1 #ifndef VSF_PTRACESANDBOX_H
2 #define VSF_PTRACESANDBOX_H
4 /* Forward delcarations */
7 typedef int (*ptrace_sandbox_validator_t
)(struct pt_sandbox
*, void*);
9 /* ptrace_sandbox_alloc()
11 * Allocates a ptrace sandbox object which is needed for the rest of the API.
13 * NULL on failure, otherwise an opaque handle.
15 * Only one per process supported at this time.
17 struct pt_sandbox
* ptrace_sandbox_alloc();
19 /* ptrace_sandbox_free()
21 * Frees the sandbox object.
23 * p_sandbox - the sandbox handle to free
25 void ptrace_sandbox_free(struct pt_sandbox
* p_sandbox
);
27 /* ptrace_sandbox_launch_process()
29 * Launches a new process and attaches the sandbox to it when it stops.
31 * p_sandbox - the sandbox handle
32 * p_func - the function to call at the start of the new process
33 * p_arg - an argument to pass to the function
35 * -1 on failure, otherwise an id for the created process. Not necessarily a
36 * "pid", please treat is as opaque!
38 * Only one call to this per sandbox object is supported at this time.
40 int ptrace_sandbox_launch_process(struct pt_sandbox
* p_sandbox
,
41 void (*p_func
)(void*),
44 /* ptrace_sandbox_run_processes()
46 * Runs sandboxed children until they exit or are killed.
48 * p_sandbox - the sandbox handle
50 * 0 on normal exit or death of processes.
51 * -1 if any process breached the policy.
53 int ptrace_sandbox_run_processes(struct pt_sandbox
* p_sandbox
);
55 /* ptrace_sandbox_kill_processes()
57 * Safely kills off all sandboxed processes.
59 * p_sandbox - the sandbox handle
61 void ptrace_sandbox_kill_processes(struct pt_sandbox
* p_sandbox
);
63 /* ptrace_sandbox_get_arg()
65 * Gets a syscall argument value for a process stopped in syscall entry.
67 * p_sandbox - the sandbox handle
68 * arg - the arg number to get (zero-based)
69 * p_out - the result is written here
71 * 0 on success; otherwise it's a failure.
73 int ptrace_sandbox_get_arg(struct pt_sandbox
* p_sandbox
,
75 unsigned long* p_out
);
77 /* ptrace_sandbox_get_socketcall_arg()
79 * Gets a syscall argument value for a process stopped in syscall entry, where
80 * the system call is a socket-related one. On some architectures (e.g. i386,
81 * socket calls are in fact multiplexed and store the arguments in a struct
82 * in user space, hence the need for abstraction.
84 * p_sandbox - the sandbox handle
85 * arg - the arg number to get (zero-based)
86 * p_out - the result is written here
88 * 0 on success; otherwise it's a failure.
90 int ptrace_sandbox_get_socketcall_arg(struct pt_sandbox
* p_sandbox
,
92 unsigned long* p_out
);
94 /* ptrace_sandbox_get_long()
96 * Gets a long from the address space of the process stopped in syscall entry.
98 * p_sandbox - the sandbox handle
99 * ptr - the address to read the long from
100 * p_out - the result is written here
102 * 0 on success; otherwise it's a failure.
104 int ptrace_sandbox_get_long(struct pt_sandbox
* p_sandbox
,
106 unsigned long* p_out
);
108 /* ptrace_sandbox_get_buf()
110 * Gets a piece of memory from the address space of the process stopped in
113 * p_sandbox - the sandbox handle
114 * ptr - the address to read the buffer from
115 * len - the length of the buffer
116 * p_buf - the result is written here
118 * 0 on success; otherwise it's a failure.
