// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" #include <errno.h> #include <stdint.h> #include <string.h> #include <sys/prctl.h> #include <sys/types.h> #include <unistd.h> #include "base/check_op.h" #include "base/compiler_specific.h" #include "base/files/scoped_file.h" #include "base/logging.h" #include "base/notreached.h" #include "base/posix/eintr_wrapper.h" #include "build/build_config.h" #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/bpf_dsl/codegen.h" #include "sandbox/linux/bpf_dsl/policy.h" #include "sandbox/linux/bpf_dsl/policy_compiler.h" #include "sandbox/linux/bpf_dsl/seccomp_macros.h" #include "sandbox/linux/bpf_dsl/syscall_set.h" #include "sandbox/linux/seccomp-bpf/die.h" #include "sandbox/linux/seccomp-bpf/syscall.h" #include "sandbox/linux/seccomp-bpf/trap.h" #include "sandbox/linux/services/proc_util.h" #include "sandbox/linux/services/syscall_wrappers.h" #include "sandbox/linux/services/thread_helpers.h" #include "sandbox/linux/system_headers/linux_filter.h" #include "sandbox/linux/system_headers/linux_seccomp.h" #include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/sandbox_buildflags.h" namespace sandbox { namespace { // Check if the kernel supports seccomp-filter (a.k.a. seccomp mode 2) via // prctl(). bool KernelSupportsSeccompBPF() { … } // LG introduced a buggy syscall, sys_set_media_ext, with the same number as // seccomp. Return true if the current kernel has this buggy syscall. // // We want this to work with upcoming versions of seccomp, so we pass bogus // flags that are unlikely to ever be used by the kernel. A normal kernel would // return -EINVAL, but a buggy LG kernel would return 1. bool KernelHasLGBug() { … } bool KernelSupportsSeccompFlags(unsigned int flags) { … } // Check if the kernel supports seccomp-filter via the seccomp system call // and the TSYNC feature to enable seccomp on all threads. bool KernelSupportsSeccompTsync() { … } #if BUILDFLAG(DISABLE_SECCOMP_SSBD) // Check if the kernel supports seccomp-filter via the seccomp system call and // without spec flaw mitigation. bool KernelSupportSeccompSpecAllow() { … } #endif uint64_t EscapePC() { … } intptr_t SandboxPanicTrap(const struct arch_seccomp_data&, void* aux) { … } bpf_dsl::ResultExpr SandboxPanic(const char* error) { … } } // namespace SandboxBPF::SandboxBPF(std::unique_ptr<bpf_dsl::Policy> policy) : … { … } SandboxBPF::~SandboxBPF() { … } // static bool SandboxBPF::SupportsSeccompSandbox(SeccompLevel level) { … } bool SandboxBPF::StartSandbox(SeccompLevel seccomp_level, bool enable_ibpb) { … } void SandboxBPF::SetProcFd(base::ScopedFD proc_fd) { … } // static bool SandboxBPF::IsValidSyscallNumber(int sysnum) { … } // static bool SandboxBPF::IsRequiredForUnsafeTrap(int sysno) { … } // static intptr_t SandboxBPF::ForwardSyscall(const struct arch_seccomp_data& args) { … } CodeGen::Program SandboxBPF::AssembleFilter() { … } void SandboxBPF::InstallFilter(bool must_sync_threads, bool enable_ibpb) { … } void SandboxBPF::DisableIBSpec() { … } } // namespace sandbox
Codebase Browser
chromium