| From 8f4ed11353e6377a1aa22c3ed34a993e5268cafd Mon Sep 17 00:00:00 2001 |
| From: Guenter Roeck <groeck@chromium.org> |
| Date: Thu, 20 Sep 2018 14:54:52 -0700 |
| Subject: [PATCH] CHROMIUM: create alt-syscall infrastructure |
| |
| This moves the x86 syscall table into thread_info to allow for |
| per-thread syscall tables. Native 32-bit, 64-bit, and 32-bit emulation |
| are handled. The feature is enabled with CONFIG_ALT_SYSCALL. |
| |
| Based on proof-of-concept from Will Drewry. |
| |
| Create infrastructure for changing syscall tables. This adds a new |
| PR_BRILLO prctl, along with the PR_BRILLO_SET_SYSCALL_TABLE command. |
| |
| This is a squash of the following commits: |
| CHROMIUM: x86: implement thread_info-based syscall table |
| CHROMIUM: x86: create alt-syscall infrastructure |
| CHROMIUM: alt-syscall: Always define sys_call_ptr_t |
| CHROMIUM: alt-syscall: Rename PR_BRILLO to PR_ALT_SYSCALL |
| CHROMIUM: x86: alt-syscall: Fix syscall limit check |
| CHROMIUM: security: Support registering syscall tables based on a whitelist |
| CHROMIUM: security: alt-syscall: Add a test syscall whitelist |
| CHROMIUM: alt-syscall: Add Android whitelist |
| CHROMIUM: alt-syscall: Whitelist additional socket calls for Android |
| CHROMIUM: x86: alt-syscall: Fix build warning |
| CHROMIUM: alt-syscall: Whitelist a couple of syscalls needed on x86 |
| CHROMIUM: alt-syscall: Log blocked syscalls |
| CHROMIUM: alt-syscall: Support permissive whitelist |
| CHROMIUM: alt-syscall: Whitelist additional I/O syscalls |
| CHROMIUM: alt-syscall: Add ARM64 support |
| CHROMIUM: alt-syscall: Whitelist more syscalls used by Android |
| CHROMIUM: alt-syscall: Whitelist clock_nanosleep() on x86-32 |
| CHROMIUM: alt-syscall: Whitelist a couple more syscalls for Android |
| CHROMIUM: alt-syscall: Whitelist tkill() for Android |
| CHROMIUM: alt-syscall: Whitelist mmap() and newfstatat() for ARM64 |
| CHROMIUM: alt-syscall: Include asm/syscall.h conditionally |
| CHROMIUM: alt-syscall: Whitelist sched_get_priority_{min,max}() |
| CHROMIUM: export sys_prctl needed by alt-syscall infrastructure |
| |
| BUG=brillo:384 |
| TEST=gizmo build & boot, manual testing |
| |
| Change-Id: I548a36092812af48dfd251e8f616d2092ffcf71b |
| Signed-off-by: Kees Cook <keescook@chromium.org> |
| Reviewed-on: https://chromium-review.googlesource.com/253231 |
| Reviewed-by: Aaron Durbin <adurbin@chromium.org> |
| |
| [rebase44(filbranden): Squashed all commits. Replaced THREAD_INFO(...) |
| with higher level ASM_THREAD_INFO(...). Fixed definition of |
| sys_call_ptr_t to match the one from <asm/syscall.h>. Export symbol |
| sys_prctl needed to build alt-syscall.ko as a module without making |
| MODPOST fail.] |
| Signed-off-by: Filipe Brandenburger <filbranden@chromium.org> |
| |
| [rebase44(groeck): Fix up alt-syscall infrastructure to match code in |
| x86_platform branch. Key remaining difference to x86_platform is that |
| I named the compat_ variables ia32_ since compat_ seemed no longer |
| appropriate, but that is a nitpick.] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| |
| Conflicts: |
| arch/x86/kernel/asm-offsets.c |
| arch/x86/kernel/Makefile |
| arch/x86/include/asm/thread_info.h |
| arch/x86/entry/entry_64.S |
| arch/x86/Kconfig |
| |
| [rebase412(groeck): Resolved conflicts, include file name changes] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| |
| [rebase414(groeck): Drop modular builds and associated exports] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| |
| [rebase419(groeck): Various conflicts; |
| drop remaining 32-bit support; |
| extract x86 changes into follow-up patch |
| kernel API changes: |
| syscalls can no longer be called directly |
| squashed commits: |
| CHROMIUM: alt-syscall: Whitelist syscalls required by CTS |
| CHROMIUM: alt-syscall: Enable more syscalls required by CTS |
| CHROMIUM: alt-syscall: override setpriority syscall for Android |
| CHROMIUM: alt-syscall: Allow Android to set RT scheduler. |
| CHROMIUM: alt-syscall: Added a more restrictive alt syscall table. |
| CHROMIUM: alt-syscall: Whitelist time(2) for Android. |
| CHROMIUM: alt-syscall: Whitelist sched_getaffinity for Android. |
| CHROMIUM: alt-syscall: add sysctl entry to allow dev mode-only syscalls |
| CHROMIUM: alt-syscall: whitelist perf_event_open for Android |
| CHROMIUM: alt-syscall: Whitelist adjtimex and clock_adjtime for Android. |
| CHROMIUM: alt-syscall: Fix signatures of injected functions. |
| CHROMIUM: alt-syscall: Whitelist getresuid() |
| CHROMIUM: Whitelist set_robust_list |
| CHROMIUM: alt-syscall: Whitelist arch_prctl for x86_64 |
| CHROMIUM: alt-syscall: Whitelist memfd_create, signalfd4 |
| CHROMIUM: alt-syscall: Whitelist signalfd4(2) for Android |
| CHROMIUM: alt-syscall: Whitelist setdomainname(2) for Android. |
| CHROMIUM: alt-syscall: Whitelist syncfs(2) for Android. |
| CHROMIUM: alt-syscall: Whitelist sched_setparam(2) for Android. |
| CHROMIUM: alt-syscall: Whitelist libaio syscalls for Android. |
| CHROMIUM: alt-syscall: Whitelist more libaio syscalls for Android. |
| CHROMIUM: alt-syscall: Disallow Android access to keyctl(2) |
| CHROMIUM: alt-syscall: Allow Android access to sync(2) |
| CHROMIUM: alt-syscall: Block AF_VSOCK from android |
| CHROMIUM: security: alt-syscall: Rate limit warnings |
| CHROMIUM: add new syscall whitelist to alt-syscall |
| FIXUP: CHROMIUM: add new syscall whitelist to alt-syscall] |
| ] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| [rebase54(groeck): |
| Squashed: |
| CHROMIUM: alt-syscall: Fix changed syscall API |
| CHROMIUM: add openat to altsyscall test list |
| CHROMIUM: add new "complete" whitelist to alt-syscall |
| CHROMIUM: alt-syscall: Simplify whitelist conditions for ARM platforms |
| CHROMIUM: alt-syscall: Remove entries for x86_32 |
| dropped process_tree_whitelist (removed later) |
| fixed context conflicts |
| dropped all remnants of ARM32 and X86_32 support |
| rebase53(rrangel): |
| replace compat_timex with old_timex32 |
| DECLARE_BITMAP must only be used with constant values. |
| compat_ksys_adjtimex was renamed to ksys_adjtimex_time32 |
| compat_ksys_clock_adjtime renamed to ksys_clock_adjtime32 |
| Align do_android_sched_setscheduler() with do_sched_setscheduler() |
| to avoid "BUG: sleeping function called from invalid context" |
| Add bpf to list of permitted syscalls (Android uses it) |
| ] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| |
| [rebase510(groeck): Context conflicts; |
| Squashed: |
| CHROMIUM: alt-syscall: Fix android_socket() return type |
| ] |
| Signed-off-by: Guenter Roeck <groeck@chromium.org> |
| |
| Change-Id: I6f376f025aecc9f3991539fc587d144a240200aa |
| --- |
| include/linux/alt-syscall.h | 59 ++ |
| include/uapi/linux/prctl.h | 3 + |
| init/init_task.c | 3 + |
| kernel/Makefile | 2 + |
| kernel/alt-syscall.c | 66 ++ |
| kernel/sys.c | 7 + |
| security/Kconfig | 10 +- |
| security/chromiumos/Kconfig | 9 + |
| security/chromiumos/Makefile | 2 + |
| security/chromiumos/alt-syscall.c | 538 +++++++++++++++ |
| security/chromiumos/alt-syscall.h | 384 +++++++++++ |
| security/chromiumos/android_whitelists.h | 637 ++++++++++++++++++ |
| security/chromiumos/complete_whitelists.h | 373 ++++++++++ |
| .../chromiumos/read_write_test_whitelists.h | 56 ++ |
| security/chromiumos/third_party_whitelists.h | 252 +++++++ |
| 15 files changed, 2400 insertions(+), 1 deletion(-) |
| create mode 100644 include/linux/alt-syscall.h |
| create mode 100644 kernel/alt-syscall.c |
| create mode 100644 security/chromiumos/alt-syscall.c |
| create mode 100644 security/chromiumos/alt-syscall.h |
| create mode 100644 security/chromiumos/android_whitelists.h |
| create mode 100644 security/chromiumos/complete_whitelists.h |
| create mode 100644 security/chromiumos/read_write_test_whitelists.h |
| create mode 100644 security/chromiumos/third_party_whitelists.h |
| |
| diff --git a/include/linux/alt-syscall.h b/include/linux/alt-syscall.h |
| new file mode 100644 |
| index 000000000000..00f37c005eba |
| --- /dev/null |
| +++ b/include/linux/alt-syscall.h |
| @@ -0,0 +1,59 @@ |
| +#ifndef _ALT_SYSCALL_H |
| +#define _ALT_SYSCALL_H |
| + |
| +#include <linux/errno.h> |
| + |
| +#ifdef CONFIG_ALT_SYSCALL |
| + |
| +#include <linux/list.h> |
| +#include <asm/syscall.h> |
| + |
| +#define ALT_SYS_CALL_NAME_MAX 32 |
| + |
| +struct alt_sys_call_table { |
| + char name[ALT_SYS_CALL_NAME_MAX + 1]; |
| + sys_call_ptr_t *table; |
| + int size; |
| +#ifdef CONFIG_IA32_EMULATION |
| + sys_call_ptr_t *compat_table; |
| + int compat_size; |
| +#endif |
| + struct list_head node; |
| +}; |
| + |
| +/* |
| + * arch_dup_sys_call_table should return the default syscall table, not |
| + * the current syscall table, since we want to explicitly not allow |
| + * syscall table composition. A selected syscall table should be treated |
| + * as a single execution personality. |
| + */ |
| + |
| +int arch_dup_sys_call_table(struct alt_sys_call_table *table); |
| +int arch_set_sys_call_table(struct alt_sys_call_table *table); |
| + |
| +int register_alt_sys_call_table(struct alt_sys_call_table *table); |
| +int set_alt_sys_call_table(char __user *name); |
| + |
| +#else |
| + |
| +struct alt_sys_call_table; |
| + |
| +static inline int arch_dup_sys_call_table(struct alt_sys_call_table *table) |
| +{ |
| + return -ENOSYS; |
| +} |
| +static inline int arch_set_sys_call_table(struct alt_sys_call_table *table) |
| +{ |
| + return -ENOSYS; |
| +} |
| +static inline int register_alt_sys_call_table(struct alt_sys_call_table *table) |
| +{ |
| + return -ENOSYS; |
| +} |
| +static inline int set_alt_sys_call_table(char __user *name) |
| +{ |
| + return -ENOSYS; |
| +} |
| +#endif |
| + |
| +#endif /* _ALT_SYSCALL_H */ |
| diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h |
| index 667f1aed091c..464bebf752e5 100644 |
| --- a/include/uapi/linux/prctl.h |
| +++ b/include/uapi/linux/prctl.h |
| @@ -155,6 +155,9 @@ struct prctl_mm_map { |
| #define PR_SET_PTRACER 0x59616d61 |
| # define PR_SET_PTRACER_ANY ((unsigned long)-1) |
| |
| +#define PR_ALT_SYSCALL 0x43724f53 |
| +# define PR_ALT_SYSCALL_SET_SYSCALL_TABLE 1 |
| + |
| #define PR_SET_CHILD_SUBREAPER 36 |
| #define PR_GET_CHILD_SUBREAPER 37 |
| |
| diff --git a/init/init_task.c b/init/init_task.c |
| index 3711cdaafed2..add8b4adc213 100644 |
| --- a/init/init_task.c |
| +++ b/init/init_task.c |
| @@ -13,6 +13,9 @@ |
| #include <linux/numa.h> |
| #include <linux/scs.h> |
| |
| +#include <linux/alt-syscall.h> |
| + |
| +#include <asm/pgtable.h> |
| #include <linux/uaccess.h> |
| |
| static struct signal_struct init_signals = { |
| diff --git a/kernel/Makefile b/kernel/Makefile |
| index 320f1f3941b7..2e80d8662c98 100644 |
| --- a/kernel/Makefile |
| +++ b/kernel/Makefile |
| @@ -51,6 +51,8 @@ obj-y += livepatch/ |
| obj-y += dma/ |
| obj-y += entry/ |
| |
| +obj-$(CONFIG_ALT_SYSCALL) += alt-syscall.o |
| + |
| obj-$(CONFIG_KCMP) += kcmp.o |
| obj-$(CONFIG_FREEZER) += freezer.o |
| obj-$(CONFIG_PROFILING) += profile.o |
| diff --git a/kernel/alt-syscall.c b/kernel/alt-syscall.c |
| new file mode 100644 |
| index 000000000000..99599e1506a1 |
| --- /dev/null |
| +++ b/kernel/alt-syscall.c |
| @@ -0,0 +1,66 @@ |
| +/* |
| + * Alternate Syscall Table Infrastructure |
| + * |
| + * Copyright 2014 Google Inc. All Rights Reserved |
| + * |
| + * Authors: |
| + * Kees Cook <keescook@chromium.org> |
| + * Will Drewry <wad@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
| + |
| +#include <linux/kernel.h> |
| +#include <linux/list.h> |
| +#include <linux/spinlock.h> |
| +#include <linux/slab.h> |
| +#include <linux/uaccess.h> |
