| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <linux/net.h> | 10 #include <linux/net.h> |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #if defined(OS_ANDROID) | 27 #if defined(OS_ANDROID) |
| 28 #if !defined(F_DUPFD_CLOEXEC) | 28 #if !defined(F_DUPFD_CLOEXEC) |
| 29 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 29 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
| 30 #endif | 30 #endif |
| 31 #endif | 31 #endif |
| 32 | 32 |
| 33 #if defined(__arm__) && !defined(MAP_STACK) | 33 #if defined(__arm__) && !defined(MAP_STACK) |
| 34 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 34 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
| 35 #endif | 35 #endif |
| 36 | 36 |
| 37 #if defined(__mips__) && !defined(MAP_STACK) |
| 38 #define MAP_STACK 0x40000 |
| 39 #endif |
| 37 namespace { | 40 namespace { |
| 38 | 41 |
| 39 inline bool IsArchitectureX86_64() { | 42 inline bool IsArchitectureX86_64() { |
| 40 #if defined(__x86_64__) | 43 #if defined(__x86_64__) |
| 41 return true; | 44 return true; |
| 42 #else | 45 #else |
| 43 return false; | 46 return false; |
| 44 #endif | 47 #endif |
| 45 } | 48 } |
| 46 | 49 |
| 47 inline bool IsArchitectureI386() { | 50 inline bool IsArchitectureI386() { |
| 48 #if defined(__i386__) | 51 #if defined(__i386__) |
| 49 return true; | 52 return true; |
| 50 #else | 53 #else |
| 51 return false; | 54 return false; |
| 52 #endif | 55 #endif |
| 53 } | 56 } |
| 54 | 57 |
| 55 inline bool IsAndroid() { | 58 inline bool IsAndroid() { |
| 56 #if defined(OS_ANDROID) | 59 #if defined(OS_ANDROID) |
| 57 return true; | 60 return true; |
| 58 #else | 61 #else |
| 59 return false; | 62 return false; |
| 60 #endif | 63 #endif |
| 61 } | 64 } |
| 62 | 65 |
| 66 inline bool IsArchitectureMips() { |
| 67 #if defined(__mips__) |
| 68 return true; |
| 69 #else |
| 70 return false; |
| 71 #endif |
| 72 } |
| 73 |
| 63 } // namespace. | 74 } // namespace. |
| 64 | 75 |
| 65 namespace sandbox { | 76 namespace sandbox { |
| 66 | 77 |
| 67 // Allow Glibc's and Android pthread creation flags, crash on any other | 78 // Allow Glibc's and Android pthread creation flags, crash on any other |
| 68 // thread creation attempts and EPERM attempts to use neither | 79 // thread creation attempts and EPERM attempts to use neither |
| 69 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. | 80 // CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. |
| 70 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { | 81 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { |
| 71 if (!IsAndroid()) { | 82 if (!IsAndroid()) { |
| 72 const uint64_t kGlibcPthreadFlags = | 83 const uint64_t kGlibcPthreadFlags = |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 ErrorCode(ErrorCode::ERR_ALLOWED)); | 159 ErrorCode(ErrorCode::ERR_ALLOWED)); |
| 149 } | 160 } |
| 150 | 161 |
| 151 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { | 162 ErrorCode RestrictFcntlCommands(SandboxBPF* sandbox) { |
| 152 // We also restrict the flags in F_SETFL. We don't want to permit flags with | 163 // We also restrict the flags in F_SETFL. We don't want to permit flags with |
| 153 // a history of trouble such as O_DIRECT. The flags you see are actually the | 164 // a history of trouble such as O_DIRECT. The flags you see are actually the |
| 154 // allowed ones, and the variable is a "denied" mask because of the negation | 165 // allowed ones, and the variable is a "denied" mask because of the negation |
| 155 // operator. | 166 // operator. |
| 156 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. | 167 // Glibc overrides the kernel's O_LARGEFILE value. Account for this. |
| 157 int kOLargeFileFlag = O_LARGEFILE; | 168 int kOLargeFileFlag = O_LARGEFILE; |
