OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_IMPL_H__ | 5 #ifndef SANDBOX_IMPL_H__ |
6 #define SANDBOX_IMPL_H__ | 6 #define SANDBOX_IMPL_H__ |
7 | 7 |
8 #include <asm/ldt.h> | 8 #include <asm/ldt.h> |
9 #include <errno.h> | 9 #include <errno.h> |
10 #include <fcntl.h> | 10 #include <fcntl.h> |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
65 class Sandbox { | 65 class Sandbox { |
66 // TODO(markus): restrict access to our private file handles | 66 // TODO(markus): restrict access to our private file handles |
67 public: | 67 public: |
68 enum { kMaxThreads = 100 }; | 68 enum { kMaxThreads = 100 }; |
69 | 69 |
70 | 70 |
71 // There are a lot of reasons why the Seccomp sandbox might not be available. | 71 // There are a lot of reasons why the Seccomp sandbox might not be available. |
72 // This could be because the kernel does not support Seccomp mode, or it | 72 // This could be because the kernel does not support Seccomp mode, or it |
73 // could be because we fail to successfully rewrite all system call entry | 73 // could be because we fail to successfully rewrite all system call entry |
74 // points. | 74 // points. |
75 // "proc_self" should be a file descriptor for "/proc/self", or -1 if not | 75 // "proc" should be a file descriptor for "/proc", or -1 if not provided by |
76 // provided by the caller. | 76 // the caller. |
77 static int supportsSeccompSandbox(int proc_self) | 77 static int supportsSeccompSandbox(int proc) |
78 asm("SupportsSeccompSandbox"); | 78 asm("SupportsSeccompSandbox"); |
79 | 79 |
80 // The sandbox needs to be able to access "/proc/self/maps". If this file | 80 // The sandbox needs to be able to access "/proc/self/maps". If this file |
81 // is not accessible when "startSandbox()" gets called, the caller can | 81 // is not accessible when "startSandbox()" gets called, the caller can |
82 // provide an already opened file descriptor by calling "setProcSelf()". | 82 // provide an already opened file descriptor by calling "setProcSelf()". |
83 // The sandbox becomes the newer owner of this file descriptor and will | 83 // The sandbox becomes the newer owner of this file descriptor and will |
84 // eventually close it when "startSandbox()" executes. But if the caller | 84 // eventually close it when "startSandbox()" executes. But if the caller |
85 // never ends up calling startSandbox(), then the caller must close the | 85 // never ends up calling startSandbox(), then the caller must close the |
86 // file descriptor. | 86 // file descriptor. |
87 static void setProcSelf(int proc_self) asm("SeccompSandboxSetProcSelf"); | 87 static void setProcFd(int proc) asm("SeccompSandboxSetProcFd"); |
88 | 88 |
89 // This is the main public entry point. It finds all system calls that | 89 // This is the main public entry point. It finds all system calls that |
90 // need rewriting, sets up the resources needed by the sandbox, and | 90 // need rewriting, sets up the resources needed by the sandbox, and |
91 // enters Seccomp mode. | 91 // enters Seccomp mode. |
92 static void startSandbox() asm("StartSeccompSandbox"); | 92 static void startSandbox() asm("StartSeccompSandbox"); |
93 | 93 |
94 // TODO(mseaborn): Consider re-instating this declaration. | 94 // TODO(mseaborn): Consider re-instating this declaration. |
95 // private: | 95 // private: |
96 | 96 |
97 struct RequestHeader { | 97 struct RequestHeader { |
(...skipping 538 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
636 __attribute__((noreturn)); | 636 __attribute__((noreturn)); |
637 | 637 |
638 // Fork()s of the trusted process. | 638 // Fork()s of the trusted process. |
639 static SecureMem::Args* createTrustedProcess(int processFdPub, int sandboxFd, | 639 static SecureMem::Args* createTrustedProcess(int processFdPub, int sandboxFd, |
640 int cloneFdPub, int cloneFd); | 640 int cloneFdPub, int cloneFd); |
641 | 641 |
642 // Creates the trusted thread for the initial thread, then enables | 642 // Creates the trusted thread for the initial thread, then enables |
643 // Seccomp mode. | 643 // Seccomp mode. |
644 static void createTrustedThread(SecureMem::Args* secureMem); | 644 static void createTrustedThread(SecureMem::Args* secureMem); |
645 | 645 |
646 static int proc_self_; | 646 static int proc_; |
647 static int proc_self_maps_; | 647 static int proc_self_maps_; |
648 static enum SandboxStatus { | 648 static enum SandboxStatus { |
649 STATUS_UNKNOWN, STATUS_UNSUPPORTED, STATUS_AVAILABLE, STATUS_ENABLED | 649 STATUS_UNKNOWN, STATUS_UNSUPPORTED, STATUS_AVAILABLE, STATUS_ENABLED |
650 } status_; | 650 } status_; |
651 static int pid_; | 651 static int pid_; |
652 static int processFdPub_; | 652 static int processFdPub_; |
653 static int cloneFdPub_ asm("playground$cloneFdPub") INTERNAL; | 653 static int cloneFdPub_ asm("playground$cloneFdPub") INTERNAL; |
654 | 654 |
655 #ifdef __i386__ | 655 #ifdef __i386__ |
656 struct SocketCallArgInfo; | 656 struct SocketCallArgInfo; |
(...skipping 25 matching lines...) Expand all Loading... |
682 extern struct SandboxPolicy g_policy; | 682 extern struct SandboxPolicy g_policy; |
683 | 683 |
684 typedef void (*CreateTrustedThreadFunc)(SecureMem::Args* secureMem); | 684 typedef void (*CreateTrustedThreadFunc)(SecureMem::Args* secureMem); |
685 extern CreateTrustedThreadFunc g_create_trusted_thread; | 685 extern CreateTrustedThreadFunc g_create_trusted_thread; |
686 | 686 |
687 } // namespace | 687 } // namespace |
688 | 688 |
689 using playground::Sandbox; | 689 using playground::Sandbox; |
690 | 690 |
691 #endif // SANDBOX_IMPL_H__ | 691 #endif // SANDBOX_IMPL_H__ |
OLD | NEW |