OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include <signal.h> |
| 6 #include <sys/prctl.h> |
| 7 #include <sys/syscall.h> |
| 8 |
5 #ifndef SECCOMP_BPF_STANDALONE | 9 #ifndef SECCOMP_BPF_STANDALONE |
6 #include "base/logging.h" | 10 #include "base/logging.h" |
7 #include "base/posix/eintr_wrapper.h" | 11 #include "base/posix/eintr_wrapper.h" |
8 #endif | 12 #endif |
9 | 13 |
10 #include "sandbox/linux/seccomp-bpf/codegen.h" | 14 #include "sandbox/linux/seccomp-bpf/codegen.h" |
11 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
12 #include "sandbox/linux/seccomp-bpf/syscall.h" | 16 #include "sandbox/linux/seccomp-bpf/syscall.h" |
13 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" | 17 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h" |
14 #include "sandbox/linux/seccomp-bpf/verifier.h" | 18 #include "sandbox/linux/seccomp-bpf/verifier.h" |
15 | 19 |
| 20 // Android's signal.h doesn't define ucontext etc. |
| 21 #if defined(OS_ANDROID) && defined(__arm__) |
| 22 #include "sandbox/linux/services/android_arm_ucontext.h" |
| 23 #endif |
| 24 |
16 namespace { | 25 namespace { |
17 | 26 |
18 void WriteFailedStderrSetupMessage(int out_fd) { | 27 void WriteFailedStderrSetupMessage(int out_fd) { |
19 const char* error_string = strerror(errno); | 28 const char* error_string = strerror(errno); |
20 static const char msg[] = "You have reproduced a puzzling issue.\n" | 29 static const char msg[] = "You have reproduced a puzzling issue.\n" |
21 "Please, report to crbug.com/152530!\n" | 30 "Please, report to crbug.com/152530!\n" |
22 "Failed to set up stderr: "; | 31 "Failed to set up stderr: "; |
23 if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string && | 32 if (HANDLE_EINTR(write(out_fd, msg, sizeof(msg)-1)) > 0 && error_string && |
24 HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 && | 33 HANDLE_EINTR(write(out_fd, error_string, strlen(error_string))) > 0 && |
25 HANDLE_EINTR(write(out_fd, "\n", 1))) { | 34 HANDLE_EINTR(write(out_fd, "\n", 1))) { |
26 } | 35 } |
27 } | 36 } |
28 | 37 |
29 // We need to tell whether we are performing a "normal" callback, or | 38 // We need to tell whether we are performing a "normal" callback, or |
30 // whether we were called recursively from within a UnsafeTrap() callback. | 39 // whether we were called recursively from within a UnsafeTrap() callback. |
31 // This is a little tricky to do, because we need to somehow get access to | 40 // This is a little tricky to do, because we need to somehow get access to |
32 // per-thread data from within a signal context. Normal TLS storage is not | 41 // per-thread data from within a signal context. Normal TLS storage is not |
33 // safely accessible at this time. We could roll our own, but that involves | 42 // safely accessible at this time. We could roll our own, but that involves |
34 // a lot of complexity. Instead, we co-opt one bit in the signal mask. | 43 // a lot of complexity. Instead, we co-opt one bit in the signal mask. |
35 // If BUS is blocked, we assume that we have been called recursively. | 44 // If BUS is blocked, we assume that we have been called recursively. |
36 // There is a possibility for collision with other code that needs to do | 45 // There is a possibility for collision with other code that needs to do |
37 // this, but in practice the risks are low. | 46 // this, but in practice the risks are low. |
38 // If SIGBUS turns out to be a problem, we could instead co-opt one of the | 47 // If SIGBUS turns out to be a problem, we could instead co-opt one of the |
39 // realtime signals. There are plenty of them. Unfortunately, there is no | 48 // realtime signals. There are plenty of them. Unfortunately, there is no |
40 // way to mark a signal as allocated. So, the potential for collision is | 49 // way to mark a signal as allocated. So, the potential for collision is |
41 // possibly even worse. | 50 // possibly even worse. |
42 bool GetIsInSigHandler(const ucontext_t *ctx) { | 51 bool GetIsInSigHandler(const ucontext_t *ctx) { |
43 return sigismember(&ctx->uc_sigmask, SIGBUS); | 52 // Note: on Android, sigismember does not take a pointer to const. |
| 53 return sigismember(const_cast<sigset_t*>(&ctx->uc_sigmask), SIGBUS); |
44 } | 54 } |
45 | 55 |
46 void SetIsInSigHandler() { | 56 void SetIsInSigHandler() { |
47 sigset_t mask; | 57 sigset_t mask; |
48 sigemptyset(&mask); | 58 sigemptyset(&mask); |
49 sigaddset(&mask, SIGBUS); | 59 sigaddset(&mask, SIGBUS); |
50 sigprocmask(SIG_BLOCK, &mask, NULL); | 60 sigprocmask(SIG_BLOCK, &mask, NULL); |
51 } | 61 } |
52 | 62 |
53 } // namespace | 63 } // namespace |
(...skipping 919 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
973 int Sandbox::proc_fd_ = -1; | 983 int Sandbox::proc_fd_ = -1; |
974 Sandbox::Evaluators Sandbox::evaluators_; | 984 Sandbox::Evaluators Sandbox::evaluators_; |
975 Sandbox::Traps *Sandbox::traps_ = NULL; | 985 Sandbox::Traps *Sandbox::traps_ = NULL; |
976 Sandbox::TrapIds Sandbox::trap_ids_; | 986 Sandbox::TrapIds Sandbox::trap_ids_; |
977 ErrorCode *Sandbox::trap_array_ = NULL; | 987 ErrorCode *Sandbox::trap_array_ = NULL; |
978 size_t Sandbox::trap_array_size_ = 0; | 988 size_t Sandbox::trap_array_size_ = 0; |
979 bool Sandbox::has_unsafe_traps_ = false; | 989 bool Sandbox::has_unsafe_traps_ = false; |
980 Sandbox::Conds Sandbox::conds_; | 990 Sandbox::Conds Sandbox::conds_; |
981 | 991 |
982 } // namespace | 992 } // namespace |
OLD | NEW |