summaryrefslogtreecommitdiffstats
path: root/sandbox/linux
diff options
context:
space:
mode:
authorrobliao@chromium.org <robliao@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-04 21:48:10 +0000
committerrobliao@chromium.org <robliao@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-12-04 21:48:10 +0000
commita7964e571178f7066decccf4fbe5704b77751b63 (patch)
treeb5e608ec4d4c9ccb65533142dfa6b3c3858e6d12 /sandbox/linux
parent21d8ff1e1b8eaaa253bc7e8a79aa7d2c96b1d907 (diff)
downloadchromium_src-a7964e571178f7066decccf4fbe5704b77751b63.zip
chromium_src-a7964e571178f7066decccf4fbe5704b77751b63.tar.gz
chromium_src-a7964e571178f7066decccf4fbe5704b77751b63.tar.bz2
Revert of https://codereview.chromium.org/103323003/
Reason for revert: Breaking ChromiumOS Build TBR=jorgelo@chromium.org,jln@chromium.org NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/105503003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@238781 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux')
-rw-r--r--sandbox/linux/sandbox_linux.gypi14
-rw-r--r--sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc981
-rw-r--r--sandbox/linux/seccomp-bpf-helpers/syscall_sets.h97
3 files changed, 0 insertions, 1092 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index 097df5b..abbf32e 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -58,7 +58,6 @@
[ 'compile_seccomp_bpf==1', {
'dependencies': [
'seccomp_bpf',
- 'seccomp_bpf_helpers',
],
}],
],
@@ -128,19 +127,6 @@
],
},
{
- 'target_name': 'seccomp_bpf_helpers',
- 'type': 'static_library',
- 'sources': [
- 'seccomp-bpf-helpers/syscall_sets.cc',
- 'seccomp-bpf-helpers/syscall_sets.h',
- ],
- 'dependencies': [
- ],
- 'include_dirs': [
- '../..',
- ],
- },
- {
# A demonstration program for the seccomp-bpf sandbox.
'target_name': 'seccomp_bpf_demo',
'conditions': [
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
deleted file mode 100644
index a9795f0..0000000
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ /dev/null
@@ -1,981 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-
-#include "sandbox/linux/services/linux_syscalls.h"
-
-namespace sandbox {
-
-// The functions below cover all existing i386, x86_64, and ARM system calls;
-// excluding syscalls made obsolete in ARM EABI.
-// The implicitly defined sets form a partition of the sets of
-// system calls.
-
-// TODO(jln) we need to restrict the first parameter!
-bool IsKill(int sysno) {
- switch (sysno) {
- case __NR_kill:
- case __NR_tkill:
- case __NR_tgkill:
- return true;
- default:
- return false;
- }
-}
-
-bool IsAllowedGettime(int sysno) {
- switch (sysno) {
- case __NR_clock_gettime:
- case __NR_gettimeofday:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_time:
-#endif
- return true;
- case __NR_adjtimex: // Privileged.
- case __NR_clock_adjtime: // Privileged.
- case __NR_clock_getres: // Could be allowed.
- case __NR_clock_nanosleep: // Could be allowed.
- case __NR_clock_settime: // Privileged.
-#if defined(__i386__)
- case __NR_ftime: // Obsolete.
-#endif
- case __NR_settimeofday: // Privileged.
-#if defined(__i386__)
- case __NR_stime:
-#endif
- default:
- return false;
- }
-}
-
-bool IsCurrentDirectory(int sysno) {
- switch (sysno) {
- case __NR_getcwd:
- case __NR_chdir:
- case __NR_fchdir:
- return true;
- default:
- return false;
- }
-}
-
-bool IsUmask(int sysno) {
- switch (sysno) {
- case __NR_umask:
- return true;
- default:
- return false;
- }
-}
-
-// System calls that directly access the file system. They might acquire
-// a new file descriptor or otherwise perform an operation directly
-// via a path.
-// Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
-bool IsFileSystem(int sysno) {
- switch (sysno) {
- case __NR_access: // EPERM not a valid errno.
- case __NR_chmod:
- case __NR_chown:
-#if defined(__i386__) || defined(__arm__)
- case __NR_chown32:
-#endif
- case __NR_creat:
- case __NR_execve:
- case __NR_faccessat: // EPERM not a valid errno.
