OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <signal.h> | |
6 #include <sys/syscall.h> | |
7 | |
5 #ifndef SECCOMP_BPF_STANDALONE | 8 #ifndef SECCOMP_BPF_STANDALONE |
6 #include "base/logging.h" | 9 #include "base/logging.h" |
7 #include "base/posix/eintr_wrapper.h" | 10 #include "base/posix/eintr_wrapper.h" |
8 #endif | 11 #endif |
9 | 12 |
10 #include "sandbox/linux/seccomp-bpf/codegen.h" | 13 #include "sandbox/linux/seccomp-bpf/codegen.h" |
11 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
12 #include "sandbox/linux/seccomp-bpf/syscall.h" | 15 #include "sandbox/linux/seccomp-bpf/syscall.h" |
13 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 16 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
14 #include "sandbox/linux/seccomp-bpf/verifier.h" | 17 #include "sandbox/linux/seccomp-bpf/verifier.h" |
15 | 18 |
19 // Android's signal.h doesn't define ucontext etc. | |
20 #if defined(OS_ANDROID) && defined(__arm__) | |
21 #include "sandbox/linux/services/android_arm_ucontext.h" | |
22 #endif | |
23 | |
16 namespace { | 24 namespace { |
17 | 25 |
18 void WriteFailedStderrSetupMessage(int out_fd) { | 26 void WriteFailedStderrSetupMessage(int out_fd) { |
19 const char* error_string = strerror(errno); | 27 const char* error_string = strerror(errno); |
20 static const char msg[] = "You have reproduced a puzzling issue.\n" | 28 static const char msg[] = "You have reproduced a puzzling issue.\n" |
21 "Please, report to crbug.com/152530!\n" | 29 "Please, report to crbug.com/152530!\n" |
22 "Failed to set up stderr: "; | 30 "Failed to set up stderr: "; |
23 if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string && | 31 if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string && |
24 HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 && | 32 HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 && |
25 HANDLE_EINTR(write(out_fd, "\n", 1))) { | 33 HANDLE_EINTR(write(out_fd, "\n", 1))) { |
26 } | 34 } |
27 } | 35 } |
28 | 36 |
29 // We need to tell whether we are performing a "normal" callback, or | 37 // We need to tell whether we are performing a "normal" callback, or |
30 // whether we were called recursively from within a UnsafeTrap() callback. | 38 // whether we were called recursively from within a UnsafeTrap() callback. |
31 // This is a little tricky to do, because we need to somehow get access to | 39 // This is a little tricky to do, because we need to somehow get access to |
32 // per-thread data from within a signal context. Normal TLS storage is not | 40 // per-thread data from within a signal context. Normal TLS storage is not |
33 // safely accessible at this time. We could roll our own, but that involves | 41 // safely accessible at this time. We could roll our own, but that involves |
34 // a lot of complexity. Instead, we co-opt one bit in the signal mask. | 42 // a lot of complexity. Instead, we co-opt one bit in the signal mask. |
35 // If BUS is blocked, we assume that we have been called recursively. | 43 // If BUS is blocked, we assume that we have been called recursively. |
36 // There is a possibility for collision with other code that needs to do | 44 // There is a possibility for collision with other code that needs to do |
37 // this, but in practice the risks are low. | 45 // this, but in practice the risks are low. |
38 // If SIGBUS turns out to be a problem, we could instead co-opt one of the | 46 // If SIGBUS turns out to be a problem, we could instead co-opt one of the |
39 // realtime signals. There are plenty of them. Unfortunately, there is no | 47 // realtime signals. There are plenty of them. Unfortunately, there is no |
40 // way to mark a signal as allocated. So, the potential for collision is | 48 // way to mark a signal as allocated. So, the potential for collision is |
41 // possibly even worse. | 49 // possibly even worse. |
42 bool GetIsInSigHandler(const ucontext_t *ctx) { | 50 // Note: we can't use "const ucontext_t" because on Android, sigismember does |
51 // not take a pointer to const. | |
52 bool GetIsInSigHandler(ucontext_t *ctx) { | |
Markus (顧孟勤)
2012/12/19 00:44:54
I probably would have left the function signature
jln (very slow on Chromium)
2012/12/19 01:45:32
I was worried that sigismember() might touch the s
| |
43 return sigismember(&ctx->uc_sigmask, SIGBUS); | 53 return sigismember(&ctx->uc_sigmask, SIGBUS); |
44 } | 54 } |
45 | 55 |
46 void SetIsInSigHandler() { | 56 void SetIsInSigHandler() { |
47 sigset_t mask; | 57 sigset_t mask; |
48 sigemptyset(&mask); | 58 sigemptyset(&mask); |
49 sigaddset(&mask, SIGBUS); | 59 sigaddset(&mask, SIGBUS); |
50 sigprocmask(SIG_BLOCK, &mask, NULL); | 60 sigprocmask(SIG_BLOCK, &mask, NULL); |
51 } | 61 } |
52 | 62 |
(...skipping 920 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
973 int Sandbox::proc_fd_ = -1; | 983 int Sandbox::proc_fd_ = -1; |
974 Sandbox::Evaluators Sandbox::evaluators_; | 984 Sandbox::Evaluators Sandbox::evaluators_; |
975 Sandbox::Traps *Sandbox::traps_ = NULL; | 985 Sandbox::Traps *Sandbox::traps_ = NULL; |
976 Sandbox::TrapIds Sandbox::trap_ids_; | 986 Sandbox::TrapIds Sandbox::trap_ids_; |
977 ErrorCode *Sandbox::trap_array_ = NULL; | 987 ErrorCode *Sandbox::trap_array_ = NULL; |
978 size_t Sandbox::trap_array_size_ = 0; | 988 size_t Sandbox::trap_array_size_ = 0; |
979 bool Sandbox::has_unsafe_traps_ = false; | 989 bool Sandbox::has_unsafe_traps_ = false; |
980 Sandbox::Conds Sandbox::conds_; | 990 Sandbox::Conds Sandbox::conds_; |
981 | 991 |
982 } // namespace | 992 } // namespace |
OLD | NEW |