• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
6 
7 #include "build/build_config.h"
8 #include "sandbox/linux/system_headers/linux_syscalls.h"
9 
10 namespace sandbox {
11 
12 // The functions below cover all existing i386, x86_64, and ARM system calls;
13 // excluding syscalls made obsolete in ARM EABI.
14 // The implicitly defined sets form a partition of the sets of
15 // system calls.
16 
IsKill(int sysno)17 bool SyscallSets::IsKill(int sysno) {
18   switch (sysno) {
19     case __NR_kill:
20     case __NR_tgkill:
21     case __NR_tkill:  // Deprecated.
22       return true;
23     default:
24       return false;
25   }
26 }
27 
IsAllowedGettime(int sysno)28 bool SyscallSets::IsAllowedGettime(int sysno) {
29   switch (sysno) {
30     case __NR_gettimeofday:
31 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
32     case __NR_time:
33 #endif
34       return true;
35     case __NR_adjtimex:         // Privileged.
36     case __NR_clock_adjtime:    // Privileged.
37     case __NR_clock_getres:     // Could be allowed.
38     case __NR_clock_gettime:
39     case __NR_clock_nanosleep:  // Could be allowed.
40     case __NR_clock_settime:    // Privileged.
41 #if defined(__i386__) || defined(__mips__)
42     case __NR_ftime:  // Obsolete.
43 #endif
44     case __NR_settimeofday:  // Privileged.
45 #if defined(__i386__) || defined(__mips__)
46     case __NR_stime:
47 #endif
48     default:
49       return false;
50   }
51 }
52 
IsCurrentDirectory(int sysno)53 bool SyscallSets::IsCurrentDirectory(int sysno) {
54   switch (sysno) {
55     case __NR_getcwd:
56     case __NR_chdir:
57     case __NR_fchdir:
58       return true;
59     default:
60       return false;
61   }
62 }
63 
IsUmask(int sysno)64 bool SyscallSets::IsUmask(int sysno) {
65   switch (sysno) {
66     case __NR_umask:
67       return true;
68     default:
69       return false;
70   }
71 }
72 
73 // System calls that directly access the file system. They might acquire
74 // a new file descriptor or otherwise perform an operation directly
75 // via a path.
76 // Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
IsFileSystem(int sysno)77 bool SyscallSets::IsFileSystem(int sysno) {
78   switch (sysno) {
79 #if !defined(__aarch64__)
80     case __NR_access:  // EPERM not a valid errno.
81     case __NR_chmod:
82     case __NR_chown:
83 #if defined(__i386__) || defined(__arm__)
84     case __NR_chown32:
85 #endif
86     case __NR_creat:
87     case __NR_futimesat:  // Should be called utimesat ?
88     case __NR_lchown:
89     case __NR_link:
90     case __NR_lstat:  // EPERM not a valid errno.
91     case __NR_mkdir:
92     case __NR_mknod:
93     case __NR_open:
94     case __NR_readlink:  // EPERM not a valid errno.
95     case __NR_rename:
96     case __NR_rmdir:
97     case __NR_stat:  // EPERM not a valid errno.
98     case __NR_symlink:
99     case __NR_unlink:
100     case __NR_uselib:  // Neither EPERM, nor ENOENT are valid errno.
101     case __NR_ustat:   // Same as above. Deprecated.
102     case __NR_utimes:
103 #endif  // !defined(__aarch64__)
104 
105     case __NR_execve:
106     case __NR_faccessat:  // EPERM not a valid errno.
107     case __NR_fchmodat:
108     case __NR_fchownat:  // Should be called chownat ?
109 #if defined(__x86_64__) || defined(__aarch64__)
110     case __NR_newfstatat:  // fstatat(). EPERM not a valid errno.
111 #elif defined(__i386__) || defined(__arm__) || defined(__mips__)
112     case __NR_fstatat64:
113 #endif
114 #if defined(__i386__) || defined(__arm__)
115     case __NR_lchown32:
116 #endif
117     case __NR_linkat:
118     case __NR_lookup_dcookie:  // ENOENT not a valid errno.