- case __NR_fchmodat:
- case __NR_fchownat: // Should be called chownat ?
-#if defined(__x86_64__)
- case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
-#elif defined(__i386__) || defined(__arm__)
- case __NR_fstatat64:
-#endif
- case __NR_futimesat: // Should be called utimesat ?
- case __NR_lchown:
-#if defined(__i386__) || defined(__arm__)
- case __NR_lchown32:
-#endif
- case __NR_link:
- case __NR_linkat:
- case __NR_lookup_dcookie: // ENOENT not a valid errno.
- case __NR_lstat: // EPERM not a valid errno.
-#if defined(__i386__)
- case __NR_oldlstat:
-#endif
-#if defined(__i386__) || defined(__arm__)
- case __NR_lstat64:
-#endif
- case __NR_mkdir:
- case __NR_mkdirat:
- case __NR_mknod:
- case __NR_mknodat:
- case __NR_open:
- case __NR_openat:
- case __NR_readlink: // EPERM not a valid errno.
- case __NR_readlinkat:
- case __NR_rename:
- case __NR_renameat:
- case __NR_rmdir:
- case __NR_stat: // EPERM not a valid errno.
-#if defined(__i386__)
- case __NR_oldstat:
-#endif
-#if defined(__i386__) || defined(__arm__)
- case __NR_stat64:
-#endif
- case __NR_statfs: // EPERM not a valid errno.
-#if defined(__i386__) || defined(__arm__)
- case __NR_statfs64:
-#endif
- case __NR_symlink:
- case __NR_symlinkat:
- case __NR_truncate:
-#if defined(__i386__) || defined(__arm__)
- case __NR_truncate64:
-#endif
- case __NR_unlink:
- case __NR_unlinkat:
- case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
- case __NR_ustat: // Same as above. Deprecated.
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_utime:
-#endif
- case __NR_utimensat: // New.
- case __NR_utimes:
- return true;
- default:
- return false;
- }
-}
-
-bool IsAllowedFileSystemAccessViaFd(int sysno) {
- switch (sysno) {
- case __NR_fstat:
-#if defined(__i386__) || defined(__arm__)
- case __NR_fstat64:
-#endif
- return true;
- // TODO(jln): these should be denied gracefully as well (moved below).
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_fadvise64: // EPERM not a valid errno.
-#endif
-#if defined(__i386__)
- case __NR_fadvise64_64:
-#endif
-#if defined(__arm__)
- case __NR_arm_fadvise64_64:
-#endif
- case __NR_fdatasync: // EPERM not a valid errno.
- case __NR_flock: // EPERM not a valid errno.
- case __NR_fstatfs: // Give information about the whole filesystem.
-#if defined(__i386__) || defined(__arm__)
- case __NR_fstatfs64:
-#endif
- case __NR_fsync: // EPERM not a valid errno.
-#if defined(__i386__)
- case __NR_oldfstat:
-#endif
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_sync_file_range: // EPERM not a valid errno.
-#elif defined(__arm__)
- case __NR_arm_sync_file_range: // EPERM not a valid errno.
-#endif
- default:
- return false;
- }
-}
-
-// EPERM is a good errno for any of these.
-bool IsDeniedFileSystemAccessViaFd(int sysno) {
- switch (sysno) {
- case __NR_fallocate:
- case __NR_fchmod:
- case __NR_fchown:
- case __NR_ftruncate:
-#if defined(__i386__) || defined(__arm__)
- case __NR_fchown32:
- case __NR_ftruncate64:
-#endif
- case __NR_getdents: // EPERM not a valid errno.
- case __NR_getdents64: // EPERM not a valid errno.
-#if defined(__i386__)
- case __NR_readdir:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-bool IsGetSimpleId(int sysno) {
- switch (sysno) {
- case __NR_capget:
- case __NR_getegid:
- case __NR_geteuid:
- case __NR_getgid:
- case __NR_getgroups:
- case __NR_getpid:
- case __NR_getppid:
- case __NR_getresgid:
- case __NR_getsid:
- case __NR_gettid:
- case __NR_getuid:
- case __NR_getresuid:
-#if defined(__i386__) || defined(__arm__)
- case __NR_getegid32:
- case __NR_geteuid32:
- case __NR_getgid32:
- case __NR_getgroups32:
- case __NR_getresgid32:
- case __NR_getresuid32:
- case __NR_getuid32:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-bool IsProcessPrivilegeChange(int sysno) {
- switch (sysno) {
- case __NR_capset:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_ioperm: // Intel privilege.
