1f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// Use of this source code is governed by a BSD-style license that can be 3f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// found in the LICENSE file. 4f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 5f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 6f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 7f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 8f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "base/macros.h" 9f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "build/build_config.h" 10f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#include "sandbox/sandbox_export.h" 11f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 12f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// These are helpers to build seccomp-bpf policies, i.e. policies for a 13f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// sandbox that reduces the Linux kernel's attack surface. Given their 14f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// nature, they don't have any clear semantics and are completely 15f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko// "implementation-defined". 16f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 17f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkonamespace sandbox { 18f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 19f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenkoclass SANDBOX_EXPORT SyscallSets { 20f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko public: 21f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsKill(int sysno); 22f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedGettime(int sysno); 23f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsCurrentDirectory(int sysno); 24f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsUmask(int sysno); 25f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // System calls that directly access the file system. They might acquire 26f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // a new file descriptor or otherwise perform an operation directly 27f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // via a path. 28f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsFileSystem(int sysno); 29f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedFileSystemAccessViaFd(int sysno); 30f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsDeniedFileSystemAccessViaFd(int sysno); 31f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsGetSimpleId(int sysno); 32f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsProcessPrivilegeChange(int sysno); 33f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsProcessGroupOrSession(int sysno); 34f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedSignalHandling(int sysno); 35f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedOperationOnFd(int sysno); 36f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsKernelInternalApi(int sysno); 37f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // This should be thought through in conjunction with IsFutex(). 38f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedProcessStartOrDeath(int sysno); 39f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // It's difficult to restrict those, but there is attack surface here. 40f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedFutex(int sysno); 41f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedEpoll(int sysno); 42f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedGetOrModifySocket(int sysno); 43f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsDeniedGetOrModifySocket(int sysno); 44f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 45f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__i386__) || defined(__mips__) 46f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // Big multiplexing system call for sockets. 47f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSocketCall(int sysno); 48f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 49f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 50f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ 51f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko defined(__aarch64__) 52f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsNetworkSocketInformation(int sysno); 53f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 54f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 55f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedAddressSpaceAccess(int sysno); 56f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedGeneralIo(int sysno); 57f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsPrctl(int sysno); 58f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSeccomp(int sysno); 59f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAllowedBasicScheduler(int sysno); 60f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAdminOperation(int sysno); 61f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsKernelModule(int sysno); 62f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsGlobalFSViewChange(int sysno); 63f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsFsControl(int sysno); 64f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsNuma(int sysno); 65f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsMessageQueue(int sysno); 66f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsGlobalProcessEnvironment(int sysno); 67f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsDebug(int sysno); 68f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsGlobalSystemStatus(int sysno); 69f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsEventFd(int sysno); 70f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // Asynchronous I/O API. 71f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAsyncIo(int sysno); 72f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsKeyManagement(int sysno); 73f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 74f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSystemVSemaphores(int sysno); 75f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 76f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 77f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // These give a lot of ambient authority and bypass the setuid sandbox. 78f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSystemVSharedMemory(int sysno); 79f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 80f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 81f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) 82f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSystemVMessageQueue(int sysno); 83f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 84f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 85f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__i386__) || defined(__mips__) 86f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko // Big system V multiplexing system call. 87f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsSystemVIpc(int sysno); 88f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif 89f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 90f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAnySystemV(int sysno); 91f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAdvancedScheduler(int sysno); 92f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsInotify(int sysno); 93f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsFaNotify(int sysno); 94f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsTimer(int sysno); 95f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsAdvancedTimer(int sysno); 96f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsExtendedAttributes(int sysno); 97f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsMisc(int sysno); 98f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__arm__) 99f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsArmPciConfig(int sysno); 100f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsArmPrivate(int sysno); 101f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif // defined(__arm__) 102f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#if defined(__mips__) 103f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsMipsPrivate(int sysno); 104f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko static bool IsMipsMisc(int sysno); 105f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif // defined(__mips__) 106f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko private: 107f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); 108f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko}; 109f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 110f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko} // namespace sandbox. 111f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko 112f6024733c0d1eed88f68520b5e6a20b96e212ad6Alex Vakulenko#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ 113