119 
120 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
121     case __NR_lstat64:
122 #endif
123 #if defined(__i386__) || defined(__arm__) || defined(__x86_64__)
124     case __NR_memfd_create:
125 #endif
126     case __NR_mkdirat:
127     case __NR_mknodat:
128 #if defined(__i386__)
129     case __NR_oldlstat:
130     case __NR_oldstat:
131 #endif
132     case __NR_openat:
133     case __NR_readlinkat:
134     case __NR_renameat:
135     case __NR_renameat2:
136 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
137     case __NR_stat64:
138 #endif
139     case __NR_statfs:  // EPERM not a valid errno.
140 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
141     case __NR_statfs64:
142 #endif
143     case __NR_symlinkat:
144     case __NR_truncate:
145 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
146     case __NR_truncate64:
147 #endif
148     case __NR_unlinkat:
149 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
150     case __NR_utime:
151 #endif
152     case __NR_utimensat:  // New.
153       return true;
154     default:
155       return false;
156   }
157 }
158 
IsAllowedFileSystemAccessViaFd(int sysno)159 bool SyscallSets::IsAllowedFileSystemAccessViaFd(int sysno) {
160   switch (sysno) {
161     case __NR_fstat:
162 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
163     case __NR_fstat64:
164 #endif
165       return true;
166 // TODO(jln): these should be denied gracefully as well (moved below).
167 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
168     case __NR_fadvise64:  // EPERM not a valid errno.
169 #endif
170 #if defined(__i386__)
171     case __NR_fadvise64_64:
172 #endif
173 #if defined(__arm__)
174     case __NR_arm_fadvise64_64:
175 #endif
176     case __NR_fdatasync:  // EPERM not a valid errno.
177     case __NR_flock:      // EPERM not a valid errno.
178     case __NR_fstatfs:    // Give information about the whole filesystem.
179 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
180     case __NR_fstatfs64:
181 #endif
182     case __NR_fsync:  // EPERM not a valid errno.
183 #if defined(__i386__)
184     case __NR_oldfstat:
185 #endif
186 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
187     defined(__aarch64__)
188     case __NR_sync_file_range:  // EPERM not a valid errno.
189 #elif defined(__arm__)
190     case __NR_arm_sync_file_range:  // EPERM not a valid errno.
191 #endif
192     default:
193       return false;
194   }
195 }
196 
197 // EPERM is a good errno for any of these.
IsDeniedFileSystemAccessViaFd(int sysno)198 bool SyscallSets::IsDeniedFileSystemAccessViaFd(int sysno) {
199   switch (sysno) {
200     case __NR_fallocate:
201     case __NR_fchmod:
202     case __NR_fchown:
203     case __NR_ftruncate:
204 #if defined(__i386__) || defined(__arm__)
205     case __NR_fchown32:
206 #endif
207 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
208     case __NR_ftruncate64:
209 #endif
210 #if !defined(__aarch64__)
211     case __NR_getdents:    // EPERM not a valid errno.
212 #endif
213     case __NR_getdents64:  // EPERM not a valid errno.
214 #if defined(__i386__) || defined(__mips__)
215     case __NR_readdir:
216 #endif
217       return true;
218     default:
219       return false;
220   }
221 }
222 
IsGetSimpleId(int sysno)223 bool SyscallSets::IsGetSimpleId(int sysno) {
224   switch (sysno) {
225     case __NR_capget:
226     case __NR_getegid:
227     case __NR_geteuid:
228     case __NR_getgid:
229     case __NR_getgroups:
230     case __NR_getpid:
231     case __NR_getppid:
232     case __NR_getresgid:
233     case __NR_getsid:
234     case __NR_gettid:
235     case __NR_getuid:
236     case __NR_getresuid:
237 #if defined(__i386__) || defined(__arm__)
238     case __NR_getegid32:
239     case __NR_geteuid32:
240     case __NR_getgid32:
241     case __NR_getgroups32:
242     case __NR_getresgid32:
243     case __NR_getresuid32:
244     case __NR_getuid32:
245 #endif
246       return true;
247     default:
248       return false;
249   }
250 }
251 
IsProcessPrivilegeChange(int sysno)252 bool SyscallSets::IsProcessPrivilegeChange(int sysno) {
253   switch (sysno) {
254     case __NR_capset:
255 #if defined(__i386__) || defined(__x86_64__)
256     case __NR_ioperm:  // Intel privilege.
