Chromium Code Reviews Chromium Code Reviews
Issue 117803002:
Make building seccomp-bpf a GYP condition (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| 11 #include <sys/stat.h> | 11 #include <sys/stat.h> |
| 12 #include <sys/types.h> | 12 #include <sys/types.h> |
| 13 #include <sys/types.h> | 13 #include <sys/types.h> |
| 14 | 14 |
| 15 #include "base/basictypes.h" | 15 #include "base/basictypes.h" |
| 16 #include "base/command_line.h" | 16 #include "base/command_line.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "build/build_config.h" | 18 #include "build/build_config.h" |
| 19 #include "content/public/common/content_switches.h" | 19 #include "content/public/common/content_switches.h" |
| 20 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" | |
| 20 | 21 |
| 21 // These are the only architectures supported for now. | 22 #if defined(USE_SECCOMP_BPF) |
|
Mark Seaborn
2013/12/18 08:10:21
Add empty line after to match closing #endif?
jln (very slow on Chromium)
2013/12/19 00:00:19
Done.
| |
| 22 #if defined(__i386__) || defined(__x86_64__) || \ | |
| 23 (defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))) | |
| 24 #define SECCOMP_BPF_SANDBOX | |
| 25 #endif | |
| 26 | |
| 27 #if defined(SECCOMP_BPF_SANDBOX) | |
| 28 #include "base/posix/eintr_wrapper.h" | 23 #include "base/posix/eintr_wrapper.h" |
| 29 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" | 24 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" |
| 30 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 25 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
| 31 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" | 26 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" |
| 32 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" | 27 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" |
| 33 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" | 28 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" |
| 34 #include "content/common/sandbox_linux/sandbox_linux.h" | 29 #include "content/common/sandbox_linux/sandbox_linux.h" |
| 35 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 30 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
| 36 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 31 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 37 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 32 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 38 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | 33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
| 39 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 34 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 40 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h" | |
| 41 #include "sandbox/linux/services/linux_syscalls.h" | 35 #include "sandbox/linux/services/linux_syscalls.h" |
| 42 | 36 |
| 43 using sandbox::BaselinePolicy; | 37 using sandbox::BaselinePolicy; |
| 44 using sandbox::SyscallSets; | 38 using sandbox::SyscallSets; |
| 39 #else | |
|
Mark Seaborn
2013/12/18 08:10:21
Add empty line before
jln (very slow on Chromium)
2013/12/19 00:00:19
Done.
| |
| 40 | |
| 41 // Make sure that seccomp-bpf does not get disabled by mistake. Also make sure | |
| 42 // that we think twice about this when adding a new architecture. | |
| 43 #if !defined(ARCH_CPU_MIPS_FAMILY) | |
| 44 #error "Seccomp-bpf disabled on supported architecture!" | |
| 45 #endif // !defined(ARCH_CPU_MIPS_FAMILY) | |
| 46 | |
| 47 #endif // defined(USE_SECCOMP_BPF) | |
| 45 | 48 |
| 46 namespace content { | 49 namespace content { |
| 47 | 50 |
| 51 #if defined(USE_SECCOMP_BPF) | |
| 48 namespace { | 52 namespace { |
| 49 | 53 |
| 50 void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy); | 54 void StartSandboxWithPolicy(sandbox::SandboxBPFPolicy* policy); |
| 51 | 55 |
| 52 inline bool IsChromeOS() { | 56 inline bool IsChromeOS() { |
| 53 #if defined(OS_CHROMEOS) | 57 #if defined(OS_CHROMEOS) |
| 54 return true; | 58 return true; |
| 55 #else | 59 #else |
| 56 return false; | 60 return false; |
| 57 #endif | 61 #endif |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 207 // Avoid -Wunused-function with no-op code. | 211 // Avoid -Wunused-function with no-op code. |
| 208 ignore_result(IsChromeOS); | 212 ignore_result(IsChromeOS); |
| 209 ignore_result(IsArchitectureArm); | 213 ignore_result(IsArchitectureArm); |
| 210 ignore_result(RunSandboxSanityChecks); | 214 ignore_result(RunSandboxSanityChecks); |
| 211 return false; | 215 return false; |
| 212 } | 216 } |
| 213 #endif // !defined(IN_NACL_HELPER) | 217 #endif // !defined(IN_NACL_HELPER) |
| 214 | 218 |
| 215 } // namespace | 219 } // namespace |
| 216 | 220 |
| 217 #endif // SECCOMP_BPF_SANDBOX | 221 #endif // USE_SECCOMP_BPF |
