53 lines
3.5 KiB
53 lines
3.5 KiB
5 years ago
|
diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||
|
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.glibc-clock-nanosleep 2019-12-03 11:36:08.592386976 -0500
|
||
|
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2019-12-03 11:36:34.889947958 -0500
|
||
|
@@ -148,7 +148,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
|
||
|
return Allow();
|
||
|
#endif
|
||
|
|
||
|
- if (sysno == __NR_clock_gettime) {
|
||
|
+ if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
|
||
|
return RestrictClockID();
|
||
|
}
|
||
|
|
||
|
diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
|
||
|
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h.glibc-clock-nanosleep 2019-12-03 11:36:56.808582039 -0500
|
||
|
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h 2019-12-03 11:37:34.944945377 -0500
|
||
|
@@ -86,12 +86,13 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Restr
|
||
|
// process).
|
||
|
SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictGetrusage();
|
||
|
|
||
|
-// Restrict |clk_id| for clock_getres(), clock_gettime() and clock_settime().
|
||
|
-// We allow accessing only CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID,
|
||
|
-// CLOCK_REALTIME, and CLOCK_THREAD_CPUTIME_ID. In particular, this disallows
|
||
|
-// access to arbitrary per-{process,thread} CPU-time clock IDs (such as those
|
||
|
-// returned by {clock,pthread}_getcpuclockid), which can leak information
|
||
|
-// about the state of the host OS.
|
||
|
+// Restrict |clk_id| for clock_getres(), clock_gettime(), clock_settime(), and
|
||
|
+// clock_nanosleep(). We allow accessing only CLOCK_BOOTTIME,
|
||
|
+// CLOCK_MONOTONIC{,_RAW,_COARSE}, CLOCK_PROCESS_CPUTIME_ID,
|
||
|
+// CLOCK_REALTIME{,_COARSE}, and CLOCK_THREAD_CPUTIME_ID. In particular, on
|
||
|
+// non-Android platforms this disallows access to arbitrary per-{process,thread}
|
||
|
+// CPU-time clock IDs (such as those returned by {clock,pthread}_getcpuclockid),
|
||
|
+// which can leak information about the state of the host OS.
|
||
|
SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID();
|
||
|
|
||
|
// Restrict the flags argument to getrandom() to allow only no flags, or
|
||
|
diff -up chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
|
||
|
--- chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep 2019-12-03 11:37:53.752639332 -0500
|
||
|
+++ chromium-79.0.3945.56/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 2019-12-03 11:38:32.802051407 -0500
|
||
|
@@ -35,9 +35,10 @@ bool SyscallSets::IsAllowedGettime(int s
|
||
|
return true;
|
||
|
case __NR_adjtimex: // Privileged.
|
||
|
case __NR_clock_adjtime: // Privileged.
|
||
|
- case __NR_clock_getres: // Could be allowed.
|
||
|
- case __NR_clock_gettime:
|
||
|
- case __NR_clock_nanosleep: // Could be allowed.
|
||
|
+ case __NR_clock_getres: // Allowed only on Android with parameters
|
||
|
+ // filtered by RestrictClockID().
|
||
|
+ case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
|
||
|
+ case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
|
||
|
case __NR_clock_settime: // Privileged.
|
||
|
#if defined(__i386__) || \
|
||
|
(defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
|