1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 7 8 #include "base/basictypes.h" 9 #include "build/build_config.h" 10 #include "sandbox/sandbox_export.h" 11 12 // These are helpers to build seccomp-bpf policies, i.e. policies for a 13 // sandbox that reduces the Linux kernel's attack surface. Given their 14 // nature, they don't have any clear semantics and are completely 15 // "implementation-defined". 16 17 namespace sandbox { 18 19 class SANDBOX_EXPORT SyscallSets { 20 public: 21 static bool IsKill(int sysno); 22 static bool IsAllowedGettime(int sysno); 23 static bool IsCurrentDirectory(int sysno); 24 static bool IsUmask(int sysno); 25 // System calls that directly access the file system. They might acquire 26 // a new file descriptor or otherwise perform an operation directly 27 // via a path. 28 static bool IsFileSystem(int sysno); 29 static bool IsAllowedFileSystemAccessViaFd(int sysno); 30 static bool IsDeniedFileSystemAccessViaFd(int sysno); 31 static bool IsGetSimpleId(int sysno); 32 static bool IsProcessPrivilegeChange(int sysno); 33 static bool IsProcessGroupOrSession(int sysno); 34 static bool IsAllowedSignalHandling(int sysno); 35 static bool IsAllowedOperationOnFd(int sysno); 36 static bool IsKernelInternalApi(int sysno); 37 // This should be thought through in conjunction with IsFutex(). 38 static bool IsAllowedProcessStartOrDeath(int sysno); 39 // It's difficult to restrict those, but there is attack surface here. 40 static bool IsAllowedFutex(int sysno); 41 static bool IsAllowedEpoll(int sysno); 42 static bool IsAllowedGetOrModifySocket(int sysno); 43 static bool IsDeniedGetOrModifySocket(int sysno); 44 45 #if defined(__i386__) 46 // Big multiplexing system call for sockets. 47 static bool IsSocketCall(int sysno); 48 #endif 49 50 #if defined(__x86_64__) || defined(__arm__) 51 static bool IsNetworkSocketInformation(int sysno); 52 #endif 53 54 static bool IsAllowedAddressSpaceAccess(int sysno); 55 static bool IsAllowedGeneralIo(int sysno); 56 static bool IsPrctl(int sysno); 57 static bool IsAllowedBasicScheduler(int sysno); 58 static bool IsAdminOperation(int sysno); 59 static bool IsKernelModule(int sysno); 60 static bool IsGlobalFSViewChange(int sysno); 61 static bool IsFsControl(int sysno); 62 static bool IsNuma(int sysno); 63 static bool IsMessageQueue(int sysno); 64 static bool IsGlobalProcessEnvironment(int sysno); 65 static bool IsDebug(int sysno); 66 static bool IsGlobalSystemStatus(int sysno); 67 static bool IsEventFd(int sysno); 68 // Asynchronous I/O API. 69 static bool IsAsyncIo(int sysno); 70 static bool IsKeyManagement(int sysno); 71 #if defined(__x86_64__) || defined(__arm__) 72 static bool IsSystemVSemaphores(int sysno); 73 #endif 74 #if defined(__x86_64__) || defined(__arm__) 75 // These give a lot of ambient authority and bypass the setuid sandbox. 76 static bool IsSystemVSharedMemory(int sysno); 77 #endif 78 79 #if defined(__x86_64__) || defined(__arm__) 80 static bool IsSystemVMessageQueue(int sysno); 81 #endif 82 83 #if defined(__i386__) 84 // Big system V multiplexing system call. 85 static bool IsSystemVIpc(int sysno); 86 #endif 87 88 static bool IsAnySystemV(int sysno); 89 static bool IsAdvancedScheduler(int sysno); 90 static bool IsInotify(int sysno); 91 static bool IsFaNotify(int sysno); 92 static bool IsTimer(int sysno); 93 static bool IsAdvancedTimer(int sysno); 94 static bool IsExtendedAttributes(int sysno); 95 static bool IsMisc(int sysno); 96 #if defined(__arm__) 97 static bool IsArmPciConfig(int sysno); 98 static bool IsArmPrivate(int sysno); 99 #endif // defined(__arm__) 100 private: 101 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); 102 }; 103 104 } // namespace sandbox. 105 106 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 107