Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

Issue 260793003: [MIPS] Add seccomp bpf support (Closed) Base URL: https://git.chromium.org/git/chromium/src.git@master
Patch Set: Fix problem with truncation of syscall value in CrashSIGSYS_Handler Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « build/common.gypi ('k') | content/common/sandbox_linux/bpf_gpu_policy_linux.cc » ('j') | content/common/sandbox_linux/bpf_gpu_policy_linux.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <sys/ptrace.h> 9 #include <sys/ptrace.h>
10 10
(...skipping 26 matching lines...) Expand all
37 case __NR_shmctl: 37 case __NR_shmctl:
38 case __NR_shmdt: 38 case __NR_shmdt:
39 case __NR_shmget: 39 case __NR_shmget:
40 return true; 40 return true;
41 default: 41 default:
42 return false; 42 return false;
43 } 43 }
44 } 44 }
45 #endif 45 #endif
46 46
47 #if defined(__i386__) 47 #if defined(__i386__) || defined(__mips__)
48 // Big system V multiplexing system call. 48 // Big system V multiplexing system call.
49 bool IsSystemVIpc(int sysno) { 49 bool IsSystemVIpc(int sysno) {
50 switch (sysno) { 50 switch (sysno) {
51 case __NR_ipc: 51 case __NR_ipc:
52 return true; 52 return true;
53 default: 53 default:
54 return false; 54 return false;
55 } 55 }
56 } 56 }
57 #endif 57 #endif
(...skipping 11 matching lines...) Expand all
69 scoped_ptr<SandboxBPFPolicy> baseline_policy_; 69 scoped_ptr<SandboxBPFPolicy> baseline_policy_;
70 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy); 70 DISALLOW_COPY_AND_ASSIGN(NaClBPFSandboxPolicy);
71 }; 71 };
72 72
73 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( 73 ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall(
74 sandbox::SandboxBPF* sb, int sysno) const { 74 sandbox::SandboxBPF* sb, int sysno) const {
75 DCHECK(baseline_policy_); 75 DCHECK(baseline_policy_);
76 switch (sysno) { 76 switch (sysno) {
77 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls, 77 // TODO(jln): NaCl's GDB debug stub uses the following socket system calls,
78 // see if it can be restricted a bit. 78 // see if it can be restricted a bit.
79 #if defined(__x86_64__) || defined(__arm__) 79 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
80 // transport_common.cc needs this. 80 // transport_common.cc needs this.
81 case __NR_accept: 81 case __NR_accept:
82 case __NR_setsockopt: 82 case __NR_setsockopt:
83 #elif defined(__i386__) 83 #elif defined(__i386__) || defined(__mips__)
84 case __NR_socketcall: 84 case __NR_socketcall:
85 #endif 85 #endif
86 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is 86 // trusted/service_runtime/linux/thread_suspension.c needs sigwait() and is
87 // used by NaCl's GDB debug stub. 87 // used by NaCl's GDB debug stub.
88 case __NR_rt_sigtimedwait: 88 case __NR_rt_sigtimedwait:
89 #if defined(__i386__) 89 #if defined(__i386__) || defined(__mips__)
90 // Needed on i386 to set-up the custom segments. 90 // Needed on i386 to set-up the custom segments.
91 case __NR_modify_ldt: 91 case __NR_modify_ldt:
92 #endif 92 #endif
93 // NaClAddrSpaceBeforeAlloc needs prlimit64. 93 // NaClAddrSpaceBeforeAlloc needs prlimit64.
94 case __NR_prlimit64: 94 case __NR_prlimit64:
95 // NaCl uses custom signal stacks. 95 // NaCl uses custom signal stacks.
96 case __NR_sigaltstack: 96 case __NR_sigaltstack:
97 // Below is fairly similar to the policy for a Chromium renderer. 97 // Below is fairly similar to the policy for a Chromium renderer.
98 // TODO(jln): restrict ioctl() and prctl(). 98 // TODO(jln): restrict ioctl() and prctl().
99 case __NR_ioctl: 99 case __NR_ioctl:
100 #if defined(__i386__) || defined(__x86_64__) 100 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
101 case __NR_getrlimit: 101 case __NR_getrlimit:
102 #endif 102 #endif
103 #if defined(__i386__) || defined(__arm__) 103 #if defined(__i386__) || defined(__arm__)
104 case __NR_ugetrlimit: 104 case __NR_ugetrlimit:
105 #endif 105 #endif
106 // NaCl runtime exposes clock_getres to untrusted code. 106 // NaCl runtime exposes clock_getres to untrusted code.