- case __NR_iopl: // Intel privilege.
-#endif
- case __NR_setfsgid:
- case __NR_setfsuid:
- case __NR_setgid:
- case __NR_setgroups:
- case __NR_setregid:
- case __NR_setresgid:
- case __NR_setresuid:
- case __NR_setreuid:
- case __NR_setuid:
-#if defined(__i386__) || defined(__arm__)
- case __NR_setfsgid32:
- case __NR_setfsuid32:
- case __NR_setgid32:
- case __NR_setgroups32:
- case __NR_setregid32:
- case __NR_setresgid32:
- case __NR_setresuid32:
- case __NR_setreuid32:
- case __NR_setuid32:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-bool IsProcessGroupOrSession(int sysno) {
- switch (sysno) {
- case __NR_setpgid:
- case __NR_getpgrp:
- case __NR_setsid:
- case __NR_getpgid:
- return true;
- default:
- return false;
- }
-}
-
-bool IsAllowedSignalHandling(int sysno) {
- switch (sysno) {
- case __NR_rt_sigaction:
- case __NR_rt_sigprocmask:
- case __NR_rt_sigreturn:
-#if defined(__i386__) || defined(__arm__)
- case __NR_sigaction:
- case __NR_sigprocmask:
- case __NR_sigreturn:
-#endif
- return true;
- case __NR_rt_sigpending:
- case __NR_rt_sigqueueinfo:
- case __NR_rt_sigsuspend:
- case __NR_rt_sigtimedwait:
- case __NR_rt_tgsigqueueinfo:
- case __NR_sigaltstack:
- case __NR_signalfd:
- case __NR_signalfd4:
-#if defined(__i386__) || defined(__arm__)
- case __NR_sigpending:
- case __NR_sigsuspend:
-#endif
-#if defined(__i386__)
- case __NR_signal:
- case __NR_sgetmask: // Obsolete.
- case __NR_ssetmask:
-#endif
- default:
- return false;
- }
-}
-
-bool IsAllowedOperationOnFd(int sysno) {
- switch (sysno) {
- case __NR_close:
- case __NR_dup:
- case __NR_dup2:
- case __NR_dup3:
-#if defined(__x86_64__) || defined(__arm__)
- case __NR_shutdown:
-#endif
- return true;
- case __NR_fcntl:
-#if defined(__i386__) || defined(__arm__)
- case __NR_fcntl64:
-#endif
- default:
- return false;
- }
-}
-
-bool IsKernelInternalApi(int sysno) {
- switch (sysno) {
- case __NR_restart_syscall:
-#if defined(__arm__)
- case __ARM_NR_cmpxchg:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-// This should be thought through in conjunction with IsFutex().
-bool IsAllowedProcessStartOrDeath(int sysno) {
- switch (sysno) {
- case __NR_clone: // TODO(jln): restrict flags.
- case __NR_exit:
- case __NR_exit_group:
- case __NR_wait4:
- case __NR_waitid:
-#if defined(__i386__)
- case __NR_waitpid:
-#endif
- return true;
- case __NR_setns: // Privileged.
- case __NR_fork:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_get_thread_area:
- case __NR_set_thread_area:
-#endif
- case __NR_set_tid_address:
- case __NR_unshare:
- case __NR_vfork:
- default:
- return false;
- }
-}
-
-// It's difficult to restrict those, but there is attack surface here.
-bool IsFutex(int sysno) {
- switch (sysno) {
- case __NR_futex:
- case __NR_get_robust_list:
- case __NR_set_robust_list:
- return true;
- default:
- return false;
- }
-}
-
-bool IsAllowedEpoll(int sysno) {
- switch (sysno) {
- case __NR_epoll_create:
- case __NR_epoll_create1:
- case __NR_epoll_ctl:
- case __NR_epoll_wait:
- return true;
- default:
-#if defined(__x86_64__)
- case __NR_epoll_ctl_old:
-#endif
- case __NR_epoll_pwait:
-#if defined(__x86_64__)
- case __NR_epoll_wait_old:
-#endif
- return false;
- }
-}
-
-bool IsAllowedGetOrModifySocket(int sysno) {
- switch (sysno) {
- case __NR_pipe:
- case __NR_pipe2:
- return true;
- default:
-#if defined(__x86_64__) || defined(__arm__)
- case __NR_socketpair: // We will want to inspect its argument.
