Issue 817548 link

Starred by 1 user

Issue metadata

Status:	Untriaged
Owner:	----
Cc:	smbar...@chromium.org dgreid@chromium.org
Components:	Platform>Apps>Container
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug
merge-merged-chromeos-4.4 merge-merged-chromeos-4.14

Block AF_VSOCK sockets in arc++

Project Member Reported by chirantan@chromium.org, Feb 28 2018

Issue description

ARC++ apps have no reason to use AF_VSOCK sockets.  We should add an entry to the arc++ alt-syscall table to reject socket system calls with that flag.

Project Member

Comment 1 by bugdroid1@chromium.org, Mar 16 2018

Labels: merge-merged-chromeos-4.4

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1fa51dfc47835a8e5eed5f5ea9f36ba4dd65600d

commit 1fa51dfc47835a8e5eed5f5ea9f36ba4dd65600d
Author: Dylan Reid <dgreid@chromium.org>
Date: Fri Mar 16 00:58:16 2018

CHROMIUM: alt-syscall: Block AF_VSOCK from android

We've enabled VSOCK, but there is no reason for android to access it.
Return EPERM if it ever tries.

BUG=817548
TEST=allmodconfig builds, android still starts on scarlet.

Change-Id: I559dd4b15d6fb2c57980b7eb7c39857f19586297
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/963679

[modify] https://crrev.com/1fa51dfc47835a8e5eed5f5ea9f36ba4dd65600d/security/chromiumos/alt-syscall.c

Project Member

Comment 2 by bugdroid1@chromium.org, Mar 17 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/333f7981e41f5d1e936b12edfb1c5b0d22182562

commit 333f7981e41f5d1e936b12edfb1c5b0d22182562
Author: Guenter Roeck <groeck@chromium.org>
Date: Sat Mar 17 03:55:46 2018

FIXUP: CHROMIUM: alt-syscall: Block AF_VSOCK from android

When using a socket address family definition, it helps to include
linux/socket.h. This avoids build errors such as

security/chromiumos/alt-syscall.c: In function 'android_socket':
security/chromiumos/alt-syscall.c:568:16: error: 'AF_VSOCK' undeclared

Also fix up coding style in added function, and mark it as __maybe_unused.

BUG=chromium:817548
TEST=i386:allmodconfig

Change-Id: I139f1cf5e8a842561d89e1faf8781bf2beac6afd
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/966544
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

[modify] https://crrev.com/333f7981e41f5d1e936b12edfb1c5b0d22182562/security/chromiumos/alt-syscall.c

Project Member

Comment 3 by bugdroid1@chromium.org, Aug 4

Labels: merge-merged-chromeos-4.14

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2f48c0e4ba6385d1acf5d17d70fab2532d81b7fa

commit 2f48c0e4ba6385d1acf5d17d70fab2532d81b7fa
Author: Dylan Reid <dgreid@chromium.org>
Date: Sat Aug 04 09:00:08 2018

CHROMIUM: alt-syscall: Block AF_VSOCK from android

We've enabled VSOCK, but there is no reason for android to access it.
Return EPERM if it ever tries.

BUG=817548
TEST=allmodconfig builds, android still starts on scarlet.

Change-Id: I559dd4b15d6fb2c57980b7eb7c39857f19586297
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/963679
(cherry picked from commit 1fa51dfc47835a8e5eed5f5ea9f36ba4dd65600d)
Signed-off-by: Micah Morton <mortonm@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1162826

[modify] https://crrev.com/2f48c0e4ba6385d1acf5d17d70fab2532d81b7fa/security/chromiumos/alt-syscall.c

►

Issue 817548 link

Issue metadata

Block AF_VSOCK sockets in arc++

Issue description

Comment 1 by bugdroid1@chromium.org, Mar 16 2018

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, Mar 17 2018

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Aug 4

Comment 3 Deleted

Sign in to add a comment