257     case __NR_iopl:    // Intel privilege.
258 #endif
259     case __NR_setfsgid:
260     case __NR_setfsuid:
261     case __NR_setgid:
262     case __NR_setgroups:
263     case __NR_setregid:
264     case __NR_setresgid:
265     case __NR_setresuid:
266     case __NR_setreuid:
267     case __NR_setuid:
268 #if defined(__i386__) || defined(__arm__)
269     case __NR_setfsgid32:
270     case __NR_setfsuid32:
271     case __NR_setgid32:
272     case __NR_setgroups32:
273     case __NR_setregid32:
274     case __NR_setresgid32:
275     case __NR_setresuid32:
276     case __NR_setreuid32:
277     case __NR_setuid32:
278 #endif
279       return true;
280     default:
281       return false;
282   }
283 }
284 
IsProcessGroupOrSession(int sysno)285 bool SyscallSets::IsProcessGroupOrSession(int sysno) {
286   switch (sysno) {
287     case __NR_setpgid:
288 #if !defined(__aarch64__)
289     case __NR_getpgrp:
290 #endif
291     case __NR_setsid:
292     case __NR_getpgid:
293       return true;
294     default:
295       return false;
296   }
297 }
298 
IsAllowedSignalHandling(int sysno)299 bool SyscallSets::IsAllowedSignalHandling(int sysno) {
300   switch (sysno) {
301     case __NR_rt_sigaction:
302     case __NR_rt_sigprocmask:
303     case __NR_rt_sigreturn:
304 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
305     case __NR_sigaction:
306     case __NR_sigprocmask:
307     case __NR_sigreturn:
308 #endif
309       return true;
310     case __NR_rt_sigpending:
311     case __NR_rt_sigqueueinfo:
312     case __NR_rt_sigsuspend:
313     case __NR_rt_sigtimedwait:
314     case __NR_rt_tgsigqueueinfo:
315     case __NR_sigaltstack:
316 #if !defined(__aarch64__)
317     case __NR_signalfd:
318 #endif
319     case __NR_signalfd4:
320 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
321     case __NR_sigpending:
322     case __NR_sigsuspend:
323 #endif
324 #if defined(__i386__) || defined(__mips__)
325     case __NR_signal:
326     case __NR_sgetmask:  // Obsolete.
327     case __NR_ssetmask:
328 #endif
329     default:
330       return false;
331   }
332 }
333 
IsAllowedOperationOnFd(int sysno)334 bool SyscallSets::IsAllowedOperationOnFd(int sysno) {
335   switch (sysno) {
336     case __NR_close:
337     case __NR_dup:
338 #if !defined(__aarch64__)
339     case __NR_dup2:
340 #endif
341     case __NR_dup3:
342 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
343     defined(__aarch64__)
344     case __NR_shutdown:
345 #endif
346       return true;
347     case __NR_fcntl:
348 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
349     case __NR_fcntl64:
350 #endif
351     default:
352       return false;
353   }
354 }
355 
IsKernelInternalApi(int sysno)356 bool SyscallSets::IsKernelInternalApi(int sysno) {
357   switch (sysno) {
358     case __NR_restart_syscall:
359 #if defined(__arm__)
360     case __ARM_NR_cmpxchg:
361 #endif
362       return true;
363     default:
364       return false;
365   }
366 }
367 
368 // This should be thought through in conjunction with IsFutex().