-#endif
- return false;
- }
-}
-
-bool IsDeniedGetOrModifySocket(int sysno) {
- switch (sysno) {
-#if defined(__x86_64__) || defined(__arm__)
- case __NR_accept:
- case __NR_accept4:
- case __NR_bind:
- case __NR_connect:
- case __NR_socket:
- case __NR_listen:
- return true;
-#endif
- default:
- return false;
- }
-}
-
-#if defined(__i386__)
-// Big multiplexing system call for sockets.
-bool IsSocketCall(int sysno) {
- switch (sysno) {
- case __NR_socketcall:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-#if defined(__x86_64__) || defined(__arm__)
-bool IsNetworkSocketInformation(int sysno) {
- switch (sysno) {
- case __NR_getpeername:
- case __NR_getsockname:
- case __NR_getsockopt:
- case __NR_setsockopt:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-bool IsAllowedAddressSpaceAccess(int sysno) {
- switch (sysno) {
- case __NR_brk:
- case __NR_mlock:
- case __NR_munlock:
- case __NR_munmap:
- return true;
- case __NR_madvise:
- case __NR_mincore:
- case __NR_mlockall:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_mmap:
-#endif
-#if defined(__i386__) || defined(__arm__)
- case __NR_mmap2:
-#endif
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_modify_ldt:
-#endif
- case __NR_mprotect:
- case __NR_mremap:
- case __NR_msync:
- case __NR_munlockall:
- case __NR_readahead:
- case __NR_remap_file_pages:
-#if defined(__i386__)
- case __NR_vm86:
- case __NR_vm86old:
-#endif
- default:
- return false;
- }
-}
-
-bool IsAllowedGeneralIo(int sysno) {
- switch (sysno) {
- case __NR_lseek:
-#if defined(__i386__) || defined(__arm__)
- case __NR__llseek:
-#endif
- case __NR_poll:
- case __NR_ppoll:
- case __NR_pselect6:
- case __NR_read:
- case __NR_readv:
-#if defined(__arm__)
- case __NR_recv:
-#endif
-#if defined(__x86_64__) || defined(__arm__)
- case __NR_recvfrom: // Could specify source.
- case __NR_recvmsg: // Could specify source.
-#endif
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_select:
-#endif
-#if defined(__i386__) || defined(__arm__)
- case __NR__newselect:
-#endif
-#if defined(__arm__)
- case __NR_send:
-#endif
-#if defined(__x86_64__) || defined(__arm__)
- case __NR_sendmsg: // Could specify destination.
- case __NR_sendto: // Could specify destination.
-#endif
- case __NR_write:
- case __NR_writev:
- return true;
- case __NR_ioctl: // Can be very powerful.
- case __NR_pread64:
- case __NR_preadv:
- case __NR_pwrite64:
- case __NR_pwritev:
- case __NR_recvmmsg: // Could specify source.
- case __NR_sendfile:
-#if defined(__i386__) || defined(__arm__)
- case __NR_sendfile64:
-#endif
- case __NR_sendmmsg: // Could specify destination.
- case __NR_splice:
- case __NR_tee:
- case __NR_vmsplice:
- default:
- return false;
- }
-}
-
-bool IsAllowedPrctl(int sysno) {
- switch (sysno) {
- case __NR_prctl:
- return true;
- default:
-#if defined(__x86_64__)
- case __NR_arch_prctl:
-#endif
- return false;
- }
-}
-
-bool IsAllowedBasicScheduler(int sysno) {
- switch (sysno) {
- case __NR_sched_yield:
- case __NR_pause:
- case __NR_nanosleep:
- return true;
- case __NR_getpriority:
-#if defined(__i386__) || defined(__arm__)
- case __NR_nice:
-#endif
- case __NR_setpriority:
- default:
- return false;
- }
-}
-
-bool IsAdminOperation(int sysno) {
- switch (sysno) {
-#if defined(__i386__) || defined(__arm__)
- case __NR_bdflush:
-#endif
- case __NR_kexec_load:
- case __NR_reboot:
- case __NR_setdomainname:
- case __NR_sethostname:
- case __NR_syslog:
- return true;
- default:
- return false;
- }
-}
-
-bool IsKernelModule(int sysno) {
- switch (sysno) {
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_create_module:
- case __NR_get_kernel_syms: // Should ENOSYS.
