112 lines
4.1 KiB
C++
112 lines
4.1 KiB
C++
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
|
|
#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
|
|
|
|
#include "base/macros.h"
|
|
#include "build/build_config.h"
|
|
#include "sandbox/sandbox_export.h"
|
|
|
|
// These are helpers to build seccomp-bpf policies, i.e. policies for a
|
|
// sandbox that reduces the Linux kernel's attack surface. Given their
|
|
// nature, they don't have any clear semantics and are completely
|
|
// "implementation-defined".
|
|
|
|
namespace sandbox {
|
|
|
|
class SANDBOX_EXPORT SyscallSets {
|
|
public:
|
|
static bool IsKill(int sysno);
|
|
static bool IsAllowedGettime(int sysno);
|
|
static bool IsCurrentDirectory(int sysno);
|
|
static bool IsUmask(int sysno);
|
|
// System calls that directly access the file system. They might acquire
|
|
// a new file descriptor or otherwise perform an operation directly
|
|
// via a path.
|
|
static bool IsFileSystem(int sysno);
|
|
static bool IsAllowedFileSystemAccessViaFd(int sysno);
|
|
static bool IsDeniedFileSystemAccessViaFd(int sysno);
|
|
static bool IsGetSimpleId(int sysno);
|
|
static bool IsProcessPrivilegeChange(int sysno);
|
|
static bool IsProcessGroupOrSession(int sysno);
|
|
static bool IsAllowedSignalHandling(int sysno);
|
|
static bool IsAllowedOperationOnFd(int sysno);
|
|
static bool IsKernelInternalApi(int sysno);
|
|
// This should be thought through in conjunction with IsFutex().
|
|
static bool IsAllowedProcessStartOrDeath(int sysno);
|
|
// It's difficult to restrict those, but there is attack surface here.
|
|
static bool IsAllowedFutex(int sysno);
|
|
static bool IsAllowedEpoll(int sysno);
|
|
static bool IsAllowedGetOrModifySocket(int sysno);
|
|
static bool IsDeniedGetOrModifySocket(int sysno);
|
|
|
|
#if defined(__i386__) || defined(__mips__)
|
|
// Big multiplexing system call for sockets.
|
|
static bool IsSocketCall(int sysno);
|
|
#endif
|
|
|
|
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
|
defined(__aarch64__)
|
|
static bool IsNetworkSocketInformation(int sysno);
|
|
#endif
|
|
|
|
static bool IsAllowedAddressSpaceAccess(int sysno);
|
|
static bool IsAllowedGeneralIo(int sysno);
|
|
static bool IsPrctl(int sysno);
|
|
static bool IsSeccomp(int sysno);
|
|
static bool IsAllowedBasicScheduler(int sysno);
|
|
static bool IsAdminOperation(int sysno);
|
|
static bool IsKernelModule(int sysno);
|
|
static bool IsGlobalFSViewChange(int sysno);
|
|
static bool IsFsControl(int sysno);
|
|
static bool IsNuma(int sysno);
|
|
static bool IsMessageQueue(int sysno);
|
|
static bool IsGlobalProcessEnvironment(int sysno);
|
|
static bool IsDebug(int sysno);
|
|
static bool IsGlobalSystemStatus(int sysno);
|
|
static bool IsEventFd(int sysno);
|
|
// Asynchronous I/O API.
|
|
static bool IsAsyncIo(int sysno);
|
|
static bool IsKeyManagement(int sysno);
|
|
#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
|
static bool IsSystemVSemaphores(int sysno);
|
|
#endif
|
|
#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
|
// These give a lot of ambient authority and bypass the setuid sandbox.
|
|
static bool IsSystemVSharedMemory(int sysno);
|
|
#endif
|
|
|
|
#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
|
|
static bool IsSystemVMessageQueue(int sysno);
|
|
#endif
|
|
|
|
#if defined(__i386__) || defined(__mips__)
|
|
// Big system V multiplexing system call.
|
|
static bool IsSystemVIpc(int sysno);
|
|
#endif
|
|
|
|
static bool IsAnySystemV(int sysno);
|
|
static bool IsAdvancedScheduler(int sysno);
|
|
static bool IsInotify(int sysno);
|
|
static bool IsFaNotify(int sysno);
|
|
static bool IsTimer(int sysno);
|
|
static bool IsAdvancedTimer(int sysno);
|
|
static bool IsExtendedAttributes(int sysno);
|
|
static bool IsMisc(int sysno);
|
|
#if defined(__arm__)
|
|
static bool IsArmPciConfig(int sysno);
|
|
static bool IsArmPrivate(int sysno);
|
|
#endif // defined(__arm__)
|
|
#if defined(__mips__)
|
|
static bool IsMipsPrivate(int sysno);
|
|
static bool IsMipsMisc(int sysno);
|
|
#endif // defined(__mips__)
|
|
private:
|
|
DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);
|
|
};
|
|
|
|
} // namespace sandbox.
|
|
|
|
#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
|