IsAllowedProcessStartOrDeath(int sysno)369 bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
370   switch (sysno) {
371     case __NR_exit:
372     case __NR_exit_group:
373     case __NR_wait4:
374     case __NR_waitid:
375 #if defined(__i386__)
376     case __NR_waitpid:
377 #endif
378       return true;
379     case __NR_clone:  // Should be parameter-restricted.
380     case __NR_setns:  // Privileged.
381 #if !defined(__aarch64__)
382     case __NR_fork:
383 #endif
384 #if defined(__i386__) || defined(__x86_64__)
385     case __NR_get_thread_area:
386 #endif
387 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
388     case __NR_set_thread_area:
389 #endif
390     case __NR_set_tid_address:
391     case __NR_unshare:
392 #if !defined(__mips__) && !defined(__aarch64__)
393     case __NR_vfork:
394 #endif
395     default:
396       return false;
397   }
398 }
399 
400 // It's difficult to restrict those, but there is attack surface here.
IsAllowedFutex(int sysno)401 bool SyscallSets::IsAllowedFutex(int sysno) {
402   switch (sysno) {
403     case __NR_get_robust_list:
404     case __NR_set_robust_list:
405     case __NR_futex:
406     default:
407       return false;
408   }
409 }
410 
IsAllowedEpoll(int sysno)411 bool SyscallSets::IsAllowedEpoll(int sysno) {
412   switch (sysno) {
413 #if !defined(__aarch64__)
414     case __NR_epoll_create:
415     case __NR_epoll_wait:
416 #endif
417     case __NR_epoll_create1:
418     case __NR_epoll_ctl:
419       return true;
420     default:
421 #if defined(__x86_64__)
422     case __NR_epoll_ctl_old:
423 #endif
424     case __NR_epoll_pwait:
425 #if defined(__x86_64__)
426     case __NR_epoll_wait_old:
427 #endif
428       return false;
429   }
430 }
431 
IsAllowedGetOrModifySocket(int sysno)432 bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
433   switch (sysno) {
434 #if !defined(__aarch64__)
435     case __NR_pipe:
436 #endif
437     case __NR_pipe2:
438       return true;
439     default:
440 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
441     defined(__aarch64__)
442     case __NR_socketpair:  // We will want to inspect its argument.
443 #endif
444       return false;
445   }
446 }
447 
IsDeniedGetOrModifySocket(int sysno)448 bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
449   switch (sysno) {
450 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
451     defined(__aarch64__)
452     case __NR_accept:
453     case __NR_accept4:
454     case __NR_bind:
455     case __NR_connect:
456     case __NR_socket:
457     case __NR_listen:
458       return true;
459 #endif
460     default:
461       return false;
462   }
463 }
464 
465 #if defined(__i386__) || defined(__mips__)
466 // Big multiplexing system call for sockets.
IsSocketCall(int sysno)467 bool SyscallSets::IsSocketCall(int sysno) {
468   switch (sysno) {
469     case __NR_socketcall:
470       return true;
471     default:
472       return false;
473   }
474 }
475 #endif
476 
477 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
IsNetworkSocketInformation(int sysno)478 bool SyscallSets::IsNetworkSocketInformation(int sysno) {
479   switch (sysno) {
480     case __NR_getpeername:
481     case __NR_getsockname:
482     case __NR_getsockopt:
483     case __NR_setsockopt:
484       return true;
485     default:
486       return false;
487   }
488 }
489 #endif
490 
IsAllowedAddressSpaceAccess(int sysno)491 bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
492   switch (sysno) {
493     case __NR_brk:
494     case __NR_mlock:
495     case __NR_munlock:
496     case __NR_munmap:
497       return true;
498     case __NR_madvise:
499     case __NR_mincore:
500     case __NR_mlockall:
501 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
502     defined(__aarch64__)
503     case __NR_mmap:
504 #endif
505 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
506     case __NR_mmap2:
507 #endif
508 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
509     case __NR_modify_ldt:
510 #endif
511     case __NR_mprotect:
512     case __NR_mremap:
513     case __NR_msync:
514     case __NR_munlockall:
515     case __NR_readahead:
516     case __NR_remap_file_pages:
517 #if defined(__i386__)
518     case __NR_vm86:
519     case __NR_vm86old:
520 #endif
521     default:
522       return false;
523   }
524 }
525 
IsAllowedGeneralIo(int sysno)526 bool SyscallSets::IsAllowedGeneralIo(int sysno) {
527   switch (sysno) {
528     case __NR_lseek:
529 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
530     case __NR__llseek:
531 #endif
532 #if !defined(__aarch64__)
533     case __NR_poll:
534 #endif
535     case __NR_ppoll:
536     case __NR_pselect6:
537     case __NR_read:
538     case __NR_readv:
539 #if defined(__arm__) || defined(__mips__)
540     case __NR_recv:
541 #endif
542 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
543     defined(__aarch64__)
544     case __NR_recvfrom:  // Could specify source.
