sandbox: Update known syscalls to kernel 3.17

Updated Arm, Mips, x86_32 and x86_64 syscall defines
to match the latest kernel 3.17 at the time of this commit.

BUG=406123
TEST=sandbox_linux_unittests

Review URL: https://codereview.chromium.org/493603003

Cr-Commit-Position: refs/heads/master@{#291315}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291315 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 127 insertions, 2 deletions

diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 7f4d559..1a6bec5 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -181,6 +181,9 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
     return Error(fs_denied_errno);
   }
 
+  if (SyscallSets::IsSeccomp(sysno))
+    return Error(EPERM);
+
   if (SyscallSets::IsAnySystemV(sysno)) {
     return Error(EPERM);
   }
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index f31695f..d3b9807 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -107,6 +107,9 @@ bool SyscallSets::IsFileSystem(int sysno) {
 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
     case __NR_lstat64:
 #endif
+#if !defined(__mips__)
+    case __NR_memfd_create:
+#endif
     case __NR_mkdir:
     case __NR_mkdirat:
     case __NR_mknod:
@@ -117,6 +120,7 @@ bool SyscallSets::IsFileSystem(int sysno) {
     case __NR_readlinkat:
     case __NR_rename:
     case __NR_renameat:
+    case __NR_renameat2:
     case __NR_rmdir:
     case __NR_stat:  // EPERM not a valid errno.
 #if defined(__i386__)
@@ -564,6 +568,15 @@ bool SyscallSets::IsPrctl(int sysno) {
   }
 }
 
+bool SyscallSets::IsSeccomp(int sysno) {
+  switch (sysno) {
+    case __NR_seccomp:
+      return true;
+    default:
+      return false;
+  }
+}
+
 bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
   switch (sysno) {
     case __NR_sched_yield:
@@ -605,6 +618,7 @@ bool SyscallSets::IsKernelModule(int sysno) {
 #endif
     case __NR_delete_module:
     case __NR_init_module:
+    case __NR_finit_module:
       return true;
     default:
       return false;
@@ -697,9 +711,7 @@ bool SyscallSets::IsDebug(int sysno) {
     case __NR_ptrace:
     case __NR_process_vm_readv:
     case __NR_process_vm_writev:
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
     case __NR_kcmp:
-#endif
       return true;
     default:
       return false;
@@ -828,10 +840,12 @@ bool SyscallSets::IsAdvancedScheduler(int sysno) {
     case __NR_sched_get_priority_max:
     case __NR_sched_get_priority_min:
     case __NR_sched_getaffinity:
+    case __NR_sched_getattr:
     case __NR_sched_getparam:
     case __NR_sched_getscheduler:
     case __NR_sched_rr_get_interval:
     case __NR_sched_setaffinity:
+    case __NR_sched_setattr:
     case __NR_sched_setparam:
     case __NR_sched_setscheduler:
       return true;
@@ -915,6 +929,9 @@ bool SyscallSets::IsExtendedAttributes(int sysno) {
 // TODO(jln): classify this better.
 bool SyscallSets::IsMisc(int sysno) {
   switch (sysno) {
+#if !defined(_mips_)
+    case __NR_getrandom:
+#endif
     case __NR_name_to_handle_at:
     case __NR_open_by_handle_at:
     case __NR_perf_event_open:
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
index b0cf10c..bda1d72 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
@@ -54,6 +54,7 @@ class SANDBOX_EXPORT SyscallSets {
   static bool IsAllowedAddressSpaceAccess(int sysno);
   static bool IsAllowedGeneralIo(int sysno);
   static bool IsPrctl(int sysno);
+  static bool IsSeccomp(int sysno);
   static bool IsAllowedBasicScheduler(int sysno);
   static bool IsAdminOperation(int sysno);
   static bool IsKernelModule(int sysno);
diff --git a/sandbox/linux/services/arm_linux_syscalls.h b/sandbox/linux/services/arm_linux_syscalls.h
index dd0826e..5fa140d 100644
--- a/sandbox/linux/services/arm_linux_syscalls.h
+++ b/sandbox/linux/services/arm_linux_syscalls.h
@@ -1347,6 +1347,38 @@
 #define __NR_process_vm_writev (__NR_SYSCALL_BASE+377)
 #endif
 
