blob: dc92681f09cfa6ae87f7b5b79f4210048e0e9fd6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
#include "base/basictypes.h"
#include "build/build_config.h"
#include "sandbox/linux/sandbox_export.h"
// These are helpers to build seccomp-bpf policies, i.e. policies for a
// sandbox that reduces the Linux kernel's attack surface. Given their
// nature, they don't have any clear semantics and are completely
// "implementation-defined".
namespace sandbox {
class SANDBOX_EXPORT SyscallSets {
public:
static bool IsKill(int sysno);
static bool IsAllowedGettime(int sysno);
static bool IsCurrentDirectory(int sysno);
static bool IsUmask(int sysno);
// System calls that directly access the file system. They might acquire
// a new file descriptor or otherwise perform an operation directly
// via a path.
static bool IsFileSystem(int sysno);
static bool IsAllowedFileSystemAccessViaFd(int sysno);
static bool IsDeniedFileSystemAccessViaFd(int sysno);
static bool IsGetSimpleId(int sysno);
static bool IsProcessPrivilegeChange(int sysno);
static bool IsProcessGroupOrSession(int sysno);
static bool IsAllowedSignalHandling(int sysno);
static bool IsAllowedOperationOnFd(int sysno);
static bool IsKernelInternalApi(int sysno);
// This should be thought through in conjunction with IsFutex().
static bool IsAllowedProcessStartOrDeath(int sysno);
// It's difficult to restrict those, but there is attack surface here.
static bool IsFutex(int sysno);
static bool IsAllowedEpoll(int sysno);
static bool IsAllowedGetOrModifySocket(int sysno);
static bool IsDeniedGetOrModifySocket(int sysno);
#if defined(__i386__)
// Big multiplexing system call for sockets.
static bool IsSocketCall(int sysno);
#endif
#if defined(__x86_64__) || defined(__arm__)
static bool IsNetworkSocketInformation(int sysno);
#endif
static bool IsAllowedAddressSpaceAccess(int sysno);
static bool IsAllowedGeneralIo(int sysno);
static bool IsAllowedPrctl(int sysno);
static bool IsAllowedBasicScheduler(int sysno);
static bool IsAdminOperation(int sysno);
static bool IsKernelModule(int sysno);
static bool IsGlobalFSViewChange(int sysno);
static bool IsFsControl(int sysno);
static bool IsNuma(int sysno);
static bool IsMessageQueue(int sysno);
static bool IsGlobalProcessEnvironment(int sysno);
static bool IsDebug(int sysno);
static bool IsGlobalSystemStatus(int sysno);
static bool IsEventFd(int sysno);
// Asynchronous I/O API.
static bool IsAsyncIo(int sysno);
static bool IsKeyManagement(int sysno);
#if defined(__x86_64__) || defined(__arm__)
static bool IsSystemVSemaphores(int sysno);
#endif
#if defined(__x86_64__) || defined(__arm__)
// These give a lot of ambient authority and bypass the setuid sandbox.
static bool IsSystemVSharedMemory(int sysno);
#endif
#if defined(__x86_64__) || defined(__arm__)
static bool IsSystemVMessageQueue(int sysno);
#endif
#if defined(__i386__)
// Big system V multiplexing system call.
static bool IsSystemVIpc(int sysno);
#endif
static bool IsAnySystemV(int sysno);
static bool IsAdvancedScheduler(int sysno);
static bool IsInotify(int sysno);
static bool IsFaNotify(int sysno);
static bool IsTimer(int sysno);
static bool IsAdvancedTimer(int sysno);
static bool IsExtendedAttributes(int sysno);
static bool IsMisc(int sysno);
#if defined(__arm__)
static bool IsArmPciConfig(int sysno);
static bool IsArmPrivate(int sysno);
#endif // defined(__arm__)
private:
DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);
};
} // namespace sandbox.
#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
|
