Home | History | Annotate | Download | only in seccomp-bpf-helpers
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
      6 
      7 #include "build/build_config.h"
      8 #include "sandbox/linux/services/linux_syscalls.h"
      9 
     10 namespace sandbox {
     11 
     12 // The functions below cover all existing i386, x86_64, and ARM system calls;
     13 // excluding syscalls made obsolete in ARM EABI.
     14 // The implicitly defined sets form a partition of the sets of
     15 // system calls.
     16 
     17 bool SyscallSets::IsKill(int sysno) {
     18   switch (sysno) {
     19     case __NR_kill:
     20     case __NR_tgkill:
     21     case __NR_tkill:  // Deprecated.
     22       return true;
     23     default:
     24       return false;
     25   }
     26 }
     27 
     28 bool SyscallSets::IsAllowedGettime(int sysno) {
     29   switch (sysno) {
     30     case __NR_gettimeofday:
     31 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
     32     case __NR_time:
     33 #endif
     34       return true;
     35     case __NR_adjtimex:         // Privileged.
     36     case __NR_clock_adjtime:    // Privileged.
     37     case __NR_clock_getres:     // Could be allowed.
     38     case __NR_clock_gettime:
     39     case __NR_clock_nanosleep:  // Could be allowed.
     40     case __NR_clock_settime:    // Privileged.
     41 #if defined(__i386__) || defined(__mips__)
     42     case __NR_ftime:  // Obsolete.
     43 #endif
     44     case __NR_settimeofday:  // Privileged.
     45 #if defined(__i386__) || defined(__mips__)
     46     case __NR_stime:
     47 #endif
     48     default:
     49       return false;
     50   }
     51 }
     52 
     53 bool SyscallSets::IsCurrentDirectory(int sysno) {
     54   switch (sysno) {
     55     case __NR_getcwd:
     56     case __NR_chdir:
     57     case __NR_fchdir:
     58       return true;
     59     default:
     60       return false;
     61   }
     62 }
     63 
     64 bool SyscallSets::IsUmask(int sysno) {
     65   switch (sysno) {
     66     case __NR_umask:
     67       return true;
     68     default:
     69       return false;
     70   }
     71 }
     72 
     73 // System calls that directly access the file system. They might acquire
     74 // a new file descriptor or otherwise perform an operation directly
     75 // via a path.
     76 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
     77 bool SyscallSets::IsFileSystem(int sysno) {
     78   switch (sysno) {
     79 #if !defined(__aarch64__)
     80     case __NR_access:  // EPERM not a valid errno.
     81     case __NR_chmod:
     82     case __NR_chown:
     83 #if defined(__i386__) || defined(__arm__)
     84     case __NR_chown32:
     85 #endif
     86     case __NR_creat:
     87     case __NR_futimesat:  // Should be called utimesat ?
     88     case __NR_lchown:
     89     case __NR_link:
     90     case __NR_lstat:  // EPERM not a valid errno.
     91     case __NR_mkdir:
     92     case __NR_mknod:
     93     case __NR_open:
     94     case __NR_readlink:  // EPERM not a valid errno.
     95     case __NR_rename:
     96     case __NR_rmdir:
     97     case __NR_stat:  // EPERM not a valid errno.
     98     case __NR_symlink:
     99     case __NR_unlink:
    100     case __NR_uselib:  // Neither EPERM, nor ENOENT are valid errno.
    101     case __NR_ustat:   // Same as above. Deprecated.
    102     case __NR_utimes:
    103 #endif  // !defined(__aarch64__)
    104 
    105     case __NR_execve:
    106     case __NR_faccessat:  // EPERM not a valid errno.
    107     case __NR_fchmodat:
    108     case __NR_fchownat:  // Should be called chownat ?
    109 #if defined(__x86_64__) || defined(__aarch64__)
    110     case __NR_newfstatat:  // fstatat(). EPERM not a valid errno.
