Blacklist setregid(32) for apps.
Given that it's friends setgid/setresgid already are, I don't see why setregid(32) should be allowed. Test: (Fixed up) CtsSeccompHostTestcases passes Change-Id: I31bb429da26baa18ec63b6bfc62628a937fdab0c
This commit is contained in:
Martijn Coenen
parent
ca305a39e5
commit
e17fce1a47
1 changed files with 5 additions and 1 deletions
|
|
@ -29,17 +29,21 @@
|
|||
# This file is processed by a python script named genseccomp.py.
|
||||
|
||||
# Note: Some privileged syscalls are still needed in app process after fork before uid change,
|
||||
# including capset and setresuid.
|
||||
# including capset and setresuid. This is because the seccomp filter must be installed while
|
||||
# the process still has CAP_SYS_ADMIN; changing the uid would remove that capability.
|
||||
|
||||
# syscalls to modify IDs
|
||||
int setgid:setgid32(gid_t) arm,x86
|
||||
int setgid:setgid(gid_t) arm64,mips,mips64,x86_64
|
||||
int setuid:setuid32(uid_t) arm,x86
|
||||
int setuid:setuid(uid_t) arm64,mips,mips64,x86_64
|
||||
int setregid:setregid32(gid_t, gid_t) arm,x86
|
||||
int setregid:setregid(gid_t, gid_t) arm64,mips,mips64,x86_64
|
||||
int setreuid:setreuid32(uid_t, uid_t) arm,x86
|
||||
int setreuid:setreuid(uid_t, uid_t) arm64,mips,mips64,x86_64
|
||||
int setresgid:setresgid32(gid_t, gid_t, gid_t) arm,x86
|
||||
int setresgid:setresgid(gid_t, gid_t, gid_t) arm64,mips,mips64,x86_64
|
||||
# setresuid is explicitly allowed, see above.
|
||||
int setfsgid(gid_t) all
|
||||
int setfsuid(uid_t) all
|
||||
int setgroups:setgroups32(int, const gid_t*) arm,x86
|
||||
|
|
|
|||
Loading…
Reference in a new issue