| +#include <linux/alt-syscall.h> |
| + |
| +static LIST_HEAD(alt_sys_call_tables); |
| +static DEFINE_SPINLOCK(alt_sys_call_tables_lock); |
| + |
| +/* XXX: there is no "unregister" yet. */ |
| +int register_alt_sys_call_table(struct alt_sys_call_table *entry) |
| +{ |
| + if (!entry) |
| + return -EINVAL; |
| + |
| + spin_lock(&alt_sys_call_tables_lock); |
| + list_add(&entry->node, &alt_sys_call_tables); |
| + spin_unlock(&alt_sys_call_tables_lock); |
| + |
| + pr_info("table '%s' available.\n", entry->name); |
| + |
| + return 0; |
| +} |
| + |
| +int set_alt_sys_call_table(char * __user uname) |
| +{ |
| + char name[ALT_SYS_CALL_NAME_MAX + 1] = { }; |
| + struct alt_sys_call_table *entry; |
| + |
| + if (copy_from_user(name, uname, ALT_SYS_CALL_NAME_MAX)) |
| + return -EFAULT; |
| + |
| + spin_lock(&alt_sys_call_tables_lock); |
| + list_for_each_entry(entry, &alt_sys_call_tables, node) { |
| + if (!strcmp(entry->name, name)) { |
| + if (arch_set_sys_call_table(entry)) |
| + continue; |
| + spin_unlock(&alt_sys_call_tables_lock); |
| + return 0; |
| + } |
| + } |
| + spin_unlock(&alt_sys_call_tables_lock); |
| + |
| + return -ENOENT; |
| +} |
| diff --git a/kernel/sys.c b/kernel/sys.c |
| index 50d85ce97656..8f87ab409a31 100644 |
| --- a/kernel/sys.c |
| +++ b/kernel/sys.c |
| @@ -45,6 +45,7 @@ |
| |
| #include <linux/compat.h> |
| #include <linux/syscalls.h> |
| +#include <linux/alt-syscall.h> |
| #include <linux/kprobes.h> |
| #include <linux/user_namespace.h> |
| #include <linux/time_namespace.h> |
| @@ -2374,6 +2375,12 @@ int ksys_prctl(int option, unsigned long arg2, unsigned long arg3, |
| case PR_SET_SECCOMP: |
| error = prctl_set_seccomp(arg2, (char __user *)arg3); |
| break; |
| + case PR_ALT_SYSCALL: |
| + if (arg2 == PR_ALT_SYSCALL_SET_SYSCALL_TABLE) |
| + error = set_alt_sys_call_table((char __user *)arg3); |
| + else |
| + error = -EINVAL; |
| + break; |
| case PR_GET_TSC: |
| error = GET_TSC_CTL(arg2); |
| break; |
| diff --git a/security/Kconfig b/security/Kconfig |
| index 92a8b0ea8f70..e420deeace29 100644 |
| --- a/security/Kconfig |
| +++ b/security/Kconfig |
| @@ -297,5 +297,13 @@ config LSM |
| |
| source "security/Kconfig.hardening" |
| |
| -endmenu |
| +config ARCH_HAS_ALT_SYSCALL |
| + def_bool n |
| + |
| +config ALT_SYSCALL |
| + bool "Alternate syscall table support" |
| + depends on ARCH_HAS_ALT_SYSCALL |
| + help |
| + Allow syscall table to be swapped on a running process. |
| |
| +endmenu |
| diff --git a/security/chromiumos/Kconfig b/security/chromiumos/Kconfig |
| index 28ff66f7ba08..b2afa0ef24cb 100644 |
| --- a/security/chromiumos/Kconfig |
| +++ b/security/chromiumos/Kconfig |
| @@ -27,3 +27,12 @@ config SECURITY_CHROMIUMOS_NO_UNPRIVILEGED_UNSAFE_MOUNTS |
| is attempted that would cause the filesystem to have the exec, suid, |
| or dev flags if the caller does not have the CAP_SYS_ADMIN capability |
| in the init namespace. |
| + |
| +config ALT_SYSCALL_CHROMIUMOS |
| + bool "Chromium OS Alt-Syscall Tables" |
| + depends on ALT_SYSCALL |
| + depends on X86_64 || ARM64 |
| + help |
| + Register restricted, alternate syscall tables used by Chromium OS |
| + using the alt-syscall infrastructure. Alternate syscall tables |
| + can be selected with prctl(PR_ALT_SYSCALL). |
| diff --git a/security/chromiumos/Makefile b/security/chromiumos/Makefile |
| index a97d1a40ce7b..a59b4ec26e5d 100644 |
| --- a/security/chromiumos/Makefile |
| +++ b/security/chromiumos/Makefile |
| @@ -1,3 +1,5 @@ |
| obj-$(CONFIG_SECURITY_CHROMIUMOS) := chromiumos_lsm.o |
| |
| chromiumos_lsm-y := inode_mark.o lsm.o securityfs.o utils.o |
| + |
| +obj-$(CONFIG_ALT_SYSCALL_CHROMIUMOS) += alt-syscall.o |
| diff --git a/security/chromiumos/alt-syscall.c b/security/chromiumos/alt-syscall.c |
| new file mode 100644 |
| index 000000000000..184dcbe66240 |
| --- /dev/null |
| +++ b/security/chromiumos/alt-syscall.c |
| @@ -0,0 +1,538 @@ |
| +/* |
| + * Chromium OS alt-syscall tables |
| + * |
| + * Copyright (C) 2015 Google, Inc. |
| + * |
| + * This program is free software; you can redistribute it and/or modify |
| + * it under the terms of the GNU General Public License version 2 as |
| + * published by the Free Software Foundation. |
| + */ |
| + |
| +#include <linux/alt-syscall.h> |
| +#include <linux/compat.h> |
| +#include <linux/fs.h> |
| +#include <linux/init.h> |
| +#include <linux/kernel.h> |
| +#include <linux/module.h> |
| +#include <linux/prctl.h> |
| +#include <linux/sched/types.h> |
| +#include <linux/slab.h> |
| +#include <linux/socket.h> |
| +#include <linux/syscalls.h> |
| +#include <linux/timex.h> |
| +#include <uapi/linux/sched/types.h> |
| + |
| +#include <asm/unistd.h> |
| + |
| +#include "alt-syscall.h" |
| +#include "android_whitelists.h" |
| +#include "complete_whitelists.h" |
| +#include "read_write_test_whitelists.h" |
| +#include "third_party_whitelists.h" |
| + |
| +/* Intercept and log blocked syscalls. */ |
| +static asmlinkage long block_syscall(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + |
| + pr_warn_ratelimited("[%d] %s: blocked syscall %d\n", task_pid_nr(task), |
| + task->comm, syscall_get_nr(task, regs)); |
| + |
| + return -ENOSYS; |
| +} |
| + |
| +/* |
| + * In permissive mode, warn that the syscall was blocked, but still allow |
| + * it to go through. Note that since we don't have an easy way to map from |
| + * syscall to number of arguments, we pass the maximum (6). |
| + */ |
| +static asmlinkage long warn_syscall(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + int nr = syscall_get_nr(task, regs); |
| + sys_call_ptr_t fn = (sys_call_ptr_t)default_table.table[nr]; |
| + |
| + pr_warn_ratelimited("[%d] %s: syscall %d not whitelisted\n", |
| + task_pid_nr(task), task->comm, nr); |
| + |
| + return fn(regs); |
| +} |
| + |
| +#ifdef CONFIG_COMPAT |
| +static asmlinkage long warn_compat_syscall(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + int nr = syscall_get_nr(task, regs); |
| + sys_call_ptr_t fn = (sys_call_ptr_t)default_table.compat_table[nr]; |
| + |
| + pr_warn_ratelimited("[%d] %s: compat syscall %d not whitelisted\n", |
| + task_pid_nr(task), task->comm, nr); |
| + |
| + return fn(regs); |
| +} |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +static asmlinkage long alt_sys_prctl(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + |
| + if (args[0] == PR_ALT_SYSCALL && |
| + args[1] == PR_ALT_SYSCALL_SET_SYSCALL_TABLE) |
| + return -EPERM; |
| + |
| + return ksys_prctl(args[0], args[1], args[2], args[3], args[4]); |
| +} |
| + |
| +/* Thread priority used by Android. */ |
| +#define ANDROID_PRIORITY_FOREGROUND -2 |
| +#define ANDROID_PRIORITY_DISPLAY -4 |
| +#define ANDROID_PRIORITY_URGENT_DISPLAY -8 |
| +#define ANDROID_PRIORITY_AUDIO -16 |
| +#define ANDROID_PRIORITY_URGENT_AUDIO -19 |
| +#define ANDROID_PRIORITY_HIGHEST -20 |
| + |
| +/* Reduced priority when running inside container. */ |
| +#define CONTAINER_PRIORITY_FOREGROUND -1 |
| +#define CONTAINER_PRIORITY_DISPLAY -2 |
| +#define CONTAINER_PRIORITY_URGENT_DISPLAY -4 |
| +#define CONTAINER_PRIORITY_AUDIO -8 |
| +#define CONTAINER_PRIORITY_URGENT_AUDIO -9 |
| +#define CONTAINER_PRIORITY_HIGHEST -10 |
| + |
| +/* |
| + * TODO(mortonm): Move the implementation of these Android-specific |
| + * alt-syscalls (starting with android_*) to their own .c file. |
| + */ |
| +static asmlinkage long android_getpriority(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + long prio, nice; |
| + unsigned long args[6]; |
| + int which, who; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + which = args[0]; |
| + who = args[1]; |
| + |
| + prio = ksys_getpriority(which, who); |
| + if (prio <= 20) |
| + return prio; |
| + |
| + nice = -(prio - 20); |
| + switch (nice) { |
| + case CONTAINER_PRIORITY_FOREGROUND: |
| + nice = ANDROID_PRIORITY_FOREGROUND; |
| + break; |
| + case CONTAINER_PRIORITY_DISPLAY: |
| + nice = ANDROID_PRIORITY_DISPLAY; |
| + break; |
| + case CONTAINER_PRIORITY_URGENT_DISPLAY: |
| + nice = ANDROID_PRIORITY_URGENT_DISPLAY; |
| + break; |
| + case CONTAINER_PRIORITY_AUDIO: |
| + nice = ANDROID_PRIORITY_AUDIO; |
| + break; |
| + case CONTAINER_PRIORITY_URGENT_AUDIO: |
| + nice = ANDROID_PRIORITY_URGENT_AUDIO; |
| + break; |
| + case CONTAINER_PRIORITY_HIGHEST: |
| + nice = ANDROID_PRIORITY_HIGHEST; |
| + break; |
| + } |
| + |
| + return -nice + 20; |
| +} |
| + |
| +static asmlinkage long android_keyctl(struct pt_regs *regs) |
| +{ |
| + return -EACCES; |
| +} |
| + |
| + |
| +static asmlinkage long android_setpriority(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + int which, who, niceval; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + which = args[0]; |
| + who = args[1]; |
| + niceval = args[2]; |
| + |
| + if (niceval < 0) { |
| + if (niceval < -20) |
| + niceval = -20; |
| + niceval = niceval / 2; |
| + } |
| + return ksys_setpriority(which, who, niceval); |
| +} |
| + |
| +static asmlinkage long |
| +do_android_sched_setscheduler(pid_t pid, int policy, |
| + struct sched_param __user *param) |
| +{ |
| + struct sched_param lparam; |
| + struct task_struct *p; |
| + long retval; |
| + |
| + if (!param || pid < 0) |
| + return -EINVAL; |
| + if (copy_from_user(&lparam, param, sizeof(struct sched_param))) |
| + return -EFAULT; |
| + |
| + rcu_read_lock(); |
| + retval = -ESRCH; |
| + p = pid ? find_task_by_vpid(pid) : current; |
| + if (likely(p)) |
| + get_task_struct(p); |
| + rcu_read_unlock(); |
| + |
| + if (likely(p)) { |
| + const struct cred *cred = current_cred(); |
| + kuid_t android_root_uid, android_system_uid; |
| + |
| + /* |
| + * Allow root(0) and system(1000) processes to set RT scheduler. |
| + * |
| + * The system_server process run under system provides |
| + * SchedulingPolicyService which is used by audioflinger and |
| + * other services to boost their threads, so allow it to set RT |
| + * scheduler for other threads. |
| + */ |
| + android_root_uid = make_kuid(cred->user_ns, 0); |
| + android_system_uid = make_kuid(cred->user_ns, 1000); |
| + if ((uid_eq(cred->euid, android_root_uid) || |
| + uid_eq(cred->euid, android_system_uid)) && |
| + ns_capable(cred->user_ns, CAP_SYS_NICE)) |
| + retval = sched_setscheduler_nocheck(p, policy, &lparam); |
| + else |
| + retval = sched_setscheduler(p, policy, &lparam); |
| + put_task_struct(p); |
| + } |
| + |
| + return retval; |
| +} |
| + |
| +static asmlinkage long |
| +android_sched_setscheduler(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + pid_t pid; |
| + int policy; |
| + struct sched_param __user *param; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + pid = args[0]; |
| + policy = args[1]; |
| + param = (struct sched_param __user *)args[2]; |
| + |
| + /* negative values for policy are not valid */ |
| + if (policy < 0) |
| + return -EINVAL; |
| + return do_android_sched_setscheduler(pid, policy, param); |
| +} |
| + |
| +/* |
| + * sched_setparam() passes in -1 for its policy, to let the functions |
| + * it calls know not to change it. |
| + */ |
| +#define SETPARAM_POLICY -1 |
| + |
| +static asmlinkage long android_sched_setparam(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + pid_t pid; |
| + struct sched_param __user *param; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + pid = args[0]; |
| + param = (struct sched_param __user *)args[1]; |
| + |
| + return do_android_sched_setscheduler(pid, SETPARAM_POLICY, param); |
| +} |
| + |
| +static asmlinkage long __maybe_unused android_socket(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + int domain, type, socket; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + domain = args[0]; |
| + type = args[1]; |
