content/common/sandbox_seccomp_bpf_linux.cc - Issue 10826254: Seccomp: merge i386 and x86_64 architectures in system call sets.

Side by Side Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 10826254: Seccomp: merge i386 and x86_64 architectures in system call sets. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <asm/unistd.h>	5 #include <asm/unistd.h>

6 #include <dlfcn.h>	6 #include <dlfcn.h>

7 #include <errno.h>	7 #include <errno.h>

8 #include <fcntl.h>	8 #include <fcntl.h>

9 #include <linux/audit.h>	9 #include <linux/audit.h>

10 #include <linux/filter.h>	10 #include <linux/filter.h>

(...skipping 129 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
140 int flags = static_cast<int>(arg1);	140 int flags = static_cast<int>(arg1);

141	141

142 if (strcmp(pathname, kDriRcPath) == 0) {	142 if (strcmp(pathname, kDriRcPath) == 0) {

143 int ret = OpenWithCache(pathname, flags);	143 int ret = OpenWithCache(pathname, flags);

144 return (ret == -1) ? -errno : ret;	144 return (ret == -1) ? -errno : ret;

145 } else {	145 } else {

146 return -ENOENT;	146 return -ENOENT;

147 }	147 }

148 }	148 }

149	149

150 #if defined(__x86_64__)	150 #if defined(__i386__) \|\| defined(__x86_64__)

151	151

152 // The functions below cover all existing x86_64 system calls.	152 // The functions below cover all existing x86_64 system calls.

153 // The implicitly defined sets form a partition of the sets of	153 // The implicitly defined sets form a partition of the sets of

154 // system calls.	154 // system calls.

155	155

156 // TODO(jln) we need to restrict the first parameter!	156 // TODO(jln) we need to restrict the first parameter!

157 bool IsKill(int sysno) {	157 bool IsKill(int sysno) {

158 switch (sysno) {	158 switch (sysno) {

159 case __NR_kill:	159 case __NR_kill:

160 case __NR_tkill:	160 case __NR_tkill:

161 case __NR_tgkill:	161 case __NR_tgkill:

162 return true;	162 return true;

163 default:	163 default:

164 return false;	164 return false;

165 }	165 }

166 }	166 }

167	167

168 bool IsAllowedGettime(int sysno) {	168 bool IsAllowedGettime(int sysno) {

169 switch (sysno) {	169 switch (sysno) {

170 case __NR_clock_gettime:	170 case __NR_clock_gettime:

171 case __NR_gettimeofday:	171 case __NR_gettimeofday:

172 case __NR_time:	172 case __NR_time:

173 return true;	173 return true;

174 case __NR_adjtimex: // Privileged.	174 case __NR_adjtimex: // Privileged.

175 case __NR_clock_adjtime: // Privileged.	175 case __NR_clock_adjtime: // Privileged.

176 case __NR_clock_getres: // Could be allowed.	176 case __NR_clock_getres: // Could be allowed.

177 case __NR_clock_nanosleep: // Could be allowed.	177 case __NR_clock_nanosleep: // Could be allowed.

178 case __NR_clock_settime: // Privileged.	178 case __NR_clock_settime: // Privileged.

	179 #if defined(__i386__)
	Markus (顧孟勤) 2012/08/11 00:58:40 I would generally prefer if you did something like I would generally prefer if you did something like: #if defined(__NR_ftime) instead of #if defined(__i386__) Feel free to still leave a comment in there saying that this symbol is only defined on __i386__ (and possibly others). If we do this right, we should have a much easier time porting to things like ARM. There are a good number of subtle changes between system call lists. But on a per-system-call basis, there are usually very few different options. Typically, either the system call exists or it doesn't. It should ultimately be possible to come up with policies that work correctly for all Linux platforms. jln (very slow on Chromium) 2012/08/11 01:36:38 In general that seems like a good idea. In practic Show quoted text On 2012/08/11 00:58:40, Markus (顧孟勤) wrote: > I would generally prefer if you did something like: > > #if defined(__NR_ftime) > > instead of > > #if defined(__i386__) In general that seems like a good idea. In practice I'm not 100% convinced yet, because we need to develop and test policies on specific platform, and it's really very useful to immediately see that this or is not available on i386. Yeah comments can partly solve it I suppose. But more importantly: there are big blocks (like the set*id32) where having one big #if defined(__i386__) is super useful. In the policies themselves I suspect that being able to regroup a bunch of things under if defined(__i386__) will be nice. Maybe it's something we'll want to consider a bit later when we're more generic and abstracted? I really hope we can get to a point where we have an API to start a sandbox that takes a few options where you state your intentions and that's all we need. Also it makes things a bit fragile in case of some bug in how we include headers, but that could be solved via tests and a few carefully crafted #error. What do you think?
	180 case __NR_ftime: // Obsolete.

	181 #endif

179 case __NR_settimeofday: // Privileged.	182 case __NR_settimeofday: // Privileged.

	183 #if defined(__i386__)

	184 case __NR_stime:

	185 #endif

180 default:	186 default:

181 return false;	187 return false;

182 }	188 }

183 }	189 }

184	190

185 bool IsCurrentDirectory(int sysno) {	191 bool IsCurrentDirectory(int sysno) {

186 switch (sysno) {	192 switch (sysno) {

187 case __NR_getcwd:	193 case __NR_getcwd:

188 case __NR_chdir:	194 case __NR_chdir:

189 case __NR_fchdir:	195 case __NR_fchdir:

(...skipping 14 matching lines...) Expand all Loading...
204	210

205 // System calls that directly access the file system. They might acquire	211 // System calls that directly access the file system. They might acquire

206 // a new file descriptor or otherwise perform an operation directly	212 // a new file descriptor or otherwise perform an operation directly

207 // via a path.	213 // via a path.

208 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.	214 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.

209 bool IsFileSystem(int sysno) {	215 bool IsFileSystem(int sysno) {

210 switch (sysno) {	216 switch (sysno) {

211 case __NR_access: // EPERM not a valid errno.	217 case __NR_access: // EPERM not a valid errno.

212 case __NR_chmod:	218 case __NR_chmod:

213 case __NR_chown:	219 case __NR_chown:

	220 #if defined(__i386__)

	221 case __NR_chown32:

	222 #endif

214 case __NR_creat:	223 case __NR_creat:

215 case __NR_execve:	224 case __NR_execve:

216 case __NR_faccessat: // EPERM not a valid errno.	225 case __NR_faccessat: // EPERM not a valid errno.

