Add ARM syscalls to syscall sets.

BUG=141157 TEST=Build and boot on daisy. Review URL: https://chromiumcodereview.appspot.com/10830348 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152164 0039d316-1c4b-4281-b951-d872f2087c98

Add ARM syscalls to syscall sets.
BUG=141157 TEST=Build and boot on daisy. Review URL: https://chromiumcodereview.appspot.com/10830348 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152164 0039d316-1c4b-4281-b951-d872f2087c98
da57715a · jorgelo@chromium.org · c3a05e9f · da57715a · da57715a
Commit da57715a authored Aug 17, 2012 by jorgelo@chromium.org
Showing with 97 additions and 13 deletions

content/common/sandbox_seccomp_bpf_linux.cc content/common/sandbox_seccomp_bpf_linux.cc +93 -13

sandbox/linux/services/arm_linux_syscalls.h sandbox/linux/services/arm_linux_syscalls.h +4 -0

No files found.
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -25,7 +25,8 @@
 #include "content/public/common/content_switches.h"
 // These are the only architectures supported for now.
-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__)
+#if defined(__i386__) || defined(__x86_64__) || \
+    (defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__)))
 #define SECCOMP_BPF_SANDBOX
 #endif
@@ -153,9 +154,8 @@ intptr_t GpuOpenSIGSYS_Handler(const struct arch_seccomp_data& args,
  }
 }
-#if defined(__i386__) || defined(__x86_64__)
+// The functions below cover all existing i386, x86_64, and ARM system calls;
+// excluding syscalls made obsolete in ARM EABI.
-// The functions below cover all existing x86_64 and i386 system calls.
 // The implicitly defined sets form a partition of the sets of
 // system calls.
@@ -175,7 +175,9 @@ bool IsAllowedGettime(int sysno) {
  switch (sysno) {
    case __NR_clock_gettime:
    case __NR_gettimeofday:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_time:
+#endif
      return true;
    case __NR_adjtimex:         // Privileged.
    case __NR_clock_adjtime:    // Privileged.
@@ -279,7 +281,9 @@ bool IsFileSystem(int sysno) {
    case __NR_unlinkat:
    case __NR_uselib:          // Neither EPERM, nor ENOENT are valid errno.
    case __NR_ustat:           // Same as above. Deprecated.
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_utime:
+#endif
    case __NR_utimensat:       // New.
    case __NR_utimes:
      return true;
@@ -296,9 +300,14 @@ bool IsAllowedFileSystemAccessViaFd(int sysno) {
 #endif
      return true;
    // TODO(jln): these should be denied gracefully as well (moved below).
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_fadvise64:        // EPERM not a valid errno.
+#endif
 #if defined(__i386__)
    case __NR_fadvise64_64:
+#endif
+#if defined(__arm__)
+    case __NR_arm_fadvise64_64:
 #endif
    case __NR_fdatasync:        // EPERM not a valid errno.
    case __NR_flock:            // EPERM not a valid errno.
@@ -310,7 +319,11 @@ bool IsAllowedFileSystemAccessViaFd(int sysno) {
 #if defined(__i386__)
    case __NR_oldfstat:
 #endif
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_sync_file_range:      // EPERM not a valid errno.
+#elif defined(__arm__)
+    case __NR_arm_sync_file_range:  // EPERM not a valid errno.
+#endif
    default:
      return false;
  }
@@ -384,8 +397,10 @@ bool IsGetSimpleId(int sysno) {
 bool IsProcessPrivilegeChange(int sysno) {
  switch (sysno) {
    case __NR_capset:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_ioperm:  // Intel privilege.
    case __NR_iopl:    // Intel privilege.
+#endif
    case __NR_setfsgid:
    case __NR_setfsuid:
    case __NR_setgid:
@@ -474,9 +489,12 @@ bool IsOperationOnFd(int sysno) {
  }
 }
-bool IsKernelInteralApi(int sysno) {
+bool IsKernelInternalApi(int sysno) {
  switch (sysno) {
    case __NR_restart_syscall:
+#if defined(__arm__)
+    case __ARM_NR_cmpxchg:
+#endif
      return true;
    default:
      return false;
@@ -497,8 +515,10 @@ bool IsAllowedProcessStartOrDeath(int sysno) {
      return true;
    case __NR_setns:  // Privileged.
    case __NR_fork:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_get_thread_area:
    case __NR_set_thread_area:
+#endif
    case __NR_set_tid_address:
    case __NR_unshare:
    case __NR_vfork:
@@ -590,8 +610,10 @@ bool IsAllowedAddressSpaceAccess(int sysno) {
    case __NR_brk:
    case __NR_madvise:
    case __NR_mlock:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_mmap:   // TODO(jln): to restrict flags.
-#if defined(__i386__)
+#endif
+#if defined(__i386__) || defined(__arm__)
    case __NR_mmap2:
 #endif
    case __NR_mprotect:
@@ -600,7 +622,9 @@ bool IsAllowedAddressSpaceAccess(int sysno) {
      return true;
    case __NR_mincore:
    case __NR_mlockall:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_modify_ldt:
+#endif
    case __NR_mremap:
    case __NR_msync:
    case __NR_munlockall:
@@ -626,14 +650,22 @@ bool IsAllowedGeneralIo(int sysno) {
    case __NR_pselect6:
    case __NR_read:
    case __NR_readv:
+#if defined(__arm__)
+    case __NR_recv:
+#endif
 #if defined(__x86_64__)
    case __NR_recvfrom:  // Could specify source.
    case __NR_recvmsg:   // Could specify source.
 #endif
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_select:
-#if defined(__i386__)
+#endif
+#if defined(__i386__) || defined(__arm__)
    case __NR__newselect:
 #endif
+#if defined(__arm__)
+    case __NR_send:
+#endif
 #if defined(__x86_64__)
    case __NR_sendmsg:   // Could specify destination.
    case __NR_sendto:    // Could specify destination.
@@ -706,11 +738,13 @@ bool IsAdminOperation(int sysno) {
 bool IsKernelModule(int sysno) {
  switch (sysno) {
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_create_module:
-    case __NR_delete_module:
    case __NR_get_kernel_syms:  // Should ENOSYS.
-    case __NR_init_module:
    case __NR_query_module:
+#endif
+    case __NR_delete_module:
+    case __NR_init_module:
      return true;
    default:
      return false;
@@ -750,7 +784,9 @@ bool IsNuma(int sysno) {
    case __NR_get_mempolicy:
    case __NR_getcpu:
    case __NR_mbind:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_migrate_pages:
+#endif
    case __NR_move_pages:
    case __NR_set_mempolicy:
      return true;
@@ -776,9 +812,12 @@ bool IsMessageQueue(int sysno) {
 bool IsGlobalProcessEnvironment(int sysno) {
  switch (sysno) {
    case __NR_acct:         // Privileged.
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_getrlimit:
-#if defined(__i386__)
+#endif
+#if defined(__i386__) || defined(__arm__)
    case __NR_ugetrlimit:
+#elif defined(__i386__)
    case __NR_ulimit:
 #endif
    case __NR_getrusage:
@@ -797,7 +836,9 @@ bool IsDebug(int sysno) {
    case __NR_ptrace:
    case __NR_process_vm_readv:
    case __NR_process_vm_writev:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_kcmp:
+#endif
      return true;
    default:
      return false;
@@ -954,7 +995,9 @@ bool IsFaNotify(int sysno) {
 bool IsTimer(int sysno) {
  switch (sysno) {
    case __NR_getitimer:
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_alarm:
+#endif
    case __NR_setitimer:
      return true;
    default:
@@ -1008,11 +1051,15 @@ bool IsMisc(int sysno) {
    case __NR_syncfs:
    case __NR_vhangup:
    // The system calls below are not implemented.
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_afs_syscall:
+#endif
 #if defined(__i386__)
    case __NR_break:
 #endif
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_getpmsg:
+#endif
 #if defined(__i386__)
    case __NR_gtty:
    case __NR_idle:
@@ -1021,7 +1068,9 @@ bool IsMisc(int sysno) {
    case __NR_prof:
    case __NR_profil:
 #endif
+#if defined(__i386__) || defined(__x86_64__)
    case __NR_putpmsg:
+#endif
 #if defined(__x86_64__)
    case __NR_security:
 #endif
@@ -1038,6 +1087,32 @@ bool IsMisc(int sysno) {
  }
 }
+#if defined(__arm__)
+bool IsArmPciConfig(int sysno) {
+  switch (sysno) {
+    case __NR_pciconfig_iobase:
+    case __NR_pciconfig_read:
+    case __NR_pciconfig_write:
+      return true;
+    default:
+      return false;
+  }
+}
+bool IsArmPrivate(int sysno) {
+  switch (sysno) {
+    case __ARM_NR_breakpoint:
+    case __ARM_NR_cacheflush:
+    case __ARM_NR_set_tls:
+    case __ARM_NR_usr26:
+    case __ARM_NR_usr32:
+      return true;
+    default:
+      return false;
+  }
+}
+#endif  // defined(__arm__)
 // End of the system call sets section.
 bool IsBaselinePolicyAllowed_x86_64(int sysno) {
@@ -1053,7 +1128,10 @@ bool IsBaselinePolicyAllowed_x86_64(int sysno) {
      IsAllowedSignalHandling(sysno) ||
      IsFutex(sysno) ||
      IsGetSimpleId(sysno) ||
-      IsKernelInteralApi(sysno) ||
+      IsKernelInternalApi(sysno) ||
+#if defined(__arm__)
+      IsArmPrivate(sysno) ||
+#endif
      IsKill(sysno) ||
      IsOperationOnFd(sysno)) {
    return true;
@@ -1099,6 +1177,9 @@ bool IsBaselinePolicyWatched_x86_64(int sysno) {
      IsSystemVSemaphores(sysno) ||
 #elif defined(__i386__)
      IsSystemVIpc(sysno) ||
+#endif
+#if defined(__arm__)
+      IsArmPciConfig(sysno) ||
 #endif
      IsTimer(sysno)) {
    return true;
@@ -1189,7 +1270,6 @@ playground2::Sandbox::ErrorCode FlashProcessPolicy_x86_64(int sysno) {
      return  BaselinePolicy_x86_64(sysno);
  }
 }
-#endif  // defined(__i386__) || defined(__x86_64__)
 playground2::Sandbox::ErrorCode BlacklistPtracePolicy(int sysno) {
  if (sysno < static_cast<int>(MIN_SYSCALL) ||

--- a/sandbox/linux/services/arm_linux_syscalls.h
+++ b/sandbox/linux/services/arm_linux_syscalls.h
@@ -24,5 +24,9 @@
 #define __NR_process_vm_writev (__NR_SYSCALL_BASE+377)
 #endif
+#ifndef __ARM_NR_cmpxchg
+#define __ARM_NR_cmpxchg  (__ARM_NR_BASE+0x00fff0)
+#endif
 #endif  // SANDBOX_LINUX_SERVICES_ARM_LINUX_SYSCALLS_H_