services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.cc - chromium/src - Git at Google

 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"

 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>

 // Some arch's (arm64 for instance) unistd.h don't pull in symbols used here
 // unless these are defined.
 #define __ARCH_WANT_SYSCALL_NO_AT
 #define __ARCH_WANT_SYSCALL_DEPRECATED
 #include <unistd.h>

 #include <memory>
 #include <string>
 #include <vector>

 #include "base/logging.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"

 using sandbox::bpf_dsl::Allow;
 using sandbox::bpf_dsl::Arg;
 using sandbox::bpf_dsl::Error;
 using sandbox::bpf_dsl::If;
 using sandbox::bpf_dsl::ResultExpr;

 namespace service_manager {

 CrosAmdGpuProcessPolicy::CrosAmdGpuProcessPolicy() {}

 CrosAmdGpuProcessPolicy::~CrosAmdGpuProcessPolicy() {}

 ResultExpr CrosAmdGpuProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
     case __NR_fstatfs:
     case __NR_sched_setscheduler:
     case __NR_sysinfo:
     case __NR_uname:
 #if !defined(__aarch64__)
     case __NR_getdents:
     case __NR_readlink:
     case __NR_stat:
 #endif
       return Allow();
 #if defined(__x86_64__)
     // Allow only AF_UNIX for |domain|.
     case __NR_socket:
     case __NR_socketpair: {
       const Arg<int> domain(0);
       return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
     }
 #endif
     default:
       // Default to the generic GPU policy.
       return GpuProcessPolicy::EvaluateSyscall(sysno);
   }
 }

 CrosAmdGpuBrokerProcessPolicy ::CrosAmdGpuBrokerProcessPolicy() {}

 CrosAmdGpuBrokerProcessPolicy ::~CrosAmdGpuBrokerProcessPolicy() {}

 // A GPU broker policy is the same as a GPU policy with access, open,
 // openat and in the non-Chrome OS case unlink allowed.
 ResultExpr CrosAmdGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
     case __NR_faccessat:
     case __NR_openat:
 #if !defined(__aarch64__)
     case __NR_access:
     case __NR_open:
 #if !defined(OS_CHROMEOS)
     // The broker process needs to able to unlink the temporary
     // files that it may create. This is used by DRI3.
     case __NR_unlink:
 #endif  // !defined(OS_CHROMEOS)
 #endif  // !define(__aarch64__)
       return Allow();
     default:
       return CrosAmdGpuProcessPolicy::EvaluateSyscall(sysno);
   }
 }

 }  // namespace service_manager
	// Copyright (c) 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "services/service_manager/sandbox/linux/bpf_cros_amd_gpu_policy_linux.h"

	#include <dlfcn.h>
	#include <errno.h>
	#include <fcntl.h>
	#include <sys/socket.h>
	#include <sys/stat.h>
	#include <sys/types.h>

	// Some arch's (arm64 for instance) unistd.h don't pull in symbols used here
	// unless these are defined.
	#define __ARCH_WANT_SYSCALL_NO_AT
	#define __ARCH_WANT_SYSCALL_DEPRECATED
	#include <unistd.h>

	#include <memory>
	#include <string>
	#include <vector>

	#include "base/logging.h"
	#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
	#include "sandbox/linux/system_headers/linux_syscalls.h"

	using sandbox::bpf_dsl::Allow;
	using sandbox::bpf_dsl::Arg;
	using sandbox::bpf_dsl::Error;
	using sandbox::bpf_dsl::If;
	using sandbox::bpf_dsl::ResultExpr;

	namespace service_manager {

	CrosAmdGpuProcessPolicy::CrosAmdGpuProcessPolicy() {}

	CrosAmdGpuProcessPolicy::~CrosAmdGpuProcessPolicy() {}

	ResultExpr CrosAmdGpuProcessPolicy::EvaluateSyscall(int sysno) const {
	switch (sysno) {
	case __NR_fstatfs:
	case __NR_sched_setscheduler:
	case __NR_sysinfo:
	case __NR_uname:
	#if !defined(__aarch64__)
	case __NR_getdents:
	case __NR_readlink:
	case __NR_stat:
	#endif
	return Allow();
	#if defined(__x86_64__)
	// Allow only AF_UNIX for \|domain\|.
	case __NR_socket:
	case __NR_socketpair: {
	const Arg<int> domain(0);
	return If(domain == AF_UNIX, Allow()).Else(Error(EPERM));
	}
	#endif
	default:
	// Default to the generic GPU policy.
	return GpuProcessPolicy::EvaluateSyscall(sysno);
	}
	}

	CrosAmdGpuBrokerProcessPolicy ::CrosAmdGpuBrokerProcessPolicy() {}

	CrosAmdGpuBrokerProcessPolicy ::~CrosAmdGpuBrokerProcessPolicy() {}

	// A GPU broker policy is the same as a GPU policy with access, open,
	// openat and in the non-Chrome OS case unlink allowed.
	ResultExpr CrosAmdGpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
	switch (sysno) {
	case __NR_faccessat:
	case __NR_openat:
	#if !defined(__aarch64__)
	case __NR_access:
	case __NR_open:
	#if !defined(OS_CHROMEOS)
	// The broker process needs to able to unlink the temporary
	// files that it may create. This is used by DRI3.
	case __NR_unlink:
	#endif // !defined(OS_CHROMEOS)
	#endif // !define(__aarch64__)
	return Allow();
	default:
	return CrosAmdGpuProcessPolicy::EvaluateSyscall(sysno);
	}
	}

	} // namespace service_manager