217 case __NR_fchmodat:	226 case __NR_fchmodat:

218 case __NR_fchownat: // Should be called chownat ?	227 case __NR_fchownat: // Should be called chownat ?

	228 #if defined(__x86_64__)

	229 case __NR_newfstatat: // fstatat(). EPERM not a valid errno.

	230 #elif defined(__i386__)

	231 case __NR_fstatat64:

	232 #endif

219 case __NR_futimesat: // Should be called utimesat ?	233 case __NR_futimesat: // Should be called utimesat ?

220 case __NR_lchown:	234 case __NR_lchown:

	235 #if defined(__i386__)

	236 case __NR_lchown32:

	237 #endif

221 case __NR_link:	238 case __NR_link:

222 case __NR_linkat:	239 case __NR_linkat:

223 case __NR_lookup_dcookie: // ENOENT not a valid errno.	240 case __NR_lookup_dcookie: // ENOENT not a valid errno.

224 case __NR_lstat: // EPERM not a valid errno.	241 case __NR_lstat: // EPERM not a valid errno.

	242 #if defined(__i386__)

	243 case __NR_oldlstat:

	244 case __NR_lstat64:

	245 #endif

225 case __NR_mkdir:	246 case __NR_mkdir:

226 case __NR_mkdirat:	247 case __NR_mkdirat:

227 case __NR_mknod:	248 case __NR_mknod:

228 case __NR_mknodat:	249 case __NR_mknodat:

229 case __NR_newfstatat: // EPERM not a valid errno.

230 // Should be called statat ?

231 case __NR_open:	250 case __NR_open:

232 case __NR_openat:	251 case __NR_openat:

233 case __NR_readlink: // EPERM not a valid errno.	252 case __NR_readlink: // EPERM not a valid errno.

234 case __NR_readlinkat:	253 case __NR_readlinkat:

235 case __NR_rename:	254 case __NR_rename:

236 case __NR_renameat:	255 case __NR_renameat:

237 case __NR_rmdir:	256 case __NR_rmdir:

238 case __NR_stat: // EPERM not a valid errno.	257 case __NR_stat: // EPERM not a valid errno.

	258 #if defined(__i386__)

	259 case __NR_oldstat:

	260 case __NR_stat64:

	261 #endif

239 case __NR_statfs: // EPERM not a valid errno.	262 case __NR_statfs: // EPERM not a valid errno.

	263 #if defined(__i386__)

	264 case __NR_statfs64:

	265 #endif

240 case __NR_symlink:	266 case __NR_symlink:

241 case __NR_symlinkat:	267 case __NR_symlinkat:

242 case __NR_truncate:	268 case __NR_truncate:

	269 #if defined(__i386__)

	270 case __NR_truncate64:

	271 #endif

243 case __NR_unlink:	272 case __NR_unlink:

244 case __NR_unlinkat:	273 case __NR_unlinkat:

245 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.	274 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.

246 case __NR_ustat: // Same as above. Deprecated.	275 case __NR_ustat: // Same as above. Deprecated.

247 case __NR_utime:	276 case __NR_utime:

248 case __NR_utimensat: // New.	277 case __NR_utimensat: // New.

249 case __NR_utimes:	278 case __NR_utimes:

250 return true;	279 return true;

251 default:	280 default:

252 return false;	281 return false;

253 }	282 }

254 }	283 }

255	284

256 bool IsAllowedFileSystemAccessViaFd(int sysno) {	285 bool IsAllowedFileSystemAccessViaFd(int sysno) {

257 switch (sysno) {	286 switch (sysno) {

258 case __NR_fstat:	287 case __NR_fstat:

	288 #if defined(__i386__)

	289 case __NR_fstat64:

	290 #endif

259 return true;	291 return true;

260 // TODO(jln): these should be denied gracefully as well (moved below).	292 // TODO(jln): these should be denied gracefully as well (moved below).

261 case __NR_fadvise64: // EPERM not a valid errno.	293 case __NR_fadvise64: // EPERM not a valid errno.

	294 #if defined(__i386__)

	295 case __NR_fadvise64_64:

	296 #endif

262 case __NR_fdatasync: // EPERM not a valid errno.	297 case __NR_fdatasync: // EPERM not a valid errno.

263 case __NR_flock: // EPERM not a valid errno.	298 case __NR_flock: // EPERM not a valid errno.

264 case __NR_fstatfs: // Give information about the whole filesystem.	299 case __NR_fstatfs: // Give information about the whole filesystem.

	300 #if defined(__i386__)

	301 case __NR_fstatfs64:

	302 #endif

265 case __NR_fsync: // EPERM not a valid errno.	303 case __NR_fsync: // EPERM not a valid errno.

	304 #if defined(__i386__)

	305 case __NR_oldfstat:

	306 #endif

266 case __NR_sync_file_range: // EPERM not a valid errno.	307 case __NR_sync_file_range: // EPERM not a valid errno.

267 default:	308 default:

268 return false;	309 return false;

269 }	310 }

270 }	311 }

271	312

272 // EPERM is a good errno for any of these.	313 // EPERM is a good errno for any of these.

273 bool IsDeniedFileSystemAccessViaFd(int sysno) {	314 bool IsDeniedFileSystemAccessViaFd(int sysno) {

274 switch (sysno) {	315 switch (sysno) {

275 case __NR_fallocate:	316 case __NR_fallocate:

276 case __NR_fchmod:	317 case __NR_fchmod:

277 case __NR_fchown:	318 case __NR_fchown:

	319 #if defined(__i386__)

	320 case __NR_fchown32:

	321 #endif

278 case __NR_ftruncate:	322 case __NR_ftruncate:

	323 #if defined(__i386__)

	324 case __NR_ftruncate64:

	325 #endif

279 case __NR_getdents: // EPERM not a valid errno.	326 case __NR_getdents: // EPERM not a valid errno.

280 case __NR_getdents64: // EPERM not a valid errno.	327 case __NR_getdents64: // EPERM not a valid errno.

