chromium/chromium-79.0.3945.56-glibc...

53 lines
3.5 KiB

diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.glibc-clock-nanosleep 2019-12-03 11:36:08.592386976 -0500
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2019-12-03 11:36:34.889947958 -0500
@@ -148,7 +148,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
return Allow();
#endif
- if (sysno == __NR_clock_gettime) {
+ if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
return RestrictClockID();
}
diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h.glibc-clock-nanosleep 2019-12-03 11:36:56.808582039 -0500
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h 2019-12-03 11:37:34.944945377 -0500
@@ -86,12 +86,13 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Restr
// process).
SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetrusage();
-// Restrict |clk_id| for clock_getres(), clock_gettime() and clock_settime().
-// We allow accessing only CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID,
-// CLOCK_REALTIME, and CLOCK_THREAD_CPUTIME_ID. In particular, this disallows
-// access to arbitrary per-{process,thread} CPU-time clock IDs (such as those
-// returned by {clock,pthread}_getcpuclockid), which can leak information
-// about the state of the host OS.
+// Restrict |clk_id| for clock_getres(), clock_gettime(), clock_settime(), and
+// clock_nanosleep(). We allow accessing only CLOCK_BOOTTIME,
+// CLOCK_MONOTONIC{,_RAW,_COARSE}, CLOCK_PROCESS_CPUTIME_ID,
+// CLOCK_REALTIME{,_COARSE}, and CLOCK_THREAD_CPUTIME_ID. In particular, on
+// non-Android platforms this disallows access to arbitrary per-{process,thread}
+// CPU-time clock IDs (such as those returned by {clock,pthread}_getcpuclockid),
+// which can leak information about the state of the host OS.
SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID();
// Restrict the flags argument to getrandom() to allow only no flags, or
diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep 2019-12-03 11:37:53.752639332 -0500
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 2019-12-03 11:38:32.802051407 -0500
@@ -35,9 +35,10 @@ bool SyscallSets::IsAllowedGettime(int s
return true;
case __NR_adjtimex: // Privileged.
case __NR_clock_adjtime: // Privileged.
- case __NR_clock_getres: // Could be allowed.
- case __NR_clock_gettime:
- case __NR_clock_nanosleep: // Could be allowed.
+ case __NR_clock_getres: // Allowed only on Android with parameters
+ // filtered by RestrictClockID().
+ case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
+ case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
case __NR_clock_settime: // Privileged.
#if defined(__i386__) || \
(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))