1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 6 7 #include "build/build_config.h" 8 #include "sandbox/linux/system_headers/linux_syscalls.h" 9 10 namespace sandbox { 11 12 // The functions below cover all existing i386, x86_64, and ARM system calls; 13 // excluding syscalls made obsolete in ARM EABI. 14 // The implicitly defined sets form a partition of the sets of 15 // system calls. 16 IsKill(int sysno)17bool SyscallSets::IsKill(int sysno) { 18 switch (sysno) { 19 case __NR_kill: 20 case __NR_tgkill: 21 case __NR_tkill: // Deprecated. 22 return true; 23 default: 24 return false; 25 } 26 } 27 IsAllowedGettime(int sysno)28bool SyscallSets::IsAllowedGettime(int sysno) { 29 switch (sysno) { 30 case __NR_gettimeofday: 31 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 32 case __NR_time: 33 #endif 34 return true; 35 case __NR_adjtimex: // Privileged. 36 case __NR_clock_adjtime: // Privileged. 37 case __NR_clock_getres: // Could be allowed. 38 case __NR_clock_gettime: 39 case __NR_clock_nanosleep: // Could be allowed. 40 case __NR_clock_settime: // Privileged. 41 #if defined(__i386__) || defined(__mips__) 42 case __NR_ftime: // Obsolete. 43 #endif 44 case __NR_settimeofday: // Privileged. 45 #if defined(__i386__) || defined(__mips__) 46 case __NR_stime: 47 #endif 48 default: 49 return false; 50 } 51 } 52 IsCurrentDirectory(int sysno)53bool SyscallSets::IsCurrentDirectory(int sysno) { 54 switch (sysno) { 55 case __NR_getcwd: 56 case __NR_chdir: 57 case __NR_fchdir: 58 return true; 59 default: 60 return false; 61 } 62 } 63 IsUmask(int sysno)64bool SyscallSets::IsUmask(int sysno) { 65 switch (sysno) { 66 case __NR_umask: 67 return true; 68 default: 69 return false; 70 } 71 } 72 73 // System calls that directly access the file system. They might acquire 74 // a new file descriptor or otherwise perform an operation directly 75 // via a path. 76 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment. IsFileSystem(int sysno)77bool SyscallSets::IsFileSystem(int sysno) { 78 switch (sysno) { 79 #if !defined(__aarch64__) 80 case __NR_access: // EPERM not a valid errno. 81 case __NR_chmod: 82 case __NR_chown: 83 #if defined(__i386__) || defined(__arm__) 84 case __NR_chown32: 85 #endif 86 case __NR_creat: 87 case __NR_futimesat: // Should be called utimesat ? 88 case __NR_lchown: 89 case __NR_link: 90 case __NR_lstat: // EPERM not a valid errno. 91 case __NR_mkdir: 92 case __NR_mknod: 93 case __NR_open: 94 case __NR_readlink: // EPERM not a valid errno. 95 case __NR_rename: 96 case __NR_rmdir: 97 case __NR_stat: // EPERM not a valid errno. 98 case __NR_symlink: 99 case __NR_unlink: 100 case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno. 101 case __NR_ustat: // Same as above. Deprecated. 102 case __NR_utimes: 103 #endif // !defined(__aarch64__) 104 105 case __NR_execve: 106 case __NR_faccessat: // EPERM not a valid errno. 107 case __NR_fchmodat: 108 case __NR_fchownat: // Should be called chownat ? 109 #if defined(__x86_64__) || defined(__aarch64__) 110 case __NR_newfstatat: // fstatat(). EPERM not a valid errno. 111 #elif defined(__i386__) || defined(__arm__) || defined(__mips__) 112 case __NR_fstatat64: 113 #endif 114 #if defined(__i386__) || defined(__arm__) 115 case __NR_lchown32: 116 #endif 117 case __NR_linkat: 118 case __NR_lookup_dcookie: // ENOENT not a valid errno. 