1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
|
#ifndef VSF_PTRACESANDBOX_H
#define VSF_PTRACESANDBOX_H
/* Forward delcarations */
struct pt_sandbox;
typedef int (*ptrace_sandbox_validator_t)(struct pt_sandbox*, void*);
/* ptrace_sandbox_alloc()
* PURPOSE
* Allocates a ptrace sandbox object which is needed for the rest of the API.
* RETURNS
* NULL on failure, otherwise an opaque handle.
* TODO
* Only one per process supported at this time.
*/
struct pt_sandbox* ptrace_sandbox_alloc();
/* ptrace_sandbox_free()
* PURPOSE
* Frees the sandbox object.
* PARAMETERS
* p_sandbox - the sandbox handle to free
*/
void ptrace_sandbox_free(struct pt_sandbox* p_sandbox);
/* ptrace_sandbox_launch_process()
* PURPOSE
* Launches a new process and attaches the sandbox to it when it stops.
* PARAMETERS
* p_sandbox - the sandbox handle
* p_func - the function to call at the start of the new process
* p_arg - an argument to pass to the function
* RETURNS
* -1 on failure, otherwise an id for the created process. Not necessarily a
* "pid", please treat is as opaque!
* TODO
* Only one call to this per sandbox object is supported at this time.
*/
int ptrace_sandbox_launch_process(struct pt_sandbox* p_sandbox,
void (*p_func)(void*),
void* p_arg);
/* ptrace_sandbox_run_processes()
* PURPOSE
* Runs sandboxed children until they exit or are killed.
* PARAMETERS
* p_sandbox - the sandbox handle
* RETURNS
* 0 on normal exit or death of processes.
* -1 if any process breached the policy.
*/
int ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox);
/* ptrace_sandbox_kill_processes()
* PURPOSE
* Safely kills off all sandboxed processes.
* PARAMETERS
* p_sandbox - the sandbox handle
*/
void ptrace_sandbox_kill_processes(struct pt_sandbox* p_sandbox);
/* ptrace_sandbox_get_arg()
* PURPOSE
* Gets a syscall argument value for a process stopped in syscall entry.
* PARAMETERS
* p_sandbox - the sandbox handle
* arg - the arg number to get (zero-based)
* p_out - the result is written here
* RETURNS
* 0 on success; otherwise it's a failure.
*/
int ptrace_sandbox_get_arg(struct pt_sandbox* p_sandbox,
int arg,
unsigned long* p_out);
/* ptrace_sandbox_get_socketcall_arg()
* PURPOSE
* Gets a syscall argument value for a process stopped in syscall entry, where
* the system call is a socket-related one. On some architectures (e.g. i386,
* socket calls are in fact multiplexed and store the arguments in a struct
* in user space, hence the need for abstraction.
* PARAMETERS
* p_sandbox - the sandbox handle
* arg - the arg number to get (zero-based)
* p_out - the result is written here
* RETURNS
* 0 on success; otherwise it's a failure.
*/
int ptrace_sandbox_get_socketcall_arg(struct pt_sandbox* p_sandbox,
int arg,
unsigned long* p_out);
/* ptrace_sandbox_get_long()
* PURPOSE
* Gets a long from the address space of the process stopped in syscall entry.
* PARAMETERS
* p_sandbox - the sandbox handle
* ptr - the address to read the long from
* p_out - the result is written here
* RETURNS
* 0 on success; otherwise it's a failure.
*/
int ptrace_sandbox_get_long(struct pt_sandbox* p_sandbox,
unsigned long ptr,
unsigned long* p_out);
/* ptrace_sandbox_get_buf()
* PURPOSE
* Gets a piece of memory from the address space of the process stopped in
* syscall entry.
* PARAMETERS
* p_sandbox - the sandbox handle
* ptr - the address to read the buffer from
* len - the length of the buffer
* p_buf - the result is written here
* RETURNS
* 0 on success; otherwise it's a failure.
*/
int ptrace_sandbox_get_buf(struct pt_sandbox* p_sandbox,
unsigned long ptr,
unsigned long len,
void* p_buf);
/* ptrace_sandbox_attach_point()
* PURPOSE
* Used by the sandbox child code to stop and indicate it is ready to be
* attached to.
* NOTES
* In the event of error trying to stop, the process is forcibly killed as a
* security measure.
