From 9f86c7a22129242555afd244eb681dae167c2356 Mon Sep 17 00:00:00 2001
From: Daniel Verkamp <dverkamp@chromium.org>
Date: Thu, 16 May 2019 11:14:00 -0700
Subject: seccomp: return error from socket for TPM device

The crosvm TPM process calls ssleay_rand_bytes(), which in some cases
attempts to acquire entropy through an EGD ("entropy gathering daemon")
- see OpenSSL's RAND_query_egd_bytes(). Attempting to communicate with
this daemon by creating a socket would cause the process to exit
currently because the syscall whitelist did not allow socket() or
connect().

Since we don't have an EGD and don't want to expose it to the sandboxed
TPM process anyway, modify the TPM seccomp policy to cause socket() to
return an error rather than aborting.

BUG=None
TEST=`vmc start --software-tpm termina`

Change-Id: Ib7c6bceced0f6cbe7199614ece8446aa300cec1e
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1684411
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
---
 seccomp/arm/tpm_device.policy    | 1 +
 seccomp/x86_64/tpm_device.policy | 1 +
 2 files changed, 2 insertions(+)

(limited to 'seccomp')

diff --git a/seccomp/arm/tpm_device.policy b/seccomp/arm/tpm_device.policy
index 72b78fb..d91626d 100644
--- a/seccomp/arm/tpm_device.policy
+++ b/seccomp/arm/tpm_device.policy
@@ -54,4 +54,5 @@ lseek: 1
 mkdir: 1
 open: 1
 openat: 1
+socket: return EACCES
 stat: 1
diff --git a/seccomp/x86_64/tpm_device.policy b/seccomp/x86_64/tpm_device.policy
index 5c21480..c3e727d 100644
--- a/seccomp/x86_64/tpm_device.policy
+++ b/seccomp/x86_64/tpm_device.policy
@@ -53,4 +53,5 @@ lseek: 1
 mkdir: 1
 open: 1
 openat: 1
+socket: return EACCES
 stat: 1
-- 
cgit 1.4.1