From c11683b07f0c27f11c47ebaa53dffffc74952018 Mon Sep 17 00:00:00 2001 From: David Stevens Date: Tue, 18 Oct 2022 09:55:51 +0900 Subject: [PATCH] seccomp: add lseek to all devices The panic hook calls read_to_string, which relies on lseek internally. Most devices already allow lseek, but add it to the common policy files to ensure that devices can properly panic. BUG=None TEST=compiles Change-Id: I99d6d1d258706874cc04ce550108991631d71706 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3960213 Reviewed-by: Keiichi Watanabe Commit-Queue: David Stevens Reviewed-by: Alexandre Courbot --- seccomp/aarch64/9p_device.policy | 1 - seccomp/aarch64/block_device.policy | 1 - seccomp/aarch64/common_device.policy | 1 + seccomp/aarch64/cras_audio_device.policy | 1 - seccomp/aarch64/fs_device.policy | 1 - seccomp/aarch64/null_audio_device.policy | 1 - seccomp/aarch64/tpm_device.policy | 1 - seccomp/aarch64/vios_audio_device.policy | 1 - seccomp/aarch64/xhci_device.policy | 1 - seccomp/arm/9p_device.policy | 1 - seccomp/arm/block_device.policy | 1 - seccomp/arm/common_device.policy | 2 ++ seccomp/arm/cras_audio_device.policy | 2 -- seccomp/arm/fs_device.policy | 1 - seccomp/arm/null_audio_device.policy | 1 - seccomp/arm/tpm_device.policy | 1 - seccomp/arm/vios_audio_device.policy | 1 - seccomp/arm/xhci_device.policy | 1 - seccomp/x86_64/9p_device.policy | 1 - seccomp/x86_64/block.policy | 1 - seccomp/x86_64/common_device.policy | 1 + seccomp/x86_64/cras_audio_device.policy | 1 - seccomp/x86_64/fs_device.policy | 1 - seccomp/x86_64/null_audio_device.policy | 1 - seccomp/x86_64/serial_device_vhost_user.policy | 3 --- seccomp/x86_64/tpm_device.policy | 1 - seccomp/x86_64/vhost_user.policy | 3 --- seccomp/x86_64/video_device.policy | 1 + seccomp/x86_64/vios_audio_device.policy | 1 - seccomp/x86_64/xhci_device.policy | 1 - 30 files changed, 5 insertions(+), 31 deletions(-) diff --git a/seccomp/aarch64/9p_device.policy b/seccomp/aarch64/9p_device.policy index 8582eb1c33..1205fb5d71 100644 --- a/seccomp/aarch64/9p_device.policy +++ b/seccomp/aarch64/9p_device.policy @@ -11,7 +11,6 @@ pwrite64: 1 statx: 1 fstat: 1 ioctl: arg1 == FIOCLEX -lseek: 1 getdents64: 1 fdatasync: 1 fsync: 1 diff --git a/seccomp/aarch64/block_device.policy b/seccomp/aarch64/block_device.policy index f93d2cf13d..0e6d9c2c70 100644 --- a/seccomp/aarch64/block_device.policy +++ b/seccomp/aarch64/block_device.policy @@ -9,7 +9,6 @@ fdatasync: 1 fstat: 1 fsync: 1 ftruncate: 1 -lseek: 1 openat: return ENOENT newfstatat: 1 preadv: 1 diff --git a/seccomp/aarch64/common_device.policy b/seccomp/aarch64/common_device.policy index 37b834e354..df818f6f53 100644 --- a/seccomp/aarch64/common_device.policy +++ b/seccomp/aarch64/common_device.policy @@ -23,6 +23,7 @@ gettimeofday: 1 io_uring_setup: 1 io_uring_enter: 1 kill: 1 +lseek: 1 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE mmap: arg2 in ~PROT_EXEC mprotect: arg2 in ~PROT_EXEC diff --git a/seccomp/aarch64/cras_audio_device.policy