	328 #if defined(__i386__)

	329 case __NR_readdir:

	330 #endif

281 return true;	331 return true;

282 default:	332 default:

283 return false;	333 return false;

284 }	334 }

285 }	335 }

286	336

287 bool IsGetSimpleId(int sysno) {	337 bool IsGetSimpleId(int sysno) {

288 switch (sysno) {	338 switch (sysno) {

289 case __NR_capget:	339 case __NR_capget:

290 case __NR_getegid:	340 case __NR_getegid:

	341 #if defined(__i386__)

	342 case __NR_getegid32:

	343 #endif

291 case __NR_geteuid:	344 case __NR_geteuid:

	345 #if defined(__i386__)

	346 case __NR_geteuid32:

	347 #endif

292 case __NR_getgid:	348 case __NR_getgid:

	349 #if defined(__i386__)

	350 case __NR_getgid32:

	351 #endif

293 case __NR_getgroups:	352 case __NR_getgroups:

	353 #if defined(__i386__)

	354 case __NR_getgroups32:

	355 #endif

294 case __NR_getpid:	356 case __NR_getpid:

295 case __NR_getppid:	357 case __NR_getppid:

296 case __NR_getresgid:	358 case __NR_getresgid:

	359 #if defined(__i386__)

	360 case __NR_getresgid32:

	361 #endif

297 case __NR_getresuid:	362 case __NR_getresuid:

	363 #if defined(__i386__)

	364 case __NR_getresuid32:

	365 #endif

298 case __NR_getsid:	366 case __NR_getsid:

299 case __NR_gettid:	367 case __NR_gettid:

300 case __NR_getuid:	368 case __NR_getuid:

	369 #if defined(__i386__)

	370 case __NR_getuid32:

	371 #endif

301 return true;	372 return true;

302 default:	373 default:

303 return false;	374 return false;

304 }	375 }

305 }	376 }

306	377

307 bool IsProcessPrivilegeChange(int sysno) {	378 bool IsProcessPrivilegeChange(int sysno) {

308 switch (sysno) {	379 switch (sysno) {

309 case __NR_capset:	380 case __NR_capset:

310 case __NR_ioperm: // Intel privilege.	381 case __NR_ioperm: // Intel privilege.

311 case __NR_iopl: // Intel privilege.	382 case __NR_iopl: // Intel privilege.

312 case __NR_setfsgid:	383 case __NR_setfsgid:

313 case __NR_setfsuid:	384 case __NR_setfsuid:

314 case __NR_setgid:	385 case __NR_setgid:

315 case __NR_setgroups:	386 case __NR_setgroups:

316 case __NR_setregid:	387 case __NR_setregid:

317 case __NR_setresgid:	388 case __NR_setresgid:

318 case __NR_setresuid:	389 case __NR_setresuid:

319 case __NR_setreuid:	390 case __NR_setreuid:

320 case __NR_setuid:	391 case __NR_setuid:

	392 #if defined(__i386__)

	393 case __NR_setfsgid32:

	394 case __NR_setfsuid32:

	395 case __NR_setgid32:

	396 case __NR_setgroups32:

	397 case __NR_setregid32:

	398 case __NR_setresgid32:

	399 case __NR_setresuid32:

	400 case __NR_setreuid32:

	401 case __NR_setuid32:

	402 #endif

321 return true;	403 return true;

322 default:	404 default:

323 return false;	405 return false;

324 }	406 }

325 }	407 }

326	408

327 bool IsProcessGroupOrSession(int sysno) {	409 bool IsProcessGroupOrSession(int sysno) {

328 switch (sysno) {	410 switch (sysno) {

329 case __NR_setpgid:	411 case __NR_setpgid:

330 case __NR_getpgrp:	412 case __NR_getpgrp:

331 case __NR_setsid:	413 case __NR_setsid:

332 case __NR_getpgid:	414 case __NR_getpgid:

333 return true;	415 return true;

334 default:	416 default:

335 return false;	417 return false;

336 }	418 }

337 }	419 }

338	420

339 bool IsAllowedSignalHandling(int sysno) {	421 bool IsAllowedSignalHandling(int sysno) {

340 switch (sysno) {	422 switch (sysno) {

341 case __NR_rt_sigaction:	423 case __NR_rt_sigaction:

342 case __NR_rt_sigprocmask:	424 case __NR_rt_sigprocmask:

343 case __NR_rt_sigreturn:	425 case __NR_rt_sigreturn:

	426 #if defined(__i386__)

	427 case __NR_sigaction:

	428 case __NR_sigprocmask:

	429 case __NR_sigreturn:

	430 #endif

344 return true;	431 return true;

345 case __NR_rt_sigpending:	432 case __NR_rt_sigpending:

346 case __NR_rt_sigqueueinfo:	433 case __NR_rt_sigqueueinfo:

347 case __NR_rt_sigsuspend:	434 case __NR_rt_sigsuspend:

348 case __NR_rt_sigtimedwait:	435 case __NR_rt_sigtimedwait:

349 case __NR_rt_tgsigqueueinfo:	436 case __NR_rt_tgsigqueueinfo:

350 case __NR_sigaltstack:	437 case __NR_sigaltstack:

351 case __NR_signalfd:	438 case __NR_signalfd:

352 case __NR_signalfd4:	439 case __NR_signalfd4:

	440 #if defined(__i386__)

	441 case __NR_signal:

	442 case __NR_sigpending:

	443 case __NR_sigsuspend:

	444 case __NR_sgetmask: // Obsolete.

	445 case __NR_ssetmask:

	446 #endif

353 default:	447 default:

354 return false;	448 return false;

355 }	449 }

356 }	450 }

357	451

358 bool IsOperationOnFd(int sysno) {	452 bool IsOperationOnFd(int sysno) {

359 switch (sysno) {	453 switch (sysno) {

360 case __NR_close:	454 case __NR_close:

361 case __NR_dup:	455 case __NR_dup:

362 case __NR_dup2:	456 case __NR_dup2:

363 case __NR_dup3:	457 case __NR_dup3:

364 case __NR_fcntl: // TODO(jln): we may want to restrict arguments.	458 case __NR_fcntl: // TODO(jln): we may want to restrict arguments.

