1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
6 #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
7 
8 #include "base/macros.h"
9 #include "build/build_config.h"
10 #include "sandbox/sandbox_export.h"
11 
12 // These are helpers to build seccomp-bpf policies, i.e. policies for a
13 // sandbox that reduces the Linux kernel's attack surface. Given their
14 // nature, they don't have any clear semantics and are completely
15 // "implementation-defined".
16 
17 namespace sandbox {
18 
19 class SANDBOX_EXPORT SyscallSets {
20  public:
21   static bool IsKill(int sysno);
22   static bool IsAllowedGettime(int sysno);
23   static bool IsCurrentDirectory(int sysno);
24   static bool IsUmask(int sysno);
25   // System calls that directly access the file system. They might acquire
26   // a new file descriptor or otherwise perform an operation directly
27   // via a path.
28   static bool IsFileSystem(int sysno);
29   static bool IsAllowedFileSystemAccessViaFd(int sysno);
30   static bool IsDeniedFileSystemAccessViaFd(int sysno);
31   static bool IsGetSimpleId(int sysno);
32   static bool IsProcessPrivilegeChange(int sysno);
33   static bool IsProcessGroupOrSession(int sysno);
34   static bool IsAllowedSignalHandling(int sysno);
35   static bool IsAllowedOperationOnFd(int sysno);
36   static bool IsKernelInternalApi(int sysno);
37   // This should be thought through in conjunction with IsFutex().
38   static bool IsAllowedProcessStartOrDeath(int sysno);
39   // It's difficult to restrict those, but there is attack surface here.
40   static bool IsAllowedFutex(int sysno);
41   static bool IsAllowedEpoll(int sysno);
42   static bool IsAllowedGetOrModifySocket(int sysno);
43   static bool IsDeniedGetOrModifySocket(int sysno);
44 
45 #if defined(__i386__) || defined(__mips__)
46   // Big multiplexing system call for sockets.
47   static bool IsSocketCall(int sysno);
48 #endif
49 
50 #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
51     defined(__aarch64__)
52   static bool IsNetworkSocketInformation(int sysno);
53 #endif
54 
55   static bool IsAllowedAddressSpaceAccess(int sysno);
56   static bool IsAllowedGeneralIo(int sysno);
57   static bool IsPrctl(int sysno);
58   static bool IsSeccomp(int sysno);
59   static bool IsAllowedBasicScheduler(int sysno);
60   static bool IsAdminOperation(int sysno);
61   static bool IsKernelModule(int sysno);
62   static bool IsGlobalFSViewChange(int sysno);
63   static bool IsFsControl(int sysno);
64   static bool IsNuma(int sysno);
65   static bool IsMessageQueue(int sysno);
66   static bool IsGlobalProcessEnvironment(int sysno);
67   static bool IsDebug(int sysno);
68   static bool IsGlobalSystemStatus(int sysno);
69   static bool IsEventFd(int sysno);
70   // Asynchronous I/O API.
71   static bool IsAsyncIo(int sysno);
72   static bool IsKeyManagement(int sysno);
73 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
74   static bool IsSystemVSemaphores(int sysno);
75 #endif
76 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
77   // These give a lot of ambient authority and bypass the setuid sandbox.
78   static bool IsSystemVSharedMemory(int sysno);
79 #endif
80 
81 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
82   static bool IsSystemVMessageQueue(int sysno);
83 #endif
84 
85 #if defined(__i386__) || defined(__mips__)
86   // Big system V multiplexing system call.
87   static bool IsSystemVIpc(int sysno);
88 #endif
89 
90   static bool IsAnySystemV(int sysno);
91   static bool IsAdvancedScheduler(int sysno);
92   static bool IsInotify(int sysno);
93   static bool IsFaNotify(int sysno);
94   static bool IsTimer(int sysno);
95   static bool IsAdvancedTimer(int sysno);
96   static bool IsExtendedAttributes(int sysno);
97   static bool IsMisc(int sysno);
98 #if defined(__arm__)
99   static bool IsArmPciConfig(int sysno);
100   static bool IsArmPrivate(int sysno);
101 #endif  // defined(__arm__)
102 #if defined(__mips__)
103   static bool IsMipsPrivate(int sysno);
104   static bool IsMipsMisc(int sysno);
105 #endif  // defined(__mips__)
106  private:
107   DISALLOW_IMPLICIT_CONSTRUCTORS(SyscallSets);
108 };
109 
110 }  // namespace sandbox.
111 
112 #endif  // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_SETS_H_
113