119 120 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 121 case __NR_lstat64: 122 #endif 123 #if defined(__i386__) || defined(__arm__) || defined(__x86_64__) 124 case __NR_memfd_create: 125 #endif 126 case __NR_mkdirat: 127 case __NR_mknodat: 128 #if defined(__i386__) 129 case __NR_oldlstat: 130 case __NR_oldstat: 131 #endif 132 case __NR_openat: 133 case __NR_readlinkat: 134 case __NR_renameat: 135 case __NR_renameat2: 136 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 137 case __NR_stat64: 138 #endif 139 case __NR_statfs: // EPERM not a valid errno. 140 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 141 case __NR_statfs64: 142 #endif 143 case __NR_symlinkat: 144 case __NR_truncate: 145 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 146 case __NR_truncate64: 147 #endif 148 case __NR_unlinkat: 149 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 150 case __NR_utime: 151 #endif 152 case __NR_utimensat: // New. 153 return true; 154 default: 155 return false; 156 } 157 } 158 IsAllowedFileSystemAccessViaFd(int sysno)159bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) { 160 switch (sysno) { 161 case __NR_fstat: 162 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 163 case __NR_fstat64: 164 #endif 165 return true; 166 // TODO(jln): these should be denied gracefully as well (moved below). 167 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 168 case __NR_fadvise64: // EPERM not a valid errno. 169 #endif 170 #if defined(__i386__) 171 case __NR_fadvise64_64: 172 #endif 173 #if defined(__arm__) 174 case __NR_arm_fadvise64_64: 175 #endif 176 case __NR_fdatasync: // EPERM not a valid errno. 177 case __NR_flock: // EPERM not a valid errno. 178 case __NR_fstatfs: // Give information about the whole filesystem. 179 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 180 case __NR_fstatfs64: 181 #endif 182 case __NR_fsync: // EPERM not a valid errno. 183 #if defined(__i386__) 184 case __NR_oldfstat: 185 #endif 186 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ 187 defined(__aarch64__) 188 case __NR_sync_file_range: // EPERM not a valid errno. 189 #elif defined(__arm__) 190 case __NR_arm_sync_file_range: // EPERM not a valid errno. 191 #endif 192 default: 193 return false; 194 } 195 } 196 197 // EPERM is a good errno for any of these. IsDeniedFileSystemAccessViaFd(int sysno)198bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) { 199 switch (sysno) { 200 case __NR_fallocate: 201 case __NR_fchmod: 202 case __NR_fchown: 203 case __NR_ftruncate: 204 #if defined(__i386__) || defined(__arm__) 205 case __NR_fchown32: 206 #endif 207 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 208 case __NR_ftruncate64: 209 #endif 210 #if !defined(__aarch64__) 211 case __NR_getdents: // EPERM not a valid errno. 212 #endif 213 case __NR_getdents64: // EPERM not a valid errno. 214 #if defined(__i386__) || defined(__mips__) 215 case __NR_readdir: 216 #endif 217 return true; 218 default: 219 return false; 220 } 221 } 222 IsGetSimpleId(int sysno)223bool SyscallSets::IsGetSimpleId(int sysno) { 224 switch (sysno) { 225 case __NR_capget: 226 case __NR_getegid: 227 case __NR_geteuid: 228 case __NR_getgid: 229 case __NR_getgroups: 230 case __NR_getpid: 231 case __NR_getppid: 232 case __NR_getresgid: 233 case __NR_getsid: 234 case __NR_gettid: 235 case __NR_getuid: 236 case __NR_getresuid: 237 #if defined(__i386__) || defined(__arm__) 238 case __NR_getegid32: 239 case __NR_geteuid32: 240 case __NR_getgid32: 241 case __NR_getgroups32: 242 case __NR_getresgid32: 243 case __NR_getresuid32: 244 case __NR_getuid32: 245 #endif 246 return true; 247 default: 248 return false; 249 } 250 } 251 IsProcessPrivilegeChange(int sysno)252bool SyscallSets::IsProcessPrivilegeChange(int sysno) { 253 switch (sysno) { 254 case __NR_capset: 255 #if defined(__i386__) || defined(__x86_64__) 256 case __NR_ioperm: // Intel privilege. 