- case __NR_query_module:
-#endif
- case __NR_delete_module:
- case __NR_init_module:
- return true;
- default:
- return false;
- }
-}
-
-bool IsGlobalFSViewChange(int sysno) {
- switch (sysno) {
- case __NR_pivot_root:
- case __NR_chroot:
- case __NR_sync:
- return true;
- default:
- return false;
- }
-}
-
-bool IsFsControl(int sysno) {
- switch (sysno) {
- case __NR_mount:
- case __NR_nfsservctl:
- case __NR_quotactl:
- case __NR_swapoff:
- case __NR_swapon:
-#if defined(__i386__)
- case __NR_umount:
-#endif
- case __NR_umount2:
- return true;
- default:
- return false;
- }
-}
-
-bool IsNuma(int sysno) {
- switch (sysno) {
- case __NR_get_mempolicy:
- case __NR_getcpu:
- case __NR_mbind:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_migrate_pages:
-#endif
- case __NR_move_pages:
- case __NR_set_mempolicy:
- return true;
- default:
- return false;
- }
-}
-
-bool IsMessageQueue(int sysno) {
- switch (sysno) {
- case __NR_mq_getsetattr:
- case __NR_mq_notify:
- case __NR_mq_open:
- case __NR_mq_timedreceive:
- case __NR_mq_timedsend:
- case __NR_mq_unlink:
- return true;
- default:
- return false;
- }
-}
-
-bool IsGlobalProcessEnvironment(int sysno) {
- switch (sysno) {
- case __NR_acct: // Privileged.
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_getrlimit:
-#endif
-#if defined(__i386__) || defined(__arm__)
- case __NR_ugetrlimit:
-#endif
-#if defined(__i386__)
- case __NR_ulimit:
-#endif
- case __NR_getrusage:
- case __NR_personality: // Can change its personality as well.
- case __NR_prlimit64: // Like setrlimit / getrlimit.
- case __NR_setrlimit:
- case __NR_times:
- return true;
- default:
- return false;
- }
-}
-
-bool IsDebug(int sysno) {
- switch (sysno) {
- case __NR_ptrace:
- case __NR_process_vm_readv:
- case __NR_process_vm_writev:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_kcmp:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-bool IsGlobalSystemStatus(int sysno) {
- switch (sysno) {
- case __NR__sysctl:
- case __NR_sysfs:
- case __NR_sysinfo:
- case __NR_uname:
-#if defined(__i386__)
- case __NR_olduname:
- case __NR_oldolduname:
-#endif
- return true;
- default:
- return false;
- }
-}
-
-bool IsEventFd(int sysno) {
- switch (sysno) {
- case __NR_eventfd:
- case __NR_eventfd2:
- return true;
- default:
- return false;
- }
-}
-
-// Asynchronous I/O API.
-bool IsAsyncIo(int sysno) {
- switch (sysno) {
- case __NR_io_cancel:
- case __NR_io_destroy:
- case __NR_io_getevents:
- case __NR_io_setup:
- case __NR_io_submit:
- return true;
- default:
- return false;
- }
-}
-
-bool IsKeyManagement(int sysno) {
- switch (sysno) {
- case __NR_add_key:
- case __NR_keyctl:
- case __NR_request_key:
- return true;
- default:
- return false;
- }
-}
-
-#if defined(__x86_64__) || defined(__arm__)
-bool IsSystemVSemaphores(int sysno) {
- switch (sysno) {
- case __NR_semctl:
- case __NR_semget:
- case __NR_semop:
- case __NR_semtimedop:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-#if defined(__x86_64__) || defined(__arm__)
-// These give a lot of ambient authority and bypass the setuid sandbox.
-bool IsSystemVSharedMemory(int sysno) {
- switch (sysno) {
- case __NR_shmat:
- case __NR_shmctl:
- case __NR_shmdt:
- case __NR_shmget:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-#if defined(__x86_64__) || defined(__arm__)
-bool IsSystemVMessageQueue(int sysno) {
- switch (sysno) {
- case __NR_msgctl:
- case __NR_msgget:
- case __NR_msgrcv:
- case __NR_msgsnd:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-#if defined(__i386__)
-// Big system V multiplexing system call.