	459 #if defined(__i386__)

	460 case __NR_fcntl64:

	461 #endif

	462 #if defined(__x86_64__)

365 case __NR_shutdown:	463 case __NR_shutdown:

	464 #endif

366 return true;	465 return true;

367 default:	466 default:

368 return false;	467 return false;

369 }	468 }

370 }	469 }

371	470

372 bool IsKernelInteralApi(int sysno) {	471 bool IsKernelInteralApi(int sysno) {

373 switch (sysno) {	472 switch (sysno) {

374 case __NR_restart_syscall:	473 case __NR_restart_syscall:

375 return true;	474 return true;

376 default:	475 default:

377 return false;	476 return false;

378 }	477 }

379 }	478 }

380	479

381 // This should be thought through in conjunction with IsFutex().	480 // This should be thought through in conjunction with IsFutex().

382 bool IsAllowedProcessStartOrDeath(int sysno) {	481 bool IsAllowedProcessStartOrDeath(int sysno) {

383 switch (sysno) {	482 switch (sysno) {

384 case __NR_clone: // TODO(jln): restrict flags.	483 case __NR_clone: // TODO(jln): restrict flags.

385 case __NR_exit:	484 case __NR_exit:

386 case __NR_exit_group:	485 case __NR_exit_group:

387 case __NR_wait4:	486 case __NR_wait4:

388 case __NR_waitid:	487 case __NR_waitid:

	488 #if defined(__i386__)

	489 case __NR_waitpid:

	490 #endif

389 return true;	491 return true;

390 case __NR_setns: // Privileged.	492 case __NR_setns: // Privileged.

391 case __NR_fork:	493 case __NR_fork:

392 case __NR_get_thread_area:	494 case __NR_get_thread_area:

393 case __NR_set_thread_area:	495 case __NR_set_thread_area:

394 case __NR_set_tid_address:	496 case __NR_set_tid_address:

395 case __NR_unshare:	497 case __NR_unshare:

396 case __NR_vfork:	498 case __NR_vfork:

397 default:	499 default:

398 return false;	500 return false;

(...skipping 13 matching lines...) Expand all Loading...
412 }	514 }

413	515

414 bool IsAllowedEpoll(int sysno) {	516 bool IsAllowedEpoll(int sysno) {

415 switch (sysno) {	517 switch (sysno) {

416 case __NR_epoll_create:	518 case __NR_epoll_create:

417 case __NR_epoll_create1:	519 case __NR_epoll_create1:

418 case __NR_epoll_ctl:	520 case __NR_epoll_ctl:

419 case __NR_epoll_wait:	521 case __NR_epoll_wait:

420 return true;	522 return true;

421 default:	523 default:

	524 #if defined(__x86_64__)

422 case __NR_epoll_ctl_old:	525 case __NR_epoll_ctl_old:

	526 #endif

423 case __NR_epoll_pwait:	527 case __NR_epoll_pwait:

	528 #if defined(__x86_64__)

424 case __NR_epoll_wait_old:	529 case __NR_epoll_wait_old:

	530 #endif

425 return false;	531 return false;

426 }	532 }

427 }	533 }

428	534

429 bool IsAllowedGetOrModifySocket(int sysno) {	535 bool IsAllowedGetOrModifySocket(int sysno) {

430 switch (sysno) {	536 switch (sysno) {

431 case __NR_pipe:	537 case __NR_pipe:

432 case __NR_pipe2:	538 case __NR_pipe2:

	539 #if defined(__x86_64__)

433 case __NR_socketpair: // We will want to inspect its argument.	540 case __NR_socketpair: // We will want to inspect its argument.

	541 #endif

434 return true;	542 return true;

435 default:	543 default:

	544 #if defined(__x86_64__)

436 case __NR_accept:	545 case __NR_accept:

437 case __NR_accept4:	546 case __NR_accept4:

438 case __NR_bind:	547 case __NR_bind:

439 case __NR_connect:	548 case __NR_connect:

440 case __NR_socket:	549 case __NR_socket:

441 case __NR_listen:	550 case __NR_listen:

	551 #endif

442 return false;	552 return false;

443 }	553 }

444 }	554 }

445	555

	556 #if defined(__i386__)

	557 bool IsSocketCall(int sysno) {
	Markus (顧孟勤) 2012/08/11 00:58:40 We need a big comment that this is an incomplete a We need a big comment that this is an incomplete and insecure solution. jln (very slow on Chromium) 2012/08/11 01:36:38 Well there is really no security issue per se. It Show quoted text On 2012/08/11 00:58:40, Markus (顧孟勤) wrote: > We need a big comment that this is an incomplete and insecure solution. Well there is really no security issue per se. It is "socketcall". Right now it's filtered out by default in the baseline (and there really is no i386 policy yet). Perhaps the comment will belong to the callsite when we make i386 policies ? I have nonetheless added a comment above the function signature.
	558 switch (sysno) {

	559 case __NR_socketcall:

	560 return true;

	561 default:

	562 return false;

	563 }

	564 }

	565 #endif

	566

	567 #if defined(__x86_64__)

446 bool IsNetworkSocketInformation(int sysno) {	568 bool IsNetworkSocketInformation(int sysno) {

447 switch (sysno) {	569 switch (sysno) {

448 case __NR_getpeername:	570 case __NR_getpeername:

449 case __NR_getsockname:	571 case __NR_getsockname:

450 case __NR_getsockopt:	572 case __NR_getsockopt:

451 case __NR_setsockopt:	573 case __NR_setsockopt:

452 return true;	574 return true;

453 default:	575 default:

454 return false;	576 return false;

455 }	577 }

456 }	578 }

	579 #endif

457	580

458 bool IsAllowedAddressSpaceAccess(int sysno) {	581 bool IsAllowedAddressSpaceAccess(int sysno) {

459 switch (sysno) {	582 switch (sysno) {

460 case __NR_brk:	583 case __NR_brk:

461 case __NR_madvise:	584 case __NR_madvise:

462 case __NR_mlock:	585 case __NR_mlock:

463 case __NR_mmap: // TODO(jln): to restrict flags.	586 case __NR_mmap: // TODO(jln): to restrict flags.