    111 #elif defined(__i386__) || defined(__arm__) || defined(__mips__)
    112     case __NR_fstatat64:
    113 #endif
    114 #if defined(__i386__) || defined(__arm__)
    115     case __NR_lchown32:
    116 #endif
    117     case __NR_linkat:
    118     case __NR_lookup_dcookie:  // ENOENT not a valid errno.
    119 
    120 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    121     case __NR_lstat64:
    122 #endif
    123 #if defined(__i386__) || defined(__arm__) || defined(__x86_64__)
    124     case __NR_memfd_create:
    125 #endif
    126     case __NR_mkdirat:
    127     case __NR_mknodat:
    128 #if defined(__i386__)
    129     case __NR_oldlstat:
    130     case __NR_oldstat:
    131 #endif
    132     case __NR_openat:
    133     case __NR_readlinkat:
    134     case __NR_renameat:
    135     case __NR_renameat2:
    136 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    137     case __NR_stat64:
    138 #endif
    139     case __NR_statfs:  // EPERM not a valid errno.
    140 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    141     case __NR_statfs64:
    142 #endif
    143     case __NR_symlinkat:
    144     case __NR_truncate:
    145 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    146     case __NR_truncate64:
    147 #endif
    148     case __NR_unlinkat:
    149 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    150     case __NR_utime:
    151 #endif
    152     case __NR_utimensat:  // New.
    153       return true;
    154     default:
    155       return false;
    156   }
    157 }
    158 
    159 bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) {
    160   switch (sysno) {
    161     case __NR_fstat:
    162 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    163     case __NR_fstat64:
    164 #endif
    165       return true;
    166 // TODO(jln): these should be denied gracefully as well (moved below).
    167 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    168     case __NR_fadvise64:  // EPERM not a valid errno.
    169 #endif
    170 #if defined(__i386__)
    171     case __NR_fadvise64_64:
    172 #endif
    173 #if defined(__arm__)
    174     case __NR_arm_fadvise64_64:
    175 #endif
    176     case __NR_fdatasync:  // EPERM not a valid errno.
    177     case __NR_flock:      // EPERM not a valid errno.
    178     case __NR_fstatfs:    // Give information about the whole filesystem.
    179 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    180     case __NR_fstatfs64:
    181 #endif
    182     case __NR_fsync:  // EPERM not a valid errno.
    183 #if defined(__i386__)
    184     case __NR_oldfstat:
    185 #endif
    186 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
    187     defined(__aarch64__)
    188     case __NR_sync_file_range:  // EPERM not a valid errno.
    189 #elif defined(__arm__)
    190     case __NR_arm_sync_file_range:  // EPERM not a valid errno.
    191 #endif
    192     default:
    193       return false;
    194   }
    195 }
    196 
    197 // EPERM is a good errno for any of these.
    198 bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) {
    199   switch (sysno) {
    200     case __NR_fallocate:
    201     case __NR_fchmod:
    202     case __NR_fchown:
    203     case __NR_ftruncate:
    204 #if defined(__i386__) || defined(__arm__)
    205     case __NR_fchown32:
    206 #endif
    207 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    208     case __NR_ftruncate64:
    209 #endif
    210 #if !defined(__aarch64__)
    211     case __NR_getdents:    // EPERM not a valid errno.
    212 #endif
    213     case __NR_getdents64:  // EPERM not a valid errno.
    214 #if defined(__i386__) || defined(__mips__)
    215     case __NR_readdir:
    216 #endif
    217       return true;
    218     default:
    219       return false;
    220   }
    221 }
    222 
    223 bool SyscallSets::IsGetSimpleId(int sysno) {
    224   switch (sysno) {
    225     case __NR_capget:
    226     case __NR_getegid:
    227     case __NR_geteuid:
    228     case __NR_getgid:
    229     case __NR_getgroups:
    230     case __NR_getpid:
    231     case __NR_getppid:
    232     case __NR_getresgid:
    233     case __NR_getsid:
    234     case __NR_gettid:
    235     case __NR_getuid:
    236     case __NR_getresuid:
    237 #if defined(__i386__) || defined(__arm__)
    238     case __NR_getegid32:
    239     case __NR_geteuid32:
    240     case __NR_getgid32:
    241     case __NR_getgroups32:
    242     case __NR_getresgid32:
    243     case __NR_getresuid32:
    244     case __NR_getuid32:
    245 #endif
    246       return true;
    247     default:
    248       return false;
    249   }
    250 }
    251 
    252 bool SyscallSets::IsProcessPrivilegeChange(int sysno) {
    253   switch (sysno) {
    254     case __NR_capset:
    255 #if defined(__i386__) || defined(__x86_64__)
    256     case __NR_ioperm:  // Intel privilege.