257 case __NR_iopl: // Intel privilege. 258 #endif 259 case __NR_setfsgid: 260 case __NR_setfsuid: 261 case __NR_setgid: 262 case __NR_setgroups: 263 case __NR_setregid: 264 case __NR_setresgid: 265 case __NR_setresuid: 266 case __NR_setreuid: 267 case __NR_setuid: 268 #if defined(__i386__) || defined(__arm__) 269 case __NR_setfsgid32: 270 case __NR_setfsuid32: 271 case __NR_setgid32: 272 case __NR_setgroups32: 273 case __NR_setregid32: 274 case __NR_setresgid32: 275 case __NR_setresuid32: 276 case __NR_setreuid32: 277 case __NR_setuid32: 278 #endif 279 return true; 280 default: 281 return false; 282 } 283 } 284 IsProcessGroupOrSession(int sysno)285bool SyscallSets::IsProcessGroupOrSession(int sysno) { 286 switch (sysno) { 287 case __NR_setpgid: 288 #if !defined(__aarch64__) 289 case __NR_getpgrp: 290 #endif 291 case __NR_setsid: 292 case __NR_getpgid: 293 return true; 294 default: 295 return false; 296 } 297 } 298 IsAllowedSignalHandling(int sysno)299bool SyscallSets::IsAllowedSignalHandling(int sysno) { 300 switch (sysno) { 301 case __NR_rt_sigaction: 302 case __NR_rt_sigprocmask: 303 case __NR_rt_sigreturn: 304 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 305 case __NR_sigaction: 306 case __NR_sigprocmask: 307 case __NR_sigreturn: 308 #endif 309 return true; 310 case __NR_rt_sigpending: 311 case __NR_rt_sigqueueinfo: 312 case __NR_rt_sigsuspend: 313 case __NR_rt_sigtimedwait: 314 case __NR_rt_tgsigqueueinfo: 315 case __NR_sigaltstack: 316 #if !defined(__aarch64__) 317 case __NR_signalfd: 318 #endif 319 case __NR_signalfd4: 320 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 321 case __NR_sigpending: 322 case __NR_sigsuspend: 323 #endif 324 #if defined(__i386__) || defined(__mips__) 325 case __NR_signal: 326 case __NR_sgetmask: // Obsolete. 327 case __NR_ssetmask: 328 #endif 329 default: 330 return false; 331 } 332 } 333 IsAllowedOperationOnFd(int sysno)334bool SyscallSets::IsAllowedOperationOnFd(int sysno) { 335 switch (sysno) { 336 case __NR_close: 337 case __NR_dup: 338 #if !defined(__aarch64__) 339 case __NR_dup2: 340 #endif 341 case __NR_dup3: 342 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 343 defined(__aarch64__) 344 case __NR_shutdown: 345 #endif 346 return true; 347 case __NR_fcntl: 348 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 349 case __NR_fcntl64: 350 #endif 351 default: 352 return false; 353 } 354 } 355 IsKernelInternalApi(int sysno)356bool SyscallSets::IsKernelInternalApi(int sysno) { 357 switch (sysno) { 358 case __NR_restart_syscall: 359 #if defined(__arm__) 360 case __ARM_NR_cmpxchg: 361 #endif 362 return true; 363 default: 364 return false; 365 } 366 } 367 368 // This should be thought through in conjunction with IsFutex(). IsAllowedProcessStartOrDeath(int sysno)369bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { 370 switch (sysno) { 371 case __NR_exit: 372 case __NR_exit_group: 373 case __NR_wait4: 374 case __NR_waitid: 375 #if defined(__i386__) 376 case __NR_waitpid: 377 #endif 378 return true; 379 case __NR_clone: // Should be parameter-restricted. 