services/service_manager/sandbox/linux/bpf_base_policy_linux.cc - chromium/src - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"

 #include <errno.h>

 #include "base/logging.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"

 using sandbox::bpf_dsl::Allow;
 using sandbox::bpf_dsl::ResultExpr;

 namespace service_manager {

 namespace {

 // The errno used for denied file system access system calls, such as open(2).
 static const int kFSDeniedErrno = EPERM;

 }  // namespace.

 BPFBasePolicy::BPFBasePolicy()
     : baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}
 BPFBasePolicy::~BPFBasePolicy() {}

 ResultExpr BPFBasePolicy::EvaluateSyscall(int system_call_number) const {
   DCHECK(baseline_policy_);

   // set_robust_list(2) is part of the futex(2) infrastructure.
   // Chrome on Linux/Chrome OS will call set_robust_list(2) frequently.
   // The baseline policy will EPERM set_robust_list(2), but on systems with
   // SECCOMP logs enabled in auditd this will cause a ton of logspam.
   // If we're not blocking the entire futex(2) infrastructure, we should allow
   // set_robust_list(2) and quiet the logspam.
   if (system_call_number == __NR_set_robust_list) {
     return Allow();
   }

   return baseline_policy_->EvaluateSyscall(system_call_number);
 }

 ResultExpr BPFBasePolicy::InvalidSyscall() const {
   DCHECK(baseline_policy_);
   return baseline_policy_->InvalidSyscall();
 }

 int BPFBasePolicy::GetFSDeniedErrno() {
   return kFSDeniedErrno;
 }

 }  // namespace service_manager.
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "services/service_manager/sandbox/linux/bpf_base_policy_linux.h"

	#include <errno.h>

	#include "base/logging.h"
	#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
	#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
	#include "sandbox/linux/system_headers/linux_syscalls.h"

	using sandbox::bpf_dsl::Allow;
	using sandbox::bpf_dsl::ResultExpr;

	namespace service_manager {

	namespace {

	// The errno used for denied file system access system calls, such as open(2).
	static const int kFSDeniedErrno = EPERM;

	} // namespace.

	BPFBasePolicy::BPFBasePolicy()
	: baseline_policy_(new sandbox::BaselinePolicy(kFSDeniedErrno)) {}
	BPFBasePolicy::~BPFBasePolicy() {}

	ResultExpr BPFBasePolicy::EvaluateSyscall(int system_call_number) const {
	DCHECK(baseline_policy_);

	// set_robust_list(2) is part of the futex(2) infrastructure.
	// Chrome on Linux/Chrome OS will call set_robust_list(2) frequently.
	// The baseline policy will EPERM set_robust_list(2), but on systems with
	// SECCOMP logs enabled in auditd this will cause a ton of logspam.
	// If we're not blocking the entire futex(2) infrastructure, we should allow
	// set_robust_list(2) and quiet the logspam.
	if (system_call_number == __NR_set_robust_list) {
	return Allow();
	}

	return baseline_policy_->EvaluateSyscall(system_call_number);
	}

	ResultExpr BPFBasePolicy::InvalidSyscall() const {
	DCHECK(baseline_policy_);
	return baseline_policy_->InvalidSyscall();
	}

	int BPFBasePolicy::GetFSDeniedErrno() {
	return kFSDeniedErrno;
	}

	} // namespace service_manager.