// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/policy/linux/bpf_network_policy_linux.h" #include <memory> #include <fcntl.h> #include <linux/ioctl.h> #include <linux/net.h> #include <linux/netlink.h> #include <linux/sockios.h> #include <linux/wireless.h> #include <netinet/in.h> #include <netinet/tcp.h> #include <sys/inotify.h> #include <sys/mman.h> #include <sys/socket.h> #include <unistd.h> #include "base/feature_list.h" #include "build/build_config.h" #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h" #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" #include "sandbox/linux/syscall_broker/broker_process.h" #include "sandbox/linux/system_headers/linux_syscalls.h" #include "sandbox/policy/features.h" #include "sandbox/policy/linux/bpf_base_policy_linux.h" #include "sandbox/policy/linux/sandbox_linux.h" #if BUILDFLAG(IS_LINUX) #include "net/base/features.h" // nogncheck #endif Allow; Arg; BoolExpr; Error; If; ResultExpr; Trap; BrokerProcess; #define CASES … // Ioctl number used by sqlite. #if !defined(F2FS_IOC_GET_FEATURES) #define F2FS_IOC_GET_FEATURES … #endif namespace sandbox::policy { namespace { ResultExpr DefaultErrorResult() { … } ResultExpr RestrictIoctlForNetworkService() { … } ResultExpr RestrictGetSockoptForNetworkService() { … } ResultExpr RestrictSetSockoptForNetworkService() { … } ResultExpr RestrictSocketForNetworkService() { … } } // namespace NetworkProcessPolicy::NetworkProcessPolicy() = default; NetworkProcessPolicy::~NetworkProcessPolicy() = default; ResultExpr NetworkProcessPolicy::EvaluateSyscall(int sysno) const { … } } // namespace sandbox::policy
Codebase Browser
chromium