380 case __NR_setns: // Privileged. 381 #if !defined(__aarch64__) 382 case __NR_fork: 383 #endif 384 #if defined(__i386__) || defined(__x86_64__) 385 case __NR_get_thread_area: 386 #endif 387 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 388 case __NR_set_thread_area: 389 #endif 390 case __NR_set_tid_address: 391 case __NR_unshare: 392 #if !defined(__mips__) && !defined(__aarch64__) 393 case __NR_vfork: 394 #endif 395 default: 396 return false; 397 } 398 } 399 400 // It's difficult to restrict those, but there is attack surface here. IsAllowedFutex(int sysno)401bool SyscallSets::IsAllowedFutex(int sysno) { 402 switch (sysno) { 403 case __NR_get_robust_list: 404 case __NR_set_robust_list: 405 case __NR_futex: 406 default: 407 return false; 408 } 409 } 410 IsAllowedEpoll(int sysno)411bool SyscallSets::IsAllowedEpoll(int sysno) { 412 switch (sysno) { 413 #if !defined(__aarch64__) 414 case __NR_epoll_create: 415 case __NR_epoll_wait: 416 #endif 417 case __NR_epoll_create1: 418 case __NR_epoll_ctl: 419 return true; 420 default: 421 #if defined(__x86_64__) 422 case __NR_epoll_ctl_old: 423 #endif 424 case __NR_epoll_pwait: 425 #if defined(__x86_64__) 426 case __NR_epoll_wait_old: 427 #endif 428 return false; 429 } 430 } 431 IsAllowedGetOrModifySocket(int sysno)432bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) { 433 switch (sysno) { 434 #if !defined(__aarch64__) 435 case __NR_pipe: 436 #endif 437 case __NR_pipe2: 438 return true; 439 default: 440 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 441 defined(__aarch64__) 442 case __NR_socketpair: // We will want to inspect its argument. 443 #endif 444 return false; 445 } 446 } 447 IsDeniedGetOrModifySocket(int sysno)448bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) { 449 switch (sysno) { 450 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 451 defined(__aarch64__) 452 case __NR_accept: 453 case __NR_accept4: 454 case __NR_bind: 455 case __NR_connect: 456 case __NR_socket: 457 case __NR_listen: 458 return true; 459 #endif 460 default: 461 return false; 462 } 463 } 464 465 #if defined(__i386__) || defined(__mips__) 466 // Big multiplexing system call for sockets. IsSocketCall(int sysno)467bool SyscallSets::IsSocketCall(int sysno) { 468 switch (sysno) { 469 case __NR_socketcall: 470 return true; 471 default: 472 return false; 473 } 474 } 475 #endif 476 477 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) IsNetworkSocketInformation(int sysno)478bool SyscallSets::IsNetworkSocketInformation(int sysno) { 479 switch (sysno) { 480 case __NR_getpeername: 481 case __NR_getsockname: 482 case __NR_getsockopt: 483 case __NR_setsockopt: 484 return true; 485 default: 486 return false; 487 } 488 } 489 #endif 490 IsAllowedAddressSpaceAccess(int sysno)491bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { 492 switch (sysno) { 493 case __NR_brk: 494 case __NR_mlock: 495 case __NR_munlock: 496 case __NR_munmap: 497 return true; 498 case __NR_madvise: 499 case __NR_mincore: 500 case __NR_mlockall: 501 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ 502 defined(__aarch64__) 503 case __NR_mmap: 504 #endif 505 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 