| Index: sandbox/linux/services/libc_urandom_override.cc
|
| diff --git a/sandbox/linux/services/libc_urandom_override.cc b/sandbox/linux/services/libc_urandom_override.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..14ece951ba5868f5198a1c2e2a4fd63e5f971fe5
|
| --- /dev/null
|
| +++ b/sandbox/linux/services/libc_urandom_override.cc
|
| @@ -0,0 +1,166 @@
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "sandbox/linux/services/libc_urandom_override.h"
|
| +
|
| +#include <dlfcn.h>
|
| +#include <pthread.h>
|
| +#include <stdio.h>
|
| +#include <sys/stat.h>
|
| +
|
| +#include "base/eintr_wrapper.h"
|
| +#include "base/logging.h"
|
| +#include "base/rand_util.h"
|
| +
|
| +// Note: this file is used by the zygote and nacl_helper.
|
| +
|
| +namespace sandbox {
|
| +
|
| +// With SELinux we can carve out a precise sandbox, so we don't have to play
|
| +// with intercepting libc calls.
|
| +#if !defined(CHROMIUM_SELINUX)
|
| +
|
| +static bool g_override_urandom = false;
|
| +
|
| +void InitLibcUrandomOverrides() {
|
| + // Make sure /dev/urandom is open.
|
| + base::GetUrandomFD();
|
| + g_override_urandom = true;
|
| +}
|
| +
|
| +// TODO(sergeyu): Currently this code doesn't work properly under ASAN
|
| +// - it crashes content_unittests. Make sure it works properly and
|
| +// enable it here. http://crbug.com/123263
|
| +#if !defined(ADDRESS_SANITIZER)
|
| +
|
| +static const char kUrandomDevPath[] = "/dev/urandom";
|
| +
|
| +typedef FILE* (*FopenFunction)(const char* path, const char* mode);
|
| +typedef int (*XstatFunction)(int version, const char *path, struct stat *buf);
|
| +typedef int (*Xstat64Function)(int version, const char *path,
|
| + struct stat64 *buf);
|
| +
|
| +static pthread_once_t g_libc_file_io_funcs_guard = PTHREAD_ONCE_INIT;
|
| +static FopenFunction g_libc_fopen;
|
| +static FopenFunction g_libc_fopen64;
|
| +static XstatFunction g_libc_xstat;
|
| +static Xstat64Function g_libc_xstat64;
|
| +
|
| +static void InitLibcFileIOFunctions() {
|
| + g_libc_fopen = reinterpret_cast<FopenFunction>(
|
| + dlsym(RTLD_NEXT, "fopen"));
|
| + g_libc_fopen64 = reinterpret_cast<FopenFunction>(
|
| + dlsym(RTLD_NEXT, "fopen64"));
|
| +
|
| + if (!g_libc_fopen) {
|
| + LOG(FATAL) << "Failed to get fopen() from libc.";
|
| + } else if (!g_libc_fopen64) {
|
| +#if !defined(OS_OPENBSD) && !defined(OS_FREEBSD)
|
| + LOG(WARNING) << "Failed to get fopen64() from libc. Using fopen() instead.";
|
| +#endif // !defined(OS_OPENBSD) && !defined(OS_FREEBSD)
|
| + g_libc_fopen64 = g_libc_fopen;
|
| + }
|
| +
|
| + // TODO(sergeyu): This works only on systems with glibc. Fix it to
|
| + // work properly on other systems if necessary.
|
| + g_libc_xstat = reinterpret_cast<XstatFunction>(
|
| + dlsym(RTLD_NEXT, "__xstat"));
|
| + g_libc_xstat64 = reinterpret_cast<Xstat64Function>(
|
| + dlsym(RTLD_NEXT, "__xstat64"));
|
| +
|
| + if (!g_libc_xstat) {
|
| + LOG(FATAL) << "Failed to get __xstat() from libc.";
|
| + }
|
| + if (!g_libc_xstat64) {
|
| + LOG(WARNING) << "Failed to get __xstat64() from libc.";
|
| + }
|
| +}
|
| +
|
| +// fopen() and fopen64() are intercepted here so that NSS can open
|
| +// /dev/urandom to seed its random number generator. NSS is used by
|
| +// remoting in the sendbox.
