| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/seccomp_sandbox.h" | 5 #include "content/common/seccomp_sandbox.h" |
| 6 #include "content/public/common/sandbox_init.h" | 6 #include "content/public/common/sandbox_init.h" |
| 7 | 7 |
| 8 #if defined(__i386__) || defined(__x86_64__) | 8 #if defined(__i386__) || defined(__x86_64__) |
| 9 | 9 |
| 10 // This is an assert for GYP | 10 // This is an assert for GYP |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 #include <sys/types.h> | 25 #include <sys/types.h> |
| 26 #include <ucontext.h> | 26 #include <ucontext.h> |
| 27 #include <unistd.h> | 27 #include <unistd.h> |
| 28 | 28 |
| 29 #include <vector> | 29 #include <vector> |
| 30 | 30 |
| 31 #include "base/command_line.h" | 31 #include "base/command_line.h" |
| 32 #include "base/file_util.h" | 32 #include "base/file_util.h" |
| 33 #include "base/logging.h" | 33 #include "base/logging.h" |
| 34 #include "base/time.h" | 34 #include "base/time.h" |
| 35 #include "content/common/sandbox_linux.h" |
| 35 #include "content/public/common/content_switches.h" | 36 #include "content/public/common/content_switches.h" |
| 36 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 37 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 37 | 38 |
| 38 // These are fairly new and not defined in all headers yet. | 39 // These are fairly new and not defined in all headers yet. |
| 39 #if defined(__x86_64__) | 40 #if defined(__x86_64__) |
| 40 | 41 |
| 41 #ifndef __NR_process_vm_readv | 42 #ifndef __NR_process_vm_readv |
| 42 #define __NR_process_vm_readv 310 | 43 #define __NR_process_vm_readv 310 |
| 43 #endif | 44 #endif |
| 44 | 45 |
| (...skipping 486 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 531 | 532 |
| 532 // Warms up resources needed by the policy we're about to enable. | 533 // Warms up resources needed by the policy we're about to enable. |
| 533 WarmupPolicy(SyscallPolicy); | 534 WarmupPolicy(SyscallPolicy); |
| 534 | 535 |
| 535 playground2::Sandbox::setSandboxPolicy(SyscallPolicy, NULL); | 536 playground2::Sandbox::setSandboxPolicy(SyscallPolicy, NULL); |
| 536 playground2::Sandbox::startSandbox(); | 537 playground2::Sandbox::startSandbox(); |
| 537 | 538 |
| 538 return true; | 539 return true; |
| 539 } | 540 } |
| 540 | 541 |
| 541 bool InitializeLegacySandbox_x86(const CommandLine& command_line, | |
| 542 const std::string& process_type) { | |
| 543 #if defined(SECCOMP_SANDBOX) | |
| 544 // Start the old seccomp mode 1 (sandbox/linux/seccomp-legacy). | |
| 545 if (process_type == switches::kRendererProcess && SeccompSandboxEnabled()) { | |
| 546 // N.b. SupportsSeccompSandbox() returns a cached result, as we already | |
| 547 // called it earlier in the zygote. Thus, it is OK for us to not pass in | |
| 548 // a file descriptor for "/proc". | |
| 549 if (SupportsSeccompSandbox(-1)) { | |
| 550 StartSeccompSandbox(); | |
| 551 return true; | |
| 552 } | |
| 553 } | |
| 554 #endif | |
| 555 return false; | |
| 556 } | |
| 557 | |
| 558 } // anonymous namespace | 542 } // anonymous namespace |
| 559 | 543 |
| 560 #endif // defined(__i386__) || defined(__x86_64__) | 544 #endif // defined(__i386__) || defined(__x86_64__) |
| 561 | 545 |
| 562 namespace content { | 546 namespace content { |
| 563 | 547 |
| 564 void InitializeSandbox() { | 548 void InitializeSandbox() { |
| 565 #if defined(__i386__) || defined(__x86_64__) | 549 #if defined(__i386__) || defined(__x86_64__) |
| 566 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 550 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 567 const std::string process_type = | 551 const std::string process_type = |
| 568 command_line.GetSwitchValueASCII(switches::kProcessType); | 552 command_line.GetSwitchValueASCII(switches::kProcessType); |
| 569 bool seccomp_legacy_started = false; | 553 bool seccomp_legacy_started = false; |
| 570 bool seccomp_bpf_started = false; | 554 bool seccomp_bpf_started = false; |
| 571 | 555 |
| 572 // First, try to enable seccomp-legacy. | 556 // First, try to enable seccomp-legacy. |
| 573 seccomp_legacy_started = | 557 seccomp_legacy_started = |
| 574 InitializeLegacySandbox_x86(command_line, process_type); | 558 LinuxSandbox::GetInstance()->StartSeccompLegacy(process_type); |
| 575 if (seccomp_legacy_started) | 559 if (seccomp_legacy_started) |
| 576 LogSandboxStarted("seccomp-legacy", process_type); | 560 LogSandboxStarted("seccomp-legacy", process_type); |
| 577 | 561 |
| 578 // Then, try to enable seccomp-bpf. | 562 // Then, try to enable seccomp-bpf. |
| 579 // If seccomp-legacy is enabled, seccomp-bpf initialization will crash | 563 // If seccomp-legacy is enabled, seccomp-bpf initialization will crash |
| 580 // instead of failing gracefully. | 564 // instead of failing gracefully. |
| 581 // TODO(markus): fix this (crbug.com/139872). | 565 // TODO(markus): fix this (crbug.com/139872). |
| 582 if (!seccomp_legacy_started) { | 566 if (!seccomp_legacy_started) { |
| 583 seccomp_bpf_started = | 567 seccomp_bpf_started = |
| 584 InitializeBpfSandbox_x86(command_line, process_type); | 568 InitializeBpfSandbox_x86(command_line, process_type); |
| 585 } | 569 } |
| 586 if (seccomp_bpf_started) | 570 if (seccomp_bpf_started) |
| 587 LogSandboxStarted("seccomp-bpf", process_type); | 571 LogSandboxStarted("seccomp-bpf", process_type); |
| 588 #endif | 572 #endif |
| 589 } | 573 } |
| 590 | 574 |
| 591 } // namespace content | 575 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10843059:
Create a LinuxSandbox class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src