107 case __NR_clock_getres: 107 case __NR_clock_getres:
108 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. 108 // NaCl runtime uses flock to simulate POSIX behavior for pwrite.
109 case __NR_flock: 109 case __NR_flock:
110 case __NR_pread64: 110 case __NR_pread64:
(...skipping 15 matching lines...) Expand all
126 case __NR_ptrace: 126 case __NR_ptrace:
127 return ErrorCode(EPERM); 127 return ErrorCode(EPERM);
128 default: 128 default:
129 // TODO(jln): look into getting rid of System V shared memory: 129 // TODO(jln): look into getting rid of System V shared memory:
130 // platform_qualify/linux/sysv_shm_and_mmap.c makes it a requirement, but 130 // platform_qualify/linux/sysv_shm_and_mmap.c makes it a requirement, but
131 // it may not be needed in all cases. Chromium renderers don't need 131 // it may not be needed in all cases. Chromium renderers don't need
132 // System V shared memory on Aura. 132 // System V shared memory on Aura.
133 #if defined(__x86_64__) || defined(__arm__) 133 #if defined(__x86_64__) || defined(__arm__)
134 if (IsSystemVSharedMemory(sysno)) 134 if (IsSystemVSharedMemory(sysno))
135 return ErrorCode(ErrorCode::ERR_ALLOWED); 135 return ErrorCode(ErrorCode::ERR_ALLOWED);
136 #elif defined(__i386__) 136 #elif defined(__i386__) || defined(__mips__)
137 if (IsSystemVIpc(sysno)) 137 if (IsSystemVIpc(sysno))
138 return ErrorCode(ErrorCode::ERR_ALLOWED); 138 return ErrorCode(ErrorCode::ERR_ALLOWED);
139 #endif 139 #endif
140 return baseline_policy_->EvaluateSyscall(sb, sysno); 140 return baseline_policy_->EvaluateSyscall(sb, sysno);
141 } 141 }
142 NOTREACHED(); 142 NOTREACHED();
143 // GCC wants this. 143 // GCC wants this.
144 return ErrorCode(EPERM); 144 return ErrorCode(EPERM);
145 } 145 }
146 146
147 void RunSandboxSanityChecks() { 147 void RunSandboxSanityChecks() {
148 errno = 0; 148 errno = 0;
149 // Make a ptrace request with an invalid PID. 149 // Make a ptrace request with an invalid PID.
150 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL); 150 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL);
151 CHECK_EQ(-1, ptrace_ret); 151 CHECK_EQ(-1, ptrace_ret);
152 // Without the sandbox on, this ptrace call would ESRCH instead. 152 // Without the sandbox on, this ptrace call would ESRCH instead.
153 CHECK_EQ(EPERM, errno); 153 CHECK_EQ(EPERM, errno);
154 } 154 }
155 155
156 } // namespace 156 } // namespace
157 157
158 #else 158 #else
159 159
160 #if !defined(ARCH_CPU_MIPS_FAMILY)
161 #error "Seccomp-bpf disabled on supported architecture!" 160 #error "Seccomp-bpf disabled on supported architecture!"
162 #endif
163 161
164 #endif // defined(USE_SECCOMP_BPF) 162 #endif // defined(USE_SECCOMP_BPF)
165 163
166 bool InitializeBPFSandbox() { 164 bool InitializeBPFSandbox() {
167 #if defined(USE_SECCOMP_BPF) 165 #if defined(USE_SECCOMP_BPF)
168 bool sandbox_is_initialized = content::InitializeSandbox( 166 bool sandbox_is_initialized = content::InitializeSandbox(
169 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy())); 167 scoped_ptr<SandboxBPFPolicy>(new NaClBPFSandboxPolicy()));
170 if (sandbox_is_initialized) { 168 if (sandbox_is_initialized) {
171 RunSandboxSanityChecks(); 169 RunSandboxSanityChecks();
172 return true; 170 return true;
173 } 171 }
174 #endif // defined(USE_SECCOMP_BPF) 172 #endif // defined(USE_SECCOMP_BPF)
175 return false; 173 return false;
176 } 174 }
177 175
178 } // namespace nacl 176 } // namespace nacl
OLDNEW
« no previous file with comments | « build/common.gypi ('k') | content/common/sandbox_linux/bpf_gpu_policy_linux.cc » ('j') | content/common/sandbox_linux/bpf_gpu_policy_linux.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698