #if defined(__x86_64__)
714 bool IsSystemVMessageQueue(int sysno) { 882 bool IsSystemVMessageQueue(int sysno) {
715 switch (sysno) { 883 switch (sysno) {
716 case __NR_msgctl: 884 case __NR_msgctl:
717 case __NR_msgget: 885 case __NR_msgget:
718 case __NR_msgrcv: 886 case __NR_msgrcv:
719 case __NR_msgsnd: 887 case __NR_msgsnd:
720 return true; 888 return true;
721 default: 889 default:
722 return false; 890 return false;
723 } 891 }
724 } 892 }
893 #endif
894
895 #if defined(__i386__)
896 // Big system V multiplexing system call.
897 bool IsSystemVIpc(int sysno) {
898 switch (sysno) {
899 case __NR_ipc:
900 return true;
901 default:
902 return false;
903 }
904 }
905 #endif
725 906
726 bool IsAdvancedScheduler(int sysno) { 907 bool IsAdvancedScheduler(int sysno) {
727 switch (sysno) { 908 switch (sysno) {
728 case __NR_ioprio_get: // IO scheduler. 909 case __NR_ioprio_get: // IO scheduler.
729 case __NR_ioprio_set: 910 case __NR_ioprio_set:
730 case __NR_sched_get_priority_max: 911 case __NR_sched_get_priority_max:
731 case __NR_sched_get_priority_min: 912 case __NR_sched_get_priority_min:
732 case __NR_sched_getaffinity: 913 case __NR_sched_getaffinity:
733 case __NR_sched_getparam: 914 case __NR_sched_getparam:
734 case __NR_sched_getscheduler: 915 case __NR_sched_getscheduler:
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
815 // TODO(jln): classify this better. 996 // TODO(jln): classify this better.
816 bool IsMisc(int sysno) { 997 bool IsMisc(int sysno) {
817 switch (sysno) { 998 switch (sysno) {
818 case __NR_name_to_handle_at: 999 case __NR_name_to_handle_at:
819 case __NR_open_by_handle_at: 1000 case __NR_open_by_handle_at:
820 case __NR_perf_event_open: 1001 case __NR_perf_event_open:
821 case __NR_syncfs: 1002 case __NR_syncfs:
822 case __NR_vhangup: 1003 case __NR_vhangup:
823 // The system calls below are not implemented. 1004 // The system calls below are not implemented.
824 case __NR_afs_syscall: 1005 case __NR_afs_syscall:
1006 #if defined(__i386__)
1007 case __NR_break:
1008 #endif
825 case __NR_getpmsg: 1009 case __NR_getpmsg:
1010 #if defined(__i386__)
1011 case __NR_gtty:
1012 case __NR_idle:
1013 case __NR_lock:
1014 case __NR_mpx:
1015 case __NR_prof:
1016 case __NR_profil:
1017 #endif
826 case __NR_putpmsg: 1018 case __NR_putpmsg:
1019 #if defined(__x86_64__)
827 case __NR_security: 1020 case __NR_security:
1021 #endif
1022 #if defined(__i386__)
1023 case __NR_stty:
1024 #endif
1025 #if defined(__x86_64__)
828 case __NR_tuxcall: 1026 case __NR_tuxcall:
1027 #endif
829 case __NR_vserver: 1028 case __NR_vserver:
830 return true; 1029 return true;
831 default: 1030 default:
832 return false; 1031 return false;
833 } 1032 }
834 } 1033 }
835 1034
836 // End of the system call sets section. 1035 // End of the system call sets section.
837 1036
838 // x86_64 only because it references system calls that are multiplexed on IA32.