    257     case __NR_iopl:    // Intel privilege.
    258 #endif
    259     case __NR_setfsgid:
    260     case __NR_setfsuid:
    261     case __NR_setgid:
    262     case __NR_setgroups:
    263     case __NR_setregid:
    264     case __NR_setresgid:
    265     case __NR_setresuid:
    266     case __NR_setreuid:
    267     case __NR_setuid:
    268 #if defined(__i386__) || defined(__arm__)
    269     case __NR_setfsgid32:
    270     case __NR_setfsuid32:
    271     case __NR_setgid32:
    272     case __NR_setgroups32:
    273     case __NR_setregid32:
    274     case __NR_setresgid32:
    275     case __NR_setresuid32:
    276     case __NR_setreuid32:
    277     case __NR_setuid32:
    278 #endif
    279       return true;
    280     default:
    281       return false;
    282   }
    283 }
    284 
    285 bool SyscallSets::IsProcessGroupOrSession(int sysno) {
    286   switch (sysno) {
    287     case __NR_setpgid:
    288 #if !defined(__aarch64__)
    289     case __NR_getpgrp:
    290 #endif
    291     case __NR_setsid:
    292     case __NR_getpgid:
    293       return true;
    294     default:
    295       return false;
    296   }
    297 }
    298 
    299 bool SyscallSets::IsAllowedSignalHandling(int sysno) {
    300   switch (sysno) {
    301     case __NR_rt_sigaction:
    302     case __NR_rt_sigprocmask:
    303     case __NR_rt_sigreturn:
    304 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    305     case __NR_sigaction:
    306     case __NR_sigprocmask:
    307     case __NR_sigreturn:
    308 #endif
    309       return true;
    310     case __NR_rt_sigpending:
    311     case __NR_rt_sigqueueinfo:
    312     case __NR_rt_sigsuspend:
    313     case __NR_rt_sigtimedwait:
    314     case __NR_rt_tgsigqueueinfo:
    315     case __NR_sigaltstack:
    316 #if !defined(__aarch64__)
    317     case __NR_signalfd:
    318 #endif
    319     case __NR_signalfd4:
    320 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    321     case __NR_sigpending:
    322     case __NR_sigsuspend:
    323 #endif
    324 #if defined(__i386__) || defined(__mips__)
    325     case __NR_signal:
    326     case __NR_sgetmask:  // Obsolete.
    327     case __NR_ssetmask:
    328 #endif
    329     default:
    330       return false;
    331   }
    332 }
    333 
    334 bool SyscallSets::IsAllowedOperationOnFd(int sysno) {
    335   switch (sysno) {
    336     case __NR_close:
    337     case __NR_dup:
    338 #if !defined(__aarch64__)
    339     case __NR_dup2:
    340 #endif
    341     case __NR_dup3:
    342 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
    343     defined(__aarch64__)
    344     case __NR_shutdown:
    345 #endif
    346       return true;
    347     case __NR_fcntl:
    348 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    349     case __NR_fcntl64:
    350 #endif
    351     default:
    352       return false;
    353   }
    354 }
    355 
    356 bool SyscallSets::IsKernelInternalApi(int sysno) {
    357   switch (sysno) {
    358     case __NR_restart_syscall:
    359 #if defined(__arm__)
    360     case __ARM_NR_cmpxchg:
    361 #endif
    362       return true;
    363     default:
    364       return false;
    365   }
    366 }
    367 
    368 // This should be thought through in conjunction with IsFutex().
