sandbox/linux/seccomp-bpf-helpers/syscall_sets.h - chromium/src - Git at Google

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

 #include "base/macros.h"
 #include "build/build_config.h"
 #include "sandbox/sandbox_export.h"

 // These are helpers to build seccomp-bpf policies, i.e. policies for a
 // sandbox that reduces the Linux kernel's attack surface. Given their
 // nature, they don't have any clear semantics and are completely
 // "implementation-defined".

 namespace sandbox {

 class SANDBOX_EXPORT SyscallSets {
  public:
   static bool IsKill(int sysno);
   static bool IsAllowedGettime(int sysno);
   static bool IsCurrentDirectory(int sysno);
   static bool IsUmask(int sysno);
   // System calls that directly access the file system. They might acquire
   // a new file descriptor or otherwise perform an operation directly
   // via a path.
   static bool IsFileSystem(int sysno);
   static bool IsAllowedFileSystemAccessViaFd(int sysno);
   static bool IsDeniedFileSystemAccessViaFd(int sysno);
   static bool IsGetSimpleId(int sysno);
   static bool IsProcessPrivilegeChange(int sysno);
   static bool IsProcessGroupOrSession(int sysno);
   static bool IsAllowedSignalHandling(int sysno);
   static bool IsAllowedOperationOnFd(int sysno);
   static bool IsKernelInternalApi(int sysno);
   // This should be thought through in conjunction with IsFutex().
   static bool IsAllowedProcessStartOrDeath(int sysno);
   // It's difficult to restrict those, but there is attack surface here.
   static bool IsAllowedFutex(int sysno);
   static bool IsAllowedEpoll(int sysno);
   static bool IsAllowedGetOrModifySocket(int sysno);
   static bool IsDeniedGetOrModifySocket(int sysno);

 #if defined(__i386__) || \
     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
   // Big multiplexing system call for sockets.
   static bool IsSocketCall(int sysno);
 #endif

 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
     defined(__aarch64__)
   static bool IsNetworkSocketInformation(int sysno);
 #endif

   static bool IsAllowedAddressSpaceAccess(int sysno);
   static bool IsAllowedGeneralIo(int sysno);
   static bool IsPrctl(int sysno);
   static bool IsSeccomp(int sysno);
   static bool IsAllowedBasicScheduler(int sysno);
   static bool IsAdminOperation(int sysno);
   static bool IsKernelModule(int sysno);
   static bool IsGlobalFSViewChange(int sysno);
   static bool IsFsControl(int sysno);
   static bool IsNuma(int sysno);
   static bool IsMessageQueue(int sysno);
   static bool IsGlobalProcessEnvironment(int sysno);
   static bool IsDebug(int sysno);
   static bool IsGlobalSystemStatus(int sysno);
   static bool IsEventFd(int sysno);
   // Asynchronous I/O API.
   static bool IsAsyncIo(int sysno);
   static bool IsKeyManagement(int sysno);
 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
   static bool IsSystemVSemaphores(int sysno);
 #endif
 #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \
     defined(__aarch64__) ||                                         \
     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
   // These give a lot of ambient authority and bypass the setuid sandbox.
   static bool IsSystemVSharedMemory(int sysno);
 #endif

 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
   static bool IsSystemVMessageQueue(int sysno);
 #endif

 #if defined(__i386__) || \
     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
   // Big system V multiplexing system call.
   static bool IsSystemVIpc(int sysno);
 #endif

   static bool IsAnySystemV(int sysno);
   static bool IsAdvancedScheduler(int sysno);
   static bool IsInotify(int sysno);
   static bool IsFaNotify(int sysno);
   static bool IsTimer(int sysno);
   static bool IsAdvancedTimer(int sysno);
   static bool IsExtendedAttributes(int sysno);
   static bool IsMisc(int sysno);
 #if defined(__arm__)
   static bool IsArmPciConfig(int sysno);
   static bool IsArmPrivate(int sysno);
 #endif  // defined(__arm__)
 #if defined(__mips__)
   static bool IsMipsPrivate(int sysno);
   static bool IsMipsMisc(int sysno);
 #endif  // defined(__mips__)
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);
 };

 }  // namespace sandbox.

 #endif  // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
	// Copyright (c) 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
	#define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_

	#include "base/macros.h"
	#include "build/build_config.h"
	#include "sandbox/sandbox_export.h"

	// These are helpers to build seccomp-bpf policies, i.e. policies for a
	// sandbox that reduces the Linux kernel's attack surface. Given their
	// nature, they don't have any clear semantics and are completely
	// "implementation-defined".

	namespace sandbox {

	class SANDBOX_EXPORT SyscallSets {
	public:
	static bool IsKill(int sysno);
	static bool IsAllowedGettime(int sysno);
	static bool IsCurrentDirectory(int sysno);
	static bool IsUmask(int sysno);
	// System calls that directly access the file system. They might acquire
	// a new file descriptor or otherwise perform an operation directly
	// via a path.
	static bool IsFileSystem(int sysno);
	static bool IsAllowedFileSystemAccessViaFd(int sysno);
	static bool IsDeniedFileSystemAccessViaFd(int sysno);
	static bool IsGetSimpleId(int sysno);
	static bool IsProcessPrivilegeChange(int sysno);
	static bool IsProcessGroupOrSession(int sysno);
	static bool IsAllowedSignalHandling(int sysno);
	static bool IsAllowedOperationOnFd(int sysno);
	static bool IsKernelInternalApi(int sysno);
	// This should be thought through in conjunction with IsFutex().
	static bool IsAllowedProcessStartOrDeath(int sysno);
	// It's difficult to restrict those, but there is attack surface here.
	static bool IsAllowedFutex(int sysno);
	static bool IsAllowedEpoll(int sysno);
	static bool IsAllowedGetOrModifySocket(int sysno);
	static bool IsDeniedGetOrModifySocket(int sysno);

	#if defined(__i386__) \|\| \
	(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
	// Big multiplexing system call for sockets.
	static bool IsSocketCall(int sysno);
	#endif

	#if defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__mips__) \|\| \
	defined(__aarch64__)
	static bool IsNetworkSocketInformation(int sysno);
	#endif

	static bool IsAllowedAddressSpaceAccess(int sysno);
	static bool IsAllowedGeneralIo(int sysno);
	static bool IsPrctl(int sysno);
	static bool IsSeccomp(int sysno);
	static bool IsAllowedBasicScheduler(int sysno);
	static bool IsAdminOperation(int sysno);
	static bool IsKernelModule(int sysno);
	static bool IsGlobalFSViewChange(int sysno);
	static bool IsFsControl(int sysno);
	static bool IsNuma(int sysno);
	static bool IsMessageQueue(int sysno);
	static bool IsGlobalProcessEnvironment(int sysno);
	static bool IsDebug(int sysno);
	static bool IsGlobalSystemStatus(int sysno);
	static bool IsEventFd(int sysno);
	// Asynchronous I/O API.
	static bool IsAsyncIo(int sysno);
	static bool IsKeyManagement(int sysno);
	#if defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__aarch64__) \|\| \
	(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
	static bool IsSystemVSemaphores(int sysno);
	#endif
	#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__arm__) \|\| \
	defined(__aarch64__) \|\| \
	(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
	// These give a lot of ambient authority and bypass the setuid sandbox.
	static bool IsSystemVSharedMemory(int sysno);
	#endif

	#if defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__aarch64__) \|\| \
	(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_64_BITS))
	static bool IsSystemVMessageQueue(int sysno);
	#endif

	#if defined(__i386__) \|\| \
	(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
	// Big system V multiplexing system call.
	static bool IsSystemVIpc(int sysno);
	#endif

	static bool IsAnySystemV(int sysno);
	static bool IsAdvancedScheduler(int sysno);
	static bool IsInotify(int sysno);
	static bool IsFaNotify(int sysno);
	static bool IsTimer(int sysno);
	static bool IsAdvancedTimer(int sysno);
	static bool IsExtendedAttributes(int sysno);
	static bool IsMisc(int sysno);
	#if defined(__arm__)
	static bool IsArmPciConfig(int sysno);
	static bool IsArmPrivate(int sysno);
	#endif // defined(__arm__)
	#if defined(__mips__)
	static bool IsMipsPrivate(int sysno);
	static bool IsMipsMisc(int sysno);
	#endif // defined(__mips__)
	private:
	DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);
	};

	} // namespace sandbox.

	#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_