Lines Matching refs:sysno
41 bool IsBaselinePolicyAllowed(int sysno) { in IsBaselinePolicyAllowed() argument
42 return SyscallSets::IsAllowedAddressSpaceAccess(sysno) || in IsBaselinePolicyAllowed()
43 SyscallSets::IsAllowedBasicScheduler(sysno) || in IsBaselinePolicyAllowed()
44 SyscallSets::IsAllowedEpoll(sysno) || in IsBaselinePolicyAllowed()
45 SyscallSets::IsAllowedFileSystemAccessViaFd(sysno) || in IsBaselinePolicyAllowed()
46 SyscallSets::IsAllowedFutex(sysno) || in IsBaselinePolicyAllowed()
47 SyscallSets::IsAllowedGeneralIo(sysno) || in IsBaselinePolicyAllowed()
48 SyscallSets::IsAllowedGetOrModifySocket(sysno) || in IsBaselinePolicyAllowed()
49 SyscallSets::IsAllowedGettime(sysno) || in IsBaselinePolicyAllowed()
50 SyscallSets::IsAllowedProcessStartOrDeath(sysno) || in IsBaselinePolicyAllowed()
51 SyscallSets::IsAllowedSignalHandling(sysno) || in IsBaselinePolicyAllowed()
52 SyscallSets::IsGetSimpleId(sysno) || in IsBaselinePolicyAllowed()
53 SyscallSets::IsKernelInternalApi(sysno) || in IsBaselinePolicyAllowed()
55 SyscallSets::IsArmPrivate(sysno) || in IsBaselinePolicyAllowed()
58 SyscallSets::IsMipsPrivate(sysno) || in IsBaselinePolicyAllowed()
60 SyscallSets::IsAllowedOperationOnFd(sysno); in IsBaselinePolicyAllowed()
64 bool IsBaselinePolicyWatched(int sysno) { in IsBaselinePolicyWatched() argument
65 return SyscallSets::IsAdminOperation(sysno) || in IsBaselinePolicyWatched()
66 SyscallSets::IsAdvancedScheduler(sysno) || in IsBaselinePolicyWatched()
67 SyscallSets::IsAdvancedTimer(sysno) || in IsBaselinePolicyWatched()
68 SyscallSets::IsAsyncIo(sysno) || in IsBaselinePolicyWatched()
69 SyscallSets::IsDebug(sysno) || in IsBaselinePolicyWatched()
70 SyscallSets::IsEventFd(sysno) || in IsBaselinePolicyWatched()
71 SyscallSets::IsExtendedAttributes(sysno) || in IsBaselinePolicyWatched()
72 SyscallSets::IsFaNotify(sysno) || in IsBaselinePolicyWatched()
73 SyscallSets::IsFsControl(sysno) || in IsBaselinePolicyWatched()
74 SyscallSets::IsGlobalFSViewChange(sysno) || in IsBaselinePolicyWatched()
75 SyscallSets::IsGlobalProcessEnvironment(sysno) || in IsBaselinePolicyWatched()
76 SyscallSets::IsGlobalSystemStatus(sysno) || in IsBaselinePolicyWatched()
77 SyscallSets::IsInotify(sysno) || in IsBaselinePolicyWatched()
78 SyscallSets::IsKernelModule(sysno) || in IsBaselinePolicyWatched()
79 SyscallSets::IsKeyManagement(sysno) || in IsBaselinePolicyWatched()
80 SyscallSets::IsKill(sysno) || in IsBaselinePolicyWatched()
81 SyscallSets::IsMessageQueue(sysno) || in IsBaselinePolicyWatched()
82 SyscallSets::IsMisc(sysno) || in IsBaselinePolicyWatched()
84 SyscallSets::IsNetworkSocketInformation(sysno) || in IsBaselinePolicyWatched()
86 SyscallSets::IsNuma(sysno) || in IsBaselinePolicyWatched()
87 SyscallSets::IsPrctl(sysno) || in IsBaselinePolicyWatched()