120 int ptrace_sandbox_get_buf(struct pt_sandbox
* p_sandbox
,
125 /* ptrace_sandbox_attach_point()
127 * Used by the sandbox child code to stop and indicate it is ready to be
130 * In the event of error trying to stop, the process is forcibly killed as a
133 void ptrace_sandbox_attach_point(void);
135 /* POLICY EDIT: permits exit() and exit_group() */
136 void ptrace_sandbox_permit_exit(struct pt_sandbox
* p_sandbox
);
137 /* POLICY EDIT: permits read() */
138 void ptrace_sandbox_permit_read(struct pt_sandbox
* p_sandbox
);
139 /* POLICY EDIT: permits write() */
140 void ptrace_sandbox_permit_write(struct pt_sandbox
* p_sandbox
);
141 /* POLICY EDIT: permits sigaction() and rt_sigaction() */
142 void ptrace_sandbox_permit_sigaction(struct pt_sandbox
* p_sandbox
);
143 /* POLICY EDIT: permits alarm() */
144 void ptrace_sandbox_permit_alarm(struct pt_sandbox
* p_sandbox
);
145 /* POLICY EDIT: permits time() and gettimeofday() */
146 void ptrace_sandbox_permit_query_time(struct pt_sandbox
* p_sandbox
);
147 /* POLICY EDIT: permits mmap2() (but not the MAP_SHARED flag) */
148 void ptrace_sandbox_permit_mmap(struct pt_sandbox
* p_sandbox
);
149 /* POLICY EDIT: permits mprotect() */
150 void ptrace_sandbox_permit_mprotect(struct pt_sandbox
* p_sandbox
);
151 /* POLICY EDIT: permits stat(), stat64(), lstat(), lstat64() */
152 void ptrace_sandbox_permit_file_stats(struct pt_sandbox
* p_sandbox
);
153 /* POLICY EDIT: permits fstat(), fstat64() */
154 void ptrace_sandbox_permit_fd_stats(struct pt_sandbox
* p_sandbox
);
155 /* POLICY EDIT: permits getcwd() */
156 void ptrace_sandbox_permit_getcwd(struct pt_sandbox
* p_sandbox
);
157 /* POLICY EDIT: permits chdir() */
158 void ptrace_sandbox_permit_chdir(struct pt_sandbox
* p_sandbox
);
159 /* POLICY EDIT: permits umask() */
160 void ptrace_sandbox_permit_umask(struct pt_sandbox
* p_sandbox
);
161 /* POLICY EDIT: permits open(), except O_ASYNC and O_DIRECT. Only O_RDONLY
162 * allowed unless writeable is 1
164 void ptrace_sandbox_permit_open(struct pt_sandbox
* p_sandbox
, int writeable
);
165 /* POLICY EDIT: permits close() */
166 void ptrace_sandbox_permit_close(struct pt_sandbox
* p_sandbox
);
167 /* POLICY EDIT: permits getdents(), getdents64() */
168 void ptrace_sandbox_permit_getdents(struct pt_sandbox
* p_sandbox
);
169 /* POLICY EDIT: permits fcntl(), fcntl64() for file locking, safe F_SETFL flag
170 * setting (no O_ASYNC, O_DIRECT), F_SETOWN for your own pid and F_SETFD.
172 void ptrace_sandbox_permit_fcntl(struct pt_sandbox
* p_sandbox
);
173 /* POLICY EDIT: permits sendfile(), sendfile64() */
174 void ptrace_sandbox_permit_sendfile(struct pt_sandbox
* p_sandbox
);
175 /* POLICY EDIT: permits lseek(), llseek() */
176 void ptrace_sandbox_permit_seek(struct pt_sandbox
* p_sandbox
);
177 /* POLICY EDIT: permits select(), newselect() */
178 void ptrace_sandbox_permit_select(struct pt_sandbox
* p_sandbox
);
179 /* POLICY EDIT: permits unlink() */
180 void ptrace_sandbox_permit_unlink(struct pt_sandbox
* p_sandbox
);
181 /* POLICY EDIT: permits mkdir() */
182 void ptrace_sandbox_permit_mkdir(struct pt_sandbox
* p_sandbox
);
183 /* POLICY EDIT: permits rmdir() */
184 void ptrace_sandbox_permit_rmdir(struct pt_sandbox
* p_sandbox
);
185 /* POLICY EDIT: permits rename() */
186 void ptrace_sandbox_permit_rename(struct pt_sandbox
* p_sandbox
);
187 /* POLICY EDIT: permits utime(), utimes() */
188 void ptrace_sandbox_permit_utime(struct pt_sandbox
* p_sandbox
);
189 /* POLICY EDIT: permits sigreturn() */
190 void ptrace_sandbox_permit_sigreturn(struct pt_sandbox
* p_sandbox
);
191 /* POLICY EDIT: permits recv() */