545     case __NR_recvmsg:   // Could specify source.
546 #endif
547 #if defined(__i386__) || defined(__x86_64__)
548     case __NR_select:
549 #endif
550 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
551     case __NR__newselect:
552 #endif
553 #if defined(__arm__)
554     case __NR_send:
555 #endif
556 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
557     defined(__aarch64__)
558     case __NR_sendmsg:  // Could specify destination.
559     case __NR_sendto:   // Could specify destination.
560 #endif
561     case __NR_write:
562     case __NR_writev:
563       return true;
564     case __NR_ioctl:  // Can be very powerful.
565     case __NR_pread64:
566     case __NR_preadv:
567     case __NR_pwrite64:
568     case __NR_pwritev:
569     case __NR_recvmmsg:  // Could specify source.
570     case __NR_sendfile:
571 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
572     case __NR_sendfile64:
573 #endif
574     case __NR_sendmmsg:  // Could specify destination.
575     case __NR_splice:
576     case __NR_tee:
577     case __NR_vmsplice:
578     default:
579       return false;
580   }
581 }
582 
IsPrctl(int sysno)583 bool SyscallSets::IsPrctl(int sysno) {
584   switch (sysno) {
585 #if defined(__x86_64__)
586     case __NR_arch_prctl:
587 #endif
588     case __NR_prctl:
589       return true;
590     default:
591       return false;
592   }
593 }
594 
IsSeccomp(int sysno)595 bool SyscallSets::IsSeccomp(int sysno) {
596   switch (sysno) {
597     case __NR_seccomp:
598       return true;
599     default:
600       return false;
601   }
602 }
603 
IsAllowedBasicScheduler(int sysno)604 bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
605   switch (sysno) {
606     case __NR_sched_yield:
607 #if !defined(__aarch64__)
608     case __NR_pause:
609 #endif
610     case __NR_nanosleep:
611       return true;
612     case __NR_getpriority:
613 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
614     case __NR_nice:
615 #endif
616     case __NR_setpriority:
617     default:
618       return false;
619   }
620 }
621 
IsAdminOperation(int sysno)622 bool SyscallSets::IsAdminOperation(int sysno) {
623   switch (sysno) {
624 #if defined(__i386__) || defined(__arm__) || defined(__mips__)
625     case __NR_bdflush:
626 #endif
627     case __NR_kexec_load:
628     case __NR_reboot:
629     case __NR_setdomainname:
630     case __NR_sethostname:
631     case __NR_syslog:
632       return true;
633     default:
634       return false;
635   }
636 }
637 
IsKernelModule(int sysno)638 bool SyscallSets::IsKernelModule(int sysno) {
639   switch (sysno) {
640 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
641     case __NR_create_module:
642     case __NR_get_kernel_syms:  // Should ENOSYS.
