OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <pthread.h> | 6 #include <pthread.h> |
7 #include <sched.h> | 7 #include <sched.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/syscall.h> | 9 #include <sys/syscall.h> |
10 #include <sys/time.h> | 10 #include <sys/time.h> |
(...skipping 560 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
571 // use of UnsafeTrap() | 571 // use of UnsafeTrap() |
572 if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn | 572 if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn |
573 #if defined(__NR_sigprocmask) | 573 #if defined(__NR_sigprocmask) |
574 || | 574 || |
575 sysno == __NR_sigprocmask | 575 sysno == __NR_sigprocmask |
576 #endif | 576 #endif |
577 #if defined(__NR_sigreturn) | 577 #if defined(__NR_sigreturn) |
578 || | 578 || |
579 sysno == __NR_sigreturn | 579 sysno == __NR_sigreturn |
580 #endif | 580 #endif |
581 #if defined(__mips) | |
582 // MIPS call to pipe() returns values of file descriptors in registers | |
583 // and then they are written to fd array by glibc. | |
584 // Since we are bypassing glibc call in traps, pipe() can't be trapped | |
585 // in order for test to work | |
586 || | |
587 sysno == __NR_pipe | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Let's change pipe() below to socketpair instead. T
nedeljko
2014/05/07 15:40:05
Done.
| |
588 #endif | |
581 ) { | 589 ) { |
582 return ErrorCode(ErrorCode::ERR_ALLOWED); | 590 return ErrorCode(ErrorCode::ERR_ALLOWED); |
583 } else if (SandboxBPF::IsValidSyscallNumber(sysno)) { | 591 } else if (SandboxBPF::IsValidSyscallNumber(sysno)) { |
584 return sandbox->UnsafeTrap(AllowRedirectedSyscall, aux); | 592 return sandbox->UnsafeTrap(AllowRedirectedSyscall, aux); |
585 } else { | 593 } else { |
586 return ErrorCode(ENOSYS); | 594 return ErrorCode(ENOSYS); |
587 } | 595 } |
588 } | 596 } |
589 | 597 |
590 int bus_handler_fd_ = -1; | 598 int bus_handler_fd_ = -1; |
(...skipping 1072 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1663 "%s\n", | 1671 "%s\n", |
1664 args.nr, | 1672 args.nr, |
1665 (long long)args.args[0], | 1673 (long long)args.args[0], |
1666 (long long)args.args[1], | 1674 (long long)args.args[1], |
1667 (long long)args.args[2], | 1675 (long long)args.args[2], |
1668 (long long)args.args[3], | 1676 (long long)args.args[3], |
1669 (long long)args.args[4], | 1677 (long long)args.args[4], |
1670 (long long)args.args[5], | 1678 (long long)args.args[5], |
1671 msg); | 1679 msg); |
1672 } | 1680 } |
1681 #if defined(__mips__) | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Let's use a wrapper in services/ (see earlier comm
nedeljko
2014/05/07 15:40:05
Done.
| |
1682 // On MIPS architecture, kernel returns errno instead of -errno | |
1683 // and glibc wrapper does not negate this value | |
1684 return EPERM; | |
1685 #else | |
1673 return -EPERM; | 1686 return -EPERM; |
1687 #endif | |
1674 } | 1688 } |
1675 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { | 1689 ErrorCode PthreadPolicyEquality(SandboxBPF* sandbox, int sysno, void* aux) { |
1676 // This policy allows creating threads with pthread_create(). But it | 1690 // This policy allows creating threads with pthread_create(). But it |
1677 // doesn't allow any other uses of clone(). Most notably, it does not | 1691 // doesn't allow any other uses of clone(). Most notably, it does not |
1678 // allow callers to implement fork() or vfork() by passing suitable flags | 1692 // allow callers to implement fork() or vfork() by passing suitable flags |
1679 // to the clone() system call. | 1693 // to the clone() system call. |
1680 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { | 1694 if (!SandboxBPF::IsValidSyscallNumber(sysno)) { |
1681 // FIXME: we should really not have to do that in a trivial policy | 1695 // FIXME: we should really not have to do that in a trivial policy |
1682 return ErrorCode(ENOSYS); | 1696 return ErrorCode(ENOSYS); |
1683 } else if (sysno == __NR_clone) { | 1697 } else if (sysno == __NR_clone) { |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1782 -EINTR) { | 1796 -EINTR) { |
1783 } | 1797 } |
1784 BPF_ASSERT(thread_ran); | 1798 BPF_ASSERT(thread_ran); |
1785 | 1799 |
1786 // Attempt to fork() a process using clone(). This should fail. We use the | 1800 // Attempt to fork() a process using clone(). This should fail. We use the |
1787 // same flags that glibc uses when calling fork(). But we don't actually | 1801 // same flags that glibc uses when calling fork(). But we don't actually |
1788 // try calling the fork() implementation in the C run-time library, as | 1802 // try calling the fork() implementation in the C run-time library, as |
1789 // run-time libraries other than glibc might call __NR_fork instead of | 1803 // run-time libraries other than glibc might call __NR_fork instead of |
1790 // __NR_clone, and that would introduce a bogus test failure. | 1804 // __NR_clone, and that would introduce a bogus test failure. |
1791 int pid; | 1805 int pid; |
1806 #if defined(__mips__) | |
1807 BPF_ASSERT(SandboxSyscall(__NR_clone, | |
1808 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, | |
1809 0, | |
1810 0, | |
1811 &pid) == EPERM); | |
jln (very slow on Chromium)
2014/05/02 20:42:04
Same remark.
nedeljko
2014/05/07 15:40:05
Done.
| |
1812 #else | |
1792 BPF_ASSERT(SandboxSyscall(__NR_clone, | 1813 BPF_ASSERT(SandboxSyscall(__NR_clone, |
1793 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, | 1814 CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | SIGCHLD, |
1794 0, | 1815 0, |
1795 0, | 1816 0, |
1796 &pid) == -EPERM); | 1817 &pid) == -EPERM); |
1818 #endif | |
1797 } | 1819 } |
1798 | 1820 |
1799 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } | 1821 BPF_TEST(SandboxBPF, PthreadEquality, PthreadPolicyEquality) { PthreadTest(); } |
1800 | 1822 |
1801 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } | 1823 BPF_TEST(SandboxBPF, PthreadBitMask, PthreadPolicyBitMask) { PthreadTest(); } |
1802 | 1824 |
1803 } // namespace | 1825 } // namespace |
1804 | 1826 |
1805 } // namespace sandbox | 1827 } // namespace sandbox |
OLD | NEW |