summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/SandboxFilterUtil.cpp
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /security/sandbox/linux/SandboxFilterUtil.cpp
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/sandbox/linux/SandboxFilterUtil.cpp')
-rw-r--r--security/sandbox/linux/SandboxFilterUtil.cpp121
1 files changed, 121 insertions, 0 deletions
diff --git a/security/sandbox/linux/SandboxFilterUtil.cpp b/security/sandbox/linux/SandboxFilterUtil.cpp
new file mode 100644
index 000000000..04fd6709c
--- /dev/null
+++ b/security/sandbox/linux/SandboxFilterUtil.cpp
@@ -0,0 +1,121 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SandboxFilterUtil.h"
+
+#ifndef ANDROID
+#include <linux/ipc.h>
+#endif
+#include <linux/net.h>
+
+#include "mozilla/UniquePtr.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+
+// Older kernel headers (mostly Android, but also some older desktop
+// distributions) are missing some or all of these:
+#ifndef SYS_ACCEPT4
+#define SYS_ACCEPT4 18
+#endif
+#ifndef SYS_RECVMMSG
+#define SYS_RECVMMSG 19
+#endif
+#ifndef SYS_SENDMMSG
+#define SYS_SENDMMSG 20
+#endif
+
+using namespace sandbox::bpf_dsl;
+#define CASES SANDBOX_BPF_DSL_CASES
+
+namespace mozilla {
+
+sandbox::bpf_dsl::ResultExpr
+SandboxPolicyBase::EvaluateSyscall(int aSysno) const {
+ switch (aSysno) {
+#ifdef __NR_socketcall
+ case __NR_socketcall: {
+ Arg<int> call(0);
+ UniquePtr<Caser<int>> acc(new Caser<int>(Switch(call)));
+ for (int i = SYS_SOCKET; i <= SYS_SENDMMSG; ++i) {
+ auto thisCase = EvaluateSocketCall(i);
+ // Optimize out cases that are equal to the default.
+ if (thisCase) {
+ acc.reset(new Caser<int>(acc->Case(i, *thisCase)));
+ }
+ }
+ return acc->Default(InvalidSyscall());
+ }
+#ifndef ANDROID
+ case __NR_ipc: {
+ Arg<int> callAndVersion(0);
+ auto call = callAndVersion & 0xFFFF;
+ UniquePtr<Caser<int>> acc(new Caser<int>(Switch(call)));
+ for (int i = SEMOP; i <= DIPC; ++i) {
+ auto thisCase = EvaluateIpcCall(i);
+ // Optimize out cases that are equal to the default.
+ if (thisCase) {
+ acc.reset(new Caser<int>(acc->Case(i, *thisCase)));
+ }
+ }
+ return acc->Default(InvalidSyscall());
+ }
+#endif // ANDROID
+#endif // __NR_socketcall
+#define DISPATCH_SOCKETCALL(sysnum, socketnum) \
+ case sysnum: \
+ return EvaluateSocketCall(socketnum).valueOr(InvalidSyscall())
+#ifdef __NR_socket
+ DISPATCH_SOCKETCALL(__NR_socket, SYS_SOCKET);
+ DISPATCH_SOCKETCALL(__NR_bind, SYS_BIND);
+ DISPATCH_SOCKETCALL(__NR_connect, SYS_CONNECT);
+ DISPATCH_SOCKETCALL(__NR_listen, SYS_LISTEN);
+#ifdef __NR_accept
+ DISPATCH_SOCKETCALL(__NR_accept, SYS_ACCEPT);
+#endif
+ DISPATCH_SOCKETCALL(__NR_getsockname, SYS_GETSOCKNAME);
+ DISPATCH_SOCKETCALL(__NR_getpeername, SYS_GETPEERNAME);
+ DISPATCH_SOCKETCALL(__NR_socketpair, SYS_SOCKETPAIR);
+#ifdef __NR_send
+ DISPATCH_SOCKETCALL(__NR_send, SYS_SEND);
+ DISPATCH_SOCKETCALL(__NR_recv, SYS_RECV);
+#endif // __NR_send
+ DISPATCH_SOCKETCALL(__NR_sendto, SYS_SENDTO);
+ DISPATCH_SOCKETCALL(__NR_recvfrom, SYS_RECVFROM);
+ DISPATCH_SOCKETCALL(__NR_shutdown, SYS_SHUTDOWN);
+ DISPATCH_SOCKETCALL(__NR_setsockopt, SYS_SETSOCKOPT);
+ DISPATCH_SOCKETCALL(__NR_getsockopt, SYS_GETSOCKOPT);
+ DISPATCH_SOCKETCALL(__NR_sendmsg, SYS_SENDMSG);
+ DISPATCH_SOCKETCALL(__NR_recvmsg, SYS_RECVMSG);
+ DISPATCH_SOCKETCALL(__NR_accept4, SYS_ACCEPT4);
+ DISPATCH_SOCKETCALL(__NR_recvmmsg, SYS_RECVMMSG);
+ DISPATCH_SOCKETCALL(__NR_sendmmsg, SYS_SENDMMSG);
+#endif // __NR_socket
+#undef DISPATCH_SOCKETCALL
+#ifndef __NR_socketcall
+#ifndef ANDROID
+#define DISPATCH_SYSVCALL(sysnum, ipcnum) \
+ case sysnum: \
+ return EvaluateIpcCall(ipcnum).valueOr(InvalidSyscall())
+ DISPATCH_SYSVCALL(__NR_semop, SEMOP);
+ DISPATCH_SYSVCALL(__NR_semget, SEMGET);
+ DISPATCH_SYSVCALL(__NR_semctl, SEMCTL);
+ DISPATCH_SYSVCALL(__NR_semtimedop, SEMTIMEDOP);
+ DISPATCH_SYSVCALL(__NR_msgsnd, MSGSND);
+ DISPATCH_SYSVCALL(__NR_msgrcv, MSGRCV);
+ DISPATCH_SYSVCALL(__NR_msgget, MSGGET);
+ DISPATCH_SYSVCALL(__NR_msgctl, MSGCTL);
+ DISPATCH_SYSVCALL(__NR_shmat, SHMAT);
+ DISPATCH_SYSVCALL(__NR_shmdt, SHMDT);
+ DISPATCH_SYSVCALL(__NR_shmget, SHMGET);
+ DISPATCH_SYSVCALL(__NR_shmctl, SHMCTL);
+#undef DISPATCH_SYSVCALL
+#endif // ANDROID
+#endif // __NR_socketcall
+ default:
+ return InvalidSyscall();
+ }
+}
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-24 09:38:40 +0000