OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox_impl.h" | 5 #include "sandbox_impl.h" |
6 | 6 |
7 #include "library.h" | 7 #include "library.h" |
8 #include "syscall_entrypoint.h" | 8 #include "syscall_entrypoint.h" |
9 #include "system_call_table.h" | 9 #include "system_call_table.h" |
10 | 10 |
11 namespace playground { | 11 namespace playground { |
12 | 12 |
13 // Global variables | 13 // Global variables |
14 int Sandbox::proc_self_ = -1; | 14 int Sandbox::proc_ = -1; |
15 int Sandbox::proc_self_maps_ = -1; | 15 int Sandbox::proc_self_maps_ = -1; |
16 enum Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN; | 16 enum Sandbox::SandboxStatus Sandbox::status_ = STATUS_UNKNOWN; |
17 int Sandbox::pid_; | 17 int Sandbox::pid_; |
18 int Sandbox::processFdPub_; | 18 int Sandbox::processFdPub_; |
19 int Sandbox::cloneFdPub_ | 19 int Sandbox::cloneFdPub_ |
20 // This is necessary to locate the symbol from assembly code on | 20 // This is necessary to locate the symbol from assembly code on |
21 // x86-64 (with %rip-relative addressing) in order for this to work | 21 // x86-64 (with %rip-relative addressing) in order for this to work |
22 // in relocatable code (a .so or a PIE). On i386 this is not | 22 // in relocatable code (a .so or a PIE). On i386 this is not |
23 // necessary but it does not hurt. | 23 // necessary but it does not hurt. |
24 __attribute__((visibility("internal"))); | 24 __attribute__((visibility("internal"))); |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 !sendFd(processFd, proc_self_maps, -1, NULL, 0)) { | 187 !sendFd(processFd, proc_self_maps, -1, NULL, 0)) { |
188 failure: | 188 failure: |
189 die("Cannot access /proc/self/maps"); | 189 die("Cannot access /proc/self/maps"); |
190 } | 190 } |
191 int dummy; | 191 int dummy; |
192 if (read(sys, processFd, &dummy, sizeof(dummy)) != sizeof(dummy)) { | 192 if (read(sys, processFd, &dummy, sizeof(dummy)) != sizeof(dummy)) { |
193 goto failure; | 193 goto failure; |
194 } | 194 } |
195 } | 195 } |
196 | 196 |
197 int Sandbox::supportsSeccompSandbox(int proc_self) { | 197 int Sandbox::supportsSeccompSandbox(int proc) { |
198 if (status_ != STATUS_UNKNOWN) { | 198 if (status_ != STATUS_UNKNOWN) { |
199 return status_ != STATUS_UNSUPPORTED; | 199 return status_ != STATUS_UNSUPPORTED; |
200 } | 200 } |
201 int fds[2]; | 201 int fds[2]; |
202 SysCalls sys; | 202 SysCalls sys; |
203 if (sys.pipe(fds)) { | 203 if (sys.pipe(fds)) { |
204 status_ = STATUS_UNSUPPORTED; | 204 status_ = STATUS_UNSUPPORTED; |
205 return 0; | 205 return 0; |
206 } | 206 } |
207 pid_t pid; | 207 pid_t pid; |
208 switch ((pid = sys.fork())) { | 208 switch ((pid = sys.fork())) { |
209 case -1: | 209 case -1: |
210 status_ = STATUS_UNSUPPORTED; | 210 status_ = STATUS_UNSUPPORTED; |
211 return 0; | 211 return 0; |
212 case 0: { | 212 case 0: { |
213 int devnull = sys.open("/dev/null", O_RDWR, 0); | 213 int devnull = sys.open("/dev/null", O_RDWR, 0); |
214 if (devnull >= 0) { | 214 if (devnull >= 0) { |
215 sys.dup2(devnull, 0); | 215 sys.dup2(devnull, 0); |
216 sys.dup2(devnull, 1); | 216 sys.dup2(devnull, 1); |
217 sys.dup2(devnull, 2); | 217 sys.dup2(devnull, 2); |
218 sys.close(devnull); | 218 sys.close(devnull); |
219 } | 219 } |
220 if (proc_self >= 0) { | 220 if (proc >= 0) { |
221 setProcSelf(sys.dup(proc_self)); | 221 setProcFd(sys.dup(proc)); |
222 } | 222 } |
223 startSandbox(); | 223 startSandbox(); |
224 write(sys, fds[1], "", 1); | 224 write(sys, fds[1], "", 1); |
225 | 225 |
226 // Try to tell the trusted thread to shut down the entire process in an | 226 // Try to tell the trusted thread to shut down the entire process in an |
