diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
commit | 43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 (patch) | |
tree | 07d9b26b2f357ee9de04fea0e5e4b8b9a1ff93a4 /security/sandbox/linux/SandboxFilterUtil.h | |
parent | 4613b91ecac2745252c40be64e73de5ff920b02b (diff) | |
download | UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.gz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.lz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.xz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.zip |
Nuke the sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxFilterUtil.h')
-rw-r--r-- | security/sandbox/linux/SandboxFilterUtil.h | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/security/sandbox/linux/SandboxFilterUtil.h b/security/sandbox/linux/SandboxFilterUtil.h deleted file mode 100644 index fb9afa79f..000000000 --- a/security/sandbox/linux/SandboxFilterUtil.h +++ /dev/null @@ -1,148 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_SandboxFilterUtil_h -#define mozilla_SandboxFilterUtil_h - -// This header file exists to hold helper code for SandboxFilter.cpp, -// to make that file easier to read for anyone trying to understand -// the filter policy. It's mostly about smoothing out differences -// between different Linux architectures. - -#include "mozilla/Maybe.h" -#include "sandbox/linux/bpf_dsl/policy.h" -#include "sandbox/linux/system_headers/linux_syscalls.h" - -namespace mozilla { - -// This class handles syscalls for BSD socket and SysV IPC operations. -// On 32-bit x86 they're multiplexed via socketcall(2) and ipc(2), -// respectively; on most other architectures they're individual system -// calls. It translates the syscalls into socketcall/ipc selector -// values, because those are defined (even if not used) for all -// architectures. -// -// This EvaluateSyscall() routine always returns InvalidSyscall() for -// everything else. It's assumed that subclasses will be implementing -// a whitelist policy, so they can handle what they're whitelisting -// and then defer to this class in the default case. -class SandboxPolicyBase : public sandbox::bpf_dsl::Policy -{ -public: - using ResultExpr = sandbox::bpf_dsl::ResultExpr; - - virtual ResultExpr EvaluateSyscall(int aSysno) const override; - virtual Maybe<ResultExpr> EvaluateSocketCall(int aCall) const { - return Nothing(); - } -#ifndef ANDROID - // Android doesn't use SysV IPC (and doesn't define the selector - // constants in its headers), so this isn't implemented there. - virtual Maybe<ResultExpr> EvaluateIpcCall(int aCall) const { - return Nothing(); - } -#endif - -#ifdef __NR_socketcall - // socketcall(2) takes the actual call's arguments via a pointer, so - // seccomp-bpf can't inspect them; ipc(2) takes them at different indices. - static const bool kSocketCallHasArgs = false; - static const bool kIpcCallNormalArgs = false; -#else - // Otherwise, the bpf_dsl Arg<> class can be used normally. - static const bool kSocketCallHasArgs = true; - static const bool kIpcCallNormalArgs = true; -#endif -}; - -} // namespace mozilla - -// "Machine independent" pseudo-syscall numbers, to deal with arch -// dependencies. (Most 32-bit archs started with 32-bit off_t; older -// archs started with 16-bit uid_t/gid_t; 32-bit registers can't hold -// a 64-bit offset for mmap; and so on.) -// -// For some of these, the "old" syscalls are also in use in some -// cases; see, e.g., the handling of RT vs. non-RT signal syscalls. - -#ifdef __NR_mmap2 -#define CASES_FOR_mmap case __NR_mmap2 -#else -#define CASES_FOR_mmap case __NR_mmap -#endif - -#ifdef __NR_fchown32 -#define CASES_FOR_fchown case __NR_fchown32: case __NR_fchown -#else -#define CASES_FOR_fchown case __NR_fchown -#endif - -#ifdef __NR_getuid32 -#define CASES_FOR_getuid case __NR_getuid32 -#define CASES_FOR_getgid case __NR_getgid32 -#define CASES_FOR_geteuid case __NR_geteuid32 -#define CASES_FOR_getegid case __NR_getegid32 -#define CASES_FOR_getresuid case __NR_getresuid32: case __NR_getresuid -#define CASES_FOR_getresgid case __NR_getresgid32: case __NR_getresgid -// The set*id syscalls are omitted; we'll probably never need to allow them. -#else -#define CASES_FOR_getuid case __NR_getuid -#define CASES_FOR_getgid case __NR_getgid -#define CASES_FOR_geteuid case __NR_geteuid -#define CASES_FOR_getegid case __NR_getegid -#define CASES_FOR_getresuid case __NR_getresuid -#define CASES_FOR_getresgid case __NR_getresgid -#endif - -#ifdef __NR_stat64 -#define CASES_FOR_stat case __NR_stat64 -#define CASES_FOR_lstat case __NR_lstat64 -#define CASES_FOR_fstat case __NR_fstat64 -#define CASES_FOR_fstatat case __NR_fstatat64 -#define CASES_FOR_statfs case __NR_statfs64: case __NR_statfs -#define CASES_FOR_fstatfs case __NR_fstatfs64: case __NR_fstatfs -#define CASES_FOR_fcntl case __NR_fcntl64 -// We're using the 32-bit version on 32-bit desktop for some reason. -#define CASES_FOR_getdents case __NR_getdents64: case __NR_getdents -// FIXME: we might not need the compat cases for these on non-Android: -#define CASES_FOR_lseek case __NR_lseek: case __NR__llseek -#define CASES_FOR_ftruncate case __NR_ftruncate: case __NR_ftruncate64 -#else -#define CASES_FOR_stat case __NR_stat -#define CASES_FOR_lstat case __NR_lstat -#define CASES_FOR_fstatat case __NR_newfstatat -#define CASES_FOR_fstat case __NR_fstat -#define CASES_FOR_fstatfs case __NR_fstatfs -#define CASES_FOR_statfs case __NR_statfs -#define CASES_FOR_fcntl case __NR_fcntl -#define CASES_FOR_getdents case __NR_getdents -#define CASES_FOR_lseek case __NR_lseek -#define CASES_FOR_ftruncate case __NR_ftruncate -#endif - -#ifdef __NR_sigprocmask -#define CASES_FOR_sigprocmask case __NR_sigprocmask: case __NR_rt_sigprocmask -#define CASES_FOR_sigaction case __NR_sigaction: case __NR_rt_sigaction -#define CASES_FOR_sigreturn case __NR_sigreturn: case __NR_rt_sigreturn -#else -#define CASES_FOR_sigprocmask case __NR_rt_sigprocmask -#define CASES_FOR_sigaction case __NR_rt_sigaction -#define CASES_FOR_sigreturn case __NR_rt_sigreturn -#endif - -#ifdef __NR__newselect -#define CASES_FOR_select case __NR__newselect -#else -#define CASES_FOR_select case __NR_select -#endif - -#ifdef __NR_ugetrlimit -#define CASES_FOR_getrlimit case __NR_ugetrlimit -#else -#define CASES_FOR_getrlimit case __NR_getrlimit -#endif - -#endif // mozilla_SandboxFilterUtil_h |