Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1005)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

Issue 493603003: sandbox: Update known syscalls to kernel 3.17 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: move seccomp Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_sets.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <sys/mman.h> 8 #include <sys/mman.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/syscall.h> 10 #include <sys/syscall.h>
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 174
175 if (SyscallSets::IsKill(sysno)) { 175 if (SyscallSets::IsKill(sysno)) {
176 return RestrictKillTarget(current_pid, sysno); 176 return RestrictKillTarget(current_pid, sysno);
177 } 177 }
178 178
179 if (SyscallSets::IsFileSystem(sysno) || 179 if (SyscallSets::IsFileSystem(sysno) ||
180 SyscallSets::IsCurrentDirectory(sysno)) { 180 SyscallSets::IsCurrentDirectory(sysno)) {
181 return Error(fs_denied_errno); 181 return Error(fs_denied_errno);
182 } 182 }
183 183
184 if (SyscallSets::IsSeccomp(sysno))
185 return Error(EPERM);
186
184 if (SyscallSets::IsAnySystemV(sysno)) { 187 if (SyscallSets::IsAnySystemV(sysno)) {
185 return Error(EPERM); 188 return Error(EPERM);
186 } 189 }
187 190
188 if (SyscallSets::IsUmask(sysno) || 191 if (SyscallSets::IsUmask(sysno) ||
189 SyscallSets::IsDeniedFileSystemAccessViaFd(sysno) || 192 SyscallSets::IsDeniedFileSystemAccessViaFd(sysno) ||
190 SyscallSets::IsDeniedGetOrModifySocket(sysno) || 193 SyscallSets::IsDeniedGetOrModifySocket(sysno) ||
191 SyscallSets::IsProcessPrivilegeChange(sysno)) { 194 SyscallSets::IsProcessPrivilegeChange(sysno)) {
192 return Error(EPERM); 195 return Error(EPERM);
193 } 196 }
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
231 DCHECK_EQ(syscall(__NR_getpid), current_pid_); 234 DCHECK_EQ(syscall(__NR_getpid), current_pid_);
232 } 235 }
233 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno); 236 return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno);
234 } 237 }
235 238
236 ResultExpr BaselinePolicy::InvalidSyscall() const { 239 ResultExpr BaselinePolicy::InvalidSyscall() const {
237 return CrashSIGSYS(); 240 return CrashSIGSYS();
238 } 241 }
239 242
240 } // namespace sandbox. 243 } // namespace sandbox.
OLDNEW
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_sets.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698