839 bool IsBaselinePolicyAllowed_x86_64(int sysno) { 1037 bool IsBaselinePolicyAllowed_x86_64(int sysno) {
840 if (IsAllowedAddressSpaceAccess(sysno) || 1038 if (IsAllowedAddressSpaceAccess(sysno) ||
841 IsAllowedBasicScheduler(sysno) || 1039 IsAllowedBasicScheduler(sysno) ||
842 IsAllowedEpoll(sysno) || 1040 IsAllowedEpoll(sysno) ||
843 IsAllowedFileSystemAccessViaFd(sysno) || 1041 IsAllowedFileSystemAccessViaFd(sysno) ||
844 IsAllowedGeneralIo(sysno) || 1042 IsAllowedGeneralIo(sysno) ||
845 IsAllowedGetOrModifySocket(sysno) || 1043 IsAllowedGetOrModifySocket(sysno) ||
846 IsAllowedGettime(sysno) || 1044 IsAllowedGettime(sysno) ||
847 IsAllowedPrctl(sysno) || 1045 IsAllowedPrctl(sysno) ||
848 IsAllowedProcessStartOrDeath(sysno) || 1046 IsAllowedProcessStartOrDeath(sysno) ||
849 IsAllowedSignalHandling(sysno) || 1047 IsAllowedSignalHandling(sysno) ||
850 IsFutex(sysno) || 1048 IsFutex(sysno) ||
851 IsGetSimpleId(sysno) || 1049 IsGetSimpleId(sysno) ||
852 IsKernelInteralApi(sysno) || 1050 IsKernelInteralApi(sysno) ||
853 IsKill(sysno) || 1051 IsKill(sysno) ||
854 IsOperationOnFd(sysno)) { 1052 IsOperationOnFd(sysno)) {
855 return true; 1053 return true;
856 } else { 1054 } else {
857 return false; 1055 return false;
858 } 1056 }
859 } 1057 }
860 1058
861 // System calls that will trigger the crashing sigsys handler. 1059 // System calls that will trigger the crashing sigsys handler.
862 bool IsBaselinePolicyWatched_x86_64(int sysno) { 1060 bool IsBaselinePolicyWatched_x86_64(int sysno) {
863 if (IsAdminOperation(sysno) || 1061 if (IsAdminOperation(sysno) ||
864 IsAdvancedScheduler(sysno) || 1062 IsAdvancedScheduler(sysno) ||
865 IsAdvancedTimer(sysno) || 1063 IsAdvancedTimer(sysno) ||
1064 #if defined(__x86_64__)
866 IsAllowedSystemVSharedMemory(sysno) || 1065 IsAllowedSystemVSharedMemory(sysno) ||
1066 #endif
867 IsAsyncIo(sysno) || 1067 IsAsyncIo(sysno) ||
868 IsDebug(sysno) || 1068 IsDebug(sysno) ||
869 IsEventFd(sysno) || 1069 IsEventFd(sysno) ||
870 IsExtendedAttributes(sysno) || 1070 IsExtendedAttributes(sysno) ||
871 IsFaNotify(sysno) || 1071 IsFaNotify(sysno) ||
872 IsFsControl(sysno) || 1072 IsFsControl(sysno) ||
873 IsGlobalFSViewChange(sysno) || 1073 IsGlobalFSViewChange(sysno) ||
874 IsGlobalProcessEnvironment(sysno) || 1074 IsGlobalProcessEnvironment(sysno) ||
875 IsGlobalSystemStatus(sysno) || 1075 IsGlobalSystemStatus(sysno) ||
876 IsInotify(sysno) || 1076 IsInotify(sysno) ||
877 IsKernelModule(sysno) || 1077 IsKernelModule(sysno) ||
878 IsKeyManagement(sysno) || 1078 IsKeyManagement(sysno) ||
879 IsMessageQueue(sysno) || 1079 IsMessageQueue(sysno) ||
880 IsMisc(sysno) || 1080 IsMisc(sysno) ||
1081 #if defined(__x86_64__)
881 IsNetworkSocketInformation(sysno) || 1082 IsNetworkSocketInformation(sysno) ||
1083 #endif
882 IsNuma(sysno) || 1084 IsNuma(sysno) ||
883 IsProcessGroupOrSession(sysno) || 1085 IsProcessGroupOrSession(sysno) ||
884 IsProcessPrivilegeChange(sysno) || 1086 IsProcessPrivilegeChange(sysno) ||
1087 #if defined(__i386__)
1088 IsSocketCall(sysno) || // We'll need to handle this properly to build
1089 // a x86_32 policy.