464 case __NR_mprotect:	587 case __NR_mprotect:

465 case __NR_munlock:	588 case __NR_munlock:

466 case __NR_munmap:	589 case __NR_munmap:

467 return true;	590 return true;

468 case __NR_mincore:	591 case __NR_mincore:

469 case __NR_mlockall:	592 case __NR_mlockall:

	593 #if defined(__i386__)

	594 case __NR_mmap2: // Might need to be enabled but should be audited.
	Markus (顧孟勤) 2012/08/11 00:58:40 mmap2() is the new one isn't it? mmap() is the old mmap2() is the new one isn't it? mmap() is the old and broken API. It is probably harmless, but we could disallow mmap(), if mmap2() exists. jln (very slow on Chromium) 2012/08/11 01:36:38 Ohh yeah, good point, glibc converts the offset ar Show quoted text On 2012/08/11 00:58:40, Markus (顧孟勤) wrote: > mmap2() is the new one isn't it? mmap() is the old and broken API. It is > probably harmless, but we could disallow mmap(), if mmap2() exists. Ohh yeah, good point, glibc converts the offset argument to mmap2 indeed. Done.
	595 #endif

470 case __NR_modify_ldt:	596 case __NR_modify_ldt:

471 case __NR_mremap:	597 case __NR_mremap:

472 case __NR_msync:	598 case __NR_msync:

473 case __NR_munlockall:	599 case __NR_munlockall:

474 case __NR_readahead:	600 case __NR_readahead:

475 case __NR_remap_file_pages:	601 case __NR_remap_file_pages:

	602 #if defined(__i386__)

	603 case __NR_vm86:

	604 case __NR_vm86old:

	605 #endif

476 default:	606 default:

477 return false;	607 return false;

478 }	608 }

479 }	609 }

480	610

481 bool IsAllowedGeneralIo(int sysno) {	611 bool IsAllowedGeneralIo(int sysno) {

482 switch (sysno) {	612 switch (sysno) {

483 case __NR_lseek:	613 case __NR_lseek:

	614 #if defined(__i386__)

	615 case __NR__llseek:

	616 #endif

484 case __NR_poll:	617 case __NR_poll:

485 case __NR_ppoll:	618 case __NR_ppoll:

486 case __NR_pselect6:	619 case __NR_pselect6:

487 case __NR_read:	620 case __NR_read:

488 case __NR_readv:	621 case __NR_readv:

	622 #if defined(__x86_64__)

489 case __NR_recvfrom: // Could specify source.	623 case __NR_recvfrom: // Could specify source.

490 case __NR_recvmsg: // Could specify source.	624 case __NR_recvmsg: // Could specify source.

	625 #endif

491 case __NR_select:	626 case __NR_select:

	627 #if defined(__i386__)

	628 case __NR__newselect:

	629 #endif

	630 #if defined(__x86_64__)

492 case __NR_sendmsg: // Could specify destination.	631 case __NR_sendmsg: // Could specify destination.

493 case __NR_sendto: // Could specify destination.	632 case __NR_sendto: // Could specify destination.

	633 #endif

494 case __NR_write:	634 case __NR_write:

495 case __NR_writev:	635 case __NR_writev:

496 return true;	636 return true;

497 case __NR_ioctl: // Can be very powerful.	637 case __NR_ioctl: // Can be very powerful.

498 case __NR_pread64:	638 case __NR_pread64:

499 case __NR_preadv:	639 case __NR_preadv:

500 case __NR_pwrite64:	640 case __NR_pwrite64:

501 case __NR_pwritev:	641 case __NR_pwritev:

502 case __NR_recvmmsg: // Could specify source.	642 case __NR_recvmmsg: // Could specify source.

503 case __NR_sendfile:	643 case __NR_sendfile:

	644 #if defined(__i386__)

	645 case __NR_sendfile64:

	646 #endif

504 case __NR_sendmmsg: // Could specify destination.	647 case __NR_sendmmsg: // Could specify destination.

505 case __NR_splice:	648 case __NR_splice:

506 case __NR_tee:	649 case __NR_tee:

507 case __NR_vmsplice:	650 case __NR_vmsplice:

508 default:	651 default:

509 return false;	652 return false;

510 }	653 }

511 }	654 }

512	655

513 bool IsAllowedPrctl(int sysno) {	656 bool IsAllowedPrctl(int sysno) {

514 switch (sysno) {	657 switch (sysno) {

515 case __NR_prctl:	658 case __NR_prctl:

516 return true;	659 return true;

517 default:	660 default:

	661 #if defined(__x86_64__)

518 case __NR_arch_prctl:	662 case __NR_arch_prctl:

	663 #endif

519 return false;	664 return false;

520 }	665 }

521 }	666 }

522	667

523 bool IsAllowedBasicScheduler(int sysno) {	668 bool IsAllowedBasicScheduler(int sysno) {

524 switch (sysno) {	669 switch (sysno) {

525 case __NR_sched_yield:	670 case __NR_sched_yield:

526 case __NR_pause:	671 case __NR_pause:

527 case __NR_nanosleep:	672 case __NR_nanosleep:

528 return true;	673 return true;

529 case __NR_getpriority:	674 case __NR_getpriority:

	675 #if defined(__i386__)

	676 case __NR_nice:

	677 #endif

530 case __NR_setpriority:	678 case __NR_setpriority:

531 default:	679 default:

532 return false;	680 return false;

533 }	681 }

534 }	682 }

535	683

536 bool IsAdminOperation(int sysno) {	684 bool IsAdminOperation(int sysno) {

537 switch (sysno) {	685 switch (sysno) {

	686 #if defined(__i386__)

	687 case __NR_bdflush:

	688 #endif

538 case __NR_kexec_load:	689 case __NR_kexec_load:

539 case __NR_reboot:	690 case __NR_reboot:

540 case __NR_setdomainname:	691 case __NR_setdomainname:

541 case __NR_sethostname:	692 case __NR_sethostname:

542 case __NR_syslog:	693 case __NR_syslog:

543 return true;	694 return true;

544 default:	695 default:

545 return false;	696 return false;

546 }	697 }

547 }	698 }

(...skipping 22 matching lines...) Expand all Loading...
570 }	721 }

571 }	722 }

572	723

573 bool IsFsControl(int sysno) {	724 bool IsFsControl(int sysno) {

574 switch (sysno) {	725 switch (sysno) {

575 case __NR_mount:	726 case __NR_mount:

576 case __NR_nfsservctl:	727 case __NR_nfsservctl:

577 case __NR_quotactl:	728 case __NR_quotactl:

578 case __NR_swapoff:	729 case __NR_swapoff:

579 case __NR_swapon:	730 case __NR_swapon:

	731 #if defined(__i386__)

	732 case __NR_umount:

	733 #endif

580 case __NR_umount2:	734 case __NR_umount2:

581 return true;	735 return true;

582 default:	736 default:

583 return false;	737 return false;

584 }	738 }

585 }	739 }

586	740

587 bool IsNuma(int sysno) {	741 bool IsNuma(int sysno) {

588 switch (sysno) {	742 switch (sysno) {

589 case __NR_get_mempolicy:	743 case __NR_get_mempolicy:

(...skipping 19 matching lines...) Expand all Loading...
609 return true;	763 return true;

610 default:	764 default:

611 return false;	765 return false;

612 }	766 }

613 }	767 }

614	768

615 bool IsGlobalProcessEnvironment(int sysno) {	769 bool IsGlobalProcessEnvironment(int sysno) {

616 switch (sysno) {	770 switch (sysno) {

617 case __NR_acct: // Privileged.	771 case __NR_acct: // Privileged.

618 case __NR_getrlimit:	772 case __NR_getrlimit:

	773 #if defined(__i386__)

	774 case __NR_ugetrlimit:

	775 case __NR_ulimit:

	776 #endif

619 case __NR_getrusage:	777 case __NR_getrusage:

620 case __NR_personality: // Can change its personality as well.	778 case __NR_personality: // Can change its personality as well.

621 case __NR_prlimit64: // Like setrlimit / getrlimit.	779 case __NR_prlimit64: // Like setrlimit / getrlimit.

622 case __NR_setrlimit:	780 case __NR_setrlimit:

623 case __NR_times:	781 case __NR_times:

624 return true;	782 return true;

625 default:	783 default:

626 return false;	784 return false;

627 }	785 }

628 }	786 }

629	787

630 bool IsDebug(int sysno) {	788 bool IsDebug(int sysno) {

631 switch (sysno) {	789 switch (sysno) {

632 case __NR_ptrace:	790 case __NR_ptrace:

633 case __NR_process_vm_readv:	791 case __NR_process_vm_readv:

634 case __NR_process_vm_writev:	792 case __NR_process_vm_writev:

635 case __NR_kcmp:	793 case __NR_kcmp:

636 return true;	794 return true;

637 default:	795 default:

638 return false;	796 return false;

639 }	797 }

640 }	798 }

641	799

642 bool IsGlobalSystemStatus(int sysno) {	800 bool IsGlobalSystemStatus(int sysno) {

643 switch (sysno) {	801 switch (sysno) {

644 case __NR__sysctl:	802 case __NR__sysctl:

645 case __NR_sysfs:	803 case __NR_sysfs:

646 case __NR_sysinfo:	804 case __NR_sysinfo:

647 case __NR_uname:	805 case __NR_uname:

	806 #if defined(__i386__)

	807 case __NR_olduname:

	808 case __NR_oldolduname:

	809 #endif

648 return true;	810 return true;

649 default:	811 default:

650 return false;	812 return false;

651 }	813 }

652 }	814 }

653	815

654 bool IsEventFd(int sysno) {	816 bool IsEventFd(int sysno) {

655 switch (sysno) {	817 switch (sysno) {

656 case __NR_eventfd:	818 case __NR_eventfd:

657 case __NR_eventfd2:	819 case __NR_eventfd2:

(...skipping 21 matching lines...) Expand all Loading...
679 switch (sysno) {	841 switch (sysno) {

680 case __NR_add_key:	842 case __NR_add_key:

681 case __NR_keyctl:	843 case __NR_keyctl:

682 case __NR_request_key:	844 case __NR_request_key:

683 return true;	845 return true;

684 default:	846 default:

685 return false;	847 return false;

686 }	848 }

687 }	849 }

688	850

	851 #if defined(__x86_64__)

689 bool IsSystemVSemaphores(int sysno) {	852 bool IsSystemVSemaphores(int sysno) {

690 switch (sysno) {	853 switch (sysno) {

691 case __NR_semctl:	854 case __NR_semctl:

692 case __NR_semget:	855 case __NR_semget:

693 case __NR_semop:	856 case __NR_semop:

694 case __NR_semtimedop:	857 case __NR_semtimedop:

695 return true;	858 return true;

696 default:	859 default:

697 return false;	860 return false;

698 }	861 }

699 }	862 }

	863 #endif

700	864

	865 #if defined(__x86_64__)

701 // These give a lot of ambient authority and bypass the setuid sandbox.	866 // These give a lot of ambient authority and bypass the setuid sandbox.

702 bool IsAllowedSystemVSharedMemory(int sysno) {	867 bool IsAllowedSystemVSharedMemory(int sysno) {

703 switch (sysno) {	868 switch (sysno) {

704 case __NR_shmat:	869 case __NR_shmat:

705 case __NR_shmctl:	870 case __NR_shmctl:

706 case __NR_shmdt:	871 case __NR_shmdt:

707 return true;	872 return true;

708 case __NR_shmget:	873 case __NR_shmget:

709 default:	874 default:

710 return false;	875 return false;

711 }	876 }

712 }	877 }

	878 #endif

713	879

	880 #if defined(__x86_64__)

714 bool IsSystemVMessageQueue(int sysno) {	881 bool IsSystemVMessageQueue(int sysno) {

715 switch (sysno) {	882 switch (sysno) {

716 case __NR_msgctl:	883 case __NR_msgctl:

717 case __NR_msgget:	884 case __NR_msgget:

718 case __NR_msgrcv:	885 case __NR_msgrcv:

719 case __NR_msgsnd:	886 case __NR_msgsnd:

720 return true;	887 return true;

721 default:	888 default:

722 return false;	889 return false;

723 }	890 }

724 }	891 }

	892 #endif

	893

	894 #if defined(__i386__)

	895 bool IsSystemVIpc(int sysno) {
	Markus (顧孟勤) 2012/08/11 00:58:40 Again, we probably want a comment that this is inc Again, we probably want a comment that this is incomplete and not particularly safe. jln (very slow on Chromium) 2012/08/11 01:36:38 I moved the comment below above the function signa Show quoted text On 2012/08/11 00:58:40, Markus (顧孟勤) wrote: > Again, we probably want a comment that this is incomplete and not particularly > safe. I moved the comment below above the function signature.
	896 switch (sysno) {

	897 case __NR_ipc: // Big system V multiplexing system call.