643     case __NR_query_module:
644 #endif
645     case __NR_delete_module:
646     case __NR_init_module:
647     case __NR_finit_module:
648       return true;
649     default:
650       return false;
651   }
652 }
653 
IsGlobalFSViewChange(int sysno)654 bool SyscallSets::IsGlobalFSViewChange(int sysno) {
655   switch (sysno) {
656     case __NR_pivot_root:
657     case __NR_chroot:
658     case __NR_sync:
659       return true;
660     default:
661       return false;
662   }
663 }
664 
IsFsControl(int sysno)665 bool SyscallSets::IsFsControl(int sysno) {
666   switch (sysno) {
667     case __NR_mount:
668     case __NR_nfsservctl:
669     case __NR_quotactl:
670     case __NR_swapoff:
671     case __NR_swapon:
672 #if defined(__i386__) || defined(__mips__)
673     case __NR_umount:
674 #endif
675     case __NR_umount2:
676       return true;
677     default:
678       return false;
679   }
680 }
681 
IsNuma(int sysno)682 bool SyscallSets::IsNuma(int sysno) {
683   switch (sysno) {
684     case __NR_get_mempolicy:
685     case __NR_getcpu:
686     case __NR_mbind:
687 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
688     defined(__aarch64__)
689     case __NR_migrate_pages:
690 #endif
691     case __NR_move_pages:
692     case __NR_set_mempolicy:
693       return true;
694     default:
695       return false;
696   }
697 }
698 
IsMessageQueue(int sysno)699 bool SyscallSets::IsMessageQueue(int sysno) {
700   switch (sysno) {
701     case __NR_mq_getsetattr:
702     case __NR_mq_notify:
703     case __NR_mq_open:
704     case __NR_mq_timedreceive:
705     case __NR_mq_timedsend:
706     case __NR_mq_unlink:
707       return true;
708     default:
709       return false;
710   }
711 }
712 
IsGlobalProcessEnvironment(int sysno)713 bool SyscallSets::IsGlobalProcessEnvironment(int sysno) {
714   switch (sysno) {
715     case __NR_acct:  // Privileged.
716 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
717     defined(__aarch64__)
718     case __NR_getrlimit:
719 #endif
720 #if defined(__i386__) || defined(__arm__)
721     case __NR_ugetrlimit:
722 #endif
723 #if defined(__i386__) || defined(__mips__)
724     case __NR_ulimit:
725 #endif
726     case __NR_getrusage:
727     case __NR_personality:  // Can change its personality as well.
728     case __NR_prlimit64:    // Like setrlimit / getrlimit.
729     case __NR_setrlimit:
730     case __NR_times:
731       return true;
732     default:
733       return false;
734   }
735 }
736 
IsDebug(int sysno)737 bool SyscallSets::IsDebug(int sysno) {
738   switch (sysno) {
739     case __NR_ptrace:
740     case __NR_process_vm_readv:
741     case __NR_process_vm_writev:
742     case __NR_kcmp:
743       return true;
744     default:
745       return false;
746   }
747 }
748 
IsGlobalSystemStatus(int sysno)749 bool SyscallSets::IsGlobalSystemStatus(int sysno) {
750   switch (sysno) {
751 #if !defined(__aarch64__)
752     case __NR__sysctl:
753     case __NR_sysfs:
754 #endif
755     case __NR_sysinfo:
756     case __NR_uname:
757 #if defined(__i386__)
758     case __NR_olduname:
759     case __NR_oldolduname:
760 #endif
761       return true;
762     default:
763       return false;
764   }
765 }
766 
IsEventFd(int sysno)767 bool SyscallSets::IsEventFd(int sysno) {
768   switch (sysno) {
769 #if !defined(__aarch64__)
770     case __NR_eventfd:
771 #endif
772     case __NR_eventfd2:
773       return true;
774     default:
775       return false;
776   }
777 }
778 
779 // Asynchronous I/O API.
