content/common/sandbox_linux.cc - Issue 101773003: Linux sandbox: cleanup sandbox-bpf naming.

Side by Side Diff: content/common/sandbox_linux.cc

Issue 101773003: Linux sandbox: cleanup sandbox-bpf naming. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address namespace sandbox nits. Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <dirent.h>	5 #include <dirent.h>

6 #include <fcntl.h>	6 #include <fcntl.h>

7 #include <sys/resource.h>	7 #include <sys/resource.h>

8 #include <sys/stat.h>	8 #include <sys/stat.h>

9 #include <sys/time.h>	9 #include <sys/time.h>

10 #include <sys/types.h>	10 #include <sys/types.h>

(...skipping 90 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
101 __sanitizer_sandbox_on_notify(/reserved/NULL);	101 __sanitizer_sandbox_on_notify(/reserved/NULL);

102 #endif	102 #endif

103	103

104 #if !defined(NDEBUG)	104 #if !defined(NDEBUG)

105 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't	105 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't

106 // produce a sandbox escape in Release mode.	106 // produce a sandbox escape in Release mode.

107 proc_fd_ = open("/proc", O_DIRECTORY \| O_RDONLY);	107 proc_fd_ = open("/proc", O_DIRECTORY \| O_RDONLY);

108 CHECK_GE(proc_fd_, 0);	108 CHECK_GE(proc_fd_, 0);

109 #endif // !defined(NDEBUG)	109 #endif // !defined(NDEBUG)

110 // We "pre-warm" the code that detects supports for seccomp BPF.	110 // We "pre-warm" the code that detects supports for seccomp BPF.

111 if (SandboxSeccompBpf::IsSeccompBpfDesired()) {	111 if (SandboxSeccompBPF::IsSeccompBPFDesired()) {

112 if (!SandboxSeccompBpf::SupportsSandbox()) {	112 if (!SandboxSeccompBPF::SupportsSandbox()) {

113 VLOG(1) << "Lacking support for seccomp-bpf sandbox.";	113 VLOG(1) << "Lacking support for seccomp-bpf sandbox.";

114 } else {	114 } else {

115 seccomp_bpf_supported_ = true;	115 seccomp_bpf_supported_ = true;

116 }	116 }

117 }	117 }

118 pre_initialized_ = true;	118 pre_initialized_ = true;

119 }	119 }

120	120

121 bool LinuxSandbox::InitializeSandbox() {	121 bool LinuxSandbox::InitializeSandbox() {

122 bool seccomp_bpf_started = false;	122 bool seccomp_bpf_started = false;

(...skipping 24 matching lines...) Expand all Loading...
147 }	147 }

148	148

149 DCHECK(!linux_sandbox->HasOpenDirectories()) <<	149 DCHECK(!linux_sandbox->HasOpenDirectories()) <<

150 "InitializeSandbox() called after unexpected directories have been " <<	150 "InitializeSandbox() called after unexpected directories have been " <<

151 "opened. This breaks the security of the setuid sandbox.";	151 "opened. This breaks the security of the setuid sandbox.";

152	152

153 // Attempt to limit the future size of the address space of the process.	153 // Attempt to limit the future size of the address space of the process.

154 linux_sandbox->LimitAddressSpace(process_type);	154 linux_sandbox->LimitAddressSpace(process_type);

155	155

156 // First, try to enable seccomp-bpf.	156 // First, try to enable seccomp-bpf.

157 seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);	157 seccomp_bpf_started = linux_sandbox->StartSeccompBPF(process_type);

158	158

159 return seccomp_bpf_started;	159 return seccomp_bpf_started;

160 }	160 }

161	161

162 int LinuxSandbox::GetStatus() const {	162 int LinuxSandbox::GetStatus() const {

163 CHECK(pre_initialized_);	163 CHECK(pre_initialized_);

164 int sandbox_flags = 0;	164 int sandbox_flags = 0;

165 if (setuid_sandbox_client_->IsSandboxed()) {	165 if (setuid_sandbox_client_->IsSandboxed()) {

166 sandbox_flags \|= kSandboxLinuxSUID;	166 sandbox_flags \|= kSandboxLinuxSUID;

167 if (setuid_sandbox_client_->IsInNewPIDNamespace())	167 if (setuid_sandbox_client_->IsInNewPIDNamespace())

168 sandbox_flags \|= kSandboxLinuxPIDNS;	168 sandbox_flags \|= kSandboxLinuxPIDNS;