| + socket = args[2]; |
| + |
| + if (domain == AF_VSOCK) |
| + return -EACCES; |
| + return __sys_socket(domain, type, socket); |
| +} |
| + |
| +static asmlinkage long android_perf_event_open(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + struct perf_event_attr __user *attr_uptr; |
| + pid_t pid; |
| + int cpu, group_fd; |
| + unsigned long flags; |
| + |
| + if (!allow_devmode_syscalls) |
| + return -EACCES; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + attr_uptr = (struct perf_event_attr __user *)args[0]; |
| + pid = args[1]; |
| + cpu = args[2]; |
| + group_fd = args[3]; |
| + flags = args[4]; |
| + |
| + return ksys_perf_event_open(attr_uptr, pid, cpu, group_fd, flags); |
| +} |
| + |
| +static asmlinkage long android_adjtimex(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + struct __kernel_timex kbuf; |
| + struct __kernel_timex __user *buf; |
| + unsigned long args[6]; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + buf = (struct __kernel_timex __user *)args[0]; |
| + |
| + /* adjtimex() is allowed only for read. */ |
| + if (copy_from_user(&kbuf, buf, sizeof(struct __kernel_timex))) |
| + return -EFAULT; |
| + if (kbuf.modes != 0) |
| + return -EPERM; |
| + return ksys_adjtimex(buf); |
| +} |
| + |
| +static asmlinkage long android_clock_adjtime(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + struct __kernel_timex kbuf; |
| + unsigned long args[6]; |
| + clockid_t which_clock; |
| + struct __kernel_timex __user *buf; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + which_clock = args[0]; |
| + buf = (struct __kernel_timex __user *)args[1]; |
| + |
| + /* clock_adjtime() is allowed only for read. */ |
| + if (copy_from_user(&kbuf, buf, sizeof(struct __kernel_timex))) |
| + return -EFAULT; |
| + if (kbuf.modes != 0) |
| + return -EPERM; |
| + return ksys_clock_adjtime(which_clock, buf); |
| +} |
| + |
| +static asmlinkage long android_getcpu(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + unsigned long args[6]; |
| + unsigned __user *cpu; |
| + unsigned __user *node; |
| + struct getcpu_cache __user *tcache; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + cpu = (unsigned __user *)args[0]; |
| + node = (unsigned __user *)args[1]; |
| + tcache = (struct getcpu_cache __user *)args[2]; |
| + |
| + if (node || tcache) |
| + return -EPERM; |
| + return ksys_getcpu(cpu, node, tcache); |
| +} |
| + |
| +#ifdef CONFIG_COMPAT |
| +static asmlinkage long android_compat_adjtimex(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + struct old_timex32 kbuf; |
| + struct old_timex32 __user *buf; |
| + unsigned long args[6]; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + buf = (struct old_timex32 __user *)args[0]; |
| + |
| + /* adjtimex() is allowed only for read. */ |
| + if (copy_from_user(&kbuf, buf, sizeof(struct old_timex32))) |
| + return -EFAULT; |
| + if (kbuf.modes != 0) |
| + return -EPERM; |
| + return ksys_adjtimex_time32(buf); |
| +} |
| + |
| +static asmlinkage long |
| +android_compat_clock_adjtime(struct pt_regs *regs) |
| +{ |
| + struct task_struct *task = current; |
| + struct old_timex32 kbuf; |
| + unsigned long args[6]; |
| + clockid_t which_clock; |
| + struct old_timex32 __user *buf; |
| + |
| + syscall_get_arguments(task, regs, args); |
| + which_clock = args[0]; |
| + buf = (struct old_timex32 __user *)args[1]; |
| + |
| + /* clock_adjtime() is allowed only for read. */ |
| + if (copy_from_user(&kbuf, buf, sizeof(struct old_timex32))) |
| + return -EFAULT; |
| + if (kbuf.modes != 0) |
| + return -EPERM; |
| + return ksys_clock_adjtime32(which_clock, buf); |
| +} |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +static struct syscall_whitelist whitelists[] = { |
| + SYSCALL_WHITELIST(read_write_test), |
| + SYSCALL_WHITELIST(android), |
| + PERMISSIVE_SYSCALL_WHITELIST(android), |
| + SYSCALL_WHITELIST(third_party), |
| + PERMISSIVE_SYSCALL_WHITELIST(third_party), |
| + SYSCALL_WHITELIST(complete), |
| + PERMISSIVE_SYSCALL_WHITELIST(complete) |
| +}; |
| + |
| +static int alt_syscall_apply_whitelist(const struct syscall_whitelist *wl, |
| + struct alt_sys_call_table *t) |
| +{ |
| + unsigned int i; |
| + unsigned long *whitelist = kcalloc(BITS_TO_LONGS(t->size), |
| + sizeof(unsigned long), GFP_KERNEL); |
| + |
| + if (!whitelist) |
| + return -ENOMEM; |
| + |
| + for (i = 0; i < wl->nr_whitelist; i++) { |
| + unsigned int nr = wl->whitelist[i].nr; |
| + |
| + if (nr >= t->size) { |
| + kfree(whitelist); |
| + return -EINVAL; |
| + } |
| + bitmap_set(whitelist, nr, 1); |
| + if (wl->whitelist[i].alt) |
| + t->table[nr] = wl->whitelist[i].alt; |
| + } |
| + |
| + for (i = 0; i < t->size; i++) { |
| + if (!test_bit(i, whitelist)) { |
| + t->table[i] = wl->permissive ? |
| + (sys_call_ptr_t)warn_syscall : |
| + (sys_call_ptr_t)block_syscall; |
| + } |
| + } |
| + |
| + kfree(whitelist); |
| + return 0; |
| +} |
| + |
| +#ifdef CONFIG_COMPAT |
| +static int |
| +alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl, |
| + struct alt_sys_call_table *t) |
| +{ |
| + unsigned int i; |
| + unsigned long *whitelist = kcalloc(BITS_TO_LONGS(t->compat_size), |
| + sizeof(unsigned long), GFP_KERNEL); |
| + |
| + if (!whitelist) |
| + return -ENOMEM; |
| + |
| + for (i = 0; i < wl->nr_compat_whitelist; i++) { |
| + unsigned int nr = wl->compat_whitelist[i].nr; |
| + |
| + if (nr >= t->compat_size) { |
| + kfree(whitelist); |
| + return -EINVAL; |
| + } |
| + bitmap_set(whitelist, nr, 1); |
| + if (wl->compat_whitelist[i].alt) |
| + t->compat_table[nr] = wl->compat_whitelist[i].alt; |
| + } |
| + |
| + for (i = 0; i < t->compat_size; i++) { |
| + if (!test_bit(i, whitelist)) { |
| + t->compat_table[i] = wl->permissive ? |
| + (sys_call_ptr_t)warn_compat_syscall : |
| + (sys_call_ptr_t)block_syscall; |
| + } |
| + } |
| + |
| + kfree(whitelist); |
| + return 0; |
| +} |
| +#else |
| +static inline int |
| +alt_syscall_apply_compat_whitelist(const struct syscall_whitelist *wl, |
| + struct alt_sys_call_table *t) |
| +{ |
| + return 0; |
| +} |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +static int alt_syscall_init_one(const struct syscall_whitelist *wl) |
| +{ |
| + struct alt_sys_call_table *t; |
| + int err; |
| + |
| + t = kzalloc(sizeof(*t), GFP_KERNEL); |
| + if (!t) |
| + return -ENOMEM; |
| + strncpy(t->name, wl->name, sizeof(t->name)); |
| + |
| + err = arch_dup_sys_call_table(t); |
| + if (err) |
| + return err; |
| + |
| + err = alt_syscall_apply_whitelist(wl, t); |
| + if (err) |
| + return err; |
| + err = alt_syscall_apply_compat_whitelist(wl, t); |
| + if (err) |
| + return err; |
| + |
| + return register_alt_sys_call_table(t); |
| +} |
| + |
| +/* |
| + * Register an alternate syscall table for each whitelist. Note that the |
| + * lack of a module_exit() is intentional - once a syscall table is registered |
| + * it cannot be unregistered. |
| + * |
| + * TODO(abrestic) Support unregistering syscall tables? |
| + */ |
| +static int chromiumos_alt_syscall_init(void) |
| +{ |
| + unsigned int i; |
| + int err; |
| + |
| +#ifdef CONFIG_SYSCTL |
| + if (!register_sysctl_paths(chromiumos_sysctl_path, |
| + chromiumos_sysctl_table)) |
| + pr_warn("Failed to register sysctl\n"); |
| +#endif |
| + |
| + err = arch_dup_sys_call_table(&default_table); |
| + if (err) |
| + return err; |
| + |
| + for (i = 0; i < ARRAY_SIZE(whitelists); i++) { |
| + err = alt_syscall_init_one(&whitelists[i]); |
| + if (err) |
| + pr_warn("Failed to register syscall table %s: %d\n", |
| + whitelists[i].name, err); |
| + } |
| + |
| + return 0; |
| +} |
| +module_init(chromiumos_alt_syscall_init); |
| diff --git a/security/chromiumos/alt-syscall.h b/security/chromiumos/alt-syscall.h |
| new file mode 100644 |
| index 000000000000..b01a9e9b52dc |
| --- /dev/null |
| +++ b/security/chromiumos/alt-syscall.h |
| @@ -0,0 +1,384 @@ |
| +/* |
| + * Linux Security Module for Chromium OS |
| + * |
| + * Copyright 2018 Google LLC. All Rights Reserved |
| + * |
| + * Authors: |
| + * Micah Morton <mortonm@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| + |
| +#ifndef ALT_SYSCALL_H |
| +#define ALT_SYSCALL_H |
| + |
| +/* |
| + * NOTE: this file uses the 'static' keyword for variable and function |
| + * definitions because alt-syscall.c is the only .c file that is expected to |
| + * include this header. Definitions were pulled out from alt-syscall.c into |
| + * this header and the *_whitelists.h headers for the sake of readability. |
| + */ |
| + |
| +static int allow_devmode_syscalls; |
| + |
| +#ifdef CONFIG_SYSCTL |
| +static int zero; |
| +static int one = 1; |
| + |
| +static struct ctl_path chromiumos_sysctl_path[] = { |
| + { .procname = "kernel", }, |
| + { .procname = "chromiumos", }, |
| + { .procname = "alt_syscall", }, |
| + { } |
| +}; |
| + |
| +static struct ctl_table chromiumos_sysctl_table[] = { |
| + { |
| + .procname = "allow_devmode_syscalls", |
| + .data = &allow_devmode_syscalls, |
| + .maxlen = sizeof(int), |
| + .mode = 0644, |
| + .proc_handler = proc_dointvec_minmax, |
| + .extra1 = &zero, |
| + .extra2 = &one, |
| + }, |
| + { } |
| +}; |
| +#endif |
| + |
| +struct syscall_whitelist_entry { |
| + unsigned int nr; |
| + sys_call_ptr_t alt; |
| +}; |
| + |
| +struct syscall_whitelist { |
| + const char *name; |
| + const struct syscall_whitelist_entry *whitelist; |
| + unsigned int nr_whitelist; |
| +#ifdef CONFIG_COMPAT |
| + const struct syscall_whitelist_entry *compat_whitelist; |
| + unsigned int nr_compat_whitelist; |
| +#endif |
| + bool permissive; |
| +}; |
| + |
| +static struct alt_sys_call_table default_table; |
| + |
| +#define SYSCALL_ENTRY_ALT(name, func) \ |
| + { \ |
| + .nr = __NR_ ## name, \ |
| + .alt = (sys_call_ptr_t)func, \ |
| + } |
| +#define SYSCALL_ENTRY(name) SYSCALL_ENTRY_ALT(name, NULL) |
| +#define COMPAT_SYSCALL_ENTRY_ALT(name, func) \ |
| + { \ |
| + .nr = __NR_compat_ ## name, \ |
| + .alt = (sys_call_ptr_t)func, \ |
| + } |
| +#define COMPAT_SYSCALL_ENTRY(name) COMPAT_SYSCALL_ENTRY_ALT(name, NULL) |
| + |
| +/* |
| + * If an alt_syscall table allows prctl(), override it to prevent a process |
| + * from changing its syscall table. |
| + */ |
| +static asmlinkage long alt_sys_prctl(struct pt_regs *regs); |
| + |
| +#ifdef CONFIG_COMPAT |
| +#define SYSCALL_WHITELIST_COMPAT(x) \ |
| + .compat_whitelist = x ## _compat_whitelist, \ |
| + .nr_compat_whitelist = ARRAY_SIZE(x ## _compat_whitelist), |
| +#else |
| +#define SYSCALL_WHITELIST_COMPAT(x) |
| +#endif |
| + |
| +#define SYSCALL_WHITELIST(x) \ |
| + { \ |
| + .name = #x, \ |
| + .whitelist = x ## _whitelist, \ |
| + .nr_whitelist = ARRAY_SIZE(x ## _whitelist), \ |
| + SYSCALL_WHITELIST_COMPAT(x) \ |
| + } |
| + |
| +#define PERMISSIVE_SYSCALL_WHITELIST(x) \ |
| + { \ |
| + .name = #x "_permissive", \ |
| + .permissive = true, \ |
| + .whitelist = x ## _whitelist, \ |
| + .nr_whitelist = ARRAY_SIZE(x ## _whitelist), \ |
| + SYSCALL_WHITELIST_COMPAT(x) \ |
| + } |
| + |
| +#ifdef CONFIG_COMPAT |
| +#ifdef CONFIG_X86_64 |
| +#define __NR_compat_access __NR_ia32_access |
| +#define __NR_compat_adjtimex __NR_ia32_adjtimex |
| +#define __NR_compat_brk __NR_ia32_brk |
| +#define __NR_compat_capget __NR_ia32_capget |
| +#define __NR_compat_capset __NR_ia32_capset |
| +#define __NR_compat_chdir __NR_ia32_chdir |
| +#define __NR_compat_chmod __NR_ia32_chmod |
| +#define __NR_compat_clock_adjtime __NR_ia32_clock_adjtime |
| +#define __NR_compat_clock_getres __NR_ia32_clock_getres |
| +#define __NR_compat_clock_gettime __NR_ia32_clock_gettime |
| +#define __NR_compat_clock_nanosleep __NR_ia32_clock_nanosleep |
| +#define __NR_compat_clock_settime __NR_ia32_clock_settime |