227 // orderly fashion | 227 // orderly fashion |
228 defaultSystemCallHandler(__NR_exit_group, 0, 0, 0, 0, 0, 0); | 228 defaultSystemCallHandler(__NR_exit_group, 0, 0, 0, 0, 0, 0); |
229 | 229 |
230 // If that did not work (e.g. because the kernel does not know about the | 230 // If that did not work (e.g. because the kernel does not know about the |
231 // exit_group() system call), make a direct _exit() system call instead. | 231 // exit_group() system call), make a direct _exit() system call instead. |
(...skipping 12 matching lines...) Expand all Loading... |
244 } else { | 244 } else { |
245 status_ = STATUS_AVAILABLE; | 245 status_ = STATUS_AVAILABLE; |
246 } | 246 } |
247 int rc; | 247 int rc; |
248 (void)NOINTR_SYS(sys.waitpid(pid, &rc, 0)); | 248 (void)NOINTR_SYS(sys.waitpid(pid, &rc, 0)); |
249 (void)NOINTR_SYS(sys.close(fds[0])); | 249 (void)NOINTR_SYS(sys.close(fds[0])); |
250 return status_ != STATUS_UNSUPPORTED; | 250 return status_ != STATUS_UNSUPPORTED; |
251 } | 251 } |
252 } | 252 } |
253 | 253 |
254 void Sandbox::setProcSelf(int proc_self) { | 254 void Sandbox::setProcFd(int proc) { |
255 proc_self_ = proc_self; | 255 proc_ = proc; |
256 } | 256 } |
257 | 257 |
258 void Sandbox::startSandbox() { | 258 void Sandbox::startSandbox() { |
259 if (status_ == STATUS_UNSUPPORTED) { | 259 if (status_ == STATUS_UNSUPPORTED) { |
260 die("The seccomp sandbox is not supported on this computer"); | 260 die("The seccomp sandbox is not supported on this computer"); |
261 } else if (status_ == STATUS_ENABLED) { | 261 } else if (status_ == STATUS_ENABLED) { |
262 return; | 262 return; |
263 } | 263 } |
264 | 264 |
265 SysCalls sys; | 265 SysCalls sys; |
266 if (proc_self_ >= 0) { | 266 if (proc_ >= 0) { |
267 proc_self_maps_ = sys.openat(proc_self_, "maps", O_RDONLY, 0); | 267 proc_self_maps_ = sys.openat(proc_, "self/maps", O_RDONLY, 0); |
268 if (NOINTR_SYS(sys.close(proc_self_))) { | 268 if (NOINTR_SYS(sys.close(proc_))) { |
269 die("Failed to close proc_self_"); | 269 die("Failed to close file descriptor pointing to /proc"); |
270 } | 270 } |
271 proc_self_ = -1; | 271 proc_ = -1; |
272 } | 272 } |
273 if (proc_self_maps_ < 0) { | 273 if (proc_self_maps_ < 0) { |
274 proc_self_maps_ = sys.open("/proc/self/maps", O_RDONLY, 0); | 274 proc_self_maps_ = sys.open("/proc/self/maps", O_RDONLY, 0); |
275 if (proc_self_maps_ < 0) { | 275 if (proc_self_maps_ < 0) { |
276 die("Cannot access \"/proc/self/maps\""); | 276 die("Cannot access \"/proc/self/maps\""); |
277 } | 277 } |
278 } | 278 } |
279 | 279 |
280 // The pid is unchanged for the entire program, so we can retrieve it once | 280 // The pid is unchanged for the entire program, so we can retrieve it once |
281 // and store it in a global variable. | 281 // and store it in a global variable. |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
386 } entrypoint; | 386 } entrypoint; |
387 *entrypoint.get_syscall_entrypoint() = syscallEntryPointNoFrame; | 387 *entrypoint.get_syscall_entrypoint() = syscallEntryPointNoFrame; |
388 | 388 |
389 // We can no longer check for sandboxing support at this point, but we also | 389 // We can no longer check for sandboxing support at this point, but we also |
390 // know for a fact that it is available (as we just turned it on). So update | 390 // know for a fact that it is available (as we just turned it on). So update |
391 // the status to reflect this information. | 391 // the status to reflect this information. |
392 status_ = STATUS_ENABLED; | 392 status_ = STATUS_ENABLED; |
393 } | 393 } |
394 | 394 |
395 } // namespace | 395 } // namespace |
OLD | NEW |