192 void ptrace_sandbox_permit_recv(struct pt_sandbox
* p_sandbox
);
193 /* POLICY EDIT: permits readlink() */
194 void ptrace_sandbox_permit_readlink(struct pt_sandbox
* p_sandbox
);
195 /* POLICY EDIT: permits brk() */
196 void ptrace_sandbox_permit_brk(struct pt_sandbox
* p_sandbox
);
197 /* POLICY EDIT: permits nanosleep() */
198 void ptrace_sandbox_permit_sleep(struct pt_sandbox
* p_sandbox
);
199 /* POLICY EDIT: permits fchmod() */
200 void ptrace_sandbox_permit_fchmod(struct pt_sandbox
* p_sandbox
);
201 /* POLICY EDIT: permits chmod() */
202 void ptrace_sandbox_permit_chmod(struct pt_sandbox
* p_sandbox
);
203 /* POLICY EDIT: permits fchown(), fchown32() */
204 void ptrace_sandbox_permit_fchown(struct pt_sandbox
* p_sandbox
);
205 /* POLICY EDIT: permits mremap() */
206 void ptrace_sandbox_permit_mremap(struct pt_sandbox
* p_sandbox
);
207 /* POLICY EDIT: permits ftruncate(), ftruncate64() */
208 void ptrace_sandbox_permit_ftruncate(struct pt_sandbox
* p_sandbox
);
209 /* POLICY EDIT: permits socket() */
210 void ptrace_sandbox_permit_socket(struct pt_sandbox
* p_sandbox
);
211 /* POLICY EDIT: set validator for socket() */
212 void ptrace_sandbox_set_socket_validator(struct pt_sandbox
* p_sandbox
,
213 ptrace_sandbox_validator_t val
,
215 /* POLICY EDIT: permits bind() */
216 void ptrace_sandbox_permit_bind(struct pt_sandbox
* p_sandbox
);
217 /* POLICY EDIT: set validator for bind() */
218 void ptrace_sandbox_set_bind_validator(struct pt_sandbox
* p_sandbox
,
219 ptrace_sandbox_validator_t val
,
221 /* POLICY EDIT: permits connect() */
222 void ptrace_sandbox_permit_connect(struct pt_sandbox
* p_sandbox
);
223 /* POLICY EDIT: set validator for connect() */
224 void ptrace_sandbox_set_connect_validator(struct pt_sandbox
* p_sandbox
,
225 ptrace_sandbox_validator_t val
,
227 /* POLICY EDIT: permits listen() */
228 void ptrace_sandbox_permit_listen(struct pt_sandbox
* p_sandbox
);
229 /* POLICY EDIT: permits accept() */
230 void ptrace_sandbox_permit_accept(struct pt_sandbox
* p_sandbox
);
231 /* POLICY EDIT: permits setsockopt() */
232 void ptrace_sandbox_permit_setsockopt(struct pt_sandbox
* p_sandbox
);
233 /* POLICY EDIT: set validator for setsockopt() */
234 void ptrace_sandbox_set_setsockopt_validator(struct pt_sandbox
* p_sandbox
,
235 ptrace_sandbox_validator_t val
,
237 /* POLICY EDIT: permits getsockopt() */
238 void ptrace_sandbox_permit_getsockopt(struct pt_sandbox
* p_sandbox
);
239 /* POLICY EDIT: set validator for getsockopt() */
240 void ptrace_sandbox_set_getsockopt_validator(struct pt_sandbox
* p_sandbox
,
241 ptrace_sandbox_validator_t val
,
243 /* POLICY EDIT: permits shutdown() */
244 void ptrace_sandbox_permit_shutdown(struct pt_sandbox
* p_sandbox
);
246 /* The traced process is unexpectedly dead; probably an external SIGKILL */
247 #define PTRACE_SANDBOX_ERR_DEAD -1
248 /* An unexpected error from ptrace() */
249 #define PTRACE_SANDBOX_ERR_PTRACE -2
250 /* An unexpected error from waitpid() */
251 #define PTRACE_SANDBOX_ERR_WAITPID -3
252 /* An unexpected waitpid() status was returned */
253 #define PTRACE_SANDBOX_ERR_WAIT_STATUS -4
254 /* A syscall not in the policy was attempted */
255 #define PTRACE_SANDBOX_ERR_POLICY_SYSCALL -5
256 /* A "bad" syscall was attemped: out-of-bounds, 64-bit in a 32-bit child etc. */
257 #define PTRACE_SANDBOX_ERR_BAD_SYSCALL -6
258 /* Bad arguments to a generally accepted syscall */
259 #define PTRACE_SANDBOX_ERR_POLICY_ARGS -7
260 /* Abuse of our API */
261 #define PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT -8
263 #endif /* VSF_PTRACESANDBOX_H */