| 158 if (IsArchitectureX86_64() || IsArchitectureI386()) | 169 if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips()) |
| 159 kOLargeFileFlag = 0100000; | 170 kOLargeFileFlag = 0100000; |
| 160 | 171 |
| 161 // TODO(jln): add TP_LONG/TP_SIZET types. | 172 // TODO(jln): add TP_LONG/TP_SIZET types. |
| 162 ErrorCode::ArgType mask_long_type; | 173 ErrorCode::ArgType mask_long_type; |
| 163 if (sizeof(long) == 8) | 174 if (sizeof(long) == 8) |
| 164 mask_long_type = ErrorCode::TP_64BIT; | 175 mask_long_type = ErrorCode::TP_64BIT; |
| 165 else if (sizeof(long) == 4) | 176 else if (sizeof(long) == 4) |
| 166 mask_long_type = ErrorCode::TP_32BIT; | 177 mask_long_type = ErrorCode::TP_32BIT; |
| 167 else | 178 else |
| 168 NOTREACHED(); | 179 NOTREACHED(); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 195 ErrorCode(ErrorCode::ERR_ALLOWED), | 206 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 196 sandbox->Cond(1, ErrorCode::TP_32BIT, | 207 sandbox->Cond(1, ErrorCode::TP_32BIT, |
| 197 ErrorCode::OP_EQUAL, F_GETLK, | 208 ErrorCode::OP_EQUAL, F_GETLK, |
| 198 ErrorCode(ErrorCode::ERR_ALLOWED), | 209 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 199 sandbox->Cond(1, ErrorCode::TP_32BIT, | 210 sandbox->Cond(1, ErrorCode::TP_32BIT, |
| 200 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, | 211 ErrorCode::OP_EQUAL, F_DUPFD_CLOEXEC, |
| 201 ErrorCode(ErrorCode::ERR_ALLOWED), | 212 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 202 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); | 213 sandbox->Trap(CrashSIGSYS_Handler, NULL)))))))))); |
| 203 } | 214 } |
| 204 | 215 |
| 205 #if defined(__i386__) | 216 #if defined(__i386__) || defined(__mips__) |
| 206 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { | 217 ErrorCode RestrictSocketcallCommand(SandboxBPF* sandbox) { |
| 207 // Unfortunately, we are unable to restrict the first parameter to | 218 // Unfortunately, we are unable to restrict the first parameter to |
| 208 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very | 219 // socketpair(2). Whilst initially sounding bad, it's noteworthy that very |
| 209 // few protocols actually support socketpair(2). The scary call that we're | 220 // few protocols actually support socketpair(2). The scary call that we're |
| 210 // worried about, socket(2), remains blocked. | 221 // worried about, socket(2), remains blocked. |
| 211 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 222 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 212 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), | 223 SYS_SOCKETPAIR, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 213 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 224 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 214 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), | 225 SYS_SEND, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 215 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 226 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| (...skipping 24 matching lines...) Expand all Loading... |
| 240 sandbox->Trap(SIGSYSKillFailure, NULL)); | 251 sandbox->Trap(SIGSYSKillFailure, NULL)); |
| 241 case __NR_tkill: | 252 case __NR_tkill: |
| 242 return sandbox->Trap(SIGSYSKillFailure, NULL); | 253 return sandbox->Trap(SIGSYSKillFailure, NULL); |
| 243 default: | 254 default: |
| 244 NOTREACHED(); | 255 NOTREACHED(); |
| 245 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | 256 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
| 246 } | 257 } |
| 247 } | 258 } |
| 248 | 259 |
| 249 } // namespace sandbox. | 260 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 260793003:
[MIPS] Add seccomp bpf support (Closed)
Base URL: https://git.chromium.org/git/chromium/src.git@master