1090 #endif
1091 #if defined(__x86_64__)
885 IsSystemVMessageQueue(sysno) || 1092 IsSystemVMessageQueue(sysno) ||
886 IsSystemVSemaphores(sysno) || 1093 IsSystemVSemaphores(sysno) ||
1094 #elif defined(__i386__)
1095 IsSystemVIpc(sysno) ||
1096 #endif
887 IsTimer(sysno)) { 1097 IsTimer(sysno)) {
888 return true; 1098 return true;
889 } else { 1099 } else {
890 return false; 1100 return false;
891 } 1101 }
892 } 1102 }
893 1103
1104 // x86_64 only for now. Needs to be adapted and tested for i386.
894 playground2::Sandbox::ErrorCode BaselinePolicy_x86_64(int sysno) { 1105 playground2::Sandbox::ErrorCode BaselinePolicy_x86_64(int sysno) {
895 if (IsBaselinePolicyAllowed_x86_64(sysno)) { 1106 if (IsBaselinePolicyAllowed_x86_64(sysno)) {
896 return playground2::Sandbox::SB_ALLOWED; 1107 return playground2::Sandbox::SB_ALLOWED;
897 } 1108 }
898 // TODO(jln): some system calls in those sets are not supposed to 1109 // TODO(jln): some system calls in those sets are not supposed to
899 // return ENOENT. Return the appropriate error. 1110 // return ENOENT. Return the appropriate error.
900 if (IsFileSystem(sysno) || IsCurrentDirectory(sysno)) { 1111 if (IsFileSystem(sysno) || IsCurrentDirectory(sysno)) {
901 return ENOENT; 1112 return ENOENT;
902 } 1113 }
903 1114
904 if (IsUmask(sysno) || IsDeniedFileSystemAccessViaFd(sysno)) { 1115 if (IsUmask(sysno) || IsDeniedFileSystemAccessViaFd(sysno)) {
905 return EPERM; 1116 return EPERM;
906 } 1117 }
907 1118
908 if (IsBaselinePolicyWatched_x86_64(sysno)) { 1119 if (IsBaselinePolicyWatched_x86_64(sysno)) {
909 // Previously unseen syscalls. TODO(jln): some of these should 1120 // Previously unseen syscalls. TODO(jln): some of these should
910 // be denied gracefully right away. 1121 // be denied gracefully right away.
911 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL); 1122 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL);
912 } 1123 }
913 // In any other case crash the program with our SIGSYS handler 1124 // In any other case crash the program with our SIGSYS handler
914 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL); 1125 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL);
915 } 1126 }
916 1127
917 // x86_64 only because it references system calls that are multiplexed on IA32. 1128 // x86_64 only for now. Needs to be adapted and tested for i386.
918 playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) { 1129 playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) {
919 switch(sysno) { 1130 switch(sysno) {
920 case __NR_ioctl: 1131 case __NR_ioctl:
921 return playground2::Sandbox::SB_ALLOWED; 1132 return playground2::Sandbox::SB_ALLOWED;
1133 #if defined(__x86_64__)
922 case __NR_socket: 1134 case __NR_socket:
923 return EACCES; // Nvidia binary driver. 1135 return EACCES; // Nvidia binary driver.
1136 #endif
924 case __NR_open: 1137 case __NR_open:
925 // Accelerated video decode is enabled by default only on Chrome OS. 1138 // Accelerated video decode is enabled by default only on Chrome OS.
926 if (IsAcceleratedVideoDecodeEnabled()) { 1139 if (IsAcceleratedVideoDecodeEnabled()) {
927 // Accelerated video decode needs to open /dev/dri/card0, and 1140 // Accelerated video decode needs to open /dev/dri/card0, and
928 // dup()'ing an already open file descriptor does not work. 1141 // dup()'ing an already open file descriptor does not work.
929 // Allow open() even though it severely weakens the sandbox, 1142 // Allow open() even though it severely weakens the sandbox,
930 // to test the sandboxing mechanism in general. 1143 // to test the sandboxing mechanism in general.
931 // TODO(jorgelo): remove this once we solve the libva issue. 1144 // TODO(jorgelo): remove this once we solve the libva issue.