*/
void ptrace_sandbox_attach_point(void);
/* POLICY EDIT: permits exit() and exit_group() */
void ptrace_sandbox_permit_exit(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits read() */
void ptrace_sandbox_permit_read(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits write() */
void ptrace_sandbox_permit_write(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sigaction() and rt_sigaction() */
void ptrace_sandbox_permit_sigaction(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits alarm() */
void ptrace_sandbox_permit_alarm(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits time() and gettimeofday() */
void ptrace_sandbox_permit_query_time(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mmap2() (but not the MAP_SHARED flag) */
void ptrace_sandbox_permit_mmap(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mprotect() */
void ptrace_sandbox_permit_mprotect(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits stat(), stat64(), lstat(), lstat64() */
void ptrace_sandbox_permit_file_stats(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fstat(), fstat64() */
void ptrace_sandbox_permit_fd_stats(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits getcwd() */
void ptrace_sandbox_permit_getcwd(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits chdir() */
void ptrace_sandbox_permit_chdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits umask() */
void ptrace_sandbox_permit_umask(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits open(), except O_ASYNC and O_DIRECT. Only O_RDONLY
* allowed unless writeable is 1
*/
void ptrace_sandbox_permit_open(struct pt_sandbox* p_sandbox, int writeable);
/* POLICY EDIT: permits close() */
void ptrace_sandbox_permit_close(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits getdents(), getdents64() */
void ptrace_sandbox_permit_getdents(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fcntl(), fcntl64() for file locking, safe F_SETFL flag
* setting (no O_ASYNC, O_DIRECT), F_SETOWN for your own pid and F_SETFD.
*/
void ptrace_sandbox_permit_fcntl(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sendfile(), sendfile64() */
void ptrace_sandbox_permit_sendfile(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits lseek(), llseek() */
void ptrace_sandbox_permit_seek(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits select(), newselect() */
void ptrace_sandbox_permit_select(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits unlink() */
void ptrace_sandbox_permit_unlink(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mkdir() */
void ptrace_sandbox_permit_mkdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits rmdir() */
void ptrace_sandbox_permit_rmdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits rename() */
void ptrace_sandbox_permit_rename(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits utime(), utimes() */
void ptrace_sandbox_permit_utime(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sigreturn() */
void ptrace_sandbox_permit_sigreturn(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits recv() */
void ptrace_sandbox_permit_recv(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits readlink() */
void ptrace_sandbox_permit_readlink(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits brk() */
void ptrace_sandbox_permit_brk(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits nanosleep() */
void ptrace_sandbox_permit_sleep(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fchmod() */
void ptrace_sandbox_permit_fchmod(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits chmod() */
void ptrace_sandbox_permit_chmod(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fchown(), fchown32() */
void ptrace_sandbox_permit_fchown(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mremap() */
void ptrace_sandbox_permit_mremap(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits ftruncate(), ftruncate64() */
void ptrace_sandbox_permit_ftruncate(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits socket() */
void ptrace_sandbox_permit_socket(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for socket() */
void ptrace_sandbox_set_socket_validator(struct pt_sandbox* p_sandbox,
ptrace_sandbox_validator_t val,
void* p_arg);
/* POLICY EDIT: permits bind() */
void ptrace_sandbox_permit_bind(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for bind() */
void ptrace_sandbox_set_bind_validator(struct pt_sandbox* p_sandbox,
ptrace_sandbox_validator_t val,
void* p_arg);
/* POLICY EDIT: permits connect() */
void ptrace_sandbox_permit_connect(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for connect() */
void ptrace_sandbox_set_connect_validator(struct pt_sandbox* p_sandbox,
ptrace_sandbox_validator_t val,
void* p_arg);
/* POLICY EDIT: permits listen() */
void ptrace_sandbox_permit_listen(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits accept() */
void ptrace_sandbox_permit_accept(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits setsockopt() */
void ptrace_sandbox_permit_setsockopt(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for setsockopt() */
void ptrace_sandbox_set_setsockopt_validator(struct pt_sandbox* p_sandbox,
ptrace_sandbox_validator_t val,
void* p_arg);
/* POLICY EDIT: permits getsockopt() */
void ptrace_sandbox_permit_getsockopt(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for getsockopt() */
void ptrace_sandbox_set_getsockopt_validator(struct pt_sandbox* p_sandbox,
ptrace_sandbox_validator_t val,
void* p_arg);
/* POLICY EDIT: permits shutdown() */
void ptrace_sandbox_permit_shutdown(struct pt_sandbox* p_sandbox);
/* The traced process is unexpectedly dead; probably an external SIGKILL */
#define PTRACE_SANDBOX_ERR_DEAD -1
/* An unexpected error from ptrace() */
#define PTRACE_SANDBOX_ERR_PTRACE -2
/* An unexpected error from waitpid() */
#define PTRACE_SANDBOX_ERR_WAITPID -3
/* An unexpected waitpid() status was returned */
#define PTRACE_SANDBOX_ERR_WAIT_STATUS -4
/* A syscall not in the policy was attempted */
#define PTRACE_SANDBOX_ERR_POLICY_SYSCALL -5
/* A "bad" syscall was attemped: out-of-bounds, 64-bit in a 32-bit child etc. */
#define PTRACE_SANDBOX_ERR_BAD_SYSCALL -6
/* Bad arguments to a generally accepted syscall */
#define PTRACE_SANDBOX_ERR_POLICY_ARGS -7
/* Abuse of our API */
#define PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT -8
#endif /* VSF_PTRACESANDBOX_H */
|
