xref: /Universal-ctags/main/seccomp.c (revision 142a1d783f9738d32bae20d2ea136969ce9007c1) 
1 /*
2 *   Copyright (c) 2017, Google, Inc.
3 *
4 *   Author: Han-Wen Nienhuys <hanwen@google.com>
5 *
6 *   This source code is released for free distribution under the terms of the
7 *   GNU General Public License version 2 or (at your option) any later version.
8 *
9 */
10 
11 #include "general.h"
12 #include "debug.h"
13 #include "interactive_p.h"
14 #include "routines.h"
15 
16 #ifdef HAVE_SECCOMP
17 #include <seccomp.h>
18 
19 
installSyscallFilter(void)20 int installSyscallFilter (void)
21 {
22 	// Use SCMP_ACT_TRAP to get a core dump.
23 	scmp_filter_ctx ctx = seccomp_init (SCMP_ACT_KILL);
24 	if (ctx == NULL)
25 	{
26 		return 1;
27 	}
28 
29 	// Memory allocation.
30 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mmap), 0);
31 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (munmap), 0);
32 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mremap), 0);
33 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (brk), 0);
34 
35 	// I/O
36 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (read), 0);
37 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (write), 0);
38 
39 	// Clean exit
40 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit), 0);
41 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit_group), 0);
42 
43 	// The bowels of stdio want to know the size of a file, even for stdout.
44 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat), 0);
45 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat64), 0);
46 #ifdef __SNR_newfstatat
47 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (newfstatat), 0);
48 #endif
49 #ifdef __SNR_statx
50 	// armhf fallback
51 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (statx), 0);
52 #endif
53 
54 	// seems unnecessary, but this comes from
55 	// main/parse.c:2764 : tagFilePosition (&tagfpos);
56 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
57 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (_llseek), 0);
58 
59 	// libxml2 uses pthread_once, which in turn uses a futex
60 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
61 
62 	verbose ("Entering sandbox\n");
63 	int err = seccomp_load (ctx);
64 	if (err < 0)
65 	{
66 		error (WARNING, "Failed to install syscall filter");
67 		/* Error handling is done in upper layer. */
68 	}
69 
70 	seccomp_release (ctx);
71 
72 	return err;
73 }
74 
75 /*
76    TODO: on OSX, Seatbelt
77    (https://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design)
78    should be used for equivalent functionality.
79  */
80 
81 #else
installSyscallFilter(void)82 int installSyscallFilter (void)
83 {
84 	AssertNotReached ();
85 	return -1;
86 }
87 #endif
88