Linux sandbox: Restrict sched_* syscalls on the GPU and ppapi processes.

BUG=399473,413855

Review URL: https://codereview.chromium.org/598203004

Cr-Commit-Position: refs/heads/master@{#297248}

3 files changed, 14 insertions, 10 deletions

diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index aa347de..b154622 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -234,16 +234,15 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
 
 // Unfortunately C++03 doesn't allow delegated constructors.
 // Call other constructor when C++11 lands.
-BaselinePolicy::BaselinePolicy()
-    : fs_denied_errno_(EPERM), current_pid_(syscall(__NR_getpid)) {}
+BaselinePolicy::BaselinePolicy() : BaselinePolicy(EPERM) {}
 
 BaselinePolicy::BaselinePolicy(int fs_denied_errno)
-    : fs_denied_errno_(fs_denied_errno), current_pid_(syscall(__NR_getpid)) {}
+    : fs_denied_errno_(fs_denied_errno), policy_pid_(syscall(__NR_getpid)) {}
 
 BaselinePolicy::~BaselinePolicy() {
   // Make sure that this policy is created, used and destroyed by a single
   // process.
-  DCHECK_EQ(syscall(__NR_getpid), current_pid_);
+  DCHECK_EQ(syscall(__NR_getpid), policy_pid_);
 }
 
 ResultExpr BaselinePolicy::EvaluateSyscall(int sysno) const {
@@ -251,9 +250,9 @@ ResultExpr BaselinePolicy::EvaluateSyscall(int sysno) const {
   DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
   // Make sure that this policy is used in the creating process.
   if (1 == sysno) {
-    DCHECK_EQ(syscall(__NR_getpid), current_pid_);
+    DCHECK_EQ(syscall(__NR_getpid), policy_pid_);
   }
-  return EvaluateSyscallImpl(fs_denied_errno_, current_pid_, sysno);
+  return EvaluateSyscallImpl(fs_denied_errno_, policy_pid_, sysno);
 }
 
 ResultExpr BaselinePolicy::InvalidSyscall() const {
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
index 8f842f0..8e39d48 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
@@ -32,10 +32,14 @@ class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::SandboxBPFDSLPolicy {
   virtual bpf_dsl::ResultExpr EvaluateSyscall(
       int system_call_number) const OVERRIDE;
   virtual bpf_dsl::ResultExpr InvalidSyscall() const OVERRIDE;
+  pid_t policy_pid() const { return policy_pid_; }
 
  private:
   int fs_denied_errno_;
-  pid_t current_pid_;
+
+  // The PID that the policy applies to (should be equal to the current pid).
+  pid_t policy_pid_;
+
   DISALLOW_COPY_AND_ASSIGN(BaselinePolicy);
 };
 
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
index a71e611..bf9909c 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
@@ -57,14 +57,15 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictSocketcallCommand();
 // Restrict |sysno| (which must be kill, tkill or tgkill) by allowing tgkill or
 // kill iff the first parameter is |target_pid|, crashing otherwise or if
 // |sysno| is tkill.
-bpf_dsl::ResultExpr RestrictKillTarget(pid_t target_pid, int sysno);
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictKillTarget(pid_t target_pid,
+                                                      int sysno);
 
 // Crash if FUTEX_CMP_REQUEUE_PI is used in the second argument of futex(2).
-bpf_dsl::ResultExpr RestrictFutex();
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictFutex();
 
 // Crash if |which| is not PRIO_PROCESS. EPERM if |who| is not 0, neither
 // |target_pid| while calling setpriority(2) / getpriority(2).
-bpf_dsl::ResultExpr RestrictGetSetpriority(pid_t target_pid);
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetSetpriority(pid_t target_pid);
 
 // Restrict |clk_id| for clock_getres(), clock_gettime() and clock_settime().
 // We allow accessing only CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID,