// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_ #include "base/macros.h" #include "build/build_config.h" #include "sandbox/sandbox_export.h" // These are helpers to build seccomp-bpf policies, i.e. policies for a // sandbox that reduces the Linux kernel's attack surface. Given their // nature, they don't have any clear semantics and are completely // "implementation-defined". namespace sandbox { class SANDBOX_EXPORT SyscallSets { public: static bool IsKill(int sysno); static bool IsAllowedGettime(int sysno); static bool IsCurrentDirectory(int sysno); static bool IsUmask(int sysno); // System calls that directly access the file system. They might acquire // a new file descriptor or otherwise perform an operation directly // via a path. static bool IsFileSystem(int sysno); static bool IsAllowedFileSystemAccessViaFd(int sysno); static bool IsDeniedFileSystemAccessViaFd(int sysno); static bool IsGetSimpleId(int sysno); static bool IsProcessPrivilegeChange(int sysno); static bool IsProcessGroupOrSession(int sysno); static bool IsAllowedSignalHandling(int sysno); static bool IsAllowedOperationOnFd(int sysno); static bool IsKernelInternalApi(int sysno); // This should be thought through in conjunction with IsFutex(). static bool IsAllowedProcessStartOrDeath(int sysno); // It's difficult to restrict those, but there is attack surface here. static bool IsAllowedFutex(int sysno); static bool IsAllowedEpoll(int sysno); static bool IsAllowedGetOrModifySocket(int sysno); static bool IsDeniedGetOrModifySocket(int sysno); #if defined(__i386__) || defined(__mips__) // Big multiplexing system call for sockets. static bool IsSocketCall(int sysno); #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ defined(__aarch64__) static bool IsNetworkSocketInformation(int sysno); #endif static bool IsAllowedAddressSpaceAccess(int sysno); static bool IsAllowedGeneralIo(int sysno); static bool IsPrctl(int sysno); static bool IsSeccomp(int sysno); static bool IsAllowedBasicScheduler(int sysno); static bool IsAdminOperation(int sysno); static bool IsKernelModule(int sysno); static bool IsGlobalFSViewChange(int sysno); static bool IsFsControl(int sysno); static bool IsNuma(int sysno); static bool IsMessageQueue(int sysno); static bool IsGlobalProcessEnvironment(int sysno); static bool IsDebug(int sysno); static bool IsGlobalSystemStatus(int sysno); static bool IsEventFd(int sysno); // Asynchronous I/O API. static bool IsAsyncIo(int sysno); static bool IsKeyManagement(int sysno); #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) static bool IsSystemVSemaphores(int sysno); #endif #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) // These give a lot of ambient authority and bypass the setuid sandbox. static bool IsSystemVSharedMemory(int sysno); #endif #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) static bool IsSystemVMessageQueue(int sysno); #endif #if defined(__i386__) || defined(__mips__) // Big system V multiplexing system call. static bool IsSystemVIpc(int sysno); #endif static bool IsAnySystemV(int sysno); static bool IsAdvancedScheduler(int sysno); static bool IsInotify(int sysno); static bool IsFaNotify(int sysno); static bool IsTimer(int sysno); static bool IsAdvancedTimer(int sysno); static bool IsExtendedAttributes(int sysno); static bool IsMisc(int sysno); #if defined(__arm__) static bool IsArmPciConfig(int sysno); static bool IsArmPrivate(int sysno); #endif // defined(__arm__) #if defined(__mips__) static bool IsMipsPrivate(int sysno); static bool IsMipsMisc(int sysno); #endif // defined(__mips__) private: DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets); }; } // namespace sandbox. #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_