506 case __NR_mmap2: 507 #endif 508 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 509 case __NR_modify_ldt: 510 #endif 511 case __NR_mprotect: 512 case __NR_mremap: 513 case __NR_msync: 514 case __NR_munlockall: 515 case __NR_readahead: 516 case __NR_remap_file_pages: 517 #if defined(__i386__) 518 case __NR_vm86: 519 case __NR_vm86old: 520 #endif 521 default: 522 return false; 523 } 524 } 525 IsAllowedGeneralIo(int sysno)526bool SyscallSets::IsAllowedGeneralIo(int sysno) { 527 switch (sysno) { 528 case __NR_lseek: 529 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 530 case __NR__llseek: 531 #endif 532 #if !defined(__aarch64__) 533 case __NR_poll: 534 #endif 535 case __NR_ppoll: 536 case __NR_pselect6: 537 case __NR_read: 538 case __NR_readv: 539 #if defined(__arm__) || defined(__mips__) 540 case __NR_recv: 541 #endif 542 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 543 defined(__aarch64__) 544 case __NR_recvfrom: // Could specify source. 545 case __NR_recvmsg: // Could specify source. 546 #endif 547 #if defined(__i386__) || defined(__x86_64__) 548 case __NR_select: 549 #endif 550 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 551 case __NR__newselect: 552 #endif 553 #if defined(__arm__) 554 case __NR_send: 555 #endif 556 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 557 defined(__aarch64__) 558 case __NR_sendmsg: // Could specify destination. 559 case __NR_sendto: // Could specify destination. 560 #endif 561 case __NR_write: 562 case __NR_writev: 563 return true; 564 case __NR_ioctl: // Can be very powerful. 565 case __NR_pread64: 566 case __NR_preadv: 567 case __NR_pwrite64: 568 case __NR_pwritev: 569 case __NR_recvmmsg: // Could specify source. 570 case __NR_sendfile: 571 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 572 case __NR_sendfile64: 573 #endif 574 case __NR_sendmmsg: // Could specify destination. 575 case __NR_splice: 576 case __NR_tee: 577 case __NR_vmsplice: 578 default: 579 return false; 580 } 581 } 582 IsPrctl(int sysno)583bool SyscallSets::IsPrctl(int sysno) { 584 switch (sysno) { 585 #if defined(__x86_64__) 586 case __NR_arch_prctl: 587 #endif 588 case __NR_prctl: 589 return true; 590 default: 591 return false; 592 } 593 } 594 IsSeccomp(int sysno)595bool SyscallSets::IsSeccomp(int sysno) { 596 switch (sysno) { 597 case __NR_seccomp: 598 return true; 599 default: 600 return false; 601 } 602 } 603 IsAllowedBasicScheduler(int sysno)604bool SyscallSets::IsAllowedBasicScheduler(int sysno) { 605 switch (sysno) { 606 case __NR_sched_yield: 607 #if !defined(__aarch64__) 608 case __NR_pause: 609 #endif 610 case __NR_nanosleep: 611 return true; 612 case __NR_getpriority: 613 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 614 case __NR_nice: 615 #endif 616 case __NR_setpriority: 617 default: 618 return false; 619 } 620 } 621 IsAdminOperation(int sysno)622bool SyscallSets::IsAdminOperation(int sysno) { 623 switch (sysno) { 624 #if defined(__i386__) || defined(__arm__) || defined(__mips__) 625 case __NR_bdflush: 626 #endif 627 case __NR_kexec_load: 628 case __NR_reboot: 629 case __NR_setdomainname: 630 case __NR_sethostname: 631 case __NR_syslog: 632 return true; 633 default: 634 return false; 635 } 636 } 637 IsKernelModule(int sysno)638bool SyscallSets::IsKernelModule(int sysno) { 639 switch (sysno) { 640 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 641 case __NR_create_module: 642 case __NR_get_kernel_syms: // Should ENOSYS. 