2020-01-17 21:05:03 +08:00
|
|
|
// Copyright 2019 Google LLC
|
2019-03-19 00:21:48 +08:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
2022-01-28 17:38:27 +08:00
|
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
2019-03-19 00:21:48 +08:00
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
// Implementation of the sandbox2::Policy class.
|
|
|
|
|
|
|
|
#include "sandboxed_api/sandbox2/policy.h"
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <linux/audit.h>
|
|
|
|
#include <linux/ipc.h>
|
|
|
|
#include <sched.h>
|
|
|
|
#include <syscall.h>
|
|
|
|
|
|
|
|
#include <cstring>
|
|
|
|
#include <string>
|
|
|
|
|
2022-10-20 21:48:06 +08:00
|
|
|
#include "absl/flags/flag.h"
|
|
|
|
#include "absl/log/log.h"
|
2021-05-20 23:16:45 +08:00
|
|
|
#include "sandboxed_api/config.h"
|
2019-03-19 00:21:48 +08:00
|
|
|
#include "sandboxed_api/sandbox2/bpfdisassembler.h"
|
|
|
|
#include "sandboxed_api/sandbox2/comms.h"
|
|
|
|
#include "sandboxed_api/sandbox2/syscall.h"
|
|
|
|
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
2022-10-20 21:48:06 +08:00
|
|
|
#include "sandboxed_api/util/raw_logging.h"
|
2019-03-19 00:21:48 +08:00
|
|
|
|
2022-07-04 02:20:00 +08:00
|
|
|
#ifndef SECCOMP_FILTER_FLAG_NEW_LISTENER
|
|
|
|
#define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3)
|
|
|
|
#endif
|
|
|
|
|
2019-03-19 00:21:48 +08:00
|
|
|
ABSL_FLAG(bool, sandbox2_danger_danger_permit_all, false,
|
|
|
|
"Allow all syscalls, useful for testing");
|
2022-10-20 21:48:06 +08:00
|
|
|
ABSL_FLAG(std::string, sandbox2_danger_danger_permit_all_and_log, "",
|
2019-03-19 00:21:48 +08:00
|
|
|
"Allow all syscalls and log them into specified file");
|
|
|
|
|
|
|
|
namespace sandbox2 {
|
|
|
|
|
|
|
|
// The final policy is the concatenation of:
|
|
|
|
// 1. default policy (GetDefaultPolicy, private),
|
|
|
|
// 2. user policy (user_policy_, public),
|
|
|
|
// 3. default KILL action (avoid failing open if user policy did not do it).
|
|
|
|
std::vector<sock_filter> Policy::GetPolicy() const {
|
|
|
|
if (absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all) ||
|
|
|
|
!absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all_and_log).empty()) {
|
|
|
|
return GetTrackingPolicy();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now we can start building the policy.
|
|
|
|
// 1. Start with the default policy (e.g. syscall architecture checks).
|
|
|
|
auto policy = GetDefaultPolicy();
|
|
|
|
VLOG(3) << "Default policy:\n" << bpf::Disasm(policy);
|
|
|
|
|
|
|
|
// 2. Append user policy.
|
|
|
|
VLOG(3) << "User policy:\n" << bpf::Disasm(user_policy_);
|
|
|
|
// Add default syscall_nr loading in case the user forgets.
|
|
|
|
policy.push_back(LOAD_SYSCALL_NR);
|
|
|
|
policy.insert(policy.end(), user_policy_.begin(), user_policy_.end());
|
|
|
|
|
|
|
|
// 3. Finish with default KILL action.
|
|
|
|
policy.push_back(KILL);
|
|
|
|
|
|
|
|
VLOG(2) << "Final policy:\n" << bpf::Disasm(policy);
|
|
|
|
return policy;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If you modify this function, you should also modify.
|
|
|
|
// Monitor::LogAccessViolation to keep them in sync.
|
|
|
|
//
|
|
|
|
// Produces a policy which returns SECCOMP_RET_TRACE instead of SECCOMP_RET_KILL
|
|
|
|
// for the __NR_execve syscall, so the tracer can make a decision to allow or
|
|
|
|
// disallow it depending on which occurrence of __NR_execve it was.
