xref: /Universal-ctags/main/seccomp.c (revision 142a1d783f9738d32bae20d2ea136969ce9007c1) 
1e7ed5190SHan-Wen Nienhuys /*
2e7ed5190SHan-Wen Nienhuys *   Copyright (c) 2017, Google, Inc.
3e7ed5190SHan-Wen Nienhuys *
4e7ed5190SHan-Wen Nienhuys *   Author: Han-Wen Nienhuys <hanwen@google.com>
5e7ed5190SHan-Wen Nienhuys *
6e7ed5190SHan-Wen Nienhuys *   This source code is released for free distribution under the terms of the
7e7ed5190SHan-Wen Nienhuys *   GNU General Public License version 2 or (at your option) any later version.
8e7ed5190SHan-Wen Nienhuys *
9e7ed5190SHan-Wen Nienhuys */
10e7ed5190SHan-Wen Nienhuys 
11286a4ccdSMasatake YAMATO #include "general.h"
123c130a08SMasatake YAMATO #include "debug.h"
1321996d92SMasatake YAMATO #include "interactive_p.h"
1429e40fb6SMasatake YAMATO #include "routines.h"
15e7ed5190SHan-Wen Nienhuys 
161026e7b8SColomban Wendling #ifdef HAVE_SECCOMP
17e7ed5190SHan-Wen Nienhuys #include <seccomp.h>
184cbb68c8SMasatake YAMATO 
19e7ed5190SHan-Wen Nienhuys 
installSyscallFilter(void)20e7ed5190SHan-Wen Nienhuys int installSyscallFilter (void)
21e7ed5190SHan-Wen Nienhuys {
22e7ed5190SHan-Wen Nienhuys 	// Use SCMP_ACT_TRAP to get a core dump.
23e7ed5190SHan-Wen Nienhuys 	scmp_filter_ctx ctx = seccomp_init (SCMP_ACT_KILL);
24e7ed5190SHan-Wen Nienhuys 	if (ctx == NULL)
25e7ed5190SHan-Wen Nienhuys 	{
26e7ed5190SHan-Wen Nienhuys 		return 1;
27e7ed5190SHan-Wen Nienhuys 	}
28e7ed5190SHan-Wen Nienhuys 
29e7ed5190SHan-Wen Nienhuys 	// Memory allocation.
30e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mmap), 0);
313a6c6ff6SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (munmap), 0);
3270c51900SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mremap), 0);
33e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (brk), 0);
34e7ed5190SHan-Wen Nienhuys 
35e7ed5190SHan-Wen Nienhuys 	// I/O
36e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (read), 0);
37e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (write), 0);
38e7ed5190SHan-Wen Nienhuys 
39e7ed5190SHan-Wen Nienhuys 	// Clean exit
40e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit), 0);
41e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit_group), 0);
42e7ed5190SHan-Wen Nienhuys 
43e7ed5190SHan-Wen Nienhuys 	// The bowels of stdio want to know the size of a file, even for stdout.
44e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat), 0);
45fb0c1973SAndreas Baumann 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat64), 0);
46f827e85fSMasatake YAMATO #ifdef __SNR_newfstatat
47f827e85fSMasatake YAMATO 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (newfstatat), 0);
48f827e85fSMasatake YAMATO #endif
49*142a1d78SAthos Ribeiro #ifdef __SNR_statx
50*142a1d78SAthos Ribeiro 	// armhf fallback
51*142a1d78SAthos Ribeiro 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (statx), 0);
52*142a1d78SAthos Ribeiro #endif
53e7ed5190SHan-Wen Nienhuys 
54e7ed5190SHan-Wen Nienhuys 	// seems unnecessary, but this comes from
55e7ed5190SHan-Wen Nienhuys 	// main/parse.c:2764 : tagFilePosition (&tagfpos);
56e7ed5190SHan-Wen Nienhuys 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
57fb0c1973SAndreas Baumann 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (_llseek), 0);
58e7ed5190SHan-Wen Nienhuys 
59f384fdecSTobias Gruetzmacher 	// libxml2 uses pthread_once, which in turn uses a futex
60f384fdecSTobias Gruetzmacher 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
61f384fdecSTobias Gruetzmacher 
624cbb68c8SMasatake YAMATO 	verbose ("Entering sandbox\n");
63e7ed5190SHan-Wen Nienhuys 	int err = seccomp_load (ctx);
64e7ed5190SHan-Wen Nienhuys 	if (err < 0)
65e7ed5190SHan-Wen Nienhuys 	{
664cbb68c8SMasatake YAMATO 		error (WARNING, "Failed to install syscall filter");
674cbb68c8SMasatake YAMATO 		/* Error handling is done in upper layer. */
68e7ed5190SHan-Wen Nienhuys 	}
69e7ed5190SHan-Wen Nienhuys 
70e7ed5190SHan-Wen Nienhuys 	seccomp_release (ctx);
71e7ed5190SHan-Wen Nienhuys 
72e7ed5190SHan-Wen Nienhuys 	return err;
73e7ed5190SHan-Wen Nienhuys }
74e7ed5190SHan-Wen Nienhuys 
75e7ed5190SHan-Wen Nienhuys /*
76e7ed5190SHan-Wen Nienhuys    TODO: on OSX, Seatbelt
77e7ed5190SHan-Wen Nienhuys    (https://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design)
78e7ed5190SHan-Wen Nienhuys    should be used for equivalent functionality.
79e7ed5190SHan-Wen Nienhuys  */
803c130a08SMasatake YAMATO 
813c130a08SMasatake YAMATO #else
installSyscallFilter(void)823c130a08SMasatake YAMATO int installSyscallFilter (void)
833c130a08SMasatake YAMATO {
843c130a08SMasatake YAMATO 	AssertNotReached ();
853c130a08SMasatake YAMATO 	return -1;
863c130a08SMasatake YAMATO }
87e7ed5190SHan-Wen Nienhuys #endif
88