932 return playground2::Sandbox::SB_ALLOWED; 1145 return playground2::Sandbox::SB_ALLOWED;
933 } else { 1146 } else {
934 // Hook open() in the GPU process to allow opening /etc/drirc, 1147 // Hook open() in the GPU process to allow opening /etc/drirc,
935 // needed by Mesa. 1148 // needed by Mesa.
936 // The hook needs dup(), lseek(), and close() to be allowed. 1149 // The hook needs dup(), lseek(), and close() to be allowed.
937 return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL); 1150 return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL);
938 } 1151 }
939 default: 1152 default:
940 if (IsEventFd(sysno)) 1153 if (IsEventFd(sysno))
941 return playground2::Sandbox::SB_ALLOWED; 1154 return playground2::Sandbox::SB_ALLOWED;
942 1155
943 // Default on the baseline policy. 1156 // Default on the baseline policy.
944 return BaselinePolicy_x86_64(sysno); 1157 return BaselinePolicy_x86_64(sysno);
945 } 1158 }
946 } 1159 }
947 1160
948 // x86_64 only because it references system calls that are multiplexed on IA32. 1161 // x86_64 only for now. Needs to be adapted and tested for i386.
949 playground2::Sandbox::ErrorCode FlashProcessPolicy_x86_64(int sysno) { 1162 playground2::Sandbox::ErrorCode FlashProcessPolicy_x86_64(int sysno) {
950 switch (sysno) { 1163 switch (sysno) {
951 case __NR_sched_getaffinity: 1164 case __NR_sched_getaffinity:
952 case __NR_sched_setscheduler: 1165 case __NR_sched_setscheduler:
953 case __NR_times: 1166 case __NR_times:
954 return playground2::Sandbox::SB_ALLOWED; 1167 return playground2::Sandbox::SB_ALLOWED;
955 case __NR_ioctl: 1168 case __NR_ioctl:
956 return ENOTTY; // Flash Access. 1169 return ENOTTY; // Flash Access.
1170 #if defined(__x86_64__)
957 case __NR_socket: 1171 case __NR_socket:
958 return EACCES; 1172 return EACCES;
1173 #endif
959 default: 1174 default:
1175 #if defined(__x86_64__)
960 // These are under investigation, and hopefully not here for the long 1176 // These are under investigation, and hopefully not here for the long
961 // term. 1177 // term.
962 if (IsAllowedSystemVSharedMemory(sysno)) 1178 if (IsAllowedSystemVSharedMemory(sysno))
963 return playground2::Sandbox::SB_ALLOWED; 1179 return playground2::Sandbox::SB_ALLOWED;
1180 #endif
964 1181
965 // Default on the baseline policy. 1182 // Default on the baseline policy.
966 return BaselinePolicy_x86_64(sysno); 1183 return BaselinePolicy_x86_64(sysno);
967 } 1184 }
968 } 1185 }
969 #endif 1186 #endif // defined(__x86_64__) || defined(__i386__)
970 1187
971 playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) { 1188 playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) {
972 if (sysno < static_cast<int>(MIN_SYSCALL) || 1189 if (sysno < static_cast<int>(MIN_SYSCALL) ||
973 sysno > static_cast<int>(MAX_SYSCALL)) { 1190 sysno > static_cast<int>(MAX_SYSCALL)) {
974 // TODO(jln) we should not have to do that in a trivial policy. 1191 // TODO(jln) we should not have to do that in a trivial policy.
975 return ENOSYS; 1192 return ENOSYS;
976 } 1193 }
977 switch (sysno) { 1194 switch (sysno) {
978 case __NR_migrate_pages: 1195 case __NR_migrate_pages:
979 case __NR_move_pages: 1196 case __NR_move_pages:
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
1112 // Process-specific policy. 1329 // Process-specific policy.
1113 ShouldEnableSeccompBpf(process_type) && 1330 ShouldEnableSeccompBpf(process_type) &&
1114 SupportsSandbox()) { 1331 SupportsSandbox()) {
1115 return StartBpfSandbox_x86(command_line, process_type); 1332 return StartBpfSandbox_x86(command_line, process_type);
1116 } 1333 }
1117 #endif 1334 #endif
1118 return false; 1335 return false;
1119 } 1336 }
1120 1337
1121 } // namespace content 1338 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698