169 if (setuid_sandbox_client_->IsInNewNETNamespace())	169 if (setuid_sandbox_client_->IsInNewNETNamespace())

170 sandbox_flags \|= kSandboxLinuxNetNS;	170 sandbox_flags \|= kSandboxLinuxNetNS;

171 }	171 }

172	172

173 if (seccomp_bpf_supported() &&	173 if (seccomp_bpf_supported() &&

174 SandboxSeccompBpf::ShouldEnableSeccompBpf(switches::kRendererProcess)) {	174 SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) {

175 // We report whether the sandbox will be activated when renderers go	175 // We report whether the sandbox will be activated when renderers go

176 // through sandbox initialization.	176 // through sandbox initialization.

177 sandbox_flags \|= kSandboxLinuxSeccompBpf;	177 sandbox_flags \|= kSandboxLinuxSeccompBPF;

178 }	178 }

179	179

180 return sandbox_flags;	180 return sandbox_flags;

181 }	181 }

182	182

183 // Threads are counted via /proc/self/task. This is a little hairy because of	183 // Threads are counted via /proc/self/task. This is a little hairy because of

184 // PID namespaces and existing sandboxes, so "self" must really be used instead	184 // PID namespaces and existing sandboxes, so "self" must really be used instead

185 // of using the pid.	185 // of using the pid.

186 bool LinuxSandbox::IsSingleThreaded() const {	186 bool LinuxSandbox::IsSingleThreaded() const {

187 struct stat task_stat;	187 struct stat task_stat;

(...skipping 29 matching lines...) Expand all Loading...
217	217

218 bool LinuxSandbox::seccomp_bpf_started() const {	218 bool LinuxSandbox::seccomp_bpf_started() const {

219 return seccomp_bpf_started_;	219 return seccomp_bpf_started_;

220 }	220 }

221	221

222 sandbox::SetuidSandboxClient*	222 sandbox::SetuidSandboxClient*

223 LinuxSandbox::setuid_sandbox_client() const {	223 LinuxSandbox::setuid_sandbox_client() const {

224 return setuid_sandbox_client_.get();	224 return setuid_sandbox_client_.get();

225 }	225 }

226	226

227 // For seccomp-bpf, we use the SandboxSeccompBpf class.	227 // For seccomp-bpf, we use the SandboxSeccompBPF class.

228 bool LinuxSandbox::StartSeccompBpf(const std::string& process_type) {	228 bool LinuxSandbox::StartSeccompBPF(const std::string& process_type) {

229 CHECK(!seccomp_bpf_started_);	229 CHECK(!seccomp_bpf_started_);

230 if (!pre_initialized_)	230 if (!pre_initialized_)

231 PreinitializeSandbox();	231 PreinitializeSandbox();

232 if (seccomp_bpf_supported())	232 if (seccomp_bpf_supported())

233 seccomp_bpf_started_ = SandboxSeccompBpf::StartSandbox(process_type);	233 seccomp_bpf_started_ = SandboxSeccompBPF::StartSandbox(process_type);

234	234

235 if (seccomp_bpf_started_)	235 if (seccomp_bpf_started_)

236 LogSandboxStarted("seccomp-bpf");	236 LogSandboxStarted("seccomp-bpf");

237	237

238 return seccomp_bpf_started_;	238 return seccomp_bpf_started_;

239 }	239 }

240	240

241 bool LinuxSandbox::seccomp_bpf_supported() const {	241 bool LinuxSandbox::seccomp_bpf_supported() const {

242 CHECK(pre_initialized_);	242 CHECK(pre_initialized_);

243 return seccomp_bpf_supported_;	243 return seccomp_bpf_supported_;

(...skipping 46 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
290 void LinuxSandbox::SealSandbox() {	290 void LinuxSandbox::SealSandbox() {

291 if (proc_fd_ >= 0) {	291 if (proc_fd_ >= 0) {

292 int ret = IGNORE_EINTR(close(proc_fd_));	292 int ret = IGNORE_EINTR(close(proc_fd_));

293 CHECK_EQ(0, ret);	293 CHECK_EQ(0, ret);

294 proc_fd_ = -1;	294 proc_fd_ = -1;

295 }	295 }

296 }	296 }

297	297

298 } // namespace content	298 } // namespace content

299	299

OLD	NEW

« no previous file with comments | « content/common/sandbox_linux.h ('k') | content/common/sandbox_seccomp_bpf_linux.h » ('j') | no next file with comments »