-bool IsSystemVIpc(int sysno) {
- switch (sysno) {
- case __NR_ipc:
- return true;
- default:
- return false;
- }
-}
-#endif
-
-bool IsAnySystemV(int sysno) {
-#if defined(__x86_64__) || defined(__arm__)
- return IsSystemVMessageQueue(sysno) ||
- IsSystemVSemaphores(sysno) ||
- IsSystemVSharedMemory(sysno);
-#elif defined(__i386__)
- return IsSystemVIpc(sysno);
-#endif
-}
-
-bool IsAdvancedScheduler(int sysno) {
- switch (sysno) {
- case __NR_ioprio_get: // IO scheduler.
- case __NR_ioprio_set:
- case __NR_sched_get_priority_max:
- case __NR_sched_get_priority_min:
- case __NR_sched_getaffinity:
- case __NR_sched_getparam:
- case __NR_sched_getscheduler:
- case __NR_sched_rr_get_interval:
- case __NR_sched_setaffinity:
- case __NR_sched_setparam:
- case __NR_sched_setscheduler:
- return true;
- default:
- return false;
- }
-}
-
-bool IsInotify(int sysno) {
- switch (sysno) {
- case __NR_inotify_add_watch:
- case __NR_inotify_init:
- case __NR_inotify_init1:
- case __NR_inotify_rm_watch:
- return true;
- default:
- return false;
- }
-}
-
-bool IsFaNotify(int sysno) {
- switch (sysno) {
- case __NR_fanotify_init:
- case __NR_fanotify_mark:
- return true;
- default:
- return false;
- }
-}
-
-bool IsTimer(int sysno) {
- switch (sysno) {
- case __NR_getitimer:
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_alarm:
-#endif
- case __NR_setitimer:
- return true;
- default:
- return false;
- }
-}
-
-bool IsAdvancedTimer(int sysno) {
- switch (sysno) {
- case __NR_timer_create:
- case __NR_timer_delete:
- case __NR_timer_getoverrun:
- case __NR_timer_gettime:
- case __NR_timer_settime:
- case __NR_timerfd_create:
- case __NR_timerfd_gettime:
- case __NR_timerfd_settime:
- return true;
- default:
- return false;
- }
-}
-
-bool IsExtendedAttributes(int sysno) {
- switch (sysno) {
- case __NR_fgetxattr:
- case __NR_flistxattr:
- case __NR_fremovexattr:
- case __NR_fsetxattr:
- case __NR_getxattr:
- case __NR_lgetxattr:
- case __NR_listxattr:
- case __NR_llistxattr:
- case __NR_lremovexattr:
- case __NR_lsetxattr:
- case __NR_removexattr:
- case __NR_setxattr:
- return true;
- default:
- return false;
- }
-}
-
-// Various system calls that need to be researched.
-// TODO(jln): classify this better.
-bool IsMisc(int sysno) {
- switch (sysno) {
- case __NR_name_to_handle_at:
- case __NR_open_by_handle_at:
- case __NR_perf_event_open:
- case __NR_syncfs:
- case __NR_vhangup:
- // The system calls below are not implemented.
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_afs_syscall:
-#endif
-#if defined(__i386__)
- case __NR_break:
-#endif
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_getpmsg:
-#endif
-#if defined(__i386__)
- case __NR_gtty:
- case __NR_idle:
- case __NR_lock:
- case __NR_mpx:
- case __NR_prof:
- case __NR_profil:
-#endif
-#if defined(__i386__) || defined(__x86_64__)
- case __NR_putpmsg:
-#endif
-#if defined(__x86_64__)
- case __NR_security:
-#endif
-#if defined(__i386__)
- case __NR_stty:
-#endif
-#if defined(__x86_64__)
- case __NR_tuxcall:
-#endif
- case __NR_vserver:
- return true;
- default:
- return false;
- }
-}
-
-#if defined(__arm__)
-bool IsArmPciConfig(int sysno) {
- switch (sysno) {
- case __NR_pciconfig_iobase:
- case __NR_pciconfig_read:
- case __NR_pciconfig_write:
- return true;
- default:
- return false;
- }
-}
-
-bool IsArmPrivate(int sysno) {
- switch (sysno) {
- case __ARM_NR_breakpoint:
- case __ARM_NR_cacheflush:
- case __ARM_NR_set_tls:
- case __ARM_NR_usr26:
- case __ARM_NR_usr32:
- return true;
- default:
- return false;
- }
-}
-#endif // defined(__arm__)
-
-} // namespace sandbox.
