Enable strict Seccomp-BPF policy for PPAPI process on ARM.

BUG=156220
TEST=YouTube, Flash games, Amazon Instant Video work on daisy.
TEST=See www/~jorgelo/no_crawl/ppapi


Review URL: https://chromiumcodereview.appspot.com/11193015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162579 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 32 insertions, 19 deletions

diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index a9342ae..09788dd 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -48,6 +48,14 @@ inline bool IsChromeOS() {
 #endif
 }
 
+inline bool IsArchitectureArm() {
+#if defined(__arm__)
+  return true;
+#else
+  return false;
+#endif
+}
+
 intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
   int syscall = args.nr;
   if (syscall >= 1024)
@@ -1114,7 +1122,7 @@ bool IsArmPrivate(int sysno) {
 
 // End of the system call sets section.
 
-bool IsBaselinePolicyAllowed_x86_64(int sysno) {
+bool IsBaselinePolicyAllowed(int sysno) {
   if (IsAllowedAddressSpaceAccess(sysno) ||
       IsAllowedBasicScheduler(sysno) ||
       IsAllowedEpoll(sysno) ||
@@ -1139,8 +1147,8 @@ bool IsBaselinePolicyAllowed_x86_64(int sysno) {
   }
 }
 
-// System calls that will trigger the crashing sigsys handler.
-bool IsBaselinePolicyWatched_x86_64(int sysno) {
+// System calls that will trigger the crashing SIGSYS handler.
+bool IsBaselinePolicyWatched(int sysno) {
   if (IsAdminOperation(sysno) ||
       IsAdvancedScheduler(sysno) ||
       IsAdvancedTimer(sysno) ||
@@ -1185,9 +1193,9 @@ bool IsBaselinePolicyWatched_x86_64(int sysno) {
   }
 }
 
-// x86_64 only for now. Needs to be adapted and tested for i386.
-ErrorCode BaselinePolicy_x86_64(int sysno) {
-  if (IsBaselinePolicyAllowed_x86_64(sysno)) {
+// x86_64 and ARM for now. Needs to be adapted and tested for i386.
+ErrorCode BaselinePolicy(int sysno) {
+  if (IsBaselinePolicyAllowed(sysno)) {
     return ErrorCode(ErrorCode::ERR_ALLOWED);
   }
   // TODO(jln): some system calls in those sets are not supposed to
@@ -1201,7 +1209,7 @@ ErrorCode BaselinePolicy_x86_64(int sysno) {
     return ErrorCode(EPERM);
   }
 
-  if (IsBaselinePolicyWatched_x86_64(sysno)) {
+  if (IsBaselinePolicyWatched(sysno)) {
     // Previously unseen syscalls. TODO(jln): some of these should
     // be denied gracefully right away.
     return Sandbox::Trap(CrashSIGSYS_Handler, NULL);
@@ -1210,7 +1218,7 @@ ErrorCode BaselinePolicy_x86_64(int sysno) {
   return Sandbox::Trap(CrashSIGSYS_Handler, NULL);
 }
 
-// x86_64 only for now. Needs to be adapted and tested for i386.
+// x86_64 only for now. Needs to be adapted and tested for i386/ARM.
 ErrorCode GpuProcessPolicy_x86_64(int sysno) {
   switch(sysno) {
     case __NR_ioctl:
@@ -1235,7 +1243,7 @@ ErrorCode GpuProcessPolicy_x86_64(int sysno) {
         return ErrorCode(ErrorCode::ERR_ALLOWED);
 
       // Default on the baseline policy.
-      return BaselinePolicy_x86_64(sysno);
+      return BaselinePolicy(sysno);
   }
 }
 
@@ -1268,12 +1276,12 @@ ErrorCode RendererOrWorkerProcessPolicy_x86_64(int sysno) {
 #endif
 
       // Default on the baseline policy.
-      return BaselinePolicy_x86_64(sysno);
+      return BaselinePolicy(sysno);
   }
 }
 
-// x86_64 only for now. Needs to be adapted and tested for i386.
-ErrorCode FlashProcessPolicy_x86_64(int sysno) {
+// x86_64 and ARM for now. Needs to be adapted and tested for i386.
+ErrorCode FlashProcessPolicy(int sysno) {
   switch (sysno) {
     case __NR_sched_getaffinity:
     case __NR_sched_setscheduler:
@@ -1290,7 +1298,7 @@ ErrorCode FlashProcessPolicy_x86_64(int sysno) {
 #endif
 
       // Default on the baseline policy.
-      return BaselinePolicy_x86_64(sysno);
+      return BaselinePolicy(sysno);
   }
 }
 
@@ -1338,10 +1346,12 @@ void WarmupPolicy(Sandbox::EvaluateSyscall policy) {
 Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
     const CommandLine& command_line,
     const std::string& process_type) {
-#if defined(__x86_64__)
+#if defined(__x86_64__) || defined(__arm__)
   if (process_type == switches::kGpuProcess) {
     // On Chrome OS, --enable-gpu-sandbox enables the more restrictive policy.
-    if (IsChromeOS() && !command_line.HasSwitch(switches::kEnableGpuSandbox))
+    // However, we never enable the more restrictive GPU process policy on ARM.
+    if (IsArchitectureArm() ||
+        (IsChromeOS() && !command_line.HasSwitch(switches::kEnableGpuSandbox)))
       return BlacklistDebugAndNumaPolicy;
     else
       return GpuProcessPolicy_x86_64;
@@ -1350,12 +1360,15 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
   if (process_type == switches::kPpapiPluginProcess) {
     // TODO(jln): figure out what to do with non-Flash PPAPI
     // out-of-process plug-ins.
-    return FlashProcessPolicy_x86_64;
+    return FlashProcessPolicy;
   }
 
   if (process_type == switches::kRendererProcess ||
       process_type == switches::kWorkerProcess) {
-    return RendererOrWorkerProcessPolicy_x86_64;
+    if (IsArchitectureArm())
+      return BlacklistDebugAndNumaPolicy;
+    else
+      return RendererOrWorkerProcessPolicy_x86_64;
   }
 
   if (process_type == switches::kUtilityProcess) {
@@ -1366,11 +1379,11 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy(
   // This will be our default if we need one.
   return AllowAllPolicy;
 #else
-  // On other architectures (currently IA32 or ARM),
+  // On other architectures (currently IA32),
   // we only have a small blacklist at the moment.
   (void) process_type;
   return BlacklistDebugAndNumaPolicy;
-#endif  // __x86_64__
+#endif  // __x86_64__ || __arm__
 }
 
 // Initialize the seccomp-bpf sandbox.