1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/common/sandbox_linux/bpf_utility_policy_linux.h" 6 7 #include <errno.h> 8 9 #include "base/basictypes.h" 10 #include "build/build_config.h" 11 #include "content/common/sandbox_linux/sandbox_linux.h" 12 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 13 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 14 #include "sandbox/linux/services/linux_syscalls.h" 15 16 using sandbox::SyscallSets; 17 using sandbox::bpf_dsl::Allow; 18 using sandbox::bpf_dsl::Error; 19 using sandbox::bpf_dsl::ResultExpr; 20 21 namespace content { 22 23 UtilityProcessPolicy::UtilityProcessPolicy() { 24 } 25 UtilityProcessPolicy::~UtilityProcessPolicy() { 26 } 27 28 ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const { 29 // TODO(mdempsky): For now, this is just a copy of the renderer 30 // policy, which happens to work well for utility processes too. It 31 // should be possible to limit further though. In particular, the 32 // entries below annotated with bug references are most likely 33 // unnecessary. 34 35 switch (sysno) { 36 case __NR_ioctl: 37 return sandbox::RestrictIoctl(); 38 // Allow the system calls below. 39 case __NR_fdatasync: 40 case __NR_fsync: 41 #if defined(__i386__) || defined(__x86_64__) 42 case __NR_getrlimit: 43 #endif 44 #if defined(__i386__) || defined(__arm__) 45 case __NR_ugetrlimit: 46 #endif 47 case __NR_pread64: 48 case __NR_pwrite64: 49 case __NR_sysinfo: 50 case __NR_times: 51 case __NR_uname: 52 return Allow(); 53 default: 54 // Default on the content baseline policy. 55 return SandboxBPFBasePolicy::EvaluateSyscall(sysno); 56 } 57 } 58 59 } // namespace content 60