Chromium Code Reviews Chromium Code Reviews
Issue 11363212:
Added support for greylisting of system calls. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h |
| diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h |
| index a50ddb38cd90381c2e7c20b724cb7d8a43e72a33..73dc62bbe894a0ca6dc81c2203ea474d57174b0d 100644 |
| --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h |
| +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h |
| @@ -271,6 +271,15 @@ class Sandbox { |
| // handler. |
| static ErrorCode Trap(ErrorCode::TrapFnc fnc, const void *aux); |
| + // Calls a user-space trap handler and disables all sandboxing for system |
| + // calls made from this trap handler. |
| + // NOTE: This feature, by definition, disables all security features of |
| + // the sandbox. It should never be used in production, but it can be |
| + // very useful to diagnose code that is incompatible with the sandbox. |
| + // If even a single system call returns "UnsafeTrap", the security of |
| + // entire sandbox should be considered compromised. |
| + static ErrorCode UnsafeTrap(ErrorCode::TrapFnc fnc, const void *aux); |
| + |
| // Kill the program and print an error message. |
| static ErrorCode Kill(const char *msg); |
| @@ -289,18 +298,29 @@ class Sandbox { |
| typedef std::vector<struct sock_filter> Program; |
| struct Range { |
| - Range(uint32_t f, uint32_t t, const ErrorCode& e) : |
| - from(f), |
| - to(t), |
| - err(e) { |
| + Range(uint32_t f, uint32_t t, const ErrorCode& e) |
| + : from(f), |
| + to(t), |
| + err(e) { |
| } |
| uint32_t from, to; |
| ErrorCode err; |
| }; |
| + struct TrapKey { |
| + TrapKey(TrapFnc f, const void *a, bool s) |
| + : fnc(f), |
| + aux(a), |
| + safe(s) { |
| + } |
| + TrapFnc fnc; |
| + const void *aux; |
| + bool safe; |
| + bool operator<(const TrapKey&) const; |
| + }; |
| typedef std::vector<Range> Ranges; |
| typedef std::map<uint32_t, ErrorCode> ErrMap; |
| typedef std::vector<ErrorCode> Traps; |
| - typedef std::map<std::pair<TrapFnc, const void *>, int> TrapIds; |
| + typedef std::map<TrapKey, uint16_t> TrapIds; |
| // Get a file descriptor pointing to "/proc", if currently available. |
| static int proc_fd() { return proc_fd_; } |
| @@ -320,23 +340,28 @@ class Sandbox { |
| static bool disableFilesystem(); |
| static void policySanityChecks(EvaluateSyscall syscallEvaluator, |
| void *aux); |
| + static void CheckForUnsafeErrorCodes(Instruction *, void *); |
|
jln (very slow on Chromium)
2012/11/15 01:51:52
Please, add argument names and comments!
|
| + static void RedirectToUserspace(Instruction *, void *); |
| + static ErrorCode RedirectToUserspaceEvalWrapper(int sysnum, void *); |
| static void installFilter(bool quiet); |
| static void findRanges(Ranges *ranges); |
| static Instruction *assembleJumpTable(CodeGen *gen, |
| Ranges::const_iterator start, |
| Ranges::const_iterator stop); |
| static void sigSys(int nr, siginfo_t *info, void *void_context); |
| + static ErrorCode MakeTrap(ErrorCode::TrapFnc fn, const void *aux, bool safe); |
| + static intptr_t ReturnErrno(const struct arch_seccomp_data&, void *aux); |
| static intptr_t bpfFailure(const struct arch_seccomp_data& data, void *aux); |
| static int getTrapId(TrapFnc fnc, const void *aux); |
| static SandboxStatus status_; |
| static int proc_fd_; |
| static Evaluators evaluators_; |
| - static ErrMap errMap_; |
| static Traps *traps_; |
| static TrapIds trapIds_; |
| static ErrorCode *trapArray_; |
| static size_t trapArraySize_; |
| + static bool has_unsafe_traps_; |
| DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
| }; |