|
| +
|
| +// fopen() call may be redirected to fopen64() in stdio.h using
|
| +// __REDIRECT(), which sets asm name for fopen() to "fopen64". This
|
| +// means that we cannot override fopen() directly here. Instead the
|
| +// the code below defines fopen_override() function with asm name
|
| +// "fopen", so that all references to fopen() will resolve to this
|
| +// function.
|
| +__attribute__ ((__visibility__("default")))
|
| +FILE* fopen_override(const char* path, const char* mode) __asm__ ("fopen");
|
| +
|
| +__attribute__ ((__visibility__("default")))
|
| +FILE* fopen_override(const char* path, const char* mode) {
|
| + if (g_override_urandom && strcmp(path, kUrandomDevPath) == 0) {
|
| + int fd = HANDLE_EINTR(dup(base::GetUrandomFD()));
|
| + if (fd < 0) {
|
| + PLOG(ERROR) << "dup() failed.";
|
| + return NULL;
|
| + }
|
| + return fdopen(fd, mode);
|
| + } else {
|
| + CHECK_EQ(0, pthread_once(&g_libc_file_io_funcs_guard,
|
| + InitLibcFileIOFunctions));
|
| + return g_libc_fopen(path, mode);
|
| + }
|
| +}
|
| +
|
| +__attribute__ ((__visibility__("default")))
|
| +FILE* fopen64(const char* path, const char* mode) {
|
| + if (g_override_urandom && strcmp(path, kUrandomDevPath) == 0) {
|
| + int fd = HANDLE_EINTR(dup(base::GetUrandomFD()));
|
| + if (fd < 0) {
|
| + PLOG(ERROR) << "dup() failed.";
|
| + return NULL;
|
| + }
|
| + return fdopen(fd, mode);
|
| + } else {
|
| + CHECK_EQ(0, pthread_once(&g_libc_file_io_funcs_guard,
|
| + InitLibcFileIOFunctions));
|
| + return g_libc_fopen64(path, mode);
|
| + }
|
| +}
|
| +
|
| +// stat() is subject to the same problem as fopen(), so we have to use
|
| +// the same trick to override it.
|
| +__attribute__ ((__visibility__("default")))
|
| +int xstat_override(int version,
|
| + const char *path,
|
| + struct stat *buf) __asm__ ("__xstat");
|
| +
|
| +__attribute__ ((__visibility__("default")))
|
| +int xstat_override(int version, const char *path, struct stat *buf) {
|
| + if (g_override_urandom && strcmp(path, kUrandomDevPath) == 0) {
|
| + int result = __fxstat(version, base::GetUrandomFD(), buf);
|
| + return result;
|
| + } else {
|
| + CHECK_EQ(0, pthread_once(&g_libc_file_io_funcs_guard,
|
| + InitLibcFileIOFunctions));
|
| + return g_libc_xstat(version, path, buf);
|
| + }
|
| +}
|
| +
|
| +__attribute__ ((__visibility__("default")))
|
| +int xstat64_override(int version,
|
| + const char *path,
|
| + struct stat64 *buf) __asm__ ("__xstat64");
|
| +
|
| +__attribute__ ((__visibility__("default")))
|
| +int xstat64_override(int version, const char *path, struct stat64 *buf) {
|
| + if (g_override_urandom && strcmp(path, kUrandomDevPath) == 0) {
|
| + int result = __fxstat64(version, base::GetUrandomFD(), buf);
|
| + return result;
|
| + } else {
|
| + CHECK_EQ(0, pthread_once(&g_libc_file_io_funcs_guard,
|
| + InitLibcFileIOFunctions));
|
| + CHECK(g_libc_xstat64);
|
| + return g_libc_xstat64(version, path, buf);
|
| + }
|
| +}
|
| +
|
| +#endif // !ADDRESS_SANITIZER
|
| +
|
| +#endif // !CHROMIUM_SELINUX
|
| +
|
| +} // namespace content
|
|
|
Chromium Code Reviews
Issue 10736017:
Share the zygote's fopen overrides with nacl_helper. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src