643 case __NR_query_module: 644 #endif 645 case __NR_delete_module: 646 case __NR_init_module: 647 case __NR_finit_module: 648 return true; 649 default: 650 return false; 651 } 652 } 653 IsGlobalFSViewChange(int sysno)654bool SyscallSets::IsGlobalFSViewChange(int sysno) { 655 switch (sysno) { 656 case __NR_pivot_root: 657 case __NR_chroot: 658 case __NR_sync: 659 return true; 660 default: 661 return false; 662 } 663 } 664 IsFsControl(int sysno)665bool SyscallSets::IsFsControl(int sysno) { 666 switch (sysno) { 667 case __NR_mount: 668 case __NR_nfsservctl: 669 case __NR_quotactl: 670 case __NR_swapoff: 671 case __NR_swapon: 672 #if defined(__i386__) || defined(__mips__) 673 case __NR_umount: 674 #endif 675 case __NR_umount2: 676 return true; 677 default: 678 return false; 679 } 680 } 681 IsNuma(int sysno)682bool SyscallSets::IsNuma(int sysno) { 683 switch (sysno) { 684 case __NR_get_mempolicy: 685 case __NR_getcpu: 686 case __NR_mbind: 687 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ 688 defined(__aarch64__) 689 case __NR_migrate_pages: 690 #endif 691 case __NR_move_pages: 692 case __NR_set_mempolicy: 693 return true; 694 default: 695 return false; 696 } 697 } 698 IsMessageQueue(int sysno)699bool SyscallSets::IsMessageQueue(int sysno) { 700 switch (sysno) { 701 case __NR_mq_getsetattr: 702 case __NR_mq_notify: 703 case __NR_mq_open: 704 case __NR_mq_timedreceive: 705 case __NR_mq_timedsend: 706 case __NR_mq_unlink: 707 return true; 708 default: 709 return false; 710 } 711 } 712 IsGlobalProcessEnvironment(int sysno)713bool SyscallSets::IsGlobalProcessEnvironment(int sysno) { 714 switch (sysno) { 715 case __NR_acct: // Privileged. 716 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ 717 defined(__aarch64__) 718 case __NR_getrlimit: 719 #endif 720 #if defined(__i386__) || defined(__arm__) 721 case __NR_ugetrlimit: 722 #endif 723 #if defined(__i386__) || defined(__mips__) 724 case __NR_ulimit: 725 #endif 726 case __NR_getrusage: 727 case __NR_personality: // Can change its personality as well. 728 case __NR_prlimit64: // Like setrlimit / getrlimit. 729 case __NR_setrlimit: 730 case __NR_times: 731 return true; 732 default: 733 return false; 734 } 735 } 736 IsDebug(int sysno)737bool SyscallSets::IsDebug(int sysno) { 738 switch (sysno) { 739 case __NR_ptrace: 740 case __NR_process_vm_readv: 741 case __NR_process_vm_writev: 742 case __NR_kcmp: 743 return true; 744 default: 745 return false; 746 } 747 } 748 IsGlobalSystemStatus(int sysno)749bool SyscallSets::IsGlobalSystemStatus(int sysno) { 750 switch (sysno) { 751 #if !defined(__aarch64__) 752 case __NR__sysctl: 753 case __NR_sysfs: 754 #endif 755 case __NR_sysinfo: 756 case __NR_uname: 757 #if defined(__i386__) 758 case __NR_olduname: 759 case __NR_oldolduname: 760 #endif 761 return true; 762 default: 763 return false; 764 } 765 } 766 IsEventFd(int sysno)767bool SyscallSets::IsEventFd(int sysno) { 768 switch (sysno) { 769 #if !defined(__aarch64__) 770 case __NR_eventfd: 771 #endif 772 case __NR_eventfd2: 773 return true; 774 default: 775 return false; 776 } 777 } 778 779 // Asynchronous I/O API. IsAsyncIo(int sysno)780bool SyscallSets::IsAsyncIo(int sysno) { 781 switch (sysno) { 782 case __NR_io_cancel: 783 case __NR_io_destroy: 784 case __NR_io_getevents: 785 case __NR_io_setup: 786 case __NR_io_submit: 787 return true; 788 default: 789 return false; 790 } 791 } 792 IsKeyManagement(int sysno)793bool SyscallSets::IsKeyManagement(int sysno) { 794 switch (sysno) { 795 case __NR_add_key: 796 case __NR_keyctl: 797 case __NR_request_key: 798 return true; 799 default: 800 return false; 801 } 802 } 803 804 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) IsSystemVSemaphores(int sysno)805bool SyscallSets::IsSystemVSemaphores(int sysno) { 806 switch (sysno) { 807 case __NR_semctl: 808 case __NR_semget: 809 case __NR_semop: 810 case __NR_semtimedop: 811 return true; 812 default: 813 return false; 814 } 815 } 816 #endif 817 818 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 819 // These give a lot of ambient authority and bypass the setuid sandbox. IsSystemVSharedMemory(int sysno)820bool SyscallSets::IsSystemVSharedMemory(int sysno) { 821 switch (sysno) { 822 case __NR_shmat: 823 case __NR_shmctl: 824 case __NR_shmdt: 825 case __NR_shmget: 826 return true; 827 default: 828 return false; 829 } 830 } 831 #endif 832 833 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) IsSystemVMessageQueue(int sysno)834bool SyscallSets::IsSystemVMessageQueue(int sysno) { 835 switch (sysno) { 836 case __NR_msgctl: 837 case __NR_msgget: 838 case __NR_msgrcv: 839 case __NR_msgsnd: 840 return true; 841 default: 842 return false; 843 } 844 } 845 #endif 846 847 #if defined(__i386__) || defined(__mips__) 848 // Big system V multiplexing system call. IsSystemVIpc(int sysno)849bool SyscallSets::IsSystemVIpc(int sysno) { 850 switch (sysno) { 851 case __NR_ipc: 852 return true; 853 default: 854 return false; 855 } 856 } 857 #endif 858 IsAnySystemV(int sysno)859bool SyscallSets::IsAnySystemV(int sysno) { 860 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 861 return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) || 862 IsSystemVSharedMemory(sysno); 863 #elif defined(__i386__) || defined(__mips__) 864 return IsSystemVIpc(sysno); 865 #endif 866 } 867 IsAdvancedScheduler(int sysno)868bool SyscallSets::IsAdvancedScheduler(int sysno) { 869 switch (sysno) { 870 case __NR_ioprio_get: // IO scheduler. 871 case __NR_ioprio_set: 872 case __NR_sched_get_priority_max: 873 case __NR_sched_get_priority_min: 874 case __NR_sched_getaffinity: 875 case __NR_sched_getattr: 876 case __NR_sched_getparam: 877 case __NR_sched_getscheduler: 878 case __NR_sched_rr_get_interval: 879 case __NR_sched_setaffinity: 880 case __NR_sched_setattr: 881 case __NR_sched_setparam: 882 case __NR_sched_setscheduler: 883 return true; 884 default: 885 return false; 886 } 887 } 888 IsInotify(int sysno)889bool SyscallSets::IsInotify(int sysno) { 890 switch (sysno) { 891 case __NR_inotify_add_watch: 892 #if !defined(__aarch64__) 893 case __NR_inotify_init: 894 #endif 895 case __NR_inotify_init1: 896 case __NR_inotify_rm_watch: 897 return true; 898 default: 899 return false; 900 } 901 } 902 IsFaNotify(int sysno)903bool SyscallSets::IsFaNotify(int sysno) { 904 switch (sysno) { 905 case __NR_fanotify_init: 906 case __NR_fanotify_mark: 907 return true; 908 default: 909 return false; 910 } 911 } 912 IsTimer(int sysno)913bool SyscallSets::IsTimer(int sysno) { 914 switch (sysno) { 915 case __NR_getitimer: 916 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 917 case __NR_alarm: 918 #endif 919 case __NR_setitimer: 920 return true; 921 