android – Oreo:如何在源代码中找到所有受限制的系统调用?
作者:互联网
https://android-developers.googleblog.com/2017/07/seccomp-filter-in-android-o.html
正如本文中的“seccomp过滤器”部分所述,
Android O’s seccomp filter blocks certain syscalls, such as swapon/swapoff, which have been implicated in some security attacks, and the key control syscalls, which are not useful to apps. In total, the filter blocks 17 of 271 syscalls in arm64 and 70 of 364 in arm.
现在,一些系统调用被阻塞并抛出错误信号31(SIGSYS),代码1(SYS_SECCOMP),错误地址——–原因:seccomp阻止调用不允许的系统调用55.
但我无法在arm64和70系统调用中找到上面的17个系统调用列表.
哪些系统调用受到限制?我怎样才能找到导致崩溃的系统调用?
编辑:
似乎这里生成了此错误消息.
} else if (si->si_signo == SIGSYS && si->si_code == SYS_SECCOMP) {
cause = StringPrintf("seccomp prevented call to disallowed %s system call %d", ABI_STRING,
si->si_syscall);
}
解决方法:
哪些Syscalls在Android 8.0 Oreo中受限制?
系统调用过滤器source files是自动生成的,但生成过滤器的文本文件位于the next directory up.这里我们找到一个list of all syscalls of interest,以及几个白名单和黑名单.据推测app blacklist就是你要找的;我在下面总结了它.
编辑:Syscall过滤背景
过滤本身是Linux内核提供的标准功能,称为seccomp.所有AOSP都使用此功能来过滤上面链接的应用黑名单中列出的系统调用.脚本处理将黑名单列入特定于平台的自动生成过滤器,然后将其提供给seccomp,以启动所有Android应用程序(即Zygote).一旦此过滤处于活动状态,从过滤后的过程(即任何应用程序)进行匹配的系统调用将导致交付SIGKILL signal.有关Linux信号的一些一般信息,请参阅here.由您链接的AOSP源打印的错误消息只是系统在发现您的进程被终止时尝试给您一些有用的信息 – 请注意方法名称是dump_probable_cause.
阻止Syscalls修改ID
+--------------------------------------------------+--------------------------+ | Function | Blocked On | +--------------------------------------------------+--------------------------+ | int setgid:setgid32(gid_t) | arm,x86 | | int setgid:setgid(gid_t) | arm64,mips,mips64,x86_64 | | int setuid:setuid32(uid_t) | arm,x86 | | int setuid:setuid(uid_t) | arm64,mips,mips64,x86_64 | | int setreuid:setreuid32(uid_t, uid_t) | arm,x86 | | int setreuid:setreuid(uid_t, uid_t) | arm64,mips,mips64,x86_64 | | int setresuid:setresuid32(uid_t, uid_t, uid_t) | arm,x86 | | int setresuid:setresuid(uid_t, uid_t, uid_t) | arm64,mips,mips64,x86_64 | | int setresgid:setresgid32(gid_t, gid_t, gid_t) | arm,x86 | | int setresgid:setresgid(gid_t, gid_t, gid_t) | arm64,mips,mips64,x86_64 | | int setfsgid(gid_t) | all | | int setfsuid(uid_t) | all | | int setgroups:setgroups32(int, const gid_t*) | arm,x86 | | int setgroups:setgroups(int, const gid_t*) | arm64,mips,mips64,x86_64 | +--------------------------------------------------+--------------------------+
阻止Syscalls修改时间
+--------------------------------------------------------------------+------------+ | Function | Blocked On | +--------------------------------------------------------------------+------------+ | int adjtimex(struct timex*) | all | | int clock_adjtime(clockid_t, struct timex*) | all | | int clock_settime(clockid_t, const struct timespec*) | all | | int settimeofday(const struct timeval*, const struct timezone*) | all | | int acct(const char* filepath) | all | | int klogctl:syslog(int, char*, int) | all | | int capset(cap_user_header_t header, const cap_user_data_t data) | all | | int chroot(const char*) | all | +--------------------------------------------------------------------+------------+
阻止Syscalls改变各种机器配置
+--------------------------------------------------------------------------------+------------+ | Function | Blocked On | +--------------------------------------------------------------------------------+------------+ | int init_module(void*, unsigned long, const char*) | all | | int delete_module(const char*, unsigned int) | all | | int mount(const char*, const char*, const char*, unsigned long, const void*) | all | | int umount2(const char*, int) | all | | int swapon(const char*, int) | all | | int swapoff(const char*) | all | | int setdomainname(const char*, size_t) | all | | int sethostname(const char*, size_t) | all | | int __reboot:reboot(int, int, int, void*) | all | +--------------------------------------------------------------------------------+------------+
标签:android,system-calls,android-8-0-oreo,android-8-1-oreo 来源: https://codeday.me/bug/20190522/1153189.html