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
deleted file mode 100644
index aae8e3f..0000000
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_H_
-#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_H_
-
-#include "build/build_config.h"
-
-// These are helpers to build seccomp-bpf policies, i.e. policies for a
-// sandbox that reduces the Linux kernel's attack surface. Given their
-// nature, they don't have any clear semantics and are completely
-// "implementation-defined".
-
-namespace sandbox {
-
-bool IsKill(int sysno);
-bool IsAllowedGettime(int sysno);
-bool IsCurrentDirectory(int sysno);
-bool IsUmask(int sysno);
-// System calls that directly access the file system. They might acquire
-// a new file descriptor or otherwise perform an operation directly
-// via a path.
-bool IsFileSystem(int sysno);
-bool IsAllowedFileSystemAccessViaFd(int sysno);
-bool IsDeniedFileSystemAccessViaFd(int sysno);
-bool IsGetSimpleId(int sysno);
-bool IsProcessPrivilegeChange(int sysno);
-bool IsProcessGroupOrSession(int sysno);
-bool IsAllowedSignalHandling(int sysno);
-bool IsAllowedOperationOnFd(int sysno);
-bool IsKernelInternalApi(int sysno);
-// This should be thought through in conjunction with IsFutex().
-bool IsAllowedProcessStartOrDeath(int sysno);
-// It's difficult to restrict those, but there is attack surface here.
-bool IsFutex(int sysno);
-bool IsAllowedEpoll(int sysno);
-bool IsAllowedGetOrModifySocket(int sysno);
-bool IsDeniedGetOrModifySocket(int sysno);
-
-#if defined(__i386__)
-// Big multiplexing system call for sockets.
-bool IsSocketCall(int sysno);
-#endif
-
-#if defined(__x86_64__) || defined(__arm__)
-bool IsNetworkSocketInformation(int sysno);
-#endif
-
-bool IsAllowedAddressSpaceAccess(int sysno);
-bool IsAllowedGeneralIo(int sysno);
-bool IsAllowedPrctl(int sysno);
-bool IsAllowedBasicScheduler(int sysno);
-bool IsAdminOperation(int sysno);
-bool IsKernelModule(int sysno);
-bool IsGlobalFSViewChange(int sysno);
-bool IsFsControl(int sysno);
-bool IsNuma(int sysno);
-bool IsMessageQueue(int sysno);
-bool IsGlobalProcessEnvironment(int sysno);
-bool IsDebug(int sysno);
-bool IsGlobalSystemStatus(int sysno);
-bool IsEventFd(int sysno);
-// Asynchronous I/O API.
-bool IsAsyncIo(int sysno);
-bool IsKeyManagement(int sysno);
-#if defined(__x86_64__) || defined(__arm__)
-bool IsSystemVSemaphores(int sysno);
-#endif
-#if defined(__x86_64__) || defined(__arm__)
-// These give a lot of ambient authority and bypass the setuid sandbox.
-bool IsSystemVSharedMemory(int sysno);
-#endif
-
-#if defined(__x86_64__) || defined(__arm__)
-#endif
-
-#if defined(__i386__)
-// Big system V multiplexing system call.
-bool IsSystemVIpc(int sysno);
-#endif
-
-bool IsAnySystemV(int sysno);
-bool IsAdvancedScheduler(int sysno);
-bool IsInotify(int sysno);
-bool IsFaNotify(int sysno);
-bool IsTimer(int sysno);
-bool IsAdvancedTimer(int sysno);
-bool IsExtendedAttributes(int sysno);
-bool IsMisc(int sysno);
-#if defined(__arm__)
-bool IsArmPciConfig(int sysno);
-#endif // defined(__arm__)
-
-} // namespace sandbox.
-
-#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_H_
generated by cgit v1.1 at 2025-02-19 17:47:24 +0000