|
|
|
|
// LINT.IfChange
|
|
|
|
std::vector<sock_filter> Policy::GetDefaultPolicy() const {
|
|
|
|
bpf_labels l = {0};
|
|
|
|
|
|
|
|
std::vector<sock_filter> policy = {
|
2022-05-27 17:41:42 +08:00
|
|
|
// If compiled arch is different from the runtime one, inform the Monitor.
|
2020-09-11 21:33:57 +08:00
|
|
|
LOAD_ARCH,
|
|
|
|
JEQ32(Syscall::GetHostAuditArch(), JUMP(&l, past_arch_check_l)),
|
|
|
|
#if defined(SAPI_X86_64)
|
2021-01-14 01:25:25 +08:00
|
|
|
JEQ32(AUDIT_ARCH_I386, TRACE(sapi::cpu::kX86)), // 32-bit sandboxee
|
2020-09-11 21:33:57 +08:00
|
|
|
#endif
|
2021-01-14 01:25:25 +08:00
|
|
|
TRACE(sapi::cpu::kUnknown),
|
2020-09-11 21:33:57 +08:00
|
|
|
LABEL(&l, past_arch_check_l),
|
|
|
|
|
|
|
|
// After the policy is uploaded, forkserver will execve the sandboxee. We
|
|
|
|
// need to allow this execve but not others. Since BPF does not have
|
|
|
|
// state, we need to inform the Monitor to decide, and for that we use a
|
|
|
|
// magic value in syscall args 5. Note that this value is not supposed to
|
|
|
|
// be secret, but just an optimization so that the monitor is not
|
|
|
|
// triggered on every call to execveat.
|
|
|
|
LOAD_SYSCALL_NR,
|
|
|
|
JNE32(__NR_execveat, JUMP(&l, past_execveat_l)),
|
|
|
|
ARG_32(4),
|
|
|
|
JNE32(AT_EMPTY_PATH, JUMP(&l, past_execveat_l)),
|
|
|
|
ARG_32(5),
|
|
|
|
JNE32(internal::kExecveMagic, JUMP(&l, past_execveat_l)),
|
|
|
|
SANDBOX2_TRACE,
|
|
|
|
LABEL(&l, past_execveat_l),
|
|
|
|
|
|
|
|
LOAD_SYSCALL_NR,
|
2019-03-19 00:21:48 +08:00
|
|
|
};
|
2022-05-27 17:57:03 +08:00
|
|
|
|
|
|
|
// Forbid ptrace because it's unsafe or too risky. The user policy can only
|
|
|
|
// block (i.e. return an error instead of killing the process) but not allow
|
|
|
|
// ptrace. This uses LOAD_SYSCALL_NR from above.
|
|
|
|
if (!user_policy_handles_ptrace_) {
|
|
|
|
policy.insert(policy.end(), {JEQ32(__NR_ptrace, DENY)});
|
|
|
|
}
|
|
|
|
|
2020-12-03 00:37:55 +08:00
|
|
|
// If user policy doesn't mention it, then forbid bpf because it's unsafe or
|
|
|
|
// too risky. This uses LOAD_SYSCALL_NR from above.
|
|
|
|
if (!user_policy_handles_bpf_) {
|
|
|
|
policy.insert(policy.end(), {JEQ32(__NR_bpf, DENY)});
|
|
|
|
}
|
|
|
|
policy.insert(policy.end(),
|
|
|
|
{
|
|
|
|
// Disallow clone with CLONE_UNTRACED flag. This uses
|
|
|
|
// LOAD_SYSCALL_NR from above.
|
|
|
|
JNE32(__NR_clone, JUMP(&l, past_clone_untraced_l)),
|
|
|
|
// Regardless of arch, we only care about the lower 32-bits
|
|
|
|
// of the flags.
|
|
|
|
ARG_32(0),
|
|
|
|
JA32(CLONE_UNTRACED, DENY),
|
|
|
|
LABEL(&l, past_clone_untraced_l),
|
2022-07-04 02:20:00 +08:00
|
|
|
// Disallow seccomp with SECCOMP_FILTER_FLAG_NEW_LISTENER
|
|
|
|
// flag.