default: 922 return false; 923 } 924 } 925 IsAdvancedTimer(int sysno)926bool SyscallSets::IsAdvancedTimer(int sysno) { 927 switch (sysno) { 928 case __NR_timer_create: 929 case __NR_timer_delete: 930 case __NR_timer_getoverrun: 931 case __NR_timer_gettime: 932 case __NR_timer_settime: 933 case __NR_timerfd_create: 934 case __NR_timerfd_gettime: 935 case __NR_timerfd_settime: 936 return true; 937 default: 938 return false; 939 } 940 } 941 IsExtendedAttributes(int sysno)942bool SyscallSets::IsExtendedAttributes(int sysno) { 943 switch (sysno) { 944 case __NR_fgetxattr: 945 case __NR_flistxattr: 946 case __NR_fremovexattr: 947 case __NR_fsetxattr: 948 case __NR_getxattr: 949 case __NR_lgetxattr: 950 case __NR_listxattr: 951 case __NR_llistxattr: 952 case __NR_lremovexattr: 953 case __NR_lsetxattr: 954 case __NR_removexattr: 955 case __NR_setxattr: 956 return true; 957 default: 958 return false; 959 } 960 } 961 962 // Various system calls that need to be researched. 963 // TODO(jln): classify this better. IsMisc(int sysno)964bool SyscallSets::IsMisc(int sysno) { 965 switch (sysno) { 966 #if !defined(__mips__) 967 case __NR_getrandom: 968 #endif 969 case __NR_name_to_handle_at: 970 case __NR_open_by_handle_at: 971 case __NR_perf_event_open: 972 case __NR_syncfs: 973 case __NR_vhangup: 974 // The system calls below are not implemented. 975 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 976 case __NR_afs_syscall: 977 #endif 978 #if defined(__i386__) || defined(__mips__) 979 case __NR_break: 980 #endif 981 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 982 case __NR_getpmsg: 983 #endif 984 #if defined(__i386__) || defined(__mips__) 985 case __NR_gtty: 986 case __NR_idle: 987 case __NR_lock: 988 case __NR_mpx: 989 case __NR_prof: 990 case __NR_profil: 991 #endif 992 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 993 case __NR_putpmsg: 994 #endif 995 #if defined(__x86_64__) 996 case __NR_security: 997 #endif 998 #if defined(__i386__) || defined(__mips__) 999 case __NR_stty: 1000 #endif 1001 #if defined(__x86_64__) 1002 case __NR_tuxcall: 1003 #endif 1004 #if !defined(__aarch64__) 1005 case __NR_vserver: 1006 #endif 1007 return true; 1008 default: 1009 return false; 1010 } 1011 } 1012 1013 #if defined(__arm__) IsArmPciConfig(int sysno)1014bool SyscallSets::IsArmPciConfig(int sysno) { 1015 switch (sysno) { 1016 case __NR_pciconfig_iobase: 1017 case __NR_pciconfig_read: 1018 case __NR_pciconfig_write: 1019 return true; 1020 default: 1021 return false; 1022 } 1023 } 1024 IsArmPrivate(int sysno)1025bool SyscallSets::IsArmPrivate(int sysno) { 1026 switch (sysno) { 1027 case __ARM_NR_breakpoint: 1028 case __ARM_NR_cacheflush: 1029 case __ARM_NR_set_tls: 1030 case __ARM_NR_usr26: 1031 case __ARM_NR_usr32: 1032 return true; 1033 default: 1034 return false; 1035 } 1036 } 1037 #endif // defined(__arm__) 1038 1039 #if defined(__mips__) IsMipsPrivate(int sysno)1040bool SyscallSets::IsMipsPrivate(int sysno) { 1041 switch (sysno) { 1042 case __NR_cacheflush: 1043 case __NR_cachectl: 1044 return true; 1045 default: 1046 return false; 1047 } 1048 } 1049 IsMipsMisc(int sysno)1050bool SyscallSets::IsMipsMisc(int sysno) { 1051 switch (sysno) { 1052 case __NR_sysmips: 1053 case __NR_unused150: 1054 return true; 1055 default: 1056 return false; 1057 } 1058 } 1059 #endif // defined(__mips__) 1060 } // namespace sandbox. 1061