1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 7 8 #include "base/basictypes.h" 9 #include "build/build_config.h" 10 11 // These are helpers to build seccomp-bpf policies, i.e. policies for a 12 // sandbox that reduces the Linux kernel's attack surface. Given their 13 // nature, they don't have any clear semantics and are completely 14 // "implementation-defined". 15 16 namespace sandbox { 17 18 class SyscallSets { 19 public: 20 static bool IsKill(int sysno); 21 static bool IsAllowedGettime(int sysno); 22 static bool IsCurrentDirectory(int sysno); 23 static bool IsUmask(int sysno); 24 // System calls that directly access the file system. They might acquire 25 // a new file descriptor or otherwise perform an operation directly 26 // via a path. 27 static bool IsFileSystem(int sysno); 28 static bool IsAllowedFileSystemAccessViaFd(int sysno); 29 static bool IsDeniedFileSystemAccessViaFd(int sysno); 30 static bool IsGetSimpleId(int sysno); 31 static bool IsProcessPrivilegeChange(int sysno); 32 static bool IsProcessGroupOrSession(int sysno); 33 static bool IsAllowedSignalHandling(int sysno); 34 static bool IsAllowedOperationOnFd(int sysno); 35 static bool IsKernelInternalApi(int sysno); 36 // This should be thought through in conjunction with IsFutex(). 37 static bool IsAllowedProcessStartOrDeath(int sysno); 38 // It's difficult to restrict those, but there is attack surface here. 39 static bool IsFutex(int sysno); 40 static bool IsAllowedEpoll(int sysno); 41 static bool IsAllowedGetOrModifySocket(int sysno); 42 static bool IsDeniedGetOrModifySocket(int sysno); 43 44 #if defined(__i386__) 45 // Big multiplexing system call for sockets. 46 static bool IsSocketCall(int sysno); 47 #endif 48 49 #if defined(__x86_64__) || defined(__arm__) 50 static bool IsNetworkSocketInformation(int sysno); 51 #endif 52 53 static bool IsAllowedAddressSpaceAccess(int sysno); 54 static bool IsAllowedGeneralIo(int sysno); 55 static bool IsAllowedPrctl(int sysno); 56 static bool IsAllowedBasicScheduler(int sysno); 57 static bool IsAdminOperation(int sysno); 58 static bool IsKernelModule(int sysno); 59 static bool IsGlobalFSViewChange(int sysno); 60 static bool IsFsControl(int sysno); 61 static bool IsNuma(int sysno); 62 static bool IsMessageQueue(int sysno); 63 static bool IsGlobalProcessEnvironment(int sysno); 64 static bool IsDebug(int sysno); 65 static bool IsGlobalSystemStatus(int sysno); 66 static bool IsEventFd(int sysno); 67 // Asynchronous I/O API. 68 static bool IsAsyncIo(int sysno); 69 static bool IsKeyManagement(int sysno); 70 #if defined(__x86_64__) || defined(__arm__) 71 static bool IsSystemVSemaphores(int sysno); 72 #endif 73 #if defined(__x86_64__) || defined(__arm__) 74 // These give a lot of ambient authority and bypass the setuid sandbox. 75 static bool IsSystemVSharedMemory(int sysno); 76 #endif 77 78 #if defined(__x86_64__) || defined(__arm__) 79 static bool IsSystemVMessageQueue(int sysno); 80 #endif 81 82 #if defined(__i386__) 83 // Big system V multiplexing system call. 84 static bool IsSystemVIpc(int sysno); 85 #endif 86 87 static bool IsAnySystemV(int sysno); 88 static bool IsAdvancedScheduler(int sysno); 89 static bool IsInotify(int sysno); 90 static bool IsFaNotify(int sysno); 91 static bool IsTimer(int sysno); 92 static bool IsAdvancedTimer(int sysno); 93 static bool IsExtendedAttributes(int sysno); 94 static bool IsMisc(int sysno); 95 #if defined(__arm__) 96 static bool IsArmPciConfig(int sysno); 97 static bool IsArmPrivate(int sysno); 98 #endif // defined(__arm__) 99 private: 100 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); 101 }; 102 103 } // namespace sandbox. 104 105 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 106