	898 return true;

	899 default:

	900 return false;

	901 }

	902 }

	903 #endif

725	904

726 bool IsAdvancedScheduler(int sysno) {	905 bool IsAdvancedScheduler(int sysno) {

727 switch (sysno) {	906 switch (sysno) {

728 case __NR_ioprio_get: // IO scheduler.	907 case __NR_ioprio_get: // IO scheduler.

729 case __NR_ioprio_set:	908 case __NR_ioprio_set:

730 case __NR_sched_get_priority_max:	909 case __NR_sched_get_priority_max:

731 case __NR_sched_get_priority_min:	910 case __NR_sched_get_priority_min:

732 case __NR_sched_getaffinity:	911 case __NR_sched_getaffinity:

733 case __NR_sched_getparam:	912 case __NR_sched_getparam:

734 case __NR_sched_getscheduler:	913 case __NR_sched_getscheduler:

(...skipping 80 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
815 // TODO(jln): classify this better.	994 // TODO(jln): classify this better.

816 bool IsMisc(int sysno) {	995 bool IsMisc(int sysno) {

817 switch (sysno) {	996 switch (sysno) {

818 case __NR_name_to_handle_at:	997 case __NR_name_to_handle_at:

819 case __NR_open_by_handle_at:	998 case __NR_open_by_handle_at:

820 case __NR_perf_event_open:	999 case __NR_perf_event_open:

821 case __NR_syncfs:	1000 case __NR_syncfs:

822 case __NR_vhangup:	1001 case __NR_vhangup:

823 // The system calls below are not implemented.	1002 // The system calls below are not implemented.

824 case __NR_afs_syscall:	1003 case __NR_afs_syscall:

	1004 #if defined(__i386__)

	1005 case __NR_break:

	1006 #endif

825 case __NR_getpmsg:	1007 case __NR_getpmsg:

	1008 #if defined(__i386__)

	1009 case __NR_gtty:

	1010 case __NR_idle:

	1011 case __NR_lock:

	1012 case __NR_mpx:

	1013 case __NR_prof:

	1014 case __NR_profil:

	1015 #endif

826 case __NR_putpmsg:	1016 case __NR_putpmsg:

	1017 #if defined(__x86_64__)

827 case __NR_security:	1018 case __NR_security:

	1019 #endif

	1020 #if defined(__i386__)

	1021 case __NR_stty:

	1022 #endif

	1023 #if defined(__x86_64__)

828 case __NR_tuxcall:	1024 case __NR_tuxcall:

	1025 #endif

829 case __NR_vserver:	1026 case __NR_vserver:

830 return true;	1027 return true;

831 default:	1028 default:

832 return false;	1029 return false;

833 }	1030 }

834 }	1031 }

835	1032

836 // End of the system call sets section.	1033 // End of the system call sets section.

837	1034

838 // x86_64 only because it references system calls that are multiplexed on IA32.	1035 // x86_64 only because it references system calls that are multiplexed on IA32.

(...skipping 17 matching lines...) Expand all Loading...
856 } else {	1053 } else {

857 return false;	1054 return false;

858 }	1055 }

859 }	1056 }

860	1057

861 // System calls that will trigger the crashing sigsys handler.	1058 // System calls that will trigger the crashing sigsys handler.

862 bool IsBaselinePolicyWatched_x86_64(int sysno) {	1059 bool IsBaselinePolicyWatched_x86_64(int sysno) {

863 if (IsAdminOperation(sysno) \|\|	1060 if (IsAdminOperation(sysno) \|\|

864 IsAdvancedScheduler(sysno) \|\|	1061 IsAdvancedScheduler(sysno) \|\|

865 IsAdvancedTimer(sysno) \|\|	1062 IsAdvancedTimer(sysno) \|\|

	1063 #if defined(__x86_64__)

866 IsAllowedSystemVSharedMemory(sysno) \|\|	1064 IsAllowedSystemVSharedMemory(sysno) \|\|

	1065 #endif

867 IsAsyncIo(sysno) \|\|	1066 IsAsyncIo(sysno) \|\|

868 IsDebug(sysno) \|\|	1067 IsDebug(sysno) \|\|

869 IsEventFd(sysno) \|\|	1068 IsEventFd(sysno) \|\|

870 IsExtendedAttributes(sysno) \|\|	1069 IsExtendedAttributes(sysno) \|\|

871 IsFaNotify(sysno) \|\|	1070 IsFaNotify(sysno) \|\|

872 IsFsControl(sysno) \|\|	1071 IsFsControl(sysno) \|\|

873 IsGlobalFSViewChange(sysno) \|\|	1072 IsGlobalFSViewChange(sysno) \|\|

874 IsGlobalProcessEnvironment(sysno) \|\|	1073 IsGlobalProcessEnvironment(sysno) \|\|

875 IsGlobalSystemStatus(sysno) \|\|	1074 IsGlobalSystemStatus(sysno) \|\|

876 IsInotify(sysno) \|\|	1075 IsInotify(sysno) \|\|

877 IsKernelModule(sysno) \|\|	1076 IsKernelModule(sysno) \|\|

878 IsKeyManagement(sysno) \|\|	1077 IsKeyManagement(sysno) \|\|

879 IsMessageQueue(sysno) \|\|	1078 IsMessageQueue(sysno) \|\|

880 IsMisc(sysno) \|\|	1079 IsMisc(sysno) \|\|

	1080 #if defined(__x86_64__)

881 IsNetworkSocketInformation(sysno) \|\|	1081 IsNetworkSocketInformation(sysno) \|\|

	1082 #endif

882 IsNuma(sysno) \|\|	1083 IsNuma(sysno) \|\|

883 IsProcessGroupOrSession(sysno) \|\|	1084 IsProcessGroupOrSession(sysno) \|\|

884 IsProcessPrivilegeChange(sysno) \|\|	1085 IsProcessPrivilegeChange(sysno) \|\|

	1086 #if defined(__i386__)

	1087 IsSocketCall(sysno) \|\| // We'll need to handle this properly to build

	1088 // a x86_32 policy.

