Attachment #764719 for bug #669748




    return RestrictKillTarget(current_pid, sysno);
  }

#if defined(__NR_newfstatat)
  if (sysno == __NR_newfstatat) {
    return RewriteFstatatSIGSYS();
  }
#endif

#if defined(__NR_fstatat64)
  if (sysno == __NR_fstatat64) {
    return RewriteFstatatSIGSYS();
  }
#endif

  // memfd_create is considered a file system syscall which below will be denied
  // with fs_denied_errno, we need memfd_create for Mojo shared memory channels.
  if (sysno == __NR_memfd_create) {

  // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
  // libc implementations to fstatat syscalls, and we need to rewrite them back.
  if (sysno == __NR_fstatat_default) {
    return RewriteFstatatSIGSYS();
  }

  // The statx syscall is a filesystem syscall, which will be denied below with





#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"

#include <errno.h>
#include <fcntl.h>
#include <stddef.h>
#include <stdint.h>

}

intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
                              void* aux) {
  switch (args.nr) {
#if defined(__NR_newfstatat)
    case __NR_newfstatat:
#endif
#if defined(__NR_fstatat64)
    case __NR_fstatat64:
#endif
#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
      if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
          && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
        return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
                                    reinterpret_cast<struct stat64 *>(args.args[2]));
      } else {
        errno = EACCES;
        return -1;
      }
      break;
#endif
  }

  CrashSIGSYS_Handler(args, aux);

  // Should never be reached.
  RAW_CHECK(false);

  return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
}

bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
  return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
                       reinterpret_cast<void*>(fs_denied_errno));
}

void AllocateCrashKeys() {

Lines 204-207 int sys_fstatat64(int dirfd, Link Here

(-)chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.cc (+9 lines)
204	#endif	204	#endif
205	}	205	}
206		206
		207	SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
		208	{
		209	#if defined(__NR_fstat64)
		210	return syscall(__NR_fstat64, fd, buf);
		211	#else
		212	return syscall(__NR_fstat, fd, buf);
		213	#endif
		214	}
		215
207	} // namespace sandbox	216	} // namespace sandbox

Lines 19-24 struct cap_hdr; Link Here

(-)chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.h (+4 lines)
19	struct cap_data;	19	struct cap_data;
20	struct kernel_stat;	20	struct kernel_stat;
21	struct kernel_stat64;	21	struct kernel_stat64;
		22	struct stat64;
22		23
23	namespace sandbox {	24	namespace sandbox {
24		25
Lines 99-104 SANDBOX_EXPORT int sys_fstatat64(int dir Link Here
99	struct kernel_stat64* stat_buf,	100	struct kernel_stat64* stat_buf,
100	int flags);	101	int flags);
101		102
		103	// Recent glibc rewrites fstat to fstatat.
		104	SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
		105
102	} // namespace sandbox	106	} // namespace sandbox
103		107
104	#endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_	108	#endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_

Lines 77-83 Link Here

(-)chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h (-1 / +1 lines)
77	SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();	77	SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
78	SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();	78	SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
79	SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();	79	SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
80	SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);	80	SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
81		81
82	// Allocates a crash key so that Seccomp information can be recorded.	82	// Allocates a crash key so that Seccomp information can be recorded.
83	void AllocateCrashKeys();	83	void AllocateCrashKeys();

Lines 529-535 Link Here

(-)chromium-98.0.4758.80/sandbox/policy/linux/sandbox_linux.cc (-1 / +1 lines)
529	// fstatat() to fail, see https://crbug.com/1243290#c8 for details.	529	// fstatat() to fail, see https://crbug.com/1243290#c8 for details.
530	const bpf_dsl::Arg<int> flags(3);	530	const bpf_dsl::Arg<int> flags(3);
531	return bpf_dsl::If((flags & AT_EMPTY_PATH) == AT_EMPTY_PATH,	531	return bpf_dsl::If((flags & AT_EMPTY_PATH) == AT_EMPTY_PATH,
532	RewriteFstatatSIGSYS(BPFBasePolicy::GetFSDeniedErrno()))	532	RewriteFstatatSIGSYS())
533	.Else(handle_via_broker);	533	.Else(handle_via_broker);
534	} else {	534	} else {
535	return handle_via_broker;	535	return handle_via_broker;