IsAsyncIo(int sysno)780 bool SyscallSets::IsAsyncIo(int sysno) {
781   switch (sysno) {
782     case __NR_io_cancel:
783     case __NR_io_destroy:
784     case __NR_io_getevents:
785     case __NR_io_setup:
786     case __NR_io_submit:
787       return true;
788     default:
789       return false;
790   }
791 }
792 
IsKeyManagement(int sysno)793 bool SyscallSets::IsKeyManagement(int sysno) {
794   switch (sysno) {
795     case __NR_add_key:
796     case __NR_keyctl:
797     case __NR_request_key:
798       return true;
799     default:
800       return false;
801   }
802 }
803 
804 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
IsSystemVSemaphores(int sysno)805 bool SyscallSets::IsSystemVSemaphores(int sysno) {
806   switch (sysno) {
807     case __NR_semctl:
808     case __NR_semget:
809     case __NR_semop:
810     case __NR_semtimedop:
811       return true;
812     default:
813       return false;
814   }
815 }
816 #endif
817 
818 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
819 // These give a lot of ambient authority and bypass the setuid sandbox.
IsSystemVSharedMemory(int sysno)820 bool SyscallSets::IsSystemVSharedMemory(int sysno) {
821   switch (sysno) {
822     case __NR_shmat:
823     case __NR_shmctl:
824     case __NR_shmdt:
825     case __NR_shmget:
826       return true;
827     default:
828       return false;
829   }
830 }
831 #endif
832 
833 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
IsSystemVMessageQueue(int sysno)834 bool SyscallSets::IsSystemVMessageQueue(int sysno) {
835   switch (sysno) {
836     case __NR_msgctl:
837     case __NR_msgget:
838     case __NR_msgrcv:
839     case __NR_msgsnd:
840       return true;
841     default:
842       return false;
843   }
844 }
845 #endif
846 
847 #if defined(__i386__) || defined(__mips__)
848 // Big system V multiplexing system call.
IsSystemVIpc(int sysno)849 bool SyscallSets::IsSystemVIpc(int sysno) {
850   switch (sysno) {
851     case __NR_ipc:
852       return true;
853     default:
854       return false;
855   }
856 }
857 #endif
858 
IsAnySystemV(int sysno)859 bool SyscallSets::IsAnySystemV(int sysno) {
860 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
861   return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
862          IsSystemVSharedMemory(sysno);
863 #elif defined(__i386__) || defined(__mips__)
864   return IsSystemVIpc(sysno);
865 #endif
866 }
867 
IsAdvancedScheduler(int sysno)868 bool SyscallSets::IsAdvancedScheduler(int sysno) {
869   switch (sysno) {
870     case __NR_ioprio_get:  // IO scheduler.
871     case __NR_ioprio_set:
872     case __NR_sched_get_priority_max:
873     case __NR_sched_get_priority_min:
874     case __NR_sched_getaffinity:
875     case __NR_sched_getattr:
876     case __NR_sched_getparam:
877     case __NR_sched_getscheduler:
878     case __NR_sched_rr_get_interval:
879     case __NR_sched_setaffinity:
880     case __NR_sched_setattr:
881     case __NR_sched_setparam:
882     case __NR_sched_setscheduler:
883       return true;
884     default:
885       return false;
886   }
887 }
888 
IsInotify(int sysno)889 bool SyscallSets::IsInotify(int sysno) {
890   switch (sysno) {
891     case __NR_inotify_add_watch:
892 #if !defined(__aarch64__)
893     case __NR_inotify_init:
894 #endif
895     case __NR_inotify_init1:
896     case __NR_inotify_rm_watch:
897       return true;
898     default:
899       return false;
900   }
901 }
902 
IsFaNotify(int sysno)903 bool SyscallSets::IsFaNotify(int sysno) {
904   switch (sysno) {
905     case __NR_fanotify_init:
906     case __NR_fanotify_mark:
907       return true;
908     default:
909       return false;
910   }
911 }
912 
IsTimer(int sysno)913 bool SyscallSets::IsTimer(int sysno) {
914   switch (sysno) {
915     case __NR_getitimer:
916 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
917     case __NR_alarm:
918 #endif
919     case __NR_setitimer:
920       return true;
921     default:
922       return false;
923   }
924 }
925 
IsAdvancedTimer(int sysno)926 bool SyscallSets::IsAdvancedTimer(int sysno) {
927   switch (sysno) {
928     case __NR_timer_create:
929     case __NR_timer_delete:
930     case __NR_timer_getoverrun:
931     case __NR_timer_gettime:
932     case __NR_timer_settime:
933     case __NR_timerfd_create:
934     case __NR_timerfd_gettime:
935     case __NR_timerfd_settime:
936       return true;
937     default:
938       return false;
939   }
940 }
941 
IsExtendedAttributes(int sysno)942 bool SyscallSets::IsExtendedAttributes(int sysno) {
943   switch (sysno) {
944     case __NR_fgetxattr:
945     case __NR_flistxattr:
946     case __NR_fremovexattr:
947     case __NR_fsetxattr:
948     case __NR_getxattr:
949     case __NR_lgetxattr:
950     case __NR_listxattr:
951     case __NR_llistxattr:
952     case __NR_lremovexattr:
953     case __NR_lsetxattr:
954     case __NR_removexattr:
955     case __NR_setxattr:
956       return true;
957     default:
958       return false;
959   }
960 }
961 
962 // Various system calls that need to be researched.