| +#define __NR_compat_clone __NR_ia32_clone |
| +#define __NR_compat_close __NR_ia32_close |
| +#define __NR_compat_creat __NR_ia32_creat |
| +#define __NR_compat_dup __NR_ia32_dup |
| +#define __NR_compat_dup2 __NR_ia32_dup2 |
| +#define __NR_compat_dup3 __NR_ia32_dup3 |
| +#define __NR_compat_epoll_create __NR_ia32_epoll_create |
| +#define __NR_compat_epoll_create1 __NR_ia32_epoll_create1 |
| +#define __NR_compat_epoll_ctl __NR_ia32_epoll_ctl |
| +#define __NR_compat_epoll_wait __NR_ia32_epoll_wait |
| +#define __NR_compat_epoll_pwait __NR_ia32_epoll_pwait |
| +#define __NR_compat_eventfd __NR_ia32_eventfd |
| +#define __NR_compat_eventfd2 __NR_ia32_eventfd2 |
| +#define __NR_compat_execve __NR_ia32_execve |
| +#define __NR_compat_exit __NR_ia32_exit |
| +#define __NR_compat_exit_group __NR_ia32_exit_group |
| +#define __NR_compat_faccessat __NR_ia32_faccessat |
| +#define __NR_compat_fallocate __NR_ia32_fallocate |
| +#define __NR_compat_fchdir __NR_ia32_fchdir |
| +#define __NR_compat_fchmod __NR_ia32_fchmod |
| +#define __NR_compat_fchmodat __NR_ia32_fchmodat |
| +#define __NR_compat_fchown __NR_ia32_fchown |
| +#define __NR_compat_fchownat __NR_ia32_fchownat |
| +#define __NR_compat_fcntl __NR_ia32_fcntl |
| +#define __NR_compat_fdatasync __NR_ia32_fdatasync |
| +#define __NR_compat_fgetxattr __NR_ia32_fgetxattr |
| +#define __NR_compat_flistxattr __NR_ia32_flistxattr |
| +#define __NR_compat_flock __NR_ia32_flock |
| +#define __NR_compat_fork __NR_ia32_fork |
| +#define __NR_compat_fremovexattr __NR_ia32_fremovexattr |
| +#define __NR_compat_fsetxattr __NR_ia32_fsetxattr |
| +#define __NR_compat_fstat __NR_ia32_fstat |
| +#define __NR_compat_fstatfs __NR_ia32_fstatfs |
| +#define __NR_compat_fsync __NR_ia32_fsync |
| +#define __NR_compat_ftruncate __NR_ia32_ftruncate |
| +#define __NR_compat_futex __NR_ia32_futex |
| +#define __NR_compat_futimesat __NR_ia32_futimesat |
| +#define __NR_compat_getcpu __NR_ia32_getcpu |
| +#define __NR_compat_getcwd __NR_ia32_getcwd |
| +#define __NR_compat_getdents __NR_ia32_getdents |
| +#define __NR_compat_getdents64 __NR_ia32_getdents64 |
| +#define __NR_compat_getegid __NR_ia32_getegid |
| +#define __NR_compat_geteuid __NR_ia32_geteuid |
| +#define __NR_compat_getgid __NR_ia32_getgid |
| +#define __NR_compat_getgroups32 __NR_ia32_getgroups32 |
| +#define __NR_compat_getpgid __NR_ia32_getpgid |
| +#define __NR_compat_getpgrp __NR_ia32_getpgrp |
| +#define __NR_compat_getpid __NR_ia32_getpid |
| +#define __NR_compat_getppid __NR_ia32_getppid |
| +#define __NR_compat_getpriority __NR_ia32_getpriority |
| +#define __NR_compat_getrandom __NR_ia32_getrandom |
| +#define __NR_compat_getresgid __NR_ia32_getresgid |
| +#define __NR_compat_getresuid __NR_ia32_getresuid |
| +#define __NR_compat_getrlimit __NR_ia32_getrlimit |
| +#define __NR_compat_getrusage __NR_ia32_getrusage |
| +#define __NR_compat_getsid __NR_ia32_getsid |
| +#define __NR_compat_gettid __NR_ia32_gettid |
| +#define __NR_compat_gettimeofday __NR_ia32_gettimeofday |
| +#define __NR_compat_getuid __NR_ia32_getuid |
| +#define __NR_compat_getxattr __NR_ia32_getxattr |
| +#define __NR_compat_inotify_add_watch __NR_ia32_inotify_add_watch |
| +#define __NR_compat_inotify_init __NR_ia32_inotify_init |
| +#define __NR_compat_inotify_init1 __NR_ia32_inotify_init1 |
| +#define __NR_compat_inotify_rm_watch __NR_ia32_inotify_rm_watch |
| +#define __NR_compat_ioctl __NR_ia32_ioctl |
| +#define __NR_compat_io_destroy __NR_ia32_io_destroy |
| +#define __NR_compat_io_getevents __NR_ia32_io_getevents |
| +#define __NR_compat_io_setup __NR_ia32_io_setup |
| +#define __NR_compat_io_submit __NR_ia32_io_submit |
| +#define __NR_compat_ioprio_set __NR_ia32_ioprio_set |
| +#define __NR_compat_keyctl __NR_ia32_keyctl |
| +#define __NR_compat_kill __NR_ia32_kill |
| +#define __NR_compat_lgetxattr __NR_ia32_lgetxattr |
| +#define __NR_compat_link __NR_ia32_link |
| +#define __NR_compat_linkat __NR_ia32_linkat |
| +#define __NR_compat_listxattr __NR_ia32_listxattr |
| +#define __NR_compat_llistxattr __NR_ia32_llistxattr |
| +#define __NR_compat_lremovexattr __NR_ia32_lremovexattr |
| +#define __NR_compat_lseek __NR_ia32_lseek |
| +#define __NR_compat_lsetxattr __NR_ia32_lsetxattr |
| +#define __NR_compat_lstat __NR_ia32_lstat |
| +#define __NR_compat_madvise __NR_ia32_madvise |
| +#define __NR_compat_memfd_create __NR_ia32_memfd_create |
| +#define __NR_compat_mincore __NR_ia32_mincore |
| +#define __NR_compat_mkdir __NR_ia32_mkdir |
| +#define __NR_compat_mkdirat __NR_ia32_mkdirat |
| +#define __NR_compat_mknod __NR_ia32_mknod |
| +#define __NR_compat_mknodat __NR_ia32_mknodat |
| +#define __NR_compat_mlock __NR_ia32_mlock |
| +#define __NR_compat_munlock __NR_ia32_munlock |
| +#define __NR_compat_mlockall __NR_ia32_mlockall |
| +#define __NR_compat_munlockall __NR_ia32_munlockall |
| +#define __NR_compat_modify_ldt __NR_ia32_modify_ldt |
| +#define __NR_compat_mount __NR_ia32_mount |
| +#define __NR_compat_mprotect __NR_ia32_mprotect |
| +#define __NR_compat_mremap __NR_ia32_mremap |
| +#define __NR_compat_msync __NR_ia32_msync |
| +#define __NR_compat_munmap __NR_ia32_munmap |
| +#define __NR_compat_name_to_handle_at __NR_ia32_name_to_handle_at |
| +#define __NR_compat_nanosleep __NR_ia32_nanosleep |
| +#define __NR_compat_open __NR_ia32_open |
| +#define __NR_compat_open_by_handle_at __NR_ia32_open_by_handle_at |
| +#define __NR_compat_openat __NR_ia32_openat |
| +#define __NR_compat_perf_event_open __NR_ia32_perf_event_open |
| +#define __NR_compat_personality __NR_ia32_personality |
| +#define __NR_compat_pipe __NR_ia32_pipe |
| +#define __NR_compat_pipe2 __NR_ia32_pipe2 |
| +#define __NR_compat_poll __NR_ia32_poll |
| +#define __NR_compat_ppoll __NR_ia32_ppoll |
| +#define __NR_compat_prctl __NR_ia32_prctl |
| +#define __NR_compat_pread64 __NR_ia32_pread64 |
| +#define __NR_compat_preadv __NR_ia32_preadv |
| +#define __NR_compat_prlimit64 __NR_ia32_prlimit64 |
| +#define __NR_compat_process_vm_readv __NR_ia32_process_vm_readv |
| +#define __NR_compat_process_vm_writev __NR_ia32_process_vm_writev |
| +#define __NR_compat_pselect6 __NR_ia32_pselect6 |
| +#define __NR_compat_ptrace __NR_ia32_ptrace |
| +#define __NR_compat_pwrite64 __NR_ia32_pwrite64 |
| +#define __NR_compat_pwritev __NR_ia32_pwritev |
| +#define __NR_compat_read __NR_ia32_read |
| +#define __NR_compat_readahead __NR_ia32_readahead |
| +#define __NR_compat_readv __NR_ia32_readv |
| +#define __NR_compat_readlink __NR_ia32_readlink |
| +#define __NR_compat_readlinkat __NR_ia32_readlinkat |
| +#define __NR_compat_recvmmsg __NR_ia32_recvmmsg |
| +#define __NR_compat_remap_file_pages __NR_ia32_remap_file_pages |
| +#define __NR_compat_removexattr __NR_ia32_removexattr |
| +#define __NR_compat_rename __NR_ia32_rename |
| +#define __NR_compat_renameat __NR_ia32_renameat |
| +#define __NR_compat_restart_syscall __NR_ia32_restart_syscall |
| +#define __NR_compat_rmdir __NR_ia32_rmdir |
| +#define __NR_compat_rt_sigaction __NR_ia32_rt_sigaction |
| +#define __NR_compat_rt_sigpending __NR_ia32_rt_sigpending |
| +#define __NR_compat_rt_sigprocmask __NR_ia32_rt_sigprocmask |
| +#define __NR_compat_rt_sigqueueinfo __NR_ia32_rt_sigqueueinfo |
| +#define __NR_compat_rt_sigreturn __NR_ia32_rt_sigreturn |
| +#define __NR_compat_rt_sigsuspend __NR_ia32_rt_sigsuspend |
| +#define __NR_compat_rt_sigtimedwait __NR_ia32_rt_sigtimedwait |
| +#define __NR_compat_rt_tgsigqueueinfo __NR_ia32_rt_tgsigqueueinfo |
| +#define __NR_compat_sched_get_priority_max __NR_ia32_sched_get_priority_max |
| +#define __NR_compat_sched_get_priority_min __NR_ia32_sched_get_priority_min |
| +#define __NR_compat_sched_getaffinity __NR_ia32_sched_getaffinity |
| +#define __NR_compat_sched_getparam __NR_ia32_sched_getparam |
| +#define __NR_compat_sched_getscheduler __NR_ia32_sched_getscheduler |
| +#define __NR_compat_sched_setaffinity __NR_ia32_sched_setaffinity |
| +#define __NR_compat_sched_setparam __NR_ia32_sched_setparam |
| +#define __NR_compat_sched_setscheduler __NR_ia32_sched_setscheduler |
| +#define __NR_compat_sched_yield __NR_ia32_sched_yield |
| +#define __NR_compat_seccomp __NR_ia32_seccomp |
| +#define __NR_compat_sendfile __NR_ia32_sendfile |
| +#define __NR_compat_sendfile64 __NR_ia32_sendfile64 |
| +#define __NR_compat_sendmmsg __NR_ia32_sendmmsg |
| +#define __NR_compat_setdomainname __NR_ia32_setdomainname |
| +#define __NR_compat_set_robust_list __NR_ia32_set_robust_list |
| +#define __NR_compat_set_tid_address __NR_ia32_set_tid_address |
| +#define __NR_compat_set_thread_area __NR_ia32_set_thread_area |
| +#define __NR_compat_setgid __NR_ia32_setgid |
| +#define __NR_compat_setgroups __NR_ia32_setgroups |
| +#define __NR_compat_setitimer __NR_ia32_setitimer |
| +#define __NR_compat_setns __NR_ia32_setns |
| +#define __NR_compat_setpgid __NR_ia32_setpgid |
| +#define __NR_compat_setpriority __NR_ia32_setpriority |
| +#define __NR_compat_setregid __NR_ia32_setregid |
| +#define __NR_compat_setresgid __NR_ia32_setresgid |
| +#define __NR_compat_setresuid __NR_ia32_setresuid |
| +#define __NR_compat_setrlimit __NR_ia32_setrlimit |
| +#define __NR_compat_setsid __NR_ia32_setsid |
| +#define __NR_compat_settimeofday __NR_ia32_settimeofday |
| +#define __NR_compat_setuid __NR_ia32_setuid |
| +#define __NR_compat_setxattr __NR_ia32_setxattr |
| +#define __NR_compat_signalfd4 __NR_ia32_signalfd4 |
| +#define __NR_compat_sigaltstack __NR_ia32_sigaltstack |
| +#define __NR_compat_socketcall __NR_ia32_socketcall |
| +#define __NR_compat_splice __NR_ia32_splice |
| +#define __NR_compat_stat __NR_ia32_stat |
| +#define __NR_compat_statfs __NR_ia32_statfs |
| +#define __NR_compat_symlink __NR_ia32_symlink |
| +#define __NR_compat_symlinkat __NR_ia32_symlinkat |
| +#define __NR_compat_sync __NR_ia32_sync |
| +#define __NR_compat_syncfs __NR_ia32_syncfs |
| +#define __NR_compat_sync_file_range __NR_ia32_sync_file_range |
| +#define __NR_compat_sysinfo __NR_ia32_sysinfo |
| +#define __NR_compat_syslog __NR_ia32_syslog |
| +#define __NR_compat_tee __NR_ia32_tee |
| +#define __NR_compat_tgkill __NR_ia32_tgkill |
| +#define __NR_compat_tkill __NR_ia32_tkill |
| +#define __NR_compat_time __NR_ia32_time |
| +#define __NR_compat_timer_create __NR_ia32_timer_create |
| +#define __NR_compat_timer_delete __NR_ia32_timer_delete |
| +#define __NR_compat_timer_getoverrun __NR_ia32_timer_getoverrun |
| +#define __NR_compat_timer_gettime __NR_ia32_timer_gettime |
| +#define __NR_compat_timer_settime __NR_ia32_timer_settime |
| +#define __NR_compat_timerfd_create __NR_ia32_timerfd_create |
| +#define __NR_compat_timerfd_gettime __NR_ia32_timerfd_gettime |
| +#define __NR_compat_timerfd_settime __NR_ia32_timerfd_settime |
| +#define __NR_compat_times __NR_ia32_times |
| +#define __NR_compat_truncate __NR_ia32_truncate |
| +#define __NR_compat_umask __NR_ia32_umask |
| +#define __NR_compat_umount2 __NR_ia32_umount2 |
| +#define __NR_compat_uname __NR_ia32_uname |
| +#define __NR_compat_unlink __NR_ia32_unlink |
| +#define __NR_compat_unlinkat __NR_ia32_unlinkat |
| +#define __NR_compat_unshare __NR_ia32_unshare |
| +#define __NR_compat_ustat __NR_ia32_ustat |
| +#define __NR_compat_utimensat __NR_ia32_utimensat |
| +#define __NR_compat_utimes __NR_ia32_utimes |
| +#define __NR_compat_vfork __NR_ia32_vfork |
| +#define __NR_compat_vmsplice __NR_ia32_vmsplice |
| +#define __NR_compat_wait4 __NR_ia32_wait4 |
| +#define __NR_compat_waitid __NR_ia32_waitid |
| +#define __NR_compat_waitpid __NR_ia32_waitpid |
| +#define __NR_compat_write __NR_ia32_write |
| +#define __NR_compat_writev __NR_ia32_writev |
| +#define __NR_compat_chown32 __NR_ia32_chown32 |
| +#define __NR_compat_fadvise64 __NR_ia32_fadvise64 |
| +#define __NR_compat_fadvise64_64 __NR_ia32_fadvise64_64 |
| +#define __NR_compat_fchown32 __NR_ia32_fchown32 |
| +#define __NR_compat_fcntl64 __NR_ia32_fcntl64 |
| +#define __NR_compat_fstat64 __NR_ia32_fstat64 |
| +#define __NR_compat_fstatat64 __NR_ia32_fstatat64 |
| +#define __NR_compat_fstatfs64 __NR_ia32_fstatfs64 |
| +#define __NR_compat_ftruncate64 __NR_ia32_ftruncate64 |
| +#define __NR_compat_getegid32 __NR_ia32_getegid32 |
| +#define __NR_compat_geteuid32 __NR_ia32_geteuid32 |
| +#define __NR_compat_getgid32 __NR_ia32_getgid32 |
| +#define __NR_compat_getresgid32 __NR_ia32_getresgid32 |
| +#define __NR_compat_getresuid32 __NR_ia32_getresuid32 |
| +#define __NR_compat_getuid32 __NR_ia32_getuid32 |
| +#define __NR_compat_lchown32 __NR_ia32_lchown32 |
| +#define __NR_compat_lstat64 __NR_ia32_lstat64 |
| +#define __NR_compat_mmap2 __NR_ia32_mmap2 |
| +#define __NR_compat__newselect __NR_ia32__newselect |
| +#define __NR_compat__llseek __NR_ia32__llseek |
| +#define __NR_compat_sigaction __NR_ia32_sigaction |
| +#define __NR_compat_sigpending __NR_ia32_sigpending |
| +#define __NR_compat_sigprocmask __NR_ia32_sigprocmask |
| +#define __NR_compat_sigreturn __NR_ia32_sigreturn |
| +#define __NR_compat_sigsuspend __NR_ia32_sigsuspend |
| +#define __NR_compat_setgid32 __NR_ia32_setgid32 |
| +#define __NR_compat_setgroups32 __NR_ia32_setgroups32 |
| +#define __NR_compat_setregid32 __NR_ia32_setregid32 |
| +#define __NR_compat_setresgid32 __NR_ia32_setresgid32 |
| +#define __NR_compat_setresuid32 __NR_ia32_setresuid32 |
| +#define __NR_compat_setreuid32 __NR_ia32_setreuid32 |
| +#define __NR_compat_setuid32 __NR_ia32_setuid32 |
| +#define __NR_compat_stat64 __NR_ia32_stat64 |
| +#define __NR_compat_statfs64 __NR_ia32_statfs64 |
| +#define __NR_compat_truncate64 __NR_ia32_truncate64 |
| +#define __NR_compat_ugetrlimit __NR_ia32_ugetrlimit |
| +#endif |
| +#endif |
| + |
| +#endif /* ALT_SYSCALL_H */ |
| diff --git a/security/chromiumos/android_whitelists.h b/security/chromiumos/android_whitelists.h |
| new file mode 100644 |
| index 000000000000..d52c3f6d13a6 |
| --- /dev/null |
| +++ b/security/chromiumos/android_whitelists.h |
| @@ -0,0 +1,637 @@ |
| +/* |
| + * Linux Security Module for Chromium OS |
| + * |
| + * Copyright 2018 Google LLC. All Rights Reserved |
| + * |
| + * Authors: |
| + * Micah Morton <mortonm@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| + |
| +#ifndef ANDROID_WHITELISTS_H |
| +#define ANDROID_WHITELISTS_H |
| + |
| +/* |
| + * NOTE: the purpose of this header is only to pull out the definition of this |
| + * array from alt-syscall.c for the purposes of readability. It should not be |
| + * included in other .c files. |
| + */ |
| + |
| +#include "alt-syscall.h" |
| + |
| +/* |
| + * Syscall overrides for android. |
| + */ |
| + |
| +/* |
| + * Reflect the priority adjustment done by android_setpriority. |
| + * Note that the prio returned by getpriority has been offset by 20. |
| + * (returns 40..1 instead of -20..19) |
| + */ |
| +static asmlinkage long android_getpriority(struct pt_regs *regs); |
| +/* Android does not get to call keyctl. */ |
| +static asmlinkage long android_keyctl(struct pt_regs *regs); |
| +/* Make sure nothing sets a nice value more favorable than -10. */ |
| +static asmlinkage long android_setpriority(struct pt_regs *regs); |
| +static asmlinkage long android_sched_setscheduler(struct pt_regs *regs); |
| +static asmlinkage long android_sched_setparam(struct pt_regs *regs); |
| +static asmlinkage long __maybe_unused android_socket(struct pt_regs *regs); |
| +static asmlinkage long android_perf_event_open(struct pt_regs *regs); |
| +static asmlinkage long android_adjtimex(struct pt_regs *regs); |
| +static asmlinkage long android_clock_adjtime(struct pt_regs *regs); |
| +static asmlinkage long android_getcpu(struct pt_regs *regs); |
| +#ifdef CONFIG_COMPAT |
| +static asmlinkage long android_compat_adjtimex(struct pt_regs *regs); |
| +static asmlinkage long android_compat_clock_adjtime(struct pt_regs *regs); |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +static struct syscall_whitelist_entry android_whitelist[] = { |
| + SYSCALL_ENTRY(accept), |
| + SYSCALL_ENTRY(accept4), |
| + SYSCALL_ENTRY_ALT(adjtimex, android_adjtimex), |
| + SYSCALL_ENTRY(bind), |
| + SYSCALL_ENTRY(bpf), |
| + SYSCALL_ENTRY(brk), |
| + SYSCALL_ENTRY(capget), |
| + SYSCALL_ENTRY(capset), |
| + SYSCALL_ENTRY(chdir), |
| + SYSCALL_ENTRY_ALT(clock_adjtime, android_clock_adjtime), |
| + SYSCALL_ENTRY(clock_getres), |
| + SYSCALL_ENTRY(clock_gettime), |
| + SYSCALL_ENTRY(clock_nanosleep), |
| + SYSCALL_ENTRY(clock_settime), |
| + SYSCALL_ENTRY(clone), |
| + SYSCALL_ENTRY(close), |
| + SYSCALL_ENTRY(connect), |
| + SYSCALL_ENTRY(dup), |
| + SYSCALL_ENTRY(dup3), |
| + SYSCALL_ENTRY(epoll_create1), |
| + SYSCALL_ENTRY(epoll_ctl), |
| + SYSCALL_ENTRY(epoll_pwait), |
| + SYSCALL_ENTRY(eventfd2), |
| + SYSCALL_ENTRY(execve), |
| + SYSCALL_ENTRY(exit), |
| + SYSCALL_ENTRY(exit_group), |
| + SYSCALL_ENTRY(faccessat), |
| + SYSCALL_ENTRY(fallocate), |
| + SYSCALL_ENTRY(fchdir), |
| + SYSCALL_ENTRY(fchmod), |
| + SYSCALL_ENTRY(fchmodat), |
| + SYSCALL_ENTRY(fchownat), |
| + SYSCALL_ENTRY(fcntl), |
| + SYSCALL_ENTRY(fdatasync), |
| + SYSCALL_ENTRY(fgetxattr), |
| + SYSCALL_ENTRY(flistxattr), |
| + SYSCALL_ENTRY(flock), |
| + SYSCALL_ENTRY(fremovexattr), |
| + SYSCALL_ENTRY(fsetxattr), |
| + SYSCALL_ENTRY(fstat), |
| + SYSCALL_ENTRY(fstatfs), |
| + SYSCALL_ENTRY(fsync), |
| + SYSCALL_ENTRY(ftruncate), |
| + SYSCALL_ENTRY(futex), |
| + SYSCALL_ENTRY_ALT(getcpu, android_getcpu), |
| + SYSCALL_ENTRY(getcwd), |
| + SYSCALL_ENTRY(getdents64), |
| + SYSCALL_ENTRY(getpeername), |
| + SYSCALL_ENTRY(getpgid), |
| + SYSCALL_ENTRY(getpid), |
| + SYSCALL_ENTRY(getppid), |
| + SYSCALL_ENTRY_ALT(getpriority, android_getpriority), |
| + SYSCALL_ENTRY(getrandom), |
| + SYSCALL_ENTRY(getrlimit), |
| + SYSCALL_ENTRY(getrusage), |
| + SYSCALL_ENTRY(getsid), |
| + SYSCALL_ENTRY(getsockname), |
| + SYSCALL_ENTRY(getsockopt), |
| + SYSCALL_ENTRY(gettid), |
| + SYSCALL_ENTRY(gettimeofday), |
| + SYSCALL_ENTRY(getxattr), |
| + SYSCALL_ENTRY(inotify_add_watch), |
| + SYSCALL_ENTRY(inotify_init1), |
| + SYSCALL_ENTRY(inotify_rm_watch), |
| + SYSCALL_ENTRY(ioctl), |
| + SYSCALL_ENTRY(io_destroy), |
| + SYSCALL_ENTRY(io_getevents), |
| + SYSCALL_ENTRY(io_setup), |
| + SYSCALL_ENTRY(io_submit), |
| + SYSCALL_ENTRY(ioprio_set), |
| + SYSCALL_ENTRY_ALT(keyctl, android_keyctl), |
| + SYSCALL_ENTRY(kill), |
| + SYSCALL_ENTRY(lgetxattr), |
| + SYSCALL_ENTRY(linkat), |
| + SYSCALL_ENTRY(listxattr), |
| + SYSCALL_ENTRY(listen), |
| + SYSCALL_ENTRY(llistxattr), |
| + SYSCALL_ENTRY(lremovexattr), |
| + SYSCALL_ENTRY(lseek), |
| + SYSCALL_ENTRY(lsetxattr), |
| + SYSCALL_ENTRY(madvise), |
| + SYSCALL_ENTRY(memfd_create), |
| + SYSCALL_ENTRY(mincore), |
| + SYSCALL_ENTRY(mkdirat), |
| + SYSCALL_ENTRY(mknodat), |
| + SYSCALL_ENTRY(mlock), |
| + SYSCALL_ENTRY(mlockall), |
| + SYSCALL_ENTRY(munlock), |
| + SYSCALL_ENTRY(munlockall), |
| + SYSCALL_ENTRY(mount), |
| + SYSCALL_ENTRY(mprotect), |
| + SYSCALL_ENTRY(mremap), |
| + SYSCALL_ENTRY(msync), |
| + SYSCALL_ENTRY(munmap), |
| + SYSCALL_ENTRY(name_to_handle_at), |
| + SYSCALL_ENTRY(nanosleep), |
| + SYSCALL_ENTRY(open_by_handle_at), |
| + SYSCALL_ENTRY(openat), |
| + SYSCALL_ENTRY_ALT(perf_event_open, android_perf_event_open), |
| + SYSCALL_ENTRY(personality), |
| + SYSCALL_ENTRY(pipe2), |
| + SYSCALL_ENTRY(ppoll), |
| + SYSCALL_ENTRY_ALT(prctl, alt_sys_prctl), |
| + SYSCALL_ENTRY(pread64), |
| + SYSCALL_ENTRY(preadv), |
| + SYSCALL_ENTRY(prlimit64), |
| + SYSCALL_ENTRY(process_vm_readv), |
| + SYSCALL_ENTRY(process_vm_writev), |
| + SYSCALL_ENTRY(pselect6), |
| + SYSCALL_ENTRY(ptrace), |
| + SYSCALL_ENTRY(pwrite64), |
| + SYSCALL_ENTRY(pwritev), |
| + SYSCALL_ENTRY(read), |
| + SYSCALL_ENTRY(readahead), |
| + SYSCALL_ENTRY(readv), |
| + SYSCALL_ENTRY(readlinkat), |
| + SYSCALL_ENTRY(recvfrom), |
| + SYSCALL_ENTRY(recvmmsg), |
| + SYSCALL_ENTRY(recvmsg), |
| + SYSCALL_ENTRY(remap_file_pages), |
| + SYSCALL_ENTRY(removexattr), |
| + SYSCALL_ENTRY(renameat), |
| + SYSCALL_ENTRY(restart_syscall), |
| + SYSCALL_ENTRY(rt_sigaction), |
| + SYSCALL_ENTRY(rt_sigpending), |
| + SYSCALL_ENTRY(rt_sigprocmask), |
| + SYSCALL_ENTRY(rt_sigqueueinfo), |
| + SYSCALL_ENTRY(rt_sigreturn), |
| + SYSCALL_ENTRY(rt_sigsuspend), |
| + SYSCALL_ENTRY(rt_sigtimedwait), |
| + SYSCALL_ENTRY(rt_tgsigqueueinfo), |
| + SYSCALL_ENTRY(sched_get_priority_max), |
| + SYSCALL_ENTRY(sched_get_priority_min), |
| + SYSCALL_ENTRY(sched_getaffinity), |
| + SYSCALL_ENTRY(sched_getparam), |
| + SYSCALL_ENTRY(sched_getscheduler), |
| + SYSCALL_ENTRY(sched_setaffinity), |
| + SYSCALL_ENTRY_ALT(sched_setparam, android_sched_setparam), |
| + SYSCALL_ENTRY_ALT(sched_setscheduler, android_sched_setscheduler), |
| + SYSCALL_ENTRY(sched_yield), |
| + SYSCALL_ENTRY(seccomp), |
| + SYSCALL_ENTRY(sendfile), |
| + SYSCALL_ENTRY(sendmmsg), |
| + SYSCALL_ENTRY(sendmsg), |
| + SYSCALL_ENTRY(sendto), |
| + SYSCALL_ENTRY(setdomainname), |
| + SYSCALL_ENTRY(set_robust_list), |
| + SYSCALL_ENTRY(set_tid_address), |
| + SYSCALL_ENTRY(setitimer), |
| + SYSCALL_ENTRY(setns), |
| + SYSCALL_ENTRY(setpgid), |
| + SYSCALL_ENTRY_ALT(setpriority, android_setpriority), |
| + SYSCALL_ENTRY(setrlimit), |
| + SYSCALL_ENTRY(setsid), |
| + SYSCALL_ENTRY(setsockopt), |
| + SYSCALL_ENTRY(settimeofday), |
| + SYSCALL_ENTRY(setxattr), |
| + SYSCALL_ENTRY(shutdown), |
| + SYSCALL_ENTRY(signalfd4), |
| + SYSCALL_ENTRY(sigaltstack), |
| + SYSCALL_ENTRY_ALT(socket, android_socket), |
| + SYSCALL_ENTRY(socketpair), |
| + SYSCALL_ENTRY(splice), |
| + SYSCALL_ENTRY(statfs), |
| + SYSCALL_ENTRY(symlinkat), |
| + SYSCALL_ENTRY(sync), |
| + SYSCALL_ENTRY(syncfs), |
| + SYSCALL_ENTRY(sysinfo), |
| + SYSCALL_ENTRY(syslog), |
| + SYSCALL_ENTRY(tee), |
| + SYSCALL_ENTRY(tgkill), |
| + SYSCALL_ENTRY(tkill), |
| + SYSCALL_ENTRY(timer_create), |
| + SYSCALL_ENTRY(timer_delete), |
| + SYSCALL_ENTRY(timer_gettime), |
| + SYSCALL_ENTRY(timer_getoverrun), |
| + SYSCALL_ENTRY(timer_settime), |
| + SYSCALL_ENTRY(timerfd_create), |
| + SYSCALL_ENTRY(timerfd_gettime), |
| + SYSCALL_ENTRY(timerfd_settime), |
| + SYSCALL_ENTRY(times), |
| + SYSCALL_ENTRY(truncate), |
| + SYSCALL_ENTRY(umask), |
| + SYSCALL_ENTRY(umount2), |
| + SYSCALL_ENTRY(uname), |
| + SYSCALL_ENTRY(unlinkat), |
| + SYSCALL_ENTRY(unshare), |
| + SYSCALL_ENTRY(utimensat), |
| + SYSCALL_ENTRY(vmsplice), |
| + SYSCALL_ENTRY(wait4), |
| + SYSCALL_ENTRY(waitid), |
| + SYSCALL_ENTRY(write), |
| + SYSCALL_ENTRY(writev), |
| + |
| + /* |
| + * Deprecated syscalls which are not wired up on new architectures |
| + * such as ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(access), |
| + SYSCALL_ENTRY(chmod), |
| + SYSCALL_ENTRY(open), |
| + SYSCALL_ENTRY(creat), |
| + SYSCALL_ENTRY(dup2), |
| + SYSCALL_ENTRY(epoll_create), |
| + SYSCALL_ENTRY(epoll_wait), |
| + SYSCALL_ENTRY(eventfd), |
| + SYSCALL_ENTRY(fork), |
| + SYSCALL_ENTRY(futimesat), |
| + SYSCALL_ENTRY(getdents), |
| + SYSCALL_ENTRY(getpgrp), |
| + SYSCALL_ENTRY(inotify_init), |
| + SYSCALL_ENTRY(link), |
| + SYSCALL_ENTRY(lstat), |
| + SYSCALL_ENTRY(mkdir), |
| + SYSCALL_ENTRY(mknod), |
| + SYSCALL_ENTRY(pipe), |
| + SYSCALL_ENTRY(poll), |
| + SYSCALL_ENTRY(readlink), |
| + SYSCALL_ENTRY(rename), |
| + SYSCALL_ENTRY(rmdir), |
| + SYSCALL_ENTRY(stat), |
| + SYSCALL_ENTRY(symlink), |
| + SYSCALL_ENTRY(time), |
| + SYSCALL_ENTRY(unlink), |
| + SYSCALL_ENTRY(ustat), |
| + SYSCALL_ENTRY(utimes), |
| + SYSCALL_ENTRY(vfork), |
| +#endif |
| + |
| + SYSCALL_ENTRY(fadvise64), |
| + SYSCALL_ENTRY(sync_file_range), |
| + |
| + /* 64-bit only syscalls. */ |
| + SYSCALL_ENTRY(fchown), |
| + SYSCALL_ENTRY(getegid), |
| + SYSCALL_ENTRY(geteuid), |
| + SYSCALL_ENTRY(getgid), |
| + SYSCALL_ENTRY(getgroups), |
| + SYSCALL_ENTRY(getresgid), |
| + SYSCALL_ENTRY(getresuid), |
| + SYSCALL_ENTRY(getuid), |
| + SYSCALL_ENTRY(newfstatat), |
| + SYSCALL_ENTRY(mmap), |
| + SYSCALL_ENTRY(setgid), |
| + SYSCALL_ENTRY(setgroups), |
| + SYSCALL_ENTRY(setregid), |
| + SYSCALL_ENTRY(setresgid), |
| + SYSCALL_ENTRY(setresuid), |
| + SYSCALL_ENTRY(setreuid), |
| + SYSCALL_ENTRY(setuid), |
| + /* |
| + * chown(2), lchown(2), and select(2) are deprecated and not wired up |
| + * on ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(chown), |
| + SYSCALL_ENTRY(lchown), |
| + SYSCALL_ENTRY(select), |
| +#endif |
| + |
| + /* X86_64-specific syscalls. */ |
| +#ifdef CONFIG_X86_64 |
| + SYSCALL_ENTRY(arch_prctl), |
| + SYSCALL_ENTRY(modify_ldt), |
| + SYSCALL_ENTRY(set_thread_area), |
| +#endif |
| + |
| +}; /* end android_whitelist */ |
| + |
| +#ifdef CONFIG_COMPAT |
| +static struct syscall_whitelist_entry android_compat_whitelist[] = { |
| + COMPAT_SYSCALL_ENTRY(access), |
| + COMPAT_SYSCALL_ENTRY_ALT(adjtimex, android_compat_adjtimex), |
| + COMPAT_SYSCALL_ENTRY(brk), |
| + COMPAT_SYSCALL_ENTRY(capget), |
| + COMPAT_SYSCALL_ENTRY(capset), |
| + COMPAT_SYSCALL_ENTRY(chdir), |
| + COMPAT_SYSCALL_ENTRY(chmod), |
| + COMPAT_SYSCALL_ENTRY_ALT(clock_adjtime, android_compat_clock_adjtime), |
| + COMPAT_SYSCALL_ENTRY(clock_getres), |
| + COMPAT_SYSCALL_ENTRY(clock_gettime), |
| + COMPAT_SYSCALL_ENTRY(clock_nanosleep), |
| + COMPAT_SYSCALL_ENTRY(clock_settime), |
| + COMPAT_SYSCALL_ENTRY(clone), |
| + COMPAT_SYSCALL_ENTRY(close), |
| + COMPAT_SYSCALL_ENTRY(creat), |
| + COMPAT_SYSCALL_ENTRY(dup), |
| + COMPAT_SYSCALL_ENTRY(dup2), |
| + COMPAT_SYSCALL_ENTRY(dup3), |
| + COMPAT_SYSCALL_ENTRY(epoll_create), |
| + COMPAT_SYSCALL_ENTRY(epoll_create1), |
| + COMPAT_SYSCALL_ENTRY(epoll_ctl), |
| + COMPAT_SYSCALL_ENTRY(epoll_wait), |
| + COMPAT_SYSCALL_ENTRY(epoll_pwait), |
| + COMPAT_SYSCALL_ENTRY(eventfd), |
| + COMPAT_SYSCALL_ENTRY(eventfd2), |
| + COMPAT_SYSCALL_ENTRY(execve), |
| + COMPAT_SYSCALL_ENTRY(exit), |
| + COMPAT_SYSCALL_ENTRY(exit_group), |
| + COMPAT_SYSCALL_ENTRY(faccessat), |
| + COMPAT_SYSCALL_ENTRY(fallocate), |
| + COMPAT_SYSCALL_ENTRY(fchdir), |
| + COMPAT_SYSCALL_ENTRY(fchmod), |
| + COMPAT_SYSCALL_ENTRY(fchmodat), |
| + COMPAT_SYSCALL_ENTRY(fchownat), |
| + COMPAT_SYSCALL_ENTRY(fcntl), |
| + COMPAT_SYSCALL_ENTRY(fdatasync), |
| + COMPAT_SYSCALL_ENTRY(fgetxattr), |
| + COMPAT_SYSCALL_ENTRY(flistxattr), |
| + COMPAT_SYSCALL_ENTRY(flock), |
| + COMPAT_SYSCALL_ENTRY(fork), |
| + COMPAT_SYSCALL_ENTRY(fremovexattr), |
| + COMPAT_SYSCALL_ENTRY(fsetxattr), |
| + COMPAT_SYSCALL_ENTRY(fstat), |
| + COMPAT_SYSCALL_ENTRY(fstatfs), |
| + COMPAT_SYSCALL_ENTRY(fsync), |
| + COMPAT_SYSCALL_ENTRY(ftruncate), |
| + COMPAT_SYSCALL_ENTRY(futex), |
| + COMPAT_SYSCALL_ENTRY(futimesat), |
| + COMPAT_SYSCALL_ENTRY_ALT(getcpu, android_getcpu), |
| + COMPAT_SYSCALL_ENTRY(getcwd), |
| + COMPAT_SYSCALL_ENTRY(getdents), |
| + COMPAT_SYSCALL_ENTRY(getdents64), |
| + COMPAT_SYSCALL_ENTRY(getpgid), |
| + COMPAT_SYSCALL_ENTRY(getpgrp), |
| + COMPAT_SYSCALL_ENTRY(getpid), |
| + COMPAT_SYSCALL_ENTRY(getppid), |
| + COMPAT_SYSCALL_ENTRY_ALT(getpriority, android_getpriority), |
| + COMPAT_SYSCALL_ENTRY(getrandom), |
| + COMPAT_SYSCALL_ENTRY(getrusage), |
| + COMPAT_SYSCALL_ENTRY(getsid), |
| + COMPAT_SYSCALL_ENTRY(gettid), |
| + COMPAT_SYSCALL_ENTRY(gettimeofday), |
| + COMPAT_SYSCALL_ENTRY(getxattr), |
| + COMPAT_SYSCALL_ENTRY(inotify_add_watch), |
| + COMPAT_SYSCALL_ENTRY(inotify_init), |
| + COMPAT_SYSCALL_ENTRY(inotify_init1), |
| + COMPAT_SYSCALL_ENTRY(inotify_rm_watch), |
| + COMPAT_SYSCALL_ENTRY(ioctl), |
| + COMPAT_SYSCALL_ENTRY(io_destroy), |
| + COMPAT_SYSCALL_ENTRY(io_getevents), |
| + COMPAT_SYSCALL_ENTRY(io_setup), |
| + COMPAT_SYSCALL_ENTRY(io_submit), |
| + COMPAT_SYSCALL_ENTRY(ioprio_set), |
| + COMPAT_SYSCALL_ENTRY_ALT(keyctl, android_keyctl), |
| + COMPAT_SYSCALL_ENTRY(kill), |
| + COMPAT_SYSCALL_ENTRY(lgetxattr), |
| + COMPAT_SYSCALL_ENTRY(link), |
| + COMPAT_SYSCALL_ENTRY(linkat), |
| + COMPAT_SYSCALL_ENTRY(listxattr), |
| + COMPAT_SYSCALL_ENTRY(llistxattr), |
| + COMPAT_SYSCALL_ENTRY(lremovexattr), |
| + COMPAT_SYSCALL_ENTRY(lseek), |
| + COMPAT_SYSCALL_ENTRY(lsetxattr), |
| + COMPAT_SYSCALL_ENTRY(lstat), |
| + COMPAT_SYSCALL_ENTRY(madvise), |
| + COMPAT_SYSCALL_ENTRY(memfd_create), |
| + COMPAT_SYSCALL_ENTRY(mincore), |
| + COMPAT_SYSCALL_ENTRY(mkdir), |
| + COMPAT_SYSCALL_ENTRY(mkdirat), |
| + COMPAT_SYSCALL_ENTRY(mknod), |
| + COMPAT_SYSCALL_ENTRY(mknodat), |
| + COMPAT_SYSCALL_ENTRY(mlock), |
| + COMPAT_SYSCALL_ENTRY(mlockall), |
| + COMPAT_SYSCALL_ENTRY(munlock), |
| + COMPAT_SYSCALL_ENTRY(munlockall), |
| + COMPAT_SYSCALL_ENTRY(mount), |
| + COMPAT_SYSCALL_ENTRY(mprotect), |
| + COMPAT_SYSCALL_ENTRY(mremap), |
| + COMPAT_SYSCALL_ENTRY(msync), |
| + COMPAT_SYSCALL_ENTRY(munmap), |
| + COMPAT_SYSCALL_ENTRY(name_to_handle_at), |
| + COMPAT_SYSCALL_ENTRY(nanosleep), |
| + COMPAT_SYSCALL_ENTRY(open), |
| + COMPAT_SYSCALL_ENTRY(open_by_handle_at), |
| + COMPAT_SYSCALL_ENTRY(openat), |
| + COMPAT_SYSCALL_ENTRY_ALT(perf_event_open, android_perf_event_open), |
| + COMPAT_SYSCALL_ENTRY(personality), |
| + COMPAT_SYSCALL_ENTRY(pipe), |
| + COMPAT_SYSCALL_ENTRY(pipe2), |
| + COMPAT_SYSCALL_ENTRY(poll), |
| + COMPAT_SYSCALL_ENTRY(ppoll), |
| + COMPAT_SYSCALL_ENTRY_ALT(prctl, alt_sys_prctl), |
| + COMPAT_SYSCALL_ENTRY(pread64), |
| + COMPAT_SYSCALL_ENTRY(preadv), |
| + COMPAT_SYSCALL_ENTRY(prlimit64), |
| + COMPAT_SYSCALL_ENTRY(process_vm_readv), |
| + COMPAT_SYSCALL_ENTRY(process_vm_writev), |
| + COMPAT_SYSCALL_ENTRY(pselect6), |
| + COMPAT_SYSCALL_ENTRY(ptrace), |
| + COMPAT_SYSCALL_ENTRY(pwrite64), |
| + COMPAT_SYSCALL_ENTRY(pwritev), |
| + COMPAT_SYSCALL_ENTRY(read), |
| + COMPAT_SYSCALL_ENTRY(readahead), |
| + COMPAT_SYSCALL_ENTRY(readv), |
| + COMPAT_SYSCALL_ENTRY(readlink), |
| + COMPAT_SYSCALL_ENTRY(readlinkat), |
| + COMPAT_SYSCALL_ENTRY(recvmmsg), |
| + COMPAT_SYSCALL_ENTRY(remap_file_pages), |
| + COMPAT_SYSCALL_ENTRY(removexattr), |
| + COMPAT_SYSCALL_ENTRY(rename), |
| + COMPAT_SYSCALL_ENTRY(renameat), |
| + COMPAT_SYSCALL_ENTRY(restart_syscall), |
| + COMPAT_SYSCALL_ENTRY(rmdir), |
| + COMPAT_SYSCALL_ENTRY(rt_sigaction), |
| + COMPAT_SYSCALL_ENTRY(rt_sigpending), |
| + COMPAT_SYSCALL_ENTRY(rt_sigprocmask), |
| + COMPAT_SYSCALL_ENTRY(rt_sigqueueinfo), |
| + COMPAT_SYSCALL_ENTRY(rt_sigreturn), |
| + COMPAT_SYSCALL_ENTRY(rt_sigsuspend), |
| + COMPAT_SYSCALL_ENTRY(rt_sigtimedwait), |
| + COMPAT_SYSCALL_ENTRY(rt_tgsigqueueinfo), |
| + COMPAT_SYSCALL_ENTRY(sched_get_priority_max), |
| + COMPAT_SYSCALL_ENTRY(sched_get_priority_min), |
| + COMPAT_SYSCALL_ENTRY(sched_getaffinity), |
| + COMPAT_SYSCALL_ENTRY(sched_getparam), |
| + COMPAT_SYSCALL_ENTRY(sched_getscheduler), |
| + COMPAT_SYSCALL_ENTRY(sched_setaffinity), |
| + COMPAT_SYSCALL_ENTRY_ALT(sched_setparam, |
| + android_sched_setparam), |
| + COMPAT_SYSCALL_ENTRY_ALT(sched_setscheduler, |
| + android_sched_setscheduler), |
| + COMPAT_SYSCALL_ENTRY(sched_yield), |
| + COMPAT_SYSCALL_ENTRY(seccomp), |
| + COMPAT_SYSCALL_ENTRY(sendfile), |
| + COMPAT_SYSCALL_ENTRY(sendfile64), |
| + COMPAT_SYSCALL_ENTRY(sendmmsg), |
| + COMPAT_SYSCALL_ENTRY(setdomainname), |
| + COMPAT_SYSCALL_ENTRY(set_robust_list), |
| + COMPAT_SYSCALL_ENTRY(set_tid_address), |
| + COMPAT_SYSCALL_ENTRY(setitimer), |
| + COMPAT_SYSCALL_ENTRY(setns), |
| + COMPAT_SYSCALL_ENTRY(setpgid), |
| + COMPAT_SYSCALL_ENTRY_ALT(setpriority, android_setpriority), |
| + COMPAT_SYSCALL_ENTRY(setrlimit), |
| + COMPAT_SYSCALL_ENTRY(setsid), |
| + COMPAT_SYSCALL_ENTRY(settimeofday), |
| + COMPAT_SYSCALL_ENTRY(setxattr), |
| + COMPAT_SYSCALL_ENTRY(signalfd4), |
| + COMPAT_SYSCALL_ENTRY(sigaltstack), |
| + COMPAT_SYSCALL_ENTRY(splice), |
| + COMPAT_SYSCALL_ENTRY(stat), |
| + COMPAT_SYSCALL_ENTRY(statfs), |
| + COMPAT_SYSCALL_ENTRY(symlink), |
| + COMPAT_SYSCALL_ENTRY(symlinkat), |
| + COMPAT_SYSCALL_ENTRY(sync), |
| + COMPAT_SYSCALL_ENTRY(syncfs), |
| + COMPAT_SYSCALL_ENTRY(sysinfo), |
| + COMPAT_SYSCALL_ENTRY(syslog), |
| + COMPAT_SYSCALL_ENTRY(tgkill), |
| + COMPAT_SYSCALL_ENTRY(tee), |
| + COMPAT_SYSCALL_ENTRY(tkill), |
| + COMPAT_SYSCALL_ENTRY(timer_create), |
| + COMPAT_SYSCALL_ENTRY(timer_delete), |
| + COMPAT_SYSCALL_ENTRY(timer_gettime), |
| + COMPAT_SYSCALL_ENTRY(timer_getoverrun), |
| + COMPAT_SYSCALL_ENTRY(timer_settime), |
| + COMPAT_SYSCALL_ENTRY(timerfd_create), |
| + COMPAT_SYSCALL_ENTRY(timerfd_gettime), |
| + COMPAT_SYSCALL_ENTRY(timerfd_settime), |
| + COMPAT_SYSCALL_ENTRY(times), |
| + COMPAT_SYSCALL_ENTRY(truncate), |
| + COMPAT_SYSCALL_ENTRY(umask), |
| + COMPAT_SYSCALL_ENTRY(umount2), |
| + COMPAT_SYSCALL_ENTRY(uname), |
| + COMPAT_SYSCALL_ENTRY(unlink), |
| + COMPAT_SYSCALL_ENTRY(unlinkat), |
| + COMPAT_SYSCALL_ENTRY(unshare), |
| + COMPAT_SYSCALL_ENTRY(ustat), |
| + COMPAT_SYSCALL_ENTRY(utimensat), |
| + COMPAT_SYSCALL_ENTRY(utimes), |
| + COMPAT_SYSCALL_ENTRY(vfork), |
| + COMPAT_SYSCALL_ENTRY(vmsplice), |
| + COMPAT_SYSCALL_ENTRY(wait4), |
| + COMPAT_SYSCALL_ENTRY(waitid), |
| + COMPAT_SYSCALL_ENTRY(write), |
| + COMPAT_SYSCALL_ENTRY(writev), |
| + COMPAT_SYSCALL_ENTRY(chown32), |
| + COMPAT_SYSCALL_ENTRY(fchown32), |
| + COMPAT_SYSCALL_ENTRY(fcntl64), |
| + COMPAT_SYSCALL_ENTRY(fstat64), |
| + COMPAT_SYSCALL_ENTRY(fstatat64), |
| + COMPAT_SYSCALL_ENTRY(fstatfs64), |
| + COMPAT_SYSCALL_ENTRY(ftruncate64), |
| + COMPAT_SYSCALL_ENTRY(getegid), |
| + COMPAT_SYSCALL_ENTRY(getegid32), |
| + COMPAT_SYSCALL_ENTRY(geteuid), |
| + COMPAT_SYSCALL_ENTRY(geteuid32), |
| + COMPAT_SYSCALL_ENTRY(getgid), |
| + COMPAT_SYSCALL_ENTRY(getgid32), |
| + COMPAT_SYSCALL_ENTRY(getgroups32), |
| + COMPAT_SYSCALL_ENTRY(getresgid32), |
| + COMPAT_SYSCALL_ENTRY(getresuid32), |
| + COMPAT_SYSCALL_ENTRY(getuid), |
| + COMPAT_SYSCALL_ENTRY(getuid32), |
| + COMPAT_SYSCALL_ENTRY(lchown32), |
| + COMPAT_SYSCALL_ENTRY(lstat64), |
| + COMPAT_SYSCALL_ENTRY(mmap2), |
| + COMPAT_SYSCALL_ENTRY(_newselect), |
| + COMPAT_SYSCALL_ENTRY(_llseek), |
| + COMPAT_SYSCALL_ENTRY(sigaction), |
| + COMPAT_SYSCALL_ENTRY(sigpending), |
| + COMPAT_SYSCALL_ENTRY(sigprocmask), |
| + COMPAT_SYSCALL_ENTRY(sigreturn), |
| + COMPAT_SYSCALL_ENTRY(sigsuspend), |
| + COMPAT_SYSCALL_ENTRY(setgid32), |
| + COMPAT_SYSCALL_ENTRY(setgroups32), |
| + COMPAT_SYSCALL_ENTRY(setregid32), |
| + COMPAT_SYSCALL_ENTRY(setresgid32), |
| + COMPAT_SYSCALL_ENTRY(setresuid32), |
| + COMPAT_SYSCALL_ENTRY(setreuid32), |
| + COMPAT_SYSCALL_ENTRY(setuid32), |
| + COMPAT_SYSCALL_ENTRY(stat64), |
| + COMPAT_SYSCALL_ENTRY(statfs64), |
| + COMPAT_SYSCALL_ENTRY(truncate64), |
| + COMPAT_SYSCALL_ENTRY(ugetrlimit), |
| + |
| +#ifdef CONFIG_X86_64 |
| + /* |
| + * waitpid(2) is deprecated on most architectures, but still exists |
| + * on IA32. |
| + */ |
| + COMPAT_SYSCALL_ENTRY(waitpid), |
| + |
| + /* IA32 uses the common socketcall(2) entrypoint for socket calls. */ |
| + COMPAT_SYSCALL_ENTRY(socketcall), |
| +#endif |
| + |
| +#ifdef CONFIG_ARM64 |
| + COMPAT_SYSCALL_ENTRY(accept), |
| + COMPAT_SYSCALL_ENTRY(accept4), |
| + COMPAT_SYSCALL_ENTRY(bind), |
| + COMPAT_SYSCALL_ENTRY(connect), |
| + COMPAT_SYSCALL_ENTRY(getpeername), |
| + COMPAT_SYSCALL_ENTRY(getsockname), |
| + COMPAT_SYSCALL_ENTRY(getsockopt), |
| + COMPAT_SYSCALL_ENTRY(listen), |
| + COMPAT_SYSCALL_ENTRY(recvfrom), |
| + COMPAT_SYSCALL_ENTRY(recvmsg), |
| + COMPAT_SYSCALL_ENTRY(sendmsg), |
| + COMPAT_SYSCALL_ENTRY(sendto), |
| + COMPAT_SYSCALL_ENTRY(setsockopt), |
| + COMPAT_SYSCALL_ENTRY(shutdown), |
| + COMPAT_SYSCALL_ENTRY(socket), |
| + COMPAT_SYSCALL_ENTRY(socketpair), |
| + COMPAT_SYSCALL_ENTRY(recv), |
| + COMPAT_SYSCALL_ENTRY(send), |
| +#endif |
| + |
| + /* |
| + * posix_fadvise(2) and sync_file_range(2) have ARM-specific wrappers |
| + * to deal with register alignment. |
| + */ |
| +#ifdef CONFIG_ARM64 |
| + COMPAT_SYSCALL_ENTRY(arm_fadvise64_64), |
| + COMPAT_SYSCALL_ENTRY(sync_file_range2), |
| +#else |
| + COMPAT_SYSCALL_ENTRY(fadvise64_64), |
| + COMPAT_SYSCALL_ENTRY(fadvise64), |
| + COMPAT_SYSCALL_ENTRY(sync_file_range), |
| +#endif |
| + |
| + /* |
| + * getrlimit(2) and time(2) are deprecated and not wired in the ARM |
| + * compat table on ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + COMPAT_SYSCALL_ENTRY(getrlimit), |
| + COMPAT_SYSCALL_ENTRY(time), |
| +#endif |
| + |
| + /* x86-specific syscalls. */ |
| +#ifdef CONFIG_X86_64 |
| + COMPAT_SYSCALL_ENTRY(modify_ldt), |
| + COMPAT_SYSCALL_ENTRY(set_thread_area), |
| +#endif |
| +}; /* end android_compat_whitelist */ |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +#endif /* ANDROID_WHITELISTS_H */ |
| diff --git a/security/chromiumos/complete_whitelists.h b/security/chromiumos/complete_whitelists.h |
| new file mode 100644 |
| index 000000000000..224a5d3c6920 |
| --- /dev/null |
| +++ b/security/chromiumos/complete_whitelists.h |
| @@ -0,0 +1,373 @@ |
| +/* |
| + * Linux Security Module for Chromium OS |
| + * |
| + * Copyright 2018 Google LLC. All Rights Reserved |
| + * |
| + * Authors: |
| + * Micah Morton <mortonm@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| + |
| +#ifndef COMPLETE_WHITELISTS_H |
| +#define COMPLETE_WHITELISTS_H |
| + |
| +/* |
| + * NOTE: the purpose of this header is only to pull out the definition of this |
| + * array from alt-syscall.c for the purposes of readability. It should not be |
| + * included in other .c files. |
| + */ |
| + |
| +#include "alt-syscall.h" |
| + |
| +static struct syscall_whitelist_entry complete_whitelist[] = { |
| + /* Syscalls wired up on ARM32/ARM64 and x86_64. */ |
| + SYSCALL_ENTRY(accept), |
| + SYSCALL_ENTRY(accept4), |
| + SYSCALL_ENTRY(acct), |
| + SYSCALL_ENTRY(add_key), |
| + SYSCALL_ENTRY(adjtimex), |
| + SYSCALL_ENTRY(bind), |
| + SYSCALL_ENTRY(brk), |
| + SYSCALL_ENTRY(capget), |
| + SYSCALL_ENTRY(capset), |
| + SYSCALL_ENTRY(chdir), |
| + SYSCALL_ENTRY(chroot), |
| + SYSCALL_ENTRY(clock_adjtime), |
| + SYSCALL_ENTRY(clock_getres), |
| + SYSCALL_ENTRY(clock_gettime), |
| + SYSCALL_ENTRY(clock_nanosleep), |
| + SYSCALL_ENTRY(clock_settime), |
| + SYSCALL_ENTRY(clone), |
| + SYSCALL_ENTRY(close), |
| + SYSCALL_ENTRY(connect), |
| + SYSCALL_ENTRY(copy_file_range), |
| + SYSCALL_ENTRY(delete_module), |
| + SYSCALL_ENTRY(dup), |
| + SYSCALL_ENTRY(dup3), |
| + SYSCALL_ENTRY(epoll_create1), |
| + SYSCALL_ENTRY(epoll_ctl), |
| + SYSCALL_ENTRY(epoll_pwait), |
| + SYSCALL_ENTRY(eventfd2), |
| + SYSCALL_ENTRY(execve), |
| + SYSCALL_ENTRY(exit), |
| + SYSCALL_ENTRY(exit_group), |
| + SYSCALL_ENTRY(faccessat), |
| + SYSCALL_ENTRY(fallocate), |
| + SYSCALL_ENTRY(fanotify_init), |
| + SYSCALL_ENTRY(fanotify_mark), |
| + SYSCALL_ENTRY(fchdir), |
| + SYSCALL_ENTRY(fchmod), |
| + SYSCALL_ENTRY(fchmodat), |
| + SYSCALL_ENTRY(fchown), |
| + SYSCALL_ENTRY(fchownat), |
| + SYSCALL_ENTRY(fcntl), |
| + SYSCALL_ENTRY(fdatasync), |
| + SYSCALL_ENTRY(fgetxattr), |
| + SYSCALL_ENTRY(finit_module), |
| + SYSCALL_ENTRY(flistxattr), |
| + SYSCALL_ENTRY(flock), |
| + SYSCALL_ENTRY(fremovexattr), |
| + SYSCALL_ENTRY(fsetxattr), |
| + SYSCALL_ENTRY(fstatfs), |
| + SYSCALL_ENTRY(fsync), |
| + SYSCALL_ENTRY(ftruncate), |
| + SYSCALL_ENTRY(futex), |
| + SYSCALL_ENTRY(getcpu), |
| + SYSCALL_ENTRY(getcwd), |
| + SYSCALL_ENTRY(getdents64), |
| + SYSCALL_ENTRY(getegid), |
| + SYSCALL_ENTRY(geteuid), |
| + SYSCALL_ENTRY(getgid), |
| + SYSCALL_ENTRY(getgroups), |
| + SYSCALL_ENTRY(getitimer), |
| + SYSCALL_ENTRY(get_mempolicy), |
| + SYSCALL_ENTRY(getpeername), |
| + SYSCALL_ENTRY(getpgid), |
| + SYSCALL_ENTRY(getpid), |
| + SYSCALL_ENTRY(getppid), |
| + SYSCALL_ENTRY(getpriority), |
| + SYSCALL_ENTRY(getrandom), |
| + SYSCALL_ENTRY(getresgid), |
| + SYSCALL_ENTRY(getresuid), |
| + SYSCALL_ENTRY(getrlimit), |
| + SYSCALL_ENTRY(get_robust_list), |
| + SYSCALL_ENTRY(getrusage), |
| + SYSCALL_ENTRY(getsid), |
| + SYSCALL_ENTRY(getsockname), |
| + SYSCALL_ENTRY(getsockopt), |
| + SYSCALL_ENTRY(gettid), |
| + SYSCALL_ENTRY(gettimeofday), |
| + SYSCALL_ENTRY(getuid), |
| + SYSCALL_ENTRY(getxattr), |
| + SYSCALL_ENTRY(init_module), |
| + SYSCALL_ENTRY(inotify_add_watch), |
| + SYSCALL_ENTRY(inotify_init1), |
| + SYSCALL_ENTRY(inotify_rm_watch), |
| + SYSCALL_ENTRY(io_cancel), |
| + SYSCALL_ENTRY(ioctl), |
| + SYSCALL_ENTRY(io_destroy), |
| + SYSCALL_ENTRY(io_getevents), |
| + SYSCALL_ENTRY(ioprio_get), |
| + SYSCALL_ENTRY(ioprio_set), |
| + SYSCALL_ENTRY(io_setup), |
| + SYSCALL_ENTRY(io_submit), |
| + SYSCALL_ENTRY(kcmp), |
| + SYSCALL_ENTRY(kexec_load), |
| + SYSCALL_ENTRY(keyctl), |
| + SYSCALL_ENTRY(kill), |
| + SYSCALL_ENTRY(lgetxattr), |
| + SYSCALL_ENTRY(linkat), |
| + SYSCALL_ENTRY(listen), |
| + SYSCALL_ENTRY(listxattr), |
| + SYSCALL_ENTRY(llistxattr), |
| + SYSCALL_ENTRY(lookup_dcookie), |
| + SYSCALL_ENTRY(lremovexattr), |
| + SYSCALL_ENTRY(lseek), |
| + SYSCALL_ENTRY(lsetxattr), |
| + SYSCALL_ENTRY(madvise), |
| + SYSCALL_ENTRY(mbind), |
| + SYSCALL_ENTRY(memfd_create), |
| + SYSCALL_ENTRY(mincore), |
| + SYSCALL_ENTRY(mkdirat), |
| + SYSCALL_ENTRY(mknodat), |
| + SYSCALL_ENTRY(mlock), |
| + SYSCALL_ENTRY(mlockall), |
| + SYSCALL_ENTRY(mount), |
| + SYSCALL_ENTRY(move_pages), |
| + SYSCALL_ENTRY(mprotect), |
| + SYSCALL_ENTRY(mq_getsetattr), |
| + SYSCALL_ENTRY(mq_notify), |
| + SYSCALL_ENTRY(mq_open), |
| + SYSCALL_ENTRY(mq_timedreceive), |
| + SYSCALL_ENTRY(mq_timedsend), |
| + SYSCALL_ENTRY(mq_unlink), |
| + SYSCALL_ENTRY(mremap), |
| + SYSCALL_ENTRY(msgctl), |
| + SYSCALL_ENTRY(msgget), |
| + SYSCALL_ENTRY(msgrcv), |
| + SYSCALL_ENTRY(msgsnd), |
| + SYSCALL_ENTRY(msync), |
| + SYSCALL_ENTRY(munlock), |
| + SYSCALL_ENTRY(munlockall), |
| + SYSCALL_ENTRY(munmap), |
| + SYSCALL_ENTRY(name_to_handle_at), |
| + SYSCALL_ENTRY(nanosleep), |
| + SYSCALL_ENTRY(openat), |
| + SYSCALL_ENTRY(open_by_handle_at), |
| + SYSCALL_ENTRY(perf_event_open), |
| + SYSCALL_ENTRY(personality), |
| + SYSCALL_ENTRY(pipe2), |
| + SYSCALL_ENTRY(pivot_root), |
| + SYSCALL_ENTRY(pkey_alloc), |
| + SYSCALL_ENTRY(pkey_free), |
| + SYSCALL_ENTRY(pkey_mprotect), |
| + SYSCALL_ENTRY(ppoll), |
| + SYSCALL_ENTRY_ALT(prctl, alt_sys_prctl), |
| + SYSCALL_ENTRY(pread64), |
| + SYSCALL_ENTRY(preadv), |
| + SYSCALL_ENTRY(preadv2), |
| + SYSCALL_ENTRY(pwritev2), |
| + SYSCALL_ENTRY(prlimit64), |
| + SYSCALL_ENTRY(process_vm_readv), |
| + SYSCALL_ENTRY(process_vm_writev), |
| + SYSCALL_ENTRY(pselect6), |
| + SYSCALL_ENTRY(ptrace), |
| + SYSCALL_ENTRY(pwrite64), |
| + SYSCALL_ENTRY(pwritev), |
| + SYSCALL_ENTRY(quotactl), |
| + SYSCALL_ENTRY(read), |
| + SYSCALL_ENTRY(readahead), |
| + SYSCALL_ENTRY(readlinkat), |
| + SYSCALL_ENTRY(readv), |
| + SYSCALL_ENTRY(reboot), |
| + SYSCALL_ENTRY(recvfrom), |
| + SYSCALL_ENTRY(recvmmsg), |
| + SYSCALL_ENTRY(recvmsg), |
| + SYSCALL_ENTRY(remap_file_pages), |
| + SYSCALL_ENTRY(removexattr), |
| + SYSCALL_ENTRY(renameat), |
| + SYSCALL_ENTRY(request_key), |
| + SYSCALL_ENTRY(restart_syscall), |
| + SYSCALL_ENTRY(rt_sigaction), |
| + SYSCALL_ENTRY(rt_sigpending), |
| + SYSCALL_ENTRY(rt_sigprocmask), |
| + SYSCALL_ENTRY(rt_sigqueueinfo), |
| + SYSCALL_ENTRY(rt_sigsuspend), |
| + SYSCALL_ENTRY(rt_sigtimedwait), |
| + SYSCALL_ENTRY(rt_tgsigqueueinfo), |
| + SYSCALL_ENTRY(sched_getaffinity), |
| + SYSCALL_ENTRY(sched_getattr), |
| + SYSCALL_ENTRY(sched_getparam), |
| + SYSCALL_ENTRY(sched_get_priority_max), |
| + SYSCALL_ENTRY(sched_get_priority_min), |
| + SYSCALL_ENTRY(sched_getscheduler), |
| + SYSCALL_ENTRY(sched_rr_get_interval), |
| + SYSCALL_ENTRY(sched_setaffinity), |
| + SYSCALL_ENTRY(sched_setattr), |
| + SYSCALL_ENTRY(sched_setparam), |
| + SYSCALL_ENTRY(sched_setscheduler), |
| + SYSCALL_ENTRY(sched_yield), |
| + SYSCALL_ENTRY(seccomp), |
| + SYSCALL_ENTRY(semctl), |
| + SYSCALL_ENTRY(semget), |
| + SYSCALL_ENTRY(semop), |
| + SYSCALL_ENTRY(semtimedop), |
| + SYSCALL_ENTRY(sendfile), |
| + SYSCALL_ENTRY(sendmmsg), |
| + SYSCALL_ENTRY(sendmsg), |
| + SYSCALL_ENTRY(sendto), |
| + SYSCALL_ENTRY(setdomainname), |
| + SYSCALL_ENTRY(setfsgid), |
| + SYSCALL_ENTRY(setfsuid), |
| + SYSCALL_ENTRY(setgid), |
| + SYSCALL_ENTRY(setgroups), |
| + SYSCALL_ENTRY(sethostname), |
| + SYSCALL_ENTRY(setitimer), |
| + SYSCALL_ENTRY(set_mempolicy), |
| + SYSCALL_ENTRY(setns), |
| + SYSCALL_ENTRY(setpgid), |
| + SYSCALL_ENTRY(setpriority), |
| + SYSCALL_ENTRY(setregid), |
| + SYSCALL_ENTRY(setresgid), |
| + SYSCALL_ENTRY(setresuid), |
| + SYSCALL_ENTRY(setreuid), |
| + SYSCALL_ENTRY(setrlimit), |
| + SYSCALL_ENTRY(set_robust_list), |
| + SYSCALL_ENTRY(setsid), |
| + SYSCALL_ENTRY(setsockopt), |
| + SYSCALL_ENTRY(set_tid_address), |
| + SYSCALL_ENTRY(settimeofday), |
| + SYSCALL_ENTRY(setuid), |
| + SYSCALL_ENTRY(setxattr), |
| + SYSCALL_ENTRY(shmat), |
| + SYSCALL_ENTRY(shmctl), |
| + SYSCALL_ENTRY(shmdt), |
| + SYSCALL_ENTRY(shmget), |
| + SYSCALL_ENTRY(shutdown), |
| + SYSCALL_ENTRY(sigaltstack), |
| + SYSCALL_ENTRY(signalfd4), |
| + SYSCALL_ENTRY(socket), |
| + SYSCALL_ENTRY(socketpair), |
| + SYSCALL_ENTRY(splice), |
| + SYSCALL_ENTRY(statfs), |
| + SYSCALL_ENTRY(statx), |
| + SYSCALL_ENTRY(swapoff), |
| + SYSCALL_ENTRY(swapon), |
| + SYSCALL_ENTRY(symlinkat), |
| + SYSCALL_ENTRY(sync), |
| + SYSCALL_ENTRY(syncfs), |
| + SYSCALL_ENTRY(sysinfo), |
| + SYSCALL_ENTRY(syslog), |
| + SYSCALL_ENTRY(tee), |
| + SYSCALL_ENTRY(tgkill), |
| + SYSCALL_ENTRY(timer_create), |
| + SYSCALL_ENTRY(timer_delete), |
| + SYSCALL_ENTRY(timerfd_create), |
| + SYSCALL_ENTRY(timerfd_gettime), |
| + SYSCALL_ENTRY(timerfd_settime), |
| + SYSCALL_ENTRY(timer_getoverrun), |
| + SYSCALL_ENTRY(timer_gettime), |
| + SYSCALL_ENTRY(timer_settime), |
| + SYSCALL_ENTRY(times), |
| + SYSCALL_ENTRY(tkill), |
| + SYSCALL_ENTRY(truncate), |
| + SYSCALL_ENTRY(umask), |
| + SYSCALL_ENTRY(unlinkat), |
| + SYSCALL_ENTRY(unshare), |
| + SYSCALL_ENTRY(utimensat), |
| + SYSCALL_ENTRY(vhangup), |
| + SYSCALL_ENTRY(vmsplice), |
| + SYSCALL_ENTRY(wait4), |
| + SYSCALL_ENTRY(waitid), |
| + SYSCALL_ENTRY(write), |
| + SYSCALL_ENTRY(writev), |
| + |
| + /* Exist for x86_64 and ARM32 but not ARM64. */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(access), |
| + SYSCALL_ENTRY(alarm), |
| + SYSCALL_ENTRY(chmod), |
| + SYSCALL_ENTRY(chown), |
| + SYSCALL_ENTRY(creat), |
| + SYSCALL_ENTRY(dup2), |
| + SYSCALL_ENTRY(epoll_create), |
| + SYSCALL_ENTRY(epoll_wait), |
| + SYSCALL_ENTRY(eventfd), |
| + SYSCALL_ENTRY(fork), |
| + SYSCALL_ENTRY(futimesat), |
| + SYSCALL_ENTRY(getdents), |
| + SYSCALL_ENTRY(getpgrp), |
| + SYSCALL_ENTRY(inotify_init), |
| + SYSCALL_ENTRY(lchown), |
| + SYSCALL_ENTRY(link), |
| + SYSCALL_ENTRY(mkdir), |
| + SYSCALL_ENTRY(mknod), |
| + SYSCALL_ENTRY(open), |
| + SYSCALL_ENTRY(pause), |
| + SYSCALL_ENTRY(pipe), |
| + SYSCALL_ENTRY(poll), |
| + SYSCALL_ENTRY(readlink), |
| + SYSCALL_ENTRY(rename), |
| + SYSCALL_ENTRY(rmdir), |
| + SYSCALL_ENTRY(select), |
| + SYSCALL_ENTRY(signalfd), |
| + SYSCALL_ENTRY(symlink), |
| + SYSCALL_ENTRY(sysfs), |
| + SYSCALL_ENTRY(time), |
| + SYSCALL_ENTRY(unlink), |
| + SYSCALL_ENTRY(ustat), |
| + SYSCALL_ENTRY(utime), |
| + SYSCALL_ENTRY(utimes), |