|
|
|
|
LOAD_SYSCALL_NR,
|
|
|
|
JNE32(__NR_seccomp, JUMP(&l, past_seccomp_new_listener)),
|
|
|
|
// Regardless of arch, we only care about the lower 32-bits
|
|
|
|
// of the flags.
|
|
|
|
ARG_32(1),
|
|
|
|
JA32(SECCOMP_FILTER_FLAG_NEW_LISTENER, DENY),
|
|
|
|
LABEL(&l, past_seccomp_new_listener),
|
2020-12-03 00:37:55 +08:00
|
|
|
});
|
2019-03-19 00:21:48 +08:00
|
|
|
|
|
|
|
if (bpf_resolve_jumps(&l, policy.data(), policy.size()) != 0) {
|
|
|
|
LOG(FATAL) << "Cannot resolve bpf jumps";
|
|
|
|
}
|
|
|
|
|
|
|
|
return policy;
|
|
|
|
}
|
|
|
|
// LINT.ThenChange(monitor.cc)
|
|
|
|
|
|
|
|
std::vector<sock_filter> Policy::GetTrackingPolicy() const {
|
|
|
|
return {
|
2020-09-11 21:33:57 +08:00
|
|
|
LOAD_ARCH,
|
|
|
|
#if defined(SAPI_X86_64)
|
2021-01-14 01:25:25 +08:00
|
|
|
JEQ32(AUDIT_ARCH_X86_64, TRACE(sapi::cpu::kX8664)),
|
|
|
|
JEQ32(AUDIT_ARCH_I386, TRACE(sapi::cpu::kX86)),
|
2020-09-11 21:33:57 +08:00
|
|
|
#elif defined(SAPI_PPC64_LE)
|
2021-01-14 01:25:25 +08:00
|
|
|
JEQ32(AUDIT_ARCH_PPC64LE, TRACE(sapi::cpu::kPPC64LE)),
|
2020-09-11 21:33:57 +08:00
|
|
|
#elif defined(SAPI_ARM64)
|
2021-01-14 01:25:25 +08:00
|
|
|
JEQ32(AUDIT_ARCH_AARCH64, TRACE(sapi::cpu::kArm64)),
|
2020-12-17 01:17:53 +08:00
|
|
|
#elif defined(SAPI_ARM)
|
2021-01-14 01:25:25 +08:00
|
|
|
JEQ32(AUDIT_ARCH_ARM, TRACE(sapi::cpu::kArm)),
|
2020-09-11 21:33:57 +08:00
|
|
|
#endif
|
2021-01-14 01:25:25 +08:00
|
|
|
TRACE(sapi::cpu::kUnknown),
|
2019-03-19 00:21:48 +08:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Policy::SendPolicy(Comms* comms) const {
|
|
|
|
auto policy = GetPolicy();
|
|
|
|
if (!comms->SendBytes(
|
|
|
|
reinterpret_cast<uint8_t*>(policy.data()),
|
|
|
|
static_cast<uint64_t>(policy.size()) * sizeof(sock_filter))) {
|
|
|
|
LOG(ERROR) << "Couldn't send policy";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-07-12 20:42:57 +08:00
|
|
|
void Policy::AllowUnsafeKeepCapabilities(std::vector<int> caps) {
|
2019-03-19 00:21:48 +08:00
|
|
|
if (namespace_) {
|
|
|
|
namespace_->DisableUserNamespace();
|
|
|
|
}
|
2021-07-12 20:42:57 +08:00
|
|
|
capabilities_ = std::move(caps);
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void Policy::GetPolicyDescription(PolicyDescription* policy) const {
|
|
|
|
policy->set_user_bpf_policy(user_policy_.data(),
|
|
|
|
user_policy_.size() * sizeof(sock_filter));
|
|
|
|
if (policy_builder_description_) {
|
|
|
|
*policy->mutable_policy_builder_description() =
|
|
|
|
*policy_builder_description_;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (namespace_) {
|
|
|
|
namespace_->GetNamespaceDescription(
|
|
|
|
policy->mutable_namespace_description());
|
|
|
|
}
|
|
|
|
|
2021-07-12 17:37:17 +08:00
|
|
|
for (const auto& cap : capabilities_) {
|
|
|
|
policy->add_capabilities(cap);
|
2019-03-19 00:21:48 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace sandbox2
|