| 218 | 222 |
| 219 // Is seccomp BPF globally enabled? | 223 // Is seccomp BPF globally enabled? |
| 220 bool SandboxSeccompBPF::IsSeccompBPFDesired() { | 224 bool SandboxSeccompBPF::IsSeccompBPFDesired() { |
| 221 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 225 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 222 if (!command_line.HasSwitch(switches::kNoSandbox) && | 226 if (!command_line.HasSwitch(switches::kNoSandbox) && |
| 223 !command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) { | 227 !command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) { |
| 224 return true; | 228 return true; |
| 225 } else { | 229 } else { |
| 226 return false; | 230 return false; |
| 227 } | 231 } |
| 228 } | 232 } |
| 229 | 233 |
| 230 bool SandboxSeccompBPF::ShouldEnableSeccompBPF( | 234 bool SandboxSeccompBPF::ShouldEnableSeccompBPF( |
| 231 const std::string& process_type) { | 235 const std::string& process_type) { |
| 232 #if defined(SECCOMP_BPF_SANDBOX) | 236 #if defined(USE_SECCOMP_BPF) |
| 233 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 237 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 234 if (process_type == switches::kGpuProcess) | 238 if (process_type == switches::kGpuProcess) |
| 235 return !command_line.HasSwitch(switches::kDisableGpuSandbox); | 239 return !command_line.HasSwitch(switches::kDisableGpuSandbox); |
| 236 | 240 |
| 237 return true; | 241 return true; |
| 238 #endif // SECCOMP_BPF_SANDBOX | 242 #endif // USE_SECCOMP_BPF |
| 239 return false; | 243 return false; |
| 240 } | 244 } |
| 241 | 245 |
| 242 bool SandboxSeccompBPF::SupportsSandbox() { | 246 bool SandboxSeccompBPF::SupportsSandbox() { |
| 243 #if defined(SECCOMP_BPF_SANDBOX) | 247 #if defined(USE_SECCOMP_BPF) |
| 244 // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton | 248 // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton |
| 245 // here. | 249 // here. |
| 246 SandboxBPF::SandboxStatus bpf_sandbox_status = | 250 SandboxBPF::SandboxStatus bpf_sandbox_status = |
| 247 SandboxBPF::SupportsSeccompSandbox(-1); | 251 SandboxBPF::SupportsSeccompSandbox(-1); |
| 248 // Kernel support is what we are interested in here. Other status | 252 // Kernel support is what we are interested in here. Other status |
| 249 // such as STATUS_UNAVAILABLE (has threads) still indicate kernel support. | 253 // such as STATUS_UNAVAILABLE (has threads) still indicate kernel support. |
| 250 // We make this a negative check, since if there is a bug, we would rather | 254 // We make this a negative check, since if there is a bug, we would rather |
| 251 // "fail closed" (expect a sandbox to be available and try to start it). | 255 // "fail closed" (expect a sandbox to be available and try to start it). |
| 252 if (bpf_sandbox_status != SandboxBPF::STATUS_UNSUPPORTED) { | 256 if (bpf_sandbox_status != SandboxBPF::STATUS_UNSUPPORTED) { |
| 253 return true; | 257 return true; |
| 254 } | 258 } |
| 255 #endif | 259 #endif |
| 256 return false; | 260 return false; |
| 257 } | 261 } |
| 258 | 262 |
| 259 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) { | 263 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type) { |
| 260 #if defined(SECCOMP_BPF_SANDBOX) | 264 #if defined(USE_SECCOMP_BPF) |
| 261 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 265 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 262 | 266 |
| 263 if (IsSeccompBPFDesired() && // Global switches policy. | 267 if (IsSeccompBPFDesired() && // Global switches policy. |
| 264 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. | 268 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. |
| 265 SupportsSandbox()) { | 269 SupportsSandbox()) { |
| 266 // If the kernel supports the sandbox, and if the command line says we | 270 // If the kernel supports the sandbox, and if the command line says we |
| 267 // should enable it, enable it or die. | 271 // should enable it, enable it or die. |
| 268 bool started_sandbox = StartBPFSandbox(command_line, process_type); | 272 bool started_sandbox = StartBPFSandbox(command_line, process_type); |
| 269 CHECK(started_sandbox); | 273 CHECK(started_sandbox); |
| 270 return true; | 274 return true; |
| 271 } | 275 } |
| 272 #endif | 276 #endif |
| 273 return false; | 277 return false; |
| 274 } | 278 } |
| 275 | 279 |
| 276 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( | 280 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( |
| 277 scoped_ptr<sandbox::SandboxBPFPolicy> policy) { | 281 scoped_ptr<sandbox::SandboxBPFPolicy> policy) { |
| 278 #if defined(SECCOMP_BPF_SANDBOX) | 282 #if defined(USE_SECCOMP_BPF) |
| 279 if (IsSeccompBPFDesired() && SupportsSandbox()) { | 283 if (IsSeccompBPFDesired() && SupportsSandbox()) { |