ctags/main/seccomp.c

   1 /*
   2 *   Copyright (c) 2017, Google, Inc.
   3 *
   4 *   Author: Han-Wen Nienhuys <hanwen@google.com>
   5 *
   6 *   This source code is released for free distribution under the terms of the
   7 *   GNU General Public License version 2 or (at your option) any later version.
   8 *
   9 */
  10
  11 #include "general.h"
  12 #include "debug.h"
  13 #include "interactive_p.h"
  14 #include "routines.h"
  15
  16 #ifdef HAVE_SECCOMP
  17 #include <seccomp.h>
  18
  19
  20 int installSyscallFilter (void)
  21 {
  22         // Use SCMP_ACT_TRAP to get a core dump.
  23         scmp_filter_ctx ctx = seccomp_init (SCMP_ACT_KILL);
  24         if (ctx == NULL)
  25         {
  26                 return 1;
  27         }
  28
  29         // Memory allocation.
  30         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mmap), 0);
  31         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (munmap), 0);
  32         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mremap), 0);
  33         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (brk), 0);
  34
  35         // I/O
  36         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (read), 0);
  37         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (write), 0);
  38
  39         // Clean exit
  40         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit), 0);
  41         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (exit_group), 0);
  42
  43         // The bowels of stdio want to know the size of a file, even for stdout.
  44         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat), 0);
  45         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat64), 0);
  46 #ifdef __SNR_newfstatat
  47         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (newfstatat), 0);
  48 #endif
  49 #ifdef __SNR_statx
  50         // armhf fallback
  51         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (statx), 0);
  52 #endif
  53
  54         // seems unnecessary, but this comes from
  55         // main/parse.c:2764 : tagFilePosition (&tagfpos);
  56         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
  57         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (_llseek), 0);
  58
  59         // libxml2 uses pthread_once, which in turn uses a futex
  60         seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
  61
  62         verbose ("Entering sandbox\n");
  63         int err = seccomp_load (ctx);
  64         if (err < 0)
  65         {
  66                 error (WARNING, "Failed to install syscall filter");
  67                 /* Error handling is done in upper layer. */
  68         }
  69
  70         seccomp_release (ctx);
  71
  72         return err;
  73 }
  74
  75 /*
  76    TODO: on OSX, Seatbelt
  77    (https://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design)
  78    should be used for equivalent functionality.
  79  */
  80
  81 #else
  82 int installSyscallFilter (void)
  83 {
  84         AssertNotReached ();
  85         return -1;
  86 }
  87 #endif