88 SyscallSets::IsProcessGroupOrSession(sysno) || in IsBaselinePolicyWatched()
90 SyscallSets::IsSocketCall(sysno) || in IsBaselinePolicyWatched()
93 SyscallSets::IsArmPciConfig(sysno) || in IsBaselinePolicyWatched()
96 SyscallSets::IsMipsMisc(sysno) || in IsBaselinePolicyWatched()
98 SyscallSets::IsTimer(sysno); in IsBaselinePolicyWatched()
104 int sysno) { in EvaluateSyscallImpl() argument
108 if (sysno == __NR_ioctl) { in EvaluateSyscallImpl()
112 if (sysno == __NR_sched_getaffinity) { in EvaluateSyscallImpl()
117 if (sysno == __NR_getrusage) { in EvaluateSyscallImpl()
121 if (sysno == __NR_sigaltstack) { in EvaluateSyscallImpl()
129 if (IsBaselinePolicyAllowed(sysno)) { in EvaluateSyscallImpl()
135 if (sysno == __NR_sigaltstack) in EvaluateSyscallImpl()
139 if (sysno == __NR_clock_gettime) { in EvaluateSyscallImpl()
143 if (sysno == __NR_clone) { in EvaluateSyscallImpl()
147 if (sysno == __NR_fcntl) in EvaluateSyscallImpl()
151 if (sysno == __NR_fcntl64) in EvaluateSyscallImpl()
158 if (sysno == __NR_fork) { in EvaluateSyscallImpl()
163 if (sysno == __NR_futex) in EvaluateSyscallImpl()
166 if (sysno == __NR_set_robust_list) in EvaluateSyscallImpl()
169 if (sysno == __NR_getpriority || sysno ==__NR_setpriority) in EvaluateSyscallImpl()
172 if (sysno == __NR_madvise) { in EvaluateSyscallImpl()
180 if (sysno == __NR_mmap) in EvaluateSyscallImpl()
185 if (sysno == __NR_mmap2) in EvaluateSyscallImpl()
189 if (sysno == __NR_mprotect) in EvaluateSyscallImpl()
192 if (sysno == __NR_prctl) in EvaluateSyscallImpl()
197 if (sysno == __NR_socketpair) { in EvaluateSyscallImpl()
206 if (SyscallSets::IsKill(sysno)) { in EvaluateSyscallImpl()
207 return RestrictKillTarget(current_pid, sysno); in EvaluateSyscallImpl()
210 if (SyscallSets::IsFileSystem(sysno) || in EvaluateSyscallImpl()
211 SyscallSets::IsCurrentDirectory(sysno)) { in EvaluateSyscallImpl()
215 if (SyscallSets::IsSeccomp(sysno)) in EvaluateSyscallImpl()
218 if (SyscallSets::IsAnySystemV(sysno)) { in EvaluateSyscallImpl()
222 if (SyscallSets::IsUmask(sysno) || in EvaluateSyscallImpl()
223 SyscallSets::IsDeniedFileSystemAccessViaFd(sysno) || in EvaluateSyscallImpl()
224 SyscallSets::IsDeniedGetOrModifySocket(sysno) || in EvaluateSyscallImpl()
225 SyscallSets::IsProcessPrivilegeChange(sysno)) { in EvaluateSyscallImpl()
230 if (SyscallSets::IsSocketCall(sysno)) in EvaluateSyscallImpl()
235 if (sysno == __NR_getsockopt || sysno ==__NR_setsockopt) { in EvaluateSyscallImpl()
244 if (IsBaselinePolicyWatched(sysno)) { in EvaluateSyscallImpl()
270 ResultExpr BaselinePolicy::EvaluateSyscall(int sysno) const { in EvaluateSyscall()
272 DCHECK(SandboxBPF::IsValidSyscallNumber(sysno)); in EvaluateSyscall()
274 if (1 == sysno) { in EvaluateSyscall()
277 return EvaluateSyscallImpl(fs_denied_errno_, policy_pid_, sysno); in EvaluateSyscall()