b/seccomp/aarch64/cras_audio_device.policy index 3478348686..3d621c8838 100644 --- a/seccomp/aarch64/cras_audio_device.policy +++ b/seccomp/aarch64/cras_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 prlimit64: 1 setrlimit: 1 sched_setscheduler: 1 diff --git a/seccomp/aarch64/fs_device.policy b/seccomp/aarch64/fs_device.policy index 49c6f36b4e..0945fc4801 100644 --- a/seccomp/aarch64/fs_device.policy +++ b/seccomp/aarch64/fs_device.policy @@ -39,7 +39,6 @@ ioctl: arg1 == FS_IOC_FSGETXATTR || \ arg1 == 0x40806685 || \ arg1 == 0xc0046686 linkat: 1 -lseek: 1 mkdirat: 1 mknodat: 1 openat: 1 diff --git a/seccomp/aarch64/null_audio_device.policy b/seccomp/aarch64/null_audio_device.policy index c1a95667c6..9fc76f2b4c 100644 --- a/seccomp/aarch64/null_audio_device.policy +++ b/seccomp/aarch64/null_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 prlimit64: 1 setrlimit: 1 openat: return ENOENT diff --git a/seccomp/aarch64/tpm_device.policy b/seccomp/aarch64/tpm_device.policy index f10d072507..9a57f6e687 100644 --- a/seccomp/aarch64/tpm_device.policy +++ b/seccomp/aarch64/tpm_device.policy @@ -10,7 +10,6 @@ fsync: 1 ftruncate: 1 getrandom: 1 getuid: 1 -lseek: 1 mkdirat: 1 newfstatat: 1 openat: 1 diff --git a/seccomp/aarch64/vios_audio_device.policy b/seccomp/aarch64/vios_audio_device.policy index b35f643f3c..500567fa87 100644 --- a/seccomp/aarch64/vios_audio_device.policy +++ b/seccomp/aarch64/vios_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 openat: return ENOENT prlimit64: 1 sched_setscheduler: 1 diff --git a/seccomp/aarch64/xhci_device.policy b/seccomp/aarch64/xhci_device.policy index 965c090505..ab2e3e5653 100644 --- a/seccomp/aarch64/xhci_device.policy +++ b/seccomp/aarch64/xhci_device.policy @@ -33,5 +33,4 @@ socket: arg0 == AF_NETLINK ioctl: arg1 == 0xc0185500 || arg1 == 0x8038550a || arg1 == 0x8004551a || arg1 == 0x4008550d || arg1 == 0x8004550f || arg1 == 0x80045510 || arg1 == 0x80045515 || arg1 == 0x550b || arg1 == 0x5514 || arg1 == 0x80045505 || arg1 == 0x8108551b || arg1 == 0x40085511 || arg1 == 0x80185520 fstat: 1 getrandom: 1 -lseek: 1 prctl: arg0 == PR_SET_NAME diff --git a/seccomp/arm/9p_device.policy b/seccomp/arm/9p_device.policy index cde9354e16..d53f7173db 100644 --- a/seccomp/arm/9p_device.policy +++ b/seccomp/arm/9p_device.policy @@ -10,7 +10,6 @@ stat64: 1 statx: 1 fstat64: 1 ioctl: arg1 == FIOCLEX -_llseek: 1 getdents64: 1 fdatasync: 1 fsync: 1 diff --git a/seccomp/arm/block_device.policy b/seccomp/arm/block_device.policy index 4dd3997c51..54ebc390cc 100644 --- a/seccomp/arm/block_device.policy +++ b/seccomp/arm/block_device.policy @@ -10,7 +10,6 @@ fstat64: 1 fstatat64: 1 fsync: 1 ftruncate64: 1 -_llseek: 1 open: return ENOENT openat: return ENOENT pread64: 1 diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy index b9cf9d3656..921f4fef65 100644 --- a/seccomp/arm/common_device.policy +++ b/seccomp/arm/common_device.policy @@ -25,6 +25,8 @@ gettimeofday: 1 io_uring_setup: 1 io_uring_enter: 1 kill: 1 +lseek: 1 +_llseek: 1 