diff options
author | Daniel Verkamp <dverkamp@chromium.org> | 2019-05-16 11:14:00 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-07-09 23:34:57 +0000 |
commit | 9f86c7a22129242555afd244eb681dae167c2356 (patch) | |
tree | c917ba194f29779f0c7eb6953bf94d956cdb65cc /seccomp | |
parent | 93b0c02227f3acf2c6ff127976875cf3ce98c003 (diff) | |
download | crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar.gz crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar.bz2 crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar.lz crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar.xz crosvm-9f86c7a22129242555afd244eb681dae167c2356.tar.zst crosvm-9f86c7a22129242555afd244eb681dae167c2356.zip |
seccomp: return error from socket for TPM device
The crosvm TPM process calls ssleay_rand_bytes(), which in some cases attempts to acquire entropy through an EGD ("entropy gathering daemon") - see OpenSSL's RAND_query_egd_bytes(). Attempting to communicate with this daemon by creating a socket would cause the process to exit currently because the syscall whitelist did not allow socket() or connect(). Since we don't have an EGD and don't want to expose it to the sandboxed TPM process anyway, modify the TPM seccomp policy to cause socket() to return an error rather than aborting. BUG=None TEST=`vmc start --software-tpm termina` Change-Id: Ib7c6bceced0f6cbe7199614ece8446aa300cec1e Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1684411 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r-- | seccomp/arm/tpm_device.policy | 1 | ||||
-rw-r--r-- | seccomp/x86_64/tpm_device.policy | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/seccomp/arm/tpm_device.policy b/seccomp/arm/tpm_device.policy index 72b78fb..d91626d 100644 --- a/seccomp/arm/tpm_device.policy +++ b/seccomp/arm/tpm_device.policy @@ -54,4 +54,5 @@ lseek: 1 mkdir: 1 open: 1 openat: 1 +socket: return EACCES stat: 1 diff --git a/seccomp/x86_64/tpm_device.policy b/seccomp/x86_64/tpm_device.policy index 5c21480..c3e727d 100644 --- a/seccomp/x86_64/tpm_device.policy +++ b/seccomp/x86_64/tpm_device.policy @@ -53,4 +53,5 @@ lseek: 1 mkdir: 1 open: 1 openat: 1 +socket: return EACCES stat: 1 |