963 // TODO(jln): classify this better.
IsMisc(int sysno)964 bool SyscallSets::IsMisc(int sysno) {
965   switch (sysno) {
966 #if !defined(__mips__)
967     case __NR_getrandom:
968 #endif
969     case __NR_name_to_handle_at:
970     case __NR_open_by_handle_at:
971     case __NR_perf_event_open:
972     case __NR_syncfs:
973     case __NR_vhangup:
974 // The system calls below are not implemented.
975 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
976     case __NR_afs_syscall:
977 #endif
978 #if defined(__i386__) || defined(__mips__)
979     case __NR_break:
980 #endif
981 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
982     case __NR_getpmsg:
983 #endif
984 #if defined(__i386__) || defined(__mips__)
985     case __NR_gtty:
986     case __NR_idle:
987     case __NR_lock:
988     case __NR_mpx:
989     case __NR_prof:
990     case __NR_profil:
991 #endif
992 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
993     case __NR_putpmsg:
994 #endif
995 #if defined(__x86_64__)
996     case __NR_security:
997 #endif
998 #if defined(__i386__) || defined(__mips__)
999     case __NR_stty:
1000 #endif
1001 #if defined(__x86_64__)
1002     case __NR_tuxcall:
1003 #endif
1004 #if !defined(__aarch64__)
1005     case __NR_vserver:
1006 #endif
1007       return true;
1008     default:
1009       return false;
1010   }
1011 }
1012 
1013 #if defined(__arm__)
IsArmPciConfig(int sysno)1014 bool SyscallSets::IsArmPciConfig(int sysno) {
1015   switch (sysno) {
1016     case __NR_pciconfig_iobase:
1017     case __NR_pciconfig_read:
1018     case __NR_pciconfig_write:
1019       return true;
1020     default:
1021       return false;
1022   }
1023 }
1024 
IsArmPrivate(int sysno)1025 bool SyscallSets::IsArmPrivate(int sysno) {
1026   switch (sysno) {
1027     case __ARM_NR_breakpoint:
1028     case __ARM_NR_cacheflush:
1029     case __ARM_NR_set_tls:
1030     case __ARM_NR_usr26:
1031     case __ARM_NR_usr32:
1032       return true;
1033     default:
1034       return false;
1035   }
1036 }
1037 #endif  // defined(__arm__)
1038 
1039 #if defined(__mips__)
IsMipsPrivate(int sysno)1040 bool SyscallSets::IsMipsPrivate(int sysno) {
1041   switch (sysno) {
1042     case __NR_cacheflush:
1043     case __NR_cachectl:
1044       return true;
1045     default:
1046       return false;
1047   }
1048 }
1049 
IsMipsMisc(int sysno)1050 bool SyscallSets::IsMipsMisc(int sysno) {
1051   switch (sysno) {
1052     case __NR_sysmips:
1053     case __NR_unused150:
1054       return true;
1055     default:
1056       return false;
1057   }
1058 }
1059 #endif  // defined(__mips__)
1060 }  // namespace sandbox.
1061