Revert 200408 "Restrict mmap(2) and mprotect(2) flags for x64."

> Restrict mmap(2) and mprotect(2) flags for x64. > > BUG=241220 > R=jln@google.com > > Review URL: https://codereview.chromium.org/15112008 TBR=cevans@chromium.org Review URL: https://codereview.chromium.org/15230002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@200583 0039d316-1c4b-4281-b951-d872f2087c98
author: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-05-16 18:24:30 +0000
committer: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-05-16 18:24:30 +0000
commit: 4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48 (patch)
tree: b5cf635567657b964687342da5aec0ab421e3b1c /content
parent: e7c28cb150eb571397c704e7d771db29d46ff8b7 (diff)
download: chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.zip
chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.tar.gz
chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.tar.bz2
1 files changed, 12 insertions, 60 deletions
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index 09ccf4b..1cd136e 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -662,6 +662,13 @@ bool IsAllowedAddressSpaceAccess(int sysno) {
   switch (sysno) {
     case __NR_brk:
     case __NR_mlock:
+#if defined(__i386__) || defined(__x86_64__)
+    case __NR_mmap:   // TODO(jln): to restrict flags.
+#endif
+#if defined(__i386__) || defined(__arm__)
+    case __NR_mmap2:
+#endif
+    case __NR_mprotect:
     case __NR_munlock:
     case __NR_munmap:
       return true;
@@ -669,15 +676,8 @@ bool IsAllowedAddressSpaceAccess(int sysno) {
     case __NR_mincore:
     case __NR_mlockall:
 #if defined(__i386__) || defined(__x86_64__)
-    case __NR_mmap:
-#endif
-#if defined(__i386__) || defined(__arm__)
-    case __NR_mmap2:
-#endif
-#if defined(__i386__) || defined(__x86_64__)
     case __NR_modify_ldt:
 #endif
-    case __NR_mprotect:
     case __NR_mremap:
     case __NR_msync:
     case __NR_munlockall:
@@ -1240,43 +1240,7 @@ bool IsBaselinePolicyWatched(int sysno) {
   }
 }
 
-ErrorCode RestrictMmapFlags(Sandbox *sandbox) {
-  // The flags you see are actually the allowed ones, and the variable is a
-  // "denied" mask because of the negation operator.
-  // Significantly, we don't permit MAP_HUGETLB, or the newer flags such as
-  // MAP_POPULATE.
-  uint32_t denied_mask = ~(MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS |
-                           MAP_STACK | MAP_NORESERVE | MAP_FIXED);
-  return sandbox->Cond(3, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
-                       denied_mask,
-                       sandbox->Trap(CrashSIGSYS_Handler, NULL),
-                       ErrorCode(ErrorCode::ERR_ALLOWED));
-}
-
-ErrorCode RestrictMprotectFlags(Sandbox *sandbox) {
-  // The flags you see are actually the allowed ones, and the variable is a
-  // "denied" mask because of the negation operator.
-  // Significantly, we don't permit weird undocumented flags such as
-  // PROT_GROWSDOWN.
-  uint32_t denied_mask = ~(PROT_READ | PROT_WRITE | PROT_EXEC);
-  return sandbox->Cond(2, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
-                       denied_mask,
-                       sandbox->Trap(CrashSIGSYS_Handler, NULL),
-                       ErrorCode(ErrorCode::ERR_ALLOWED));
-}
-
 ErrorCode BaselinePolicy(Sandbox *sandbox, int sysno) {
-  if (IsBaselinePolicyAllowed(sysno)) {
-    return ErrorCode(ErrorCode::ERR_ALLOWED);
-  }
-
-#if defined(__i386__)
-  // socketcall(2) should be tightened.
-  if (IsSocketCall(sysno)) {
-    return ErrorCode(ErrorCode::ERR_ALLOWED);
-  }
-#endif
-
 #if defined(__x86_64__) || defined(__arm__)
   if (sysno == __NR_socketpair) {
     // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
@@ -1286,7 +1250,6 @@ ErrorCode BaselinePolicy(Sandbox *sandbox, int sysno) {
                          sandbox->Trap(CrashSIGSYS_Handler, NULL));
   }
 #endif
-
   if (sysno == __NR_madvise) {
     // Only allow MADV_DONTNEED (aka MADV_FREE).
     return sandbox->Cond(2, ErrorCode::TP_32BIT,
@@ -1295,28 +1258,17 @@ ErrorCode BaselinePolicy(Sandbox *sandbox, int sysno) {
                          ErrorCode(EPERM));
   }
 
-#if defined(__i386__) || defined(__x86_64__)
-  if (sysno == __NR_mmap) {
-    if (IsArchitectureX86_64())
-      return RestrictMmapFlags(sandbox);
-    else
-      return ErrorCode(ErrorCode::ERR_ALLOWED);
+  if (IsBaselinePolicyAllowed(sysno)) {
+    return ErrorCode(ErrorCode::ERR_ALLOWED);
   }
-#endif
 
-#if defined(__i386__) || defined(__arm__)
-  if (sysno == __NR_mmap2) {
+#if defined(__i386__)
+  // socketcall(2) should be tightened.
+  if (IsSocketCall(sysno)) {
     return ErrorCode(ErrorCode::ERR_ALLOWED);
   }
 #endif
 
-  if (sysno == __NR_mprotect) {
-    if (IsArchitectureX86_64())
-      return RestrictMprotectFlags(sandbox);
-    else
-      return ErrorCode(ErrorCode::ERR_ALLOWED);
-  }
-
   // TODO(jln): some system calls in those sets are not supposed to
   // return ENOENT. Return the appropriate error.
   if (IsFileSystem(sysno) || IsCurrentDirectory(sysno)) {
author	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-05-16 18:24:30 +0000
committer	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-05-16 18:24:30 +0000
commit	4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48 (patch)
tree	b5cf635567657b964687342da5aec0ab421e3b1c /content
parent	e7c28cb150eb571397c704e7d771db29d46ff8b7 (diff)
download	chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.zip chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.tar.gz chromium_src-4431d0eb5ee4c5fcc1cfb32e3c6d81333bd68d48.tar.bz2