Add Seccomp-BPF policies to the repo.

These policies can be used with the Minijail tool
(http://git.chromium.org/gitweb/?p=chromiumos/platform/minijail.git)
to achieve kernel attack surface reduction.

(Also fix some trailing whitespace.)

BUG=chromium-os:36653
TEST=None

Change-Id: I35dd74702f7dfd701c86e1b25b0831d3925fbf96
Signed-off-by: Jorge Lucangeli Obes <[email protected]>

Author: jlucangelio

src/tlsdate-helper.c

@@ -905,15 +905,15 @@ main(int argc, char **argv)
     run_ssl (time_map, leap);
     (void) munmap (time_map, sizeof (uint32_t));
     _exit (0);
-  } 
+  }
   if (ssl_child != waitpid (ssl_child, &status, 0))
     die ("waitpid failed: %s\n", strerror (errno));
   if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)) ))
     die ("child process failed in SSL handshake\n");
 
   if (0 != clock_get_real_time(&end_time))
     die ("Failed to read current time of day: %s\n", strerror (errno));
-  
+
   /* calculate RTT */
   rt_time_ms = (CLOCK_SEC(&end_time) - CLOCK_SEC(&start_time)) * 1000 + (CLOCK_USEC(&end_time) - CLOCK_USEC(&start_time)) / 1000;
   if (rt_time_ms < 0)

tlsdate-seccomp-amd64.policy

@@ -0,0 +1,48 @@
+mmap: 1
+open: 1
+read: 1
+close: 1
+fstat: 1
+mprotect: 1
+munmap: 1
+stat: 1
+write: 1
+lseek: 1
+brk: 1
+fcntl: 1
+execve: 1
+sendto: 1
+# Allow domain == PF_FILE || domain == PF_INET || domain == PF_NETLINK
+socket: arg0 == 1 || arg0 == 2 || arg0 == 16
+connect: 1
+poll: 1
+access: 1
+arch_prctl: 1
+wait4: 1
+rt_sigaction: 1
+exit_group: 1
+rt_sigprocmask: 1
+clone: 1
+# Allow request == RTC_SET_TIME || request == FIONREAD
+ioctl: arg1 == 0x4024700a || arg1 == 0x541b
+getuid: 1
+exit: 1
+rt_sigreturn: 1
+rename: 1
+select: 1
+setgid: 1
+settimeofday: 1
+restart_syscall: 1
+setresgid: 1
+setgroups: 1
+setsockopt: 1
+bind: 1
+recvfrom: 1
+setresuid: 1
+nanosleep: 1
+clock_gettime: 1
+clock_settime: 1
+futex: 1
+getrlimit: 1
+set_robust_list: 1
+set_tid_address: 1

tlsdate-seccomp-arm.policy

@@ -0,0 +1,50 @@
+open: 1
+read: 1
+mmap2: 1
+stat64: 1
+close: 1
+fstat64: 1
+_newselect: 1
+mprotect: 1
+munmap: 1
+gettimeofday: 1
+_llseek: 1
+write: 1
+rt_sigprocmask: 1
+brk: 1
+execve: 1
+fcntl64: 1
+rt_sigaction: 1
+send: 1
+poll: 1
+# Allow domain == PF_FILE || domain == PF_INET || domain == PF_NETLINK
+socket: arg0 == 1 || arg0 == 2 || arg0 == 16
+uname: 1
+connect: 1
+access: 1
+ARM_set_tls: 1
+wait4: 1
+exit_group: 1
+getuid32: 1
+clone: 1
+# Allow request == RTC_SET_TIME || request == FIONREAD
+ioctl: arg1 == 0x4024700a || arg1 == 0x541b
+setgid32: 1
+recvfrom: 1
+setresuid32: 1
+setgroups32: 1
+settimeofday: 1
+restart_syscall: 1
+setsockopt: 1
+setresgid32: 1
+nanosleep: 1
+exit: 1
+rt_sigreturn: 1
+rename: 1
+bind: 1
+clock_gettime: 1
+clock_settime: 1
+futex: 1
+ugetrlimit: 1
+set_robust_list: 1
+set_tid_address: 1

tlsdate-seccomp-x86.policy

@@ -0,0 +1,47 @@
+open: 1
+mmap2: 1
+read: 1
+close: 1
+fstat64: 1
+stat64: 1
+munmap: 1
+mprotect: 1
+time: 1
+socketcall: 1
+_llseek: 1
+brk: 1
+write: 1
+execve: 1
+fcntl64: 1
+gettimeofday: 1
+poll: 1
+access: 1
+set_thread_area: 1
+waitpid: 1
+exit_group: 1
+rt_sigprocmask: 1
+getuid32: 1
+clone: 1
+rt_sigaction: 1
+# Allow request == RTC_SET_TIME || request == FIONREAD
+ioctl: arg1 == 0x4024700a || arg1 == 0x541b
+setgid32: 1
+setgroups32: 1
+setresuid32: 1
+settimeofday: 1
+restart_syscall: 1
+setresgid32: 1
+nanosleep: 1
+exit: 1
+rt_sigreturn: 1
+rename: 1
+select: 1
+_newselect: 1
+clock_gettime: 1
+clock_settime: 1
+futex: 1
+getrlimit: 1
+ugetrlimit: 1
+set_robust_list: 1
+set_tid_address: 1
+uname: 1