+#if !defined(__NR_kcmp)
+#define __NR_kcmp (__NR_SYSCALL_BASE+378)
+#endif
+
+#if !defined(__NR_finit_module)
+#define __NR_finit_module (__NR_SYSCALL_BASE+379)
+#endif
+
+#if !defined(__NR_sched_setattr)
+#define __NR_sched_setattr (__NR_SYSCALL_BASE+380)
+#endif
+
+#if !defined(__NR_sched_getattr)
+#define __NR_sched_getattr (__NR_SYSCALL_BASE+381)
+#endif
+
+#if !defined(__NR_renameat2)
+#define __NR_renameat2 (__NR_SYSCALL_BASE+382)
+#endif
+
+#if !defined(__NR_seccomp)
+#define __NR_seccomp (__NR_SYSCALL_BASE+383)
+#endif
+
+#if !defined(__NR_getrandom)
+#define __NR_getrandom (__NR_SYSCALL_BASE+384)
+#endif
+
+#if !defined(__NR_memfd_create)
+#define __NR_memfd_create (__NR_SYSCALL_BASE+385)
+#endif
+
 // ARM private syscalls.
 #if !defined(__ARM_NR_breakpoint)
 #define __ARM_NR_breakpoint (__ARM_NR_BASE+1)
diff --git a/sandbox/linux/services/mips_linux_syscalls.h b/sandbox/linux/services/mips_linux_syscalls.h
index ef609f7..14daff9 100644
--- a/sandbox/linux/services/mips_linux_syscalls.h
+++ b/sandbox/linux/services/mips_linux_syscalls.h
@@ -1409,4 +1409,20 @@
 #define __NR_finit_module (__NR_Linux + 348)
 #endif
 
+#if !defined(__NR_sched_setattr)
+#define __NR_sched_setattr (__NR_Linux + 349)
+#endif
+
+#if !defined(__NR_sched_getattr)
+#define __NR_sched_getattr (__NR_Linux + 350)
+#endif
+
+#if !defined(__NR_renameat2)
+#define __NR_renameat2 (__NR_Linux + 351)
+#endif
+
+#if !defined(__NR_seccomp)
+#define __NR_seccomp (__NR_Linux + 352)
+#endif
+
 #endif  // SANDBOX_LINUX_SERVICES_MIPS_LINUX_SYSCALLS_H_
diff --git a/sandbox/linux/services/x86_32_linux_syscalls.h b/sandbox/linux/services/x86_32_linux_syscalls.h
index ca8ccbd..0fc2183 100644
--- a/sandbox/linux/services/x86_32_linux_syscalls.h
+++ b/sandbox/linux/services/x86_32_linux_syscalls.h
@@ -1394,5 +1394,33 @@
 #define __NR_kcmp 349
 #endif
 
+#if !defined(__NR_finit_module)
+#define __NR_finit_module 350
+#endif
+
+#if !defined(__NR_sched_setattr)
+#define __NR_sched_setattr 351
+#endif
+
+#if !defined(__NR_sched_getattr)
+#define __NR_sched_getattr 352
+#endif
+
+#if !defined(__NR_renameat2)
+#define __NR_renameat2 353
+#endif
+
+#if !defined(__NR_seccomp)
+#define __NR_seccomp 354
+#endif
+
+#if !defined(__NR_getrandom)
+#define __NR_getrandom 355
+#endif
+
+#if !defined(__NR_memfd_create)
+#define __NR_memfd_create 356
+#endif
+
 #endif  // SANDBOX_LINUX_SERVICES_X86_32_LINUX_SYSCALLS_H_
 
diff --git a/sandbox/linux/services/x86_64_linux_syscalls.h b/sandbox/linux/services/x86_64_linux_syscalls.h
index bd30c55..ea6c555 100644
--- a/sandbox/linux/services/x86_64_linux_syscalls.h
+++ b/sandbox/linux/services/x86_64_linux_syscalls.h
@@ -1262,5 +1262,33 @@
 #define __NR_kcmp 312
 #endif
 
+#if !defined(__NR_finit_module)
+#define __NR_finit_module 313
+#endif
+
+#if !defined(__NR_sched_setattr)
+#define __NR_sched_setattr 314
+#endif
+
+#if !defined(__NR_sched_getattr)
+#define __NR_sched_getattr 315
+#endif
+
+#if !defined(__NR_renameat2)
+#define __NR_renameat2 316
+#endif
+
+#if !defined(__NR_seccomp)
+#define __NR_seccomp 317
+#endif
+
+#if !defined(__NR_getrandom)
+#define __NR_getrandom 318
+#endif
+
+#if !defined(__NR_memfd_create)
+#define __NR_memfd_create 319
+#endif
+
 #endif  // SANDBOX_LINUX_SERVICES_X86_64_LINUX_SYSCALLS_H_