[tor-commits] [tor/master] switched to a design using filters as function pointer arrays
nickm at torproject.org
nickm at torproject.org
Fri Sep 13 16:31:55 UTC 2013
commit 442f256f251d1a7a0c29c4d1254dda668f887d0c
Author: Cristian Toader <cristian.matei.toader at gmail.com>
Date: Tue Jul 30 21:23:30 2013 +0300
switched to a design using filters as function pointer arrays
---
src/common/sandbox.c | 220 +++++++++++++++++++++++++++++++++-----------------
src/common/sandbox.h | 3 +
2 files changed, 148 insertions(+), 75 deletions(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index b55586b..28f23e8 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -18,6 +18,8 @@
#include "orconfig.h"
#include "torint.h"
+#define LENGHT(x) (sizeof(x)) / sizeof(x[0])
+
#if defined(HAVE_SECCOMP_H) && defined(__linux__)
#define USE_LIBSECCOMP
#endif
@@ -40,33 +42,6 @@
sandbox_cfg_t *filter_dynamic = NULL;
-static sandbox_static_cfg_t filter_static[] = {
- {SCMP_SYS(execve), PARAM_PTR, 0, (intptr_t)("/usr/local/bin/tor"), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGINT), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGTERM), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGPIPE), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGUSR1), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGUSR2), 0},
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGHUP), 0},
-#ifdef SIGXFSZ
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGXFSZ), 0},
-#endif
- {SCMP_SYS(rt_sigaction), PARAM_NUM, 0, (intptr_t)(SIGCHLD), 0},
- {SCMP_SYS(time), PARAM_NUM, 0, 0, 0},
- // accept4 workaround
-#ifdef __NR_socketcall
- {SCMP_SYS(socketcall), PARAM_NUM, 0, 18, 0},
-#endif
-
-#ifdef __NR_mmap2
- {SCMP_SYS(mmap2), PARAM_NUM, 2, PROT_READ, 0},
- {SCMP_SYS(mmap2), PARAM_NUM, 2, PROT_READ|PROT_WRITE, 0},
- {SCMP_SYS(mmap2), PARAM_NUM, 3, MAP_PRIVATE|MAP_ANONYMOUS, 0},
- {SCMP_SYS(mmap2), PARAM_NUM, 3, MAP_PRIVATE, 0},
-#endif
-
-};
-
/** Variable used for storing all syscall numbers that will be allowed with the
* stage 1 general Tor sandbox.
*/
@@ -159,28 +134,139 @@ static int filter_nopar_gen[] = {
SCMP_SYS(unlink),
};
-const char*
-sandbox_intern_string(const char *param)
-{
- int i, filter_size;
+static int sb_rt_sigaction(scmp_filter_ctx ctx) {
+ int i, rc;
+ int param[] = { SIGINT, SIGTERM, SIGPIPE, SIGUSR1, SIGUSR2, SIGHUP, SIGCHLD,
+#ifdef SIGXFSZ
+ SIGXFSZ
+#endif
+ };
+
+ for(i = 0; i < LENGHT(param); i++) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, param[i]));
+ if(rc)
+ break;
+ }
+
+ return rc;
+}
+
+static int sb_execve(scmp_filter_ctx ctx) {
+ int rc;
sandbox_cfg_t *elem;
- if (param == NULL)
- return NULL;
+ // for each dynamic parameter filters
+ elem = filter_dynamic;
+ for (; elem != NULL; elem = elem->next) {
+ if (elem->prot == 1 && elem->syscall == SCMP_SYS(execve)) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, elem->param));
+ if (rc != 0) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
+ "error %d", rc);
+ return rc;
+ }
+ }
+ }
- if (filter_static == NULL) {
- filter_size = 0;
- } else {
- filter_size = sizeof(filter_static) / sizeof(filter_static[0]);
+ return 0;
+}
+
+static int sb_time(scmp_filter_ctx ctx) {
+ return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, 0));
+}
+
+static int sb_accept4(scmp_filter_ctx ctx) {
+ return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, 18));
+}
+
+#ifdef __NR_mmap2
+static int sb_mmap2(scmp_filter_ctx ctx) {
+ int rc = 0;
+
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2,
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ),
+ SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE));
+ if(rc) {
+ return rc;
}
- for (i = 0; i < filter_size; i++) {
- if (filter_static[i].prot && filter_static[i].ptype == PARAM_PTR
- && !strncmp(param, (char*)(filter_static[i].param), MAX_PARAM_LEN)) {
- return (char*)(filter_static[i].param);
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 2,
+ SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ|PROT_WRITE),
+ SCMP_CMP(3, SCMP_CMP_EQ, MAP_PRIVATE|MAP_ANONYMOUS));
+ if(rc) {
+ return rc;
+ }
+
+ return 0;
+}
+#endif
+
+// TODO parameters
+static int sb_open(scmp_filter_ctx ctx) {
+ int rc;
+ sandbox_cfg_t *elem;
+
+ // for each dynamic parameter filters
+ elem = filter_dynamic;
+ for (; elem != NULL; elem = elem->next) {
+ if (elem->prot == 1 && elem->syscall == SCMP_SYS(open)) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1,
+ SCMP_CMP(0, SCMP_CMP_EQ, elem->param));
+ if (rc != 0) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
+ "error %d", rc);
+ return rc;
+ }
+ }
+ }
+
+ return 0;
+}
+
+// TODO parameters
+static int sb_openat(scmp_filter_ctx ctx) {
+ int rc;
+ sandbox_cfg_t *elem;
+
+ // for each dynamic parameter filters
+ elem = filter_dynamic;
+ for (; elem != NULL; elem = elem->next) {
+ if (elem->prot == 1 && elem->syscall == SCMP_SYS(openat)) {
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
+ SCMP_CMP(1, SCMP_CMP_EQ, elem->param));
+ if (rc != 0) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
+ "error %d", rc);
+ return rc;
+ }
}
}
+ return 0;
+}
+
+static sandbox_filter_func_t filter_func[] = {
+ sb_rt_sigaction,
+ sb_execve,
+ sb_time,
+ sb_accept4,
+ sb_mmap2,
+ sb_open,
+ sb_openat
+};
+
+const char*
+sandbox_intern_string(const char *param)
+{
+ sandbox_cfg_t *elem;
+
+ if (param == NULL)
+ return NULL;
+
for (elem = filter_dynamic; elem != NULL; elem = elem->next) {
if (elem->prot && elem->ptype == PARAM_PTR
&& !strncmp(param, (char*)(elem->param), MAX_PARAM_LEN)) {
@@ -264,46 +350,30 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
static int
add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
{
- int i, filter_size, rc = 0;
+ int i, rc = 0;
sandbox_cfg_t *elem;
- if (filter_static != NULL) {
- filter_size = sizeof(filter_static) / sizeof(filter_static[0]);
- } else {
- filter_size = 0;
- }
-
- // for each dynamic parameter filters
- elem = (cfg == NULL) ? filter_dynamic : cfg;
- for (; elem != NULL; elem = elem->next) {
- rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, elem->syscall, 1,
- SCMP_CMP(elem->pindex, SCMP_CMP_EQ, elem->param));
- if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
- "error %d", rc);
- return rc;
- }
- }
-
- // for each static parameter filter
- for (i = 0; i < filter_size; i++) {
- if (!filter_static[i].prot && filter_static[i].ptype == PARAM_PTR) {
- filter_static[i].param = (intptr_t) prot_strdup(
- (char*) (filter_static[i].param));
- }
-
- filter_static[i].prot = 1;
-
- rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter_static[i].syscall, 1,
- SCMP_CMP(filter_static[i].pindex, SCMP_CMP_EQ,
- filter_static[i].param));
- if (rc != 0) {
- log_err(LD_BUG,"(Sandbox) failed to add syscall index %d, "
- "received libseccomp error %d", i, rc);
+ // function pointer
+ for(i = 0; i < LENGHT(filter_func); i++) {
+ if ((filter_func[i])(ctx)) {
+ log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
+ "error %d", rc);
return rc;
}
}
+// // for each dynamic parameter filters
+// elem = (cfg == NULL) ? filter_dynamic : cfg;
+// for (; elem != NULL; elem = elem->next) {
+// rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, elem->syscall, 1,
+// SCMP_CMP(elem->pindex, SCMP_CMP_EQ, elem->param));
+// if (rc != 0) {
+// log_err(LD_BUG,"(Sandbox) failed to add syscall, received libseccomp "
+// "error %d", rc);
+// return rc;
+// }
+// }
+
return 0;
}
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index dbf743e..4344134 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -33,6 +33,7 @@
#define __USE_GNU
#endif
#include <sys/ucontext.h>
+#include <seccomp.h>
#define MAX_PARAM_LEN 64
@@ -62,6 +63,8 @@ struct pfd_elem {
};
typedef struct pfd_elem sandbox_cfg_t;
+typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx);
+
/**
* Linux 32 bit definitions
*/
More information about the tor-commits
mailing list