	1089 #endif

	1090 #if defined(__x86_64__)

885 IsSystemVMessageQueue(sysno) \|\|	1091 IsSystemVMessageQueue(sysno) \|\|

886 IsSystemVSemaphores(sysno) \|\|	1092 IsSystemVSemaphores(sysno) \|\|

	1093 #elif defined(__i386__)

	1094 IsSystemVIpc(sysno) \|\|

	1095 #endif

887 IsTimer(sysno)) {	1096 IsTimer(sysno)) {

888 return true;	1097 return true;

889 } else {	1098 } else {

890 return false;	1099 return false;

891 }	1100 }

892 }	1101 }

893	1102

894 playground2::Sandbox::ErrorCode BaselinePolicy_x86_64(int sysno) {	1103 playground2::Sandbox::ErrorCode BaselinePolicy_x86_64(int sysno) {

895 if (IsBaselinePolicyAllowed_x86_64(sysno)) {	1104 if (IsBaselinePolicyAllowed_x86_64(sysno)) {

896 return playground2::Sandbox::SB_ALLOWED;	1105 return playground2::Sandbox::SB_ALLOWED;

(...skipping 15 matching lines...) Expand all Loading...
912 }	1121 }

913 // In any other case crash the program with our SIGSYS handler	1122 // In any other case crash the program with our SIGSYS handler

914 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL);	1123 return playground2::Sandbox::ErrorCode(CrashSIGSYS_Handler, NULL);

915 }	1124 }

916	1125

917 // x86_64 only because it references system calls that are multiplexed on IA32.	1126 // x86_64 only because it references system calls that are multiplexed on IA32.

918 playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) {	1127 playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) {

919 switch(sysno) {	1128 switch(sysno) {

920 case __NR_ioctl:	1129 case __NR_ioctl:

921 return playground2::Sandbox::SB_ALLOWED;	1130 return playground2::Sandbox::SB_ALLOWED;

	1131 #if defined(__x86_64__)

922 case __NR_socket:	1132 case __NR_socket:

923 return EACCES; // Nvidia binary driver.	1133 return EACCES; // Nvidia binary driver.

	1134 #endif

924 case __NR_open:	1135 case __NR_open:

925 // Accelerated video decode is enabled by default only on Chrome OS.	1136 // Accelerated video decode is enabled by default only on Chrome OS.

926 if (IsAcceleratedVideoDecodeEnabled()) {	1137 if (IsAcceleratedVideoDecodeEnabled()) {

927 // Accelerated video decode needs to open /dev/dri/card0, and	1138 // Accelerated video decode needs to open /dev/dri/card0, and

928 // dup()'ing an already open file descriptor does not work.	1139 // dup()'ing an already open file descriptor does not work.

929 // Allow open() even though it severely weakens the sandbox,	1140 // Allow open() even though it severely weakens the sandbox,

930 // to test the sandboxing mechanism in general.	1141 // to test the sandboxing mechanism in general.

931 // TODO(jorgelo): remove this once we solve the libva issue.	1142 // TODO(jorgelo): remove this once we solve the libva issue.

932 return playground2::Sandbox::SB_ALLOWED;	1143 return playground2::Sandbox::SB_ALLOWED;

933 } else {	1144 } else {

(...skipping 13 matching lines...) Expand all Loading...
947	1158

948 // x86_64 only because it references system calls that are multiplexed on IA32.	1159 // x86_64 only because it references system calls that are multiplexed on IA32.

949 playground2::Sandbox::ErrorCode FlashProcessPolicy_x86_64(int sysno) {	1160 playground2::Sandbox::ErrorCode FlashProcessPolicy_x86_64(int sysno) {

950 switch (sysno) {	1161 switch (sysno) {

951 case __NR_sched_getaffinity:	1162 case __NR_sched_getaffinity:

952 case __NR_sched_setscheduler:	1163 case __NR_sched_setscheduler:

953 case __NR_times:	1164 case __NR_times:

954 return playground2::Sandbox::SB_ALLOWED;	1165 return playground2::Sandbox::SB_ALLOWED;

955 case __NR_ioctl:	1166 case __NR_ioctl:

956 return ENOTTY; // Flash Access.	1167 return ENOTTY; // Flash Access.

	1168 #if defined(__x86_64__)

957 case __NR_socket:	1169 case __NR_socket:

958 return EACCES;	1170 return EACCES;

	1171 #endif

959 default:	1172 default:

	1173 #if defined(__x86_64__)

960 // These are under investigation, and hopefully not here for the long	1174 // These are under investigation, and hopefully not here for the long

961 // term.	1175 // term.

962 if (IsAllowedSystemVSharedMemory(sysno))	1176 if (IsAllowedSystemVSharedMemory(sysno))

963 return playground2::Sandbox::SB_ALLOWED;	1177 return playground2::Sandbox::SB_ALLOWED;

	1178 #endif

964	1179

965 // Default on the baseline policy.	1180 // Default on the baseline policy.

966 return BaselinePolicy_x86_64(sysno);	1181 return BaselinePolicy_x86_64(sysno);

967 }	1182 }

968 }	1183 }

969 #endif	1184 #endif // defined(__x86_64__) \|\| defined(__i386__)

970	1185

971 playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) {	1186 playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) {

972 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|	1187 if (sysno < static_cast<int>(MIN_SYSCALL) \|\|

973 sysno > static_cast<int>(MAX_SYSCALL)) {	1188 sysno > static_cast<int>(MAX_SYSCALL)) {

974 // TODO(jln) we should not have to do that in a trivial policy.	1189 // TODO(jln) we should not have to do that in a trivial policy.

975 return ENOSYS;	1190 return ENOSYS;

976 }	1191 }

977 switch (sysno) {	1192 switch (sysno) {

978 case __NR_migrate_pages:	1193 case __NR_migrate_pages:

979 case __NR_move_pages:	1194 case __NR_move_pages:

(...skipping 132 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1112 // Process-specific policy.	1327 // Process-specific policy.

1113 ShouldEnableSeccompBpf(process_type) &&	1328 ShouldEnableSeccompBpf(process_type) &&

1114 SupportsSandbox()) {	1329 SupportsSandbox()) {

1115 return StartBpfSandbox_x86(command_line, process_type);	1330 return StartBpfSandbox_x86(command_line, process_type);

1116 }	1331 }

1117 #endif	1332 #endif

1118 return false;	1333 return false;

1119 }	1334 }

1120	1335

1121 } // namespace content	1336 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »