1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h" 6 7 #include <sys/types.h> 8 9 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 10 11 namespace content { 12 SandboxBPFBasePolicyAndroid()13SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid() 14 : SandboxBPFBasePolicy() {} 15 ~SandboxBPFBasePolicyAndroid()16SandboxBPFBasePolicyAndroid::~SandboxBPFBasePolicyAndroid() {} 17 EvaluateSyscall(sandbox::SandboxBPF * sandbox,int sysno) const18sandbox::ErrorCode SandboxBPFBasePolicyAndroid::EvaluateSyscall( 19 sandbox::SandboxBPF* sandbox, 20 int sysno) const { 21 bool override_and_allow = false; 22 23 switch (sysno) { 24 // TODO(rsesek): restrict clone parameters. 25 case __NR_clone: 26 case __NR_epoll_pwait: 27 case __NR_flock: 28 case __NR_getpriority: 29 case __NR_ioctl: 30 case __NR_mremap: 31 // File system access cannot be restricted with seccomp-bpf on Android, 32 // since the JVM classloader and other Framework features require file 33 // access. It may be possible to restrict the filesystem with SELinux. 34 // Currently we rely on the app/service UID isolation to create a 35 // filesystem "sandbox". 36 #if !ARCH_CPU_ARM64 37 case __NR_open: 38 #endif 39 case __NR_openat: 40 case __NR_pread64: 41 case __NR_rt_sigtimedwait: 42 case __NR_setpriority: 43 case __NR_sigaltstack: 44 #if defined(__i386__) || defined(__arm__) 45 case __NR_ugetrlimit: 46 #else 47 case __NR_getrlimit: 48 #endif 49 case __NR_uname: 50 override_and_allow = true; 51 break; 52 } 53 54 if (override_and_allow) 55 return sandbox::ErrorCode(sandbox::ErrorCode::ERR_ALLOWED); 56 57 return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno); 58 } 59 60 } // namespace content 61