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE mmap2: arg2 in ~PROT_EXEC mprotect: arg2 in ~PROT_EXEC diff --git a/seccomp/arm/cras_audio_device.policy b/seccomp/arm/cras_audio_device.policy index a678b543d3..58071a16dc 100644 --- a/seccomp/arm/cras_audio_device.policy +++ b/seccomp/arm/cras_audio_device.policy @@ -4,8 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -_llseek: 1 -lseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy index bcb96d1d1e..8ffb351fca 100644 --- a/seccomp/arm/fs_device.policy +++ b/seccomp/arm/fs_device.policy @@ -40,7 +40,6 @@ ioctl: arg1 == FS_IOC_FSGETXATTR || \ arg1 == 0x40806685 || \ arg1 == 0xc0046686 linkat: 1 -_llseek: 1 mkdir: 1 mkdirat: 1 mknodat: 1 diff --git a/seccomp/arm/null_audio_device.policy b/seccomp/arm/null_audio_device.policy index 65144651dc..55a5651f08 100644 --- a/seccomp/arm/null_audio_device.policy +++ b/seccomp/arm/null_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -_llseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/arm/tpm_device.policy b/seccomp/arm/tpm_device.policy index 4b2fc7af93..9f2520d341 100644 --- a/seccomp/arm/tpm_device.policy +++ b/seccomp/arm/tpm_device.policy @@ -10,7 +10,6 @@ fsync: 1 ftruncate: 1 getrandom: 1 getuid: 1 -lseek: 1 mkdir: 1 open: 1 openat: 1 diff --git a/seccomp/arm/vios_audio_device.policy b/seccomp/arm/vios_audio_device.policy index 020213c7b3..a1f9219200 100644 --- a/seccomp/arm/vios_audio_device.policy +++ b/seccomp/arm/vios_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/arm/xhci_device.policy b/seccomp/arm/xhci_device.policy index 9e820abd53..9d3ccd6ef6 100644 --- a/seccomp/arm/xhci_device.policy +++ b/seccomp/arm/xhci_device.policy @@ -39,7 +39,6 @@ fstat64: 1 fstatat64: 1 getrandom: 1 getdents: 1 -_llseek: 1 open: return ENOENT openat: 1 prctl: arg0 == PR_SET_NAME diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy index ddb7e6321c..ac76f913b1 100644 --- a/seccomp/x86_64/9p_device.policy +++ b/seccomp/x86_64/9p_device.policy @@ -16,7 +16,6 @@ linkat: 1 unlinkat: 1 renameat: 1 pread64: 1 -lseek: 1 getdents64: 1 mkdirat: 1 rmdir: 1 diff --git a/seccomp/x86_64/block.policy b/seccomp/x86_64/block.policy index f6296d6378..11988adbc7 100644 --- a/seccomp/x86_64/block.policy +++ b/seccomp/x86_64/block.policy @@ -7,7 +7,6 @@ fdatasync: 1 fstat: 1 fsync: 1 ftruncate: 1 -lseek: 1 open: return ENOENT openat: return ENOENT newfstatat: 1 diff --git a/seccomp/x86_64/common_device.policy b/seccomp/x86_64/common_device.policy index 80f43f3be4..9a19c688b4 100644 --- a/seccomp/x86_64/common_device.policy +++ b/seccomp/x86_64/common_device.policy @@ -24,6 +24,7 @@ gettimeofday: 1 io_uring_setup: 1 io_uring_enter: 1 kill: 1 +lseek: 1 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE mmap: arg2 in ~PROT_EXEC mprotect: arg2 in ~PROT_EXEC diff --git a/seccomp/x86_64/cras_audio_device.policy b/seccomp/x86_64/cras_audio_device.policy index 21afc0a5a9..35749b32d4 100644 --- a/seccomp/x86_64/cras_audio_device.policy +++ b/seccomp/x86_64/cras_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/x86_64/fs_device.policy b/seccomp/x86_64/fs_device.policy index 509d0706c0..ac5a7543c6 100644 --- a/seccomp/x86_64/fs_device.policy +++ b/seccomp/x86_64/fs_device.policy @@ -38,7 +38,6 @@ ioctl: arg1 == FS_IOC_FSGETXATTR || \ arg1 == 0x40806685 || \ arg1 == 0xc0046686 linkat: 1 -lseek: 1 mkdir: 1 mkdirat: 1 mknodat: 1 diff --git a/seccomp/x86_64/null_audio_device.policy b/seccomp/x86_64/null_audio_device.policy index 07b6868927..1c46972b73 100644 --- a/seccomp/x86_64/null_audio_device.policy +++ b/seccomp/x86_64/null_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/x86_64/serial_device_vhost_user.policy b/seccomp/x86_64/serial_device_vhost_user.policy index 0cd02f8dc0..1b23fc4069 100644 --- a/seccomp/x86_64/serial_device_vhost_user.policy +++ b/seccomp/x86_64/serial_device_vhost_user.policy @@ -8,6 +8,3 @@ @include /usr/share/policy/crosvm/common_device.policy @include /usr/share/policy/crosvm/serial.policy - -# From vhost_user.policy. -lseek: arg2 == SEEK_END diff --git a/seccomp/x86_64/tpm_device.policy b/seccomp/x86_64/tpm_device.policy index 0c4d5922b7..211fc9fd06 100644 --- a/seccomp/x86_64/tpm_device.policy +++ b/seccomp/x86_64/tpm_device.policy @@ -10,7 +10,6 @@ fsync: 1 ftruncate: 1 getrandom: 1 getuid: 1 -lseek: 1 mkdir: 1 newfstatat: 1 open: 1 diff --git a/seccomp/x86_64/vhost_user.policy b/seccomp/x86_64/vhost_user.policy index 344eeb9dde..3a20f98e37 100644 --- a/seccomp/x86_64/vhost_user.policy +++ b/seccomp/x86_64/vhost_user.policy @@ -8,8 +8,5 @@ # TCGETS/TCSETS: used on FD 0, probably for serial. # b/239779171: try moving this to the serial device once we can extend ioctls across policy files. ioctl: arg1 == FIONBIO || arg1 == TCGETS || arg1 == TCSETS -# For seeking over the received connection. -# b/239779171 : temporarily disabled as it conflicts with block's definition. -# lseek: arg2 == SEEK_END # For accepting a client connection over the socket. accept4: 1 diff --git a/seccomp/x86_64/video_device.policy b/seccomp/x86_64/video_device.policy index 636122b218..8aabbe7580 100644 --- a/seccomp/x86_64/video_device.policy +++ b/seccomp/x86_64/video_device.policy @@ -24,6 +24,7 @@ gettimeofday: 1 io_uring_setup: 1 io_uring_enter: 1 kill: 1 +lseek: 1 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE mremap: 1 munmap: 1 diff --git a/seccomp/x86_64/vios_audio_device.policy b/seccomp/x86_64/vios_audio_device.policy index 020213c7b3..a1f9219200 100644 --- a/seccomp/x86_64/vios_audio_device.policy +++ b/seccomp/x86_64/vios_audio_device.policy @@ -4,7 +4,6 @@ @include /usr/share/policy/crosvm/common_device.policy -lseek: 1 open: return ENOENT openat: return ENOENT prlimit64: 1 diff --git a/seccomp/x86_64/xhci_device.policy b/seccomp/x86_64/xhci_device.policy index 1a06a677b9..d0d490ae5f 100644 --- a/seccomp/x86_64/xhci_device.policy +++ b/seccomp/x86_64/xhci_device.policy @@ -40,5 +40,4 @@ newfstatat: 1 getrandom: 1 getdents: 1 getdents64: 1 -lseek: 1 prctl: arg0 == PR_SET_NAME