// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "build/build_config.h" #include "sandbox/linux/system_headers/linux_syscalls.h" namespace sandbox { // The functions below cover all existing i386, x86_64, and ARM system calls; // excluding syscalls made obsolete in ARM EABI. // The implicitly defined sets form a partition of the sets of // system calls. bool SyscallSets::IsKill(int sysno) { … } bool SyscallSets::IsAllowedGettime(int sysno) { … } bool SyscallSets::IsSendfile(int sysno) { … } bool SyscallSets::IsCurrentDirectory(int sysno) { … } bool SyscallSets::IsUmask(int sysno) { … } // System calls that directly access the file system. They might acquire // a new file descriptor or otherwise perform an operation directly // via a path. // Both EPERM and ENOENT are valid errno unless otherwise noted in comment. bool SyscallSets::IsFileSystem(int sysno) { … } bool SyscallSets::IsTruncate(int sysno) { … } bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { … } // EPERM is a good errno for any of these. bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { … } bool SyscallSets::IsGetSimpleId(int sysno) { … } bool SyscallSets::IsProcessPrivilegeChange(int sysno) { … } bool SyscallSets::IsProcessGroupOrSession(int sysno) { … } bool SyscallSets::IsAllowedSignalHandling(int sysno) { … } bool SyscallSets::IsAllowedOperationOnFd(int sysno) { … } bool SyscallSets::IsKernelInternalApi(int sysno) { … } // This should be thought through in conjunction with IsFutex(). bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { … } // It's difficult to restrict those, but there is attack surface here. bool SyscallSets::IsAllowedFutex(int sysno) { … } bool SyscallSets::IsAllowedEpoll(int sysno) { … } bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { … } #if defined(__i386__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) // Big multiplexing system call for sockets. bool SyscallSets::IsSocketCall(int sysno) { switch (sysno) { #if !(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) case __NR_socketcall: return true; #endif default: return false; } } #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) bool SyscallSets::IsNetworkSocketInformation(int sysno) { … } #endif bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { … } bool SyscallSets::IsAllowedGeneralIo(int sysno) { … } bool SyscallSets::IsPrctl(int sysno) { … } bool SyscallSets::IsSeccomp(int sysno) { … } bool SyscallSets::IsAllowedBasicScheduler(int sysno) { … } bool SyscallSets::IsAdminOperation(int sysno) { … } bool SyscallSets::IsKernelModule(int sysno) { … } bool SyscallSets::IsGlobalFSViewChange(int sysno) { … } bool SyscallSets::IsFsControl(int sysno) { … } bool SyscallSets::IsNuma(int sysno) { … } bool SyscallSets::IsMessageQueue(int sysno) { … } bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { … } bool SyscallSets::IsDebug(int sysno) { … } bool SyscallSets::IsGlobalSystemStatus(int sysno) { … } bool SyscallSets::IsEventFd(int sysno) { … } bool SyscallSets::IsDlopen(int sysno) { … } // Asynchronous I/O API. bool SyscallSets::IsAsyncIo(int sysno) { … } bool SyscallSets::IsKeyManagement(int sysno) { … } #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) bool SyscallSets::IsSystemVSemaphores(int sysno) { … } #endif #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ defined(__aarch64__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) // These give a lot of ambient authority and bypass the setuid sandbox. bool SyscallSets::IsSystemVSharedMemory(int sysno) { … } #endif #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) bool SyscallSets::IsSystemVMessageQueue(int sysno) { … } #endif #if defined(__i386__) || \ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) // Big system V multiplexing system call. bool SyscallSets::IsSystemVIpc(int sysno) { switch (sysno) { #if !(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) case __NR_ipc: return true; #endif default: return false; } } #endif bool SyscallSets::IsAnySystemV(int sysno) { … } bool SyscallSets::IsAdvancedScheduler(int sysno) { … } bool SyscallSets::IsInotify(int sysno) { … } bool SyscallSets::IsFaNotify(int sysno) { … } bool SyscallSets::IsTimer(int sysno) { … } bool SyscallSets::IsAdvancedTimer(int sysno) { … } bool SyscallSets::IsClockApi(int sysno) { … } bool SyscallSets::IsExtendedAttributes(int sysno) { … } // Various system calls that need to be researched. // TODO(jln): classify this better. bool SyscallSets::IsMisc(int sysno) { … } #if defined(__arm__) bool SyscallSets::IsArmPciConfig(int sysno) { switch (sysno) { case __NR_pciconfig_iobase: case __NR_pciconfig_read: case __NR_pciconfig_write: return true; default: return false; } } bool SyscallSets::IsArmPrivate(int sysno) { switch (sysno) { case __ARM_NR_breakpoint: case __ARM_NR_cacheflush: case __ARM_NR_set_tls: case __ARM_NR_usr26: case __ARM_NR_usr32: return true; default: return false; } } #endif // defined(__arm__) #if defined(__mips__) bool SyscallSets::IsMipsPrivate(int sysno) { switch (sysno) { case __NR_cacheflush: case __NR_cachectl: return true; default: return false; } } bool SyscallSets::IsMipsMisc(int sysno) { switch (sysno) { case __NR_sysmips: #if !(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS)) case __NR_unused150: #endif return true; default: return false; } } #endif // defined(__mips__) bool SyscallSets::IsGoogle3Threading(int sysno) { … } } // namespace sandbox.
Codebase Browser
chromium