1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 7 8 #include "base/macros.h" 9 #include "build/build_config.h" 10 #include "sandbox/sandbox_export.h" 11 12 // These are helpers to build seccomp-bpf policies, i.e. policies for a 13 // sandbox that reduces the Linux kernel's attack surface. Given their 14 // nature, they don't have any clear semantics and are completely 15 // "implementation-defined". 16 17 namespace sandbox { 18 19 class SANDBOX_EXPORT SyscallSets { 20 public: 21 static bool IsKill(int sysno); 22 static bool IsAllowedGettime(int sysno); 23 static bool IsCurrentDirectory(int sysno); 24 static bool IsUmask(int sysno); 25 // System calls that directly access the file system. They might acquire 26 // a new file descriptor or otherwise perform an operation directly 27 // via a path. 28 static bool IsFileSystem(int sysno); 29 static bool IsAllowedFileSystemAccessViaFd(int sysno); 30 static bool IsDeniedFileSystemAccessViaFd(int sysno); 31 static bool IsGetSimpleId(int sysno); 32 static bool IsProcessPrivilegeChange(int sysno); 33 static bool IsProcessGroupOrSession(int sysno); 34 static bool IsAllowedSignalHandling(int sysno); 35 static bool IsAllowedOperationOnFd(int sysno); 36 static bool IsKernelInternalApi(int sysno); 37 // This should be thought through in conjunction with IsFutex(). 38 static bool IsAllowedProcessStartOrDeath(int sysno); 39 // It's difficult to restrict those, but there is attack surface here. 40 static bool IsAllowedFutex(int sysno); 41 static bool IsAllowedEpoll(int sysno); 42 static bool IsAllowedGetOrModifySocket(int sysno); 43 static bool IsDeniedGetOrModifySocket(int sysno); 44 45 #if defined(__i386__) || defined(__mips__) 46 // Big multiplexing system call for sockets. 47 static bool IsSocketCall(int sysno); 48 #endif 49 50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 51 defined(__aarch64__) 52 static bool IsNetworkSocketInformation(int sysno); 53 #endif 54 55 static bool IsAllowedAddressSpaceAccess(int sysno); 56 static bool IsAllowedGeneralIo(int sysno); 57 static bool IsPrctl(int sysno); 58 static bool IsSeccomp(int sysno); 59 static bool IsAllowedBasicScheduler(int sysno); 60 static bool IsAdminOperation(int sysno); 61 static bool IsKernelModule(int sysno); 62 static bool IsGlobalFSViewChange(int sysno); 63 static bool IsFsControl(int sysno); 64 static bool IsNuma(int sysno); 65 static bool IsMessageQueue(int sysno); 66 static bool IsGlobalProcessEnvironment(int sysno); 67 static bool IsDebug(int sysno); 68 static bool IsGlobalSystemStatus(int sysno); 69 static bool IsEventFd(int sysno); 70 // Asynchronous I/O API. 71 static bool IsAsyncIo(int sysno); 72 static bool IsKeyManagement(int sysno); 73 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 74 static bool IsSystemVSemaphores(int sysno); 75 #endif 76 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 77 // These give a lot of ambient authority and bypass the setuid sandbox. 78 static bool IsSystemVSharedMemory(int sysno); 79 #endif 80 81 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 82 static bool IsSystemVMessageQueue(int sysno); 83 #endif 84 85 #if defined(__i386__) || defined(__mips__) 86 // Big system V multiplexing system call. 87 static bool IsSystemVIpc(int sysno); 88 #endif 89 90 static bool IsAnySystemV(int sysno); 91 static bool IsAdvancedScheduler(int sysno); 92 static bool IsInotify(int sysno); 93 static bool IsFaNotify(int sysno); 94 static bool IsTimer(int sysno); 95 static bool IsAdvancedTimer(int sysno); 96 static bool IsExtendedAttributes(int sysno); 97 static bool IsMisc(int sysno); 98 #if defined(__arm__) 99 static bool IsArmPciConfig(int sysno); 100 static bool IsArmPrivate(int sysno); 101 #endif // defined(__arm__) 102 #if defined(__mips__) 103 static bool IsMipsPrivate(int sysno); 104 static bool IsMipsMisc(int sysno); 105 #endif // defined(__mips__) 106 private: 107 DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); 108 }; 109 110 } // namespace sandbox. 111 112 #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 113