Return to bug 669748

Lines 287-292 ResultExpr EvaluateSyscallImpl(int fs_de Link Here

(-)chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (-1 / +13 lines)
287	return RestrictKillTarget(current_pid, sysno);	287	return RestrictKillTarget(current_pid, sysno);
288	}	288	}
289		289
		290	#if defined(__NR_newfstatat)
		291	if (sysno == __NR_newfstatat) {
		292	return RewriteFstatatSIGSYS();
		293	}
		294	#endif
		295
		296	#if defined(__NR_fstatat64)
		297	if (sysno == __NR_fstatat64) {
		298	return RewriteFstatatSIGSYS();
		299	}
		300	#endif
		301
290	// memfd_create is considered a file system syscall which below will be denied	302	// memfd_create is considered a file system syscall which below will be denied
291	// with fs_denied_errno, we need memfd_create for Mojo shared memory channels.	303	// with fs_denied_errno, we need memfd_create for Mojo shared memory channels.
292	if (sysno == __NR_memfd_create) {	304	if (sysno == __NR_memfd_create) {
Lines 310-316 Link Here
310	// with fs_denied_errno. However some allowed fstat syscalls are rewritten by	310	// with fs_denied_errno. However some allowed fstat syscalls are rewritten by
311	// libc implementations to fstatat syscalls, and we need to rewrite them back.	311	// libc implementations to fstatat syscalls, and we need to rewrite them back.
312	if (sysno == __NR_fstatat_default) {	312	if (sysno == __NR_fstatat_default) {
313	return RewriteFstatatSIGSYS(fs_denied_errno);	313	return RewriteFstatatSIGSYS();
314	}	314	}
315		315
316	// The statx syscall is a filesystem syscall, which will be denied below with	316	// The statx syscall is a filesystem syscall, which will be denied below with

Lines 6-11 Link Here

(-)chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc (-12 / +23 lines)
6		6
7	#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"	7	#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
8		8
		9	#include <errno.h>
9	#include <fcntl.h>	10	#include <fcntl.h>
10	#include <stddef.h>	11	#include <stddef.h>
11	#include <stdint.h>	12	#include <stdint.h>
Lines 354-370 intptr_t SIGSYSSchedHandler(const struct Link Here
354	}	355	}
355		356
356	intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,	357	intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
357	void* fs_denied_errno) {	358	void* aux) {
358	if (args.nr == __NR_fstatat_default) {	359	switch (args.nr) {
359	if (reinterpret_cast<const char>(args.args[1]) == '\0' &&	360	#if defined(__NR_newfstatat)
360	args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {	361	case __NR_newfstatat:
361	return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),	362	#endif
362	reinterpret_cast<default_stat_struct*>(args.args[2]));	363	#if defined(__NR_fstatat64)
363	}	364	case __NR_fstatat64:
364	return -reinterpret_cast<intptr_t>(fs_denied_errno);	365	#endif
		366	#if defined(__NR_newfstatat) \|\| defined(__NR_fstatat64)
		367	if (reinterpret_cast<const char >(args.args[1]) == '\0'
		368	&& args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
		369	return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
		370	reinterpret_cast<struct stat64 *>(args.args[2]));
		371	} else {
		372	errno = EACCES;
		373	return -1;
		374	}
		375	break;
		376	#endif
365	}	377	}
366		378
367	CrashSIGSYS_Handler(args, fs_denied_errno);	379	CrashSIGSYS_Handler(args, aux);
368		380
369	// Should never be reached.	381	// Should never be reached.
370	RAW_CHECK(false);	382	RAW_CHECK(false);
Lines 403-411 bpf_dsl::ResultExpr RewriteSchedSIGSYS() Link Here
403	return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);	415	return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
404	}	416	}
405		417
406	bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {	418	bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
407	return bpf_dsl::Trap(SIGSYSFstatatHandler,	419	return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
408	reinterpret_cast<void*>(fs_denied_errno));
409	}	420	}
410		421
411	void AllocateCrashKeys() {	422	void AllocateCrashKeys() {