    369 bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
    370   switch (sysno) {
    371     case __NR_exit:
    372     case __NR_exit_group:
    373     case __NR_wait4:
    374     case __NR_waitid:
    375 #if defined(__i386__)
    376     case __NR_waitpid:
    377 #endif
    378       return true;
    379     case __NR_clone:  // Should be parameter-restricted.
    380     case __NR_setns:  // Privileged.
    381 #if !defined(__aarch64__)
    382     case __NR_fork:
    383 #endif
    384 #if defined(__i386__) || defined(__x86_64__)
    385     case __NR_get_thread_area:
    386 #endif
    387 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    388     case __NR_set_thread_area:
    389 #endif
    390     case __NR_set_tid_address:
    391     case __NR_unshare:
    392 #if !defined(__mips__) && !defined(__aarch64__)
    393     case __NR_vfork:
    394 #endif
    395     default:
    396       return false;
    397   }
    398 }
    399 
    400 // It's difficult to restrict those, but there is attack surface here.
    401 bool SyscallSets::IsAllowedFutex(int sysno) {
    402   switch (sysno) {
    403     case __NR_get_robust_list:
    404     case __NR_set_robust_list:
    405     case __NR_futex:
    406     default:
    407       return false;
    408   }
    409 }
    410 
    411 bool SyscallSets::IsAllowedEpoll(int sysno) {
    412   switch (sysno) {
    413 #if !defined(__aarch64__)
    414     case __NR_epoll_create:
    415     case __NR_epoll_wait:
    416 #endif
    417     case __NR_epoll_create1:
    418     case __NR_epoll_ctl:
    419       return true;
    420     default:
    421 #if defined(__x86_64__)
    422     case __NR_epoll_ctl_old:
    423 #endif
    424     case __NR_epoll_pwait:
    425 #if defined(__x86_64__)
    426     case __NR_epoll_wait_old:
    427 #endif
    428       return false;
    429   }
    430 }
    431 
    432 bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
    433   switch (sysno) {
    434 #if !defined(__aarch64__)
    435     case __NR_pipe:
    436 #endif
    437     case __NR_pipe2:
    438       return true;
    439     default:
    440 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
    441     defined(__aarch64__)
    442     case __NR_socketpair:  // We will want to inspect its argument.
    443 #endif
    444       return false;
    445   }
    446 }
    447 
    448 bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
    449   switch (sysno) {
    450 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
    451     defined(__aarch64__)
    452     case __NR_accept:
    453     case __NR_accept4:
    454     case __NR_bind:
    455     case __NR_connect:
    456     case __NR_socket:
    457     case __NR_listen:
    458       return true;
    459 #endif
    460     default:
    461       return false;
    462   }
    463 }
    464 
    465 #if defined(__i386__) || defined(__mips__)
    466 // Big multiplexing system call for sockets.
    467 bool SyscallSets::IsSocketCall(int sysno) {
    468   switch (sysno) {
    469     case __NR_socketcall:
    470       return true;
    471     default:
    472       return false;
    473   }
    474 }
    475 #endif
    476 
    477 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
    478 bool SyscallSets::IsNetworkSocketInformation(int sysno) {
    479   switch (sysno) {
    480     case __NR_getpeername:
    481     case __NR_getsockname:
    482     case __NR_getsockopt:
    483     case __NR_setsockopt:
    484       return true;
    485     default:
    486       return false;
    487   }
    488 }
    489 #endif
    490 
    491 bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
    492   switch (sysno) {
    493     case __NR_brk:
    494     case __NR_mlock:
    495     case __NR_munlock:
    496     case __NR_munmap:
    497       return true;
    498     case __NR_madvise:
    499     case __NR_mincore:
    500     case __NR_mlockall:
    501 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
    502     defined(__aarch64__)
    503     case __NR_mmap:
    504 #endif
    505 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    506     case __NR_mmap2:
    507 #endif
    508 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    509     case __NR_modify_ldt:
    510 #endif
    511     case __NR_mprotect:
    512     case __NR_mremap:
    513     case __NR_msync:
    514     case __NR_munlockall:
    515     case __NR_readahead:
    516     case __NR_remap_file_pages:
    517 #if defined(__i386__)
    518     case __NR_vm86:
    519     case __NR_vm86old:
    520 #endif
    521     default:
    522       return false;
    523   }
    524 }
    525 
    526 bool SyscallSets::IsAllowedGeneralIo(int sysno) {
    527   switch (sysno) {
    528     case __NR_lseek:
    529 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    530     case __NR__llseek:
    531 #endif
    532 #if !defined(__aarch64__)
    533     case __NR_poll:
    534 #endif
    535     case __NR_ppoll:
    536     case __NR_pselect6:
    537     case __NR_read:
    538     case __NR_readv:
    539 #if defined(__arm__) || defined(__mips__)
    540     case __NR_recv:
    541 #endif
    542 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
    543     defined(__aarch64__)
    544     case __NR_recvfrom:  // Could specify source.
    545     case __NR_recvmsg:   // Could specify source.
    546 #endif
    547 #if defined(__i386__) || defined(__x86_64__)
    548     case __NR_select:
    549 #endif
    550 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    551     case __NR__newselect:
    552 #endif
    553 #if defined(__arm__)
    554     case __NR_send:
    555 #endif
    556 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
    557     defined(__aarch64__)
    558     case __NR_sendmsg:  // Could specify destination.
    559     case __NR_sendto:   // Could specify destination.
    560 #endif
    561     case __NR_write:
    562     case __NR_writev:
    563       return true;
    564     case __NR_ioctl:  // Can be very powerful.
    565     case __NR_pread64:
    566     case __NR_preadv:
    567     case __NR_pwrite64:
    568     case __NR_pwritev:
    569     case __NR_recvmmsg:  // Could specify source.
    570     case __NR_sendfile:
    571 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    572     case __NR_sendfile64:
    573 #endif
    574     case __NR_sendmmsg:  // Could specify destination.
    575     case __NR_splice:
    576     case __NR_tee:
    577     case __NR_vmsplice:
    578     default:
    579       return false;
    580   }
    581 }
    582 
    583 bool SyscallSets::IsPrctl(int sysno) {
    584   switch (sysno) {
    585 #if defined(__x86_64__)
    586     case __NR_arch_prctl:
    587 #endif
    588     case __NR_prctl:
    589       return true;
    590     default:
    591       return false;
    592   }
    593 }
    594 
    595 bool SyscallSets::IsSeccomp(int sysno) {
    596   switch (sysno) {
    597     case __NR_seccomp:
    598       return true;
    599     default:
    600       return false;
    601   }
    602 }
    603 
    604 bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
    605   switch (sysno) {
    606     case __NR_sched_yield:
    607 #if !defined(__aarch64__)
    608     case __NR_pause:
    609 #endif
    610     case __NR_nanosleep:
    611       return true;
    612     case __NR_getpriority:
    613 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    614     case __NR_nice:
    615 #endif
    616     case __NR_setpriority:
    617     default:
    618       return false;
    619   }
    620 }
    621 
    622 bool SyscallSets::IsAdminOperation(int sysno) {
    623   switch (sysno) {
    624 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
    625     case __NR_bdflush:
    626 #endif
    627     case __NR_kexec_load:
    628     case __NR_reboot:
    629     case __NR_setdomainname:
    630     case __NR_sethostname:
    631     case __NR_syslog:
    632       return true;
    633     default:
    634       return false;
    635   }
    636 }
    637 
    638 bool SyscallSets::IsKernelModule(int sysno) {
    639   switch (sysno) {
    640 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    641     case __NR_create_module:
    642     case __NR_get_kernel_syms:  // Should ENOSYS.
    643     case __NR_query_module:
    644 #endif
    645     case __NR_delete_module:
    646     case __NR_init_module:
    647     case __NR_finit_module:
    648       return true;
    649     default:
    650       return false;
    651   }
    652 }
    653 
    654 bool SyscallSets::IsGlobalFSViewChange(int sysno) {
    655   switch (sysno) {
    656     case __NR_pivot_root:
    657     case __NR_chroot:
    658     case __NR_sync:
    659       return true;
    660     default:
    661       return false;
    662   }
    663 }
    664 
    665 bool SyscallSets::IsFsControl(int sysno) {
    666   switch (sysno) {
    667     case __NR_mount:
    668     case __NR_nfsservctl:
    669     case __NR_quotactl:
    670     case __NR_swapoff:
    671     case __NR_swapon:
    672 #if defined(__i386__) || defined(__mips__)
    673     case __NR_umount:
    674 #endif
    675     case __NR_umount2:
    676       return true;
    677     default:
    678       return false;
    679   }
    680 }
    681 
    682 bool SyscallSets::IsNuma(int sysno) {
    683   switch (sysno) {
    684     case __NR_get_mempolicy:
    685     case __NR_getcpu:
    686     case __NR_mbind:
    687 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
    688     defined(__aarch64__)
    689     case __NR_migrate_pages:
    690 #endif
    691     case __NR_move_pages:
    692     case __NR_set_mempolicy:
    693       return true;
    694     default:
    695       return false;
    696   }
    697 }
    698 
    699 bool SyscallSets::IsMessageQueue(int sysno) {
    700   switch (sysno) {
    701     case __NR_mq_getsetattr:
    702     case __NR_mq_notify:
    703     case __NR_mq_open:
    704     case __NR_mq_timedreceive:
    705     case __NR_mq_timedsend:
    706     case __NR_mq_unlink:
    707       return true;
    708     default:
    709       return false;
    710   }
    711 }
    712 
    713 bool SyscallSets::IsGlobalProcessEnvironment(int sysno) {
    714   switch (sysno) {
    715     case __NR_acct:  // Privileged.
    716 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
    717     defined(__aarch64__)
    718     case __NR_getrlimit:
    719 #endif
    720 #if defined(__i386__) || defined(__arm__)
    721     case __NR_ugetrlimit:
    722 #endif
    723 #if defined(__i386__) || defined(__mips__)
    724     case __NR_ulimit:
    725 #endif
    726     case __NR_getrusage:
    727     case __NR_personality:  // Can change its personality as well.
    728     case __NR_prlimit64:    // Like setrlimit / getrlimit.
    729     case __NR_setrlimit:
    730     case __NR_times:
    731       return true;
    732     default:
    733       return false;
    734   }
    735 }
    736 
    737 bool SyscallSets::IsDebug(int sysno) {
    738   switch (sysno) {
    739     case __NR_ptrace:
    740     case __NR_process_vm_readv:
    741     case __NR_process_vm_writev:
    742     case __NR_kcmp:
    743       return true;
    744     default:
    745       return false;
    746   }
    747 }
    748 
    749 bool SyscallSets::IsGlobalSystemStatus(int sysno) {
    750   switch (sysno) {
    751 #if !defined(__aarch64__)
    752     case __NR__sysctl:
    753     case __NR_sysfs:
    754 #endif
    755     case __NR_sysinfo:
    756     case __NR_uname:
    757 #if defined(__i386__)
    758     case __NR_olduname:
    759     case __NR_oldolduname:
    760 #endif
    761       return true;
    762     default:
    763       return false;
    764   }
    765 }
    766 
    767 bool SyscallSets::IsEventFd(int sysno) {
    768   switch (sysno) {
    769 #if !defined(__aarch64__)
    770     case __NR_eventfd:
    771 #endif
    772     case __NR_eventfd2:
    773       return true;
    774     default:
    775       return false;
    776   }
    777 }
    778 
    779 // Asynchronous I/O API.
    780 bool SyscallSets::IsAsyncIo(int sysno) {
    781   switch (sysno) {
    782     case __NR_io_cancel:
    783     case __NR_io_destroy:
    784     case __NR_io_getevents:
    785     case __NR_io_setup:
    786     case __NR_io_submit:
    787       return true;
    788     default:
    789       return false;
    790   }
    791 }
    792 
    793 bool SyscallSets::IsKeyManagement(int sysno) {
    794   switch (sysno) {
    795     case __NR_add_key:
    796     case __NR_keyctl:
    797     case __NR_request_key:
    798       return true;
    799     default:
    800       return false;
    801   }
    802 }
    803 
    804 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
    805 bool SyscallSets::IsSystemVSemaphores(int sysno) {
    806   switch (sysno) {
    807     case __NR_semctl:
    808     case __NR_semget:
    809     case __NR_semop:
    810     case __NR_semtimedop:
    811       return true;
    812     default:
    813       return false;
    814   }
    815 }
    816 #endif
    817 
    818 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
    819 // These give a lot of ambient authority and bypass the setuid sandbox.
    820 bool SyscallSets::IsSystemVSharedMemory(int sysno) {
    821   switch (sysno) {
    822     case __NR_shmat:
    823     case __NR_shmctl:
    824     case __NR_shmdt:
    825     case __NR_shmget:
    826       return true;
    827     default:
    828       return false;
    829   }
    830 }
    831 #endif
    832 
    833 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
    834 bool SyscallSets::IsSystemVMessageQueue(int sysno) {
    835   switch (sysno) {
    836     case __NR_msgctl:
    837     case __NR_msgget:
    838     case __NR_msgrcv:
    839     case __NR_msgsnd:
    840       return true;
    841     default:
    842       return false;
    843   }
    844 }
    845 #endif
    846 
    847 #if defined(__i386__) || defined(__mips__)
    848 // Big system V multiplexing system call.
    849 bool SyscallSets::IsSystemVIpc(int sysno) {
    850   switch (sysno) {
    851     case __NR_ipc:
    852       return true;
    853     default:
    854       return false;
    855   }
    856 }
    857 #endif
    858 
    859 bool SyscallSets::IsAnySystemV(int sysno) {
    860 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
    861   return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
    862          IsSystemVSharedMemory(sysno);
    863 #elif defined(__i386__) || defined(__mips__)
    864   return IsSystemVIpc(sysno);
    865 #endif
    866 }
    867 
    868 bool SyscallSets::IsAdvancedScheduler(int sysno) {
    869   switch (sysno) {
    870     case __NR_ioprio_get:  // IO scheduler.
    871     case __NR_ioprio_set:
    872     case __NR_sched_get_priority_max:
    873     case __NR_sched_get_priority_min:
    874     case __NR_sched_getaffinity:
    875     case __NR_sched_getattr:
    876     case __NR_sched_getparam:
    877     case __NR_sched_getscheduler:
    878     case __NR_sched_rr_get_interval:
    879     case __NR_sched_setaffinity:
    880     case __NR_sched_setattr:
    881     case __NR_sched_setparam:
    882     case __NR_sched_setscheduler:
    883       return true;
    884     default:
    885       return false;
    886   }
    887 }
    888 
    889 bool SyscallSets::IsInotify(int sysno) {
    890   switch (sysno) {
    891     case __NR_inotify_add_watch:
    892 #if !defined(__aarch64__)
    893     case __NR_inotify_init:
    894 #endif
    895     case __NR_inotify_init1:
    896     case __NR_inotify_rm_watch:
    897       return true;
    898     default:
    899       return false;
    900   }
    901 }
    902 
    903 bool SyscallSets::IsFaNotify(int sysno) {
    904   switch (sysno) {
    905     case __NR_fanotify_init:
    906     case __NR_fanotify_mark:
    907       return true;
    908     default:
    909       return false;
    910   }
    911 }
    912 
    913 bool SyscallSets::IsTimer(int sysno) {
    914   switch (sysno) {
    915     case __NR_getitimer:
    916 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    917     case __NR_alarm:
    918 #endif
    919     case __NR_setitimer:
    920       return true;
    921     default:
    922       return false;
    923   }
    924 }
    925 
    926 bool SyscallSets::IsAdvancedTimer(int sysno) {
    927   switch (sysno) {
    928     case __NR_timer_create:
    929     case __NR_timer_delete:
    930     case __NR_timer_getoverrun:
    931     case __NR_timer_gettime:
    932     case __NR_timer_settime:
    933     case __NR_timerfd_create:
    934     case __NR_timerfd_gettime:
    935     case __NR_timerfd_settime:
    936       return true;
    937     default:
    938       return false;
    939   }
    940 }
    941 
    942 bool SyscallSets::IsExtendedAttributes(int sysno) {
    943   switch (sysno) {
    944     case __NR_fgetxattr:
    945     case __NR_flistxattr:
    946     case __NR_fremovexattr:
    947     case __NR_fsetxattr:
    948     case __NR_getxattr:
    949     case __NR_lgetxattr:
    950     case __NR_listxattr:
    951     case __NR_llistxattr:
    952     case __NR_lremovexattr:
    953     case __NR_lsetxattr:
    954     case __NR_removexattr:
    955     case __NR_setxattr:
    956       return true;
    957     default:
    958       return false;
    959   }
    960 }
    961 
    962 // Various system calls that need to be researched.
    963 // TODO(jln): classify this better.
    964 bool SyscallSets::IsMisc(int sysno) {
    965   switch (sysno) {
    966 #if !defined(__mips__)
    967     case __NR_getrandom:
    968 #endif
    969     case __NR_name_to_handle_at:
    970     case __NR_open_by_handle_at:
    971     case __NR_perf_event_open:
    972     case __NR_syncfs:
    973     case __NR_vhangup:
    974 // The system calls below are not implemented.
    975 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    976     case __NR_afs_syscall:
    977 #endif
    978 #if defined(__i386__) || defined(__mips__)
    979     case __NR_break:
    980 #endif
    981 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    982     case __NR_getpmsg:
    983 #endif
    984 #if defined(__i386__) || defined(__mips__)
    985     case __NR_gtty:
    986     case __NR_idle:
    987     case __NR_lock:
    988     case __NR_mpx:
    989     case __NR_prof:
    990     case __NR_profil:
    991 #endif
    992 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    993     case __NR_putpmsg:
    994 #endif
    995 #if defined(__x86_64__)
    996     case __NR_security:
    997 #endif
    998 #if defined(__i386__) || defined(__mips__)
    999     case __NR_stty:
   1000 #endif
   1001 #if defined(__x86_64__)
   1002     case __NR_tuxcall:
   1003 #endif
   1004 #if !defined(__aarch64__)
   1005     case __NR_vserver:
   1006 #endif
   1007       return true;
   1008     default:
   1009       return false;
   1010   }
   1011 }
   1012 
   1013 #if defined(__arm__)
   1014 bool SyscallSets::IsArmPciConfig(int sysno) {
   1015   switch (sysno) {
   1016     case __NR_pciconfig_iobase:
   1017     case __NR_pciconfig_read:
   1018     case __NR_pciconfig_write:
   1019       return true;
   1020     default:
   1021       return false;
   1022   }
   1023 }
   1024 
   1025 bool SyscallSets::IsArmPrivate(int sysno) {
   1026   switch (sysno) {
   1027     case __ARM_NR_breakpoint:
   1028     case __ARM_NR_cacheflush:
   1029     case __ARM_NR_set_tls:
   1030     case __ARM_NR_usr26:
   1031     case __ARM_NR_usr32:
   1032       return true;
   1033     default:
   1034       return false;
   1035   }
   1036 }
   1037 #endif  // defined(__arm__)
   1038 
   1039 #if defined(__mips__)
   1040 bool SyscallSets::IsMipsPrivate(int sysno) {
   1041   switch (sysno) {
   1042     case __NR_cacheflush:
   1043     case __NR_cachectl:
   1044       return true;
   1045     default:
   1046       return false;
   1047   }
   1048 }
   1049 
   1050 bool SyscallSets::IsMipsMisc(int sysno) {
   1051   switch (sysno) {
   1052     case __NR_sysmips:
   1053     case __NR_unused150:
   1054       return true;
   1055     default:
   1056       return false;
   1057   }
   1058 }
   1059 #endif  // defined(__mips__)
   1060 }  // namespace sandbox.
   1061