commit a4a56a31a4ce3e83545952a19e05c8f76025ce9d
author Tom Sepez <tsepez@chromium.org> Thu Nov 30 23:07:04 2017
committer Commit Bot <commit-bot@chromium.org> Thu Nov 30 23:07:04 2017
tree 820f6bfdedabf44b1271b9836b24297f4f2d18ea
parent 7ab5ae6f0c681fa992ea861f2c7fce43b240df34

Trap stat and rename syscalls in the network service

This forces stat (and variants like stat64) and rename to execute in
the broker process rather than in the network service itself.

Bug: 715679
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Ie58d695bcf6c2fb5b2940a88571219645b3b2e56
Reviewed-on: https://chromium-review.googlesource.com/783882
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#520735}

services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc

diff --git a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc
index 61d78bd..9b368b43 100644
--- a/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_broker_policy_linux.cc
@@ -18,17 +18,36 @@
 
 ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
-#if !defined(__aarch64__)
+#if defined(__NR_access)
     case __NR_access:
+#endif
+#if defined(__NR_open)
     case __NR_open:
-#endif  // !defined(__aarch64__)
+#endif
+#if defined(__NR_faccessat)
     case __NR_faccessat:
+#endif
+#if defined(__NR_openat)
     case __NR_openat:
-#if !defined(OS_CHROMEOS) && !defined(__aarch64__)
-    // The broker process needs to able to unlink the temporary
-    // files that it may create.
+#endif
+#if defined(__NR_unlink)
     case __NR_unlink:
 #endif
+#if defined(__NR_rename)
+    case __NR_rename:
+#endif
+#if defined(__NR_stat)
+    case __NR_stat:
+#endif
+#if defined(__NR_stat64)
+    case __NR_stat64:
+#endif
+#if defined(__NR_fstatat)
+    case __NR_fstatat:
+#endif
+#if defined(__NR_newfstatat)
+    case __NR_newfstatat:
+#endif
       return Allow();
     default:
       return BPFBasePolicy::EvaluateSyscall(sysno);

services/service_manager/sandbox/linux/bpf_network_policy_linux.cc

diff --git a/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc
index 6882418..ef1d5983 100644
--- a/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_network_policy_linux.cc
@@ -35,15 +35,35 @@
 
 ResultExpr NetworkProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
-#if !defined(__aarch64__)
+#if defined(__NR_access)
     case __NR_access:
+#endif
+#if defined(__NR_open)
     case __NR_open:
-#endif  // !defined(__aarch64__)
+#endif
+#if defined(__NR_faccessat)
     case __NR_faccessat:
-    case __NR_openat: {
-      auto* broker_process = SandboxLinux::GetInstance()->broker_process();
-      return Trap(BrokerProcess::SIGSYS_Handler, broker_process);
-    }
+#endif
+#if defined(__NR_openat)
+    case __NR_openat:
+#endif
+#if defined(__NR_stat)
+    case __NR_stat:
+#endif
+#if defined(__NR_stat64)
+    case __NR_stat64:
+#endif
+#if defined(__NR_fstatat)
+    case __NR_fstatat:
+#endif
+#if defined(__NR_newfstatat)
+    case __NR_newfstatat:
+#endif
+#if defined(__NR_rename)
+    case __NR_rename:
+#endif
+      return Trap(BrokerProcess::SIGSYS_Handler,
+                  SandboxLinux::GetInstance()->broker_process());
     default:
       // TODO(tsepez): FIX this.
       return Allow();