Chromium Code Reviews Chromium Code Reviews
Issue 10836243:
Add basic ARM policy to seccomp-bpf sandbox. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: content/common/sandbox_seccomp_bpf_linux.cc |
| diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc |
| index 226bad780d956b9996052efd54f50aa90125053c..14276b4c9c854f94f4303b25b2410cb21c5dca60 100644 |
| --- a/content/common/sandbox_seccomp_bpf_linux.cc |
| +++ b/content/common/sandbox_seccomp_bpf_linux.cc |
| @@ -25,13 +25,18 @@ |
| #include "content/public/common/content_switches.h" |
| // These are the only architectures supported for now. |
| -#if defined(__i386__) || defined(__x86_64__) |
| +#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) |
| #define SECCOMP_BPF_SANDBOX |
| #endif |
| #if defined(SECCOMP_BPF_SANDBOX) |
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| + |
| +#if defined(__i386__) || defined(__x86_64__) |
| #include "sandbox/linux/services/x86_linux_syscalls.h" |
| +#elif defined(__arm__) |
| +#include "sandbox/linux/services/arm_linux_syscalls.h" |
|
jln (very slow on Chromium)
2012/08/14 20:11:50
Once you're confident arm is well covered, please
Jorge Lucangeli Obes
2012/08/14 21:58:06
Will do.
|
| +#endif |
| namespace { |
| @@ -43,6 +48,14 @@ inline bool IsChromeOS() { |
| #endif |
| } |
| +inline bool IsARM() { |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
You're not using it at the moment.
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| +#if defined(__arm__) |
| + return true; |
| +#else |
| + return false; |
| +#endif |
| +} |
| + |
| intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) { |
| int syscall = args.nr; |
| if (syscall >= 1024) |
| @@ -169,7 +182,11 @@ bool IsAllowedGettime(int sysno) { |
| switch (sysno) { |
| case __NR_clock_gettime: |
| case __NR_gettimeofday: |
| + // __NR_time is not available for EABI ARM. |
| + // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
| +#if !defined(__arm__) |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
It's better to whitelist: #if defined(__i386__) ||
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| case __NR_time: |
| +#endif |
| return true; |
| case __NR_adjtimex: // Privileged. |
| case __NR_clock_adjtime: // Privileged. |
| @@ -744,7 +761,11 @@ bool IsNuma(int sysno) { |
| case __NR_get_mempolicy: |
| case __NR_getcpu: |
| case __NR_mbind: |
| + // __NR_migrate_pages is not available for EABI ARM. |
| + // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
| +#if !defined(__arm__) |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
Same here.
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| case __NR_migrate_pages: |
| +#endif |
| case __NR_move_pages: |
| case __NR_set_mempolicy: |
| return true; |
| @@ -935,6 +956,18 @@ bool IsInotify(int sysno) { |
| } |
| } |
| +void LogSandboxStarted(const std::string& sandbox_name, |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
Rebase issue ? This should not exist in this file.
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| + const std::string& process_type) { |
| + const std::string activated_sandbox = |
| + "Activated " + sandbox_name + " sandbox for process type: " + |
| + process_type + "."; |
| + if (IsChromeOS()) { |
| + LOG(WARNING) << activated_sandbox; |
| + } else { |
| + VLOG(1) << activated_sandbox; |
| + } |
| +} |
| + |
| bool IsFaNotify(int sysno) { |
| switch (sysno) { |
| case __NR_fanotify_init: |
| @@ -1192,7 +1225,11 @@ playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) { |
| return ENOSYS; |
| } |
| switch (sysno) { |
| + // __NR_migrate_pages is not available for EABI ARM. |
| + // See </arch/arm/include/asm/unistd.h> in the Linux kernel. |
| +#if !defined(__arm__) |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
Same remark about whitelisting.
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| case __NR_migrate_pages: |
| +#endif |
| case __NR_move_pages: |
| case __NR_process_vm_readv: |
| case __NR_process_vm_writev: |
| @@ -1258,15 +1295,23 @@ playground2::Sandbox::EvaluateSyscall GetProcessSyscallPolicy( |
| NOTREACHED(); |
| // This will be our default if we need one. |
| return AllowAllPolicy; |
| -#else |
| +#elif defined(__i386__) |
| // On IA32, we only have a small blacklist at the moment. |
| (void) process_type; |
| return BlacklistPtracePolicy; |
| -#endif // __x86_64__ |
| +#elif defined(__arm__) |
| + // On ARM, we don't block anything yet. |
|
jln (very slow on Chromium)
2012/08/14 19:10:35
This seems at odd with what you're doing. Did you
Jorge Lucangeli Obes
2012/08/14 21:58:06
Done.
|
| + (void) process_type; |
| + return BlacklistPtracePolicy; |
| +#else |
| + // This should not happen, we're compiling only on x86_64 or i386 or ARM. |
| + (void) process_type; |
| + NOTREACHED(); |
| +#endif |
| } |
| // Initialize the seccomp-bpf sandbox. |
| -bool StartBpfSandbox_x86(const CommandLine& command_line, |
| +bool StartBpfSandbox(const CommandLine& command_line, |
| const std::string& process_type) { |
| playground2::Sandbox::EvaluateSyscall SyscallPolicy = |
| GetProcessSyscallPolicy(command_line, process_type); |
| @@ -1329,7 +1374,7 @@ bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) { |
| // Process-specific policy. |
| ShouldEnableSeccompBpf(process_type) && |
| SupportsSandbox()) { |
| - return StartBpfSandbox_x86(command_line, process_type); |
| + return StartBpfSandbox(command_line, process_type); |
| } |
| #endif |
| return false; |