| + SYSCALL_ENTRY(vfork), |
| +#endif |
| + |
| + /* Exist for x86_64 and ARM64 */ |
| + SYSCALL_ENTRY(fadvise64), |
| + SYSCALL_ENTRY(fstat), |
| + SYSCALL_ENTRY(migrate_pages), |
| + SYSCALL_ENTRY(mmap), |
| + SYSCALL_ENTRY(rt_sigreturn), |
| + SYSCALL_ENTRY(sync_file_range), |
| + SYSCALL_ENTRY(umount2), |
| + SYSCALL_ENTRY(uname), |
| + |
| + /* Unique to x86_64. */ |
| +#ifdef CONFIG_X86_64 |
| + SYSCALL_ENTRY(arch_prctl), |
| + SYSCALL_ENTRY(ioperm), |
| + SYSCALL_ENTRY(iopl), |
| + SYSCALL_ENTRY(kexec_file_load), |
| + SYSCALL_ENTRY(lstat), |
| + SYSCALL_ENTRY(modify_ldt), |
| + SYSCALL_ENTRY(newfstatat), |
| + SYSCALL_ENTRY(stat), |
| + SYSCALL_ENTRY(_sysctl), |
| +#endif |
| + |
| + /* Unique to ARM64. */ |
| +#ifdef CONFIG_ARM64 |
| + SYSCALL_ENTRY(nfsservctl), |
| + SYSCALL_ENTRY(renameat2), |
| +#endif |
| +}; /* end complete_whitelist */ |
| + |
| +#ifdef CONFIG_COMPAT |
| +/* |
| + * For now not adding a 32-bit-compatible version of the complete whitelist. |
| + * Since we are not whitelisting any compat syscalls here, a call into the |
| + * compat section of this "complete" alt syscall table will be redirected to |
| + * block_syscall() (unless the permissive mode is used in which case the call |
| + * will be redirected to warn_compat_syscall()). |
| + */ |
| +static struct syscall_whitelist_entry complete_compat_whitelist[] = {}; |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +#endif /* COMPLETE_WHITELISTS_H */ |
| diff --git a/security/chromiumos/read_write_test_whitelists.h b/security/chromiumos/read_write_test_whitelists.h |
| new file mode 100644 |
| index 000000000000..5aa7370af4fc |
| --- /dev/null |
| +++ b/security/chromiumos/read_write_test_whitelists.h |
| @@ -0,0 +1,56 @@ |
| +/* |
| + * Linux Security Module for Chromium OS |
| + * |
| + * Copyright 2018 Google LLC. All Rights Reserved |
| + * |
| + * Authors: |
| + * Micah Morton <mortonm@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| + |
| +#ifndef READ_WRITE_TESTS_WHITELISTS_H |
| +#define READ_WRITE_TESTS_WHITELISTS_H |
| + |
| +/* |
| + * NOTE: the purpose of this header is only to pull out the definition of this |
| + * array from alt-syscall.c for the purposes of readability. It should not be |
| + * included in other .c files. |
| + */ |
| + |
| +#include "alt-syscall.h" |
| + |
| +static struct syscall_whitelist_entry read_write_test_whitelist[] = { |
| + SYSCALL_ENTRY(exit), |
| + SYSCALL_ENTRY(openat), |
| + SYSCALL_ENTRY(close), |
| + SYSCALL_ENTRY(read), |
| + SYSCALL_ENTRY(write), |
| + SYSCALL_ENTRY_ALT(prctl, alt_sys_prctl), |
| + |
| + /* open(2) is deprecated and not wired up on ARM64. */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(open), |
| +#endif |
| +}; /* end read_write_test_whitelist */ |
| + |
| +#ifdef CONFIG_COMPAT |
| +static struct syscall_whitelist_entry read_write_test_compat_whitelist[] = { |
| + COMPAT_SYSCALL_ENTRY(exit), |
| + COMPAT_SYSCALL_ENTRY(open), |
| + COMPAT_SYSCALL_ENTRY(openat), |
| + COMPAT_SYSCALL_ENTRY(close), |
| + COMPAT_SYSCALL_ENTRY(read), |
| + COMPAT_SYSCALL_ENTRY(write), |
| + COMPAT_SYSCALL_ENTRY_ALT(prctl, alt_sys_prctl), |
| +}; /* end read_write_test_compat_whitelist */ |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +#endif /* READ_WRITE_TESTS_WHITELISTS_H */ |
| diff --git a/security/chromiumos/third_party_whitelists.h b/security/chromiumos/third_party_whitelists.h |
| new file mode 100644 |
| index 000000000000..7f2582b062bd |
| --- /dev/null |
| +++ b/security/chromiumos/third_party_whitelists.h |
| @@ -0,0 +1,252 @@ |
| +/* |
| + * Linux Security Module for Chromium OS |
| + * |
| + * Copyright 2018 Google LLC. All Rights Reserved |
| + * |
| + * Authors: |
| + * Micah Morton <mortonm@chromium.org> |
| + * |
| + * This software is licensed under the terms of the GNU General Public |
| + * License version 2, as published by the Free Software Foundation, and |
| + * may be copied, distributed, and modified under those terms. |
| + * |
| + * This program is distributed in the hope that it will be useful, |
| + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| + * GNU General Public License for more details. |
| + */ |
| + |
| +#ifndef THIRD_PARTY_WHITELISTS_H |
| +#define THIRD_PARTY_WHITELISTS_H |
| + |
| +/* |
| + * NOTE: the purpose of this header is only to pull out the definition of this |
| + * array from alt-syscall.c for the purposes of readability. It should not be |
| + * included in other .c files. |
| + */ |
| + |
| +#include "alt-syscall.h" |
| + |
| +static struct syscall_whitelist_entry third_party_whitelist[] = { |
| + SYSCALL_ENTRY(accept), |
| + SYSCALL_ENTRY(bind), |
| + SYSCALL_ENTRY(brk), |
| + SYSCALL_ENTRY(chdir), |
| + SYSCALL_ENTRY(clock_gettime), |
| + SYSCALL_ENTRY(clone), |
| + SYSCALL_ENTRY(close), |
| + SYSCALL_ENTRY(connect), |
| + SYSCALL_ENTRY(dup), |
| + SYSCALL_ENTRY(execve), |
| + SYSCALL_ENTRY(exit), |
| + SYSCALL_ENTRY(exit_group), |
| + SYSCALL_ENTRY(fcntl), |
| + SYSCALL_ENTRY(fstat), |
| + SYSCALL_ENTRY(futex), |
| + SYSCALL_ENTRY(getcwd), |
| + SYSCALL_ENTRY(getdents64), |
| + SYSCALL_ENTRY(getpid), |
| + SYSCALL_ENTRY(getpgid), |
| + SYSCALL_ENTRY(getppid), |
| + SYSCALL_ENTRY(getpriority), |
| + SYSCALL_ENTRY(getrlimit), |
| + SYSCALL_ENTRY(getsid), |
| + SYSCALL_ENTRY(gettimeofday), |
| + SYSCALL_ENTRY(ioctl), |
| + SYSCALL_ENTRY(listen), |
| + SYSCALL_ENTRY(lseek), |
| + SYSCALL_ENTRY(madvise), |
| + SYSCALL_ENTRY(memfd_create), |
| + SYSCALL_ENTRY(mprotect), |
| + SYSCALL_ENTRY(munmap), |
| + SYSCALL_ENTRY(nanosleep), |
| + SYSCALL_ENTRY(openat), |
| + SYSCALL_ENTRY(prlimit64), |
| + SYSCALL_ENTRY(read), |
| + SYSCALL_ENTRY(recvfrom), |
| + SYSCALL_ENTRY(recvmsg), |
| + SYSCALL_ENTRY(rt_sigaction), |
| + SYSCALL_ENTRY(rt_sigprocmask), |
| + SYSCALL_ENTRY(rt_sigreturn), |
| + SYSCALL_ENTRY(sendfile), |
| + SYSCALL_ENTRY(sendmsg), |
| + SYSCALL_ENTRY(sendto), |
| + SYSCALL_ENTRY(set_robust_list), |
| + SYSCALL_ENTRY(set_tid_address), |
| + SYSCALL_ENTRY(setpgid), |
| + SYSCALL_ENTRY(setpriority), |
| + SYSCALL_ENTRY(setsid), |
| + SYSCALL_ENTRY(setsockopt), |
| + SYSCALL_ENTRY(socket), |
| + SYSCALL_ENTRY(socketpair), |
| + SYSCALL_ENTRY(syslog), |
| + SYSCALL_ENTRY(statfs), |
| + SYSCALL_ENTRY(umask), |
| + SYSCALL_ENTRY(uname), |
| + SYSCALL_ENTRY(wait4), |
| + SYSCALL_ENTRY(write), |
| + SYSCALL_ENTRY(writev), |
| + |
| + /* |
| + * Deprecated syscalls which are not wired up on new architectures |
| + * such as ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(access), |
| + SYSCALL_ENTRY(creat), |
| + SYSCALL_ENTRY(dup2), |
| + SYSCALL_ENTRY(getdents), |
| + SYSCALL_ENTRY(getpgrp), |
| + SYSCALL_ENTRY(lstat), |
| + SYSCALL_ENTRY(mkdir), |
| + SYSCALL_ENTRY(open), |
| + SYSCALL_ENTRY(pipe), |
| + SYSCALL_ENTRY(poll), |
| + SYSCALL_ENTRY(readlink), |
| + SYSCALL_ENTRY(stat), |
| + SYSCALL_ENTRY(unlink), |
| +#endif |
| + |
| + SYSCALL_ENTRY(accept), |
| + SYSCALL_ENTRY(bind), |
| + SYSCALL_ENTRY(connect), |
| + SYSCALL_ENTRY(listen), |
| + SYSCALL_ENTRY(recvfrom), |
| + SYSCALL_ENTRY(recvmsg), |
| + SYSCALL_ENTRY(sendmsg), |
| + SYSCALL_ENTRY(sendto), |
| + SYSCALL_ENTRY(setsockopt), |
| + SYSCALL_ENTRY(socket), |
| + SYSCALL_ENTRY(socketpair), |
| + |
| + /* 64-bit only syscalls. */ |
| + SYSCALL_ENTRY(getegid), |
| + SYSCALL_ENTRY(geteuid), |
| + SYSCALL_ENTRY(getgid), |
| + SYSCALL_ENTRY(getuid), |
| + SYSCALL_ENTRY(mmap), |
| + SYSCALL_ENTRY(setgid), |
| + SYSCALL_ENTRY(setuid), |
| + /* |
| + * chown(2), lchown(2), and select(2) are deprecated and not wired up |
| + * on ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + SYSCALL_ENTRY(select), |
| +#endif |
| + |
| + /* X86_64-specific syscalls. */ |
| +#ifdef CONFIG_X86_64 |
| + SYSCALL_ENTRY(arch_prctl), |
| +#endif |
| +}; /* end third_party_whitelist */ |
| + |
| +#ifdef CONFIG_COMPAT |
| +static struct syscall_whitelist_entry third_party_compat_whitelist[] = { |
| + COMPAT_SYSCALL_ENTRY(access), |
| + COMPAT_SYSCALL_ENTRY(brk), |
| + COMPAT_SYSCALL_ENTRY(chdir), |
| + COMPAT_SYSCALL_ENTRY(clock_gettime), |
| + COMPAT_SYSCALL_ENTRY(clone), |
| + COMPAT_SYSCALL_ENTRY(close), |
| + COMPAT_SYSCALL_ENTRY(creat), |
| + COMPAT_SYSCALL_ENTRY(dup), |
| + COMPAT_SYSCALL_ENTRY(dup2), |
| + COMPAT_SYSCALL_ENTRY(execve), |
| + COMPAT_SYSCALL_ENTRY(exit), |
| + COMPAT_SYSCALL_ENTRY(exit_group), |
| + COMPAT_SYSCALL_ENTRY(fcntl), |
| + COMPAT_SYSCALL_ENTRY(fcntl64), |
| + COMPAT_SYSCALL_ENTRY(fstat), |
| + COMPAT_SYSCALL_ENTRY(fstat64), |
| + COMPAT_SYSCALL_ENTRY(futex), |
| + COMPAT_SYSCALL_ENTRY(getcwd), |
| + COMPAT_SYSCALL_ENTRY(getdents), |
| + COMPAT_SYSCALL_ENTRY(getdents64), |
| + COMPAT_SYSCALL_ENTRY(getegid), |
| + COMPAT_SYSCALL_ENTRY(geteuid), |
| + COMPAT_SYSCALL_ENTRY(geteuid32), |
| + COMPAT_SYSCALL_ENTRY(getgid), |
| + COMPAT_SYSCALL_ENTRY(getpgid), |
| + COMPAT_SYSCALL_ENTRY(getpgrp), |
| + COMPAT_SYSCALL_ENTRY(getpid), |
| + COMPAT_SYSCALL_ENTRY(getpriority), |
| + COMPAT_SYSCALL_ENTRY(getppid), |
| + COMPAT_SYSCALL_ENTRY(getsid), |
| + COMPAT_SYSCALL_ENTRY(gettimeofday), |
| + COMPAT_SYSCALL_ENTRY(getuid), |
| + COMPAT_SYSCALL_ENTRY(getuid32), |
| + COMPAT_SYSCALL_ENTRY(ioctl), |
| + COMPAT_SYSCALL_ENTRY(_llseek), |
| + COMPAT_SYSCALL_ENTRY(lseek), |
| + COMPAT_SYSCALL_ENTRY(lstat), |
| + COMPAT_SYSCALL_ENTRY(lstat64), |
| + COMPAT_SYSCALL_ENTRY(madvise), |
| + COMPAT_SYSCALL_ENTRY(memfd_create), |
| + COMPAT_SYSCALL_ENTRY(mkdir), |
| + COMPAT_SYSCALL_ENTRY(mmap2), |
| + COMPAT_SYSCALL_ENTRY(mprotect), |
| + COMPAT_SYSCALL_ENTRY(munmap), |
| + COMPAT_SYSCALL_ENTRY(nanosleep), |
| + COMPAT_SYSCALL_ENTRY(_newselect), |
| + COMPAT_SYSCALL_ENTRY(open), |
| + COMPAT_SYSCALL_ENTRY(openat), |
| + COMPAT_SYSCALL_ENTRY(pipe), |
| + COMPAT_SYSCALL_ENTRY(poll), |
| + COMPAT_SYSCALL_ENTRY(prlimit64), |
| + COMPAT_SYSCALL_ENTRY(read), |
| + COMPAT_SYSCALL_ENTRY(readlink), |
| + COMPAT_SYSCALL_ENTRY(rt_sigaction), |
| + COMPAT_SYSCALL_ENTRY(rt_sigprocmask), |
| + COMPAT_SYSCALL_ENTRY(rt_sigreturn), |
| + COMPAT_SYSCALL_ENTRY(sendfile), |
| + COMPAT_SYSCALL_ENTRY(set_robust_list), |
| + COMPAT_SYSCALL_ENTRY(set_tid_address), |
| + COMPAT_SYSCALL_ENTRY(setgid32), |
| + COMPAT_SYSCALL_ENTRY(setuid32), |
| + COMPAT_SYSCALL_ENTRY(setpgid), |
| + COMPAT_SYSCALL_ENTRY(setpriority), |
| + COMPAT_SYSCALL_ENTRY(setsid), |
| + COMPAT_SYSCALL_ENTRY(stat), |
| + COMPAT_SYSCALL_ENTRY(stat64), |
| + COMPAT_SYSCALL_ENTRY(statfs), |
| + COMPAT_SYSCALL_ENTRY(syslog), |
| + COMPAT_SYSCALL_ENTRY(ugetrlimit), |
| + COMPAT_SYSCALL_ENTRY(umask), |
| + COMPAT_SYSCALL_ENTRY(uname), |
| + COMPAT_SYSCALL_ENTRY(unlink), |
| + COMPAT_SYSCALL_ENTRY(wait4), |
| + COMPAT_SYSCALL_ENTRY(write), |
| + COMPAT_SYSCALL_ENTRY(writev), |
| + |
| + /* IA32 uses the common socketcall(2) entrypoint for socket calls. */ |
| +#ifdef CONFIG_X86_64 |
| + COMPAT_SYSCALL_ENTRY(socketcall), |
| +#endif |
| + |
| +#ifdef CONFIG_ARM64 |
| + COMPAT_SYSCALL_ENTRY(accept), |
| + COMPAT_SYSCALL_ENTRY(bind), |
| + COMPAT_SYSCALL_ENTRY(connect), |
| + COMPAT_SYSCALL_ENTRY(listen), |
| + COMPAT_SYSCALL_ENTRY(recvfrom), |
| + COMPAT_SYSCALL_ENTRY(recvmsg), |
| + COMPAT_SYSCALL_ENTRY(sendmsg), |
| + COMPAT_SYSCALL_ENTRY(sendto), |
| + COMPAT_SYSCALL_ENTRY(setsockopt), |
| + COMPAT_SYSCALL_ENTRY(socket), |
| + COMPAT_SYSCALL_ENTRY(socketpair), |
| +#endif |
| + |
| + /* |
| + * getrlimit(2) is deprecated and not wired in the ARM compat table |
| + * on ARM64. |
| + */ |
| +#ifndef CONFIG_ARM64 |
| + COMPAT_SYSCALL_ENTRY(getrlimit), |
| +#endif |
| + |
| +}; /* end third_party_compat_whitelist */ |
| +#endif /* CONFIG_COMPAT */ |
| + |
| +#endif /* THIRD_PARTY_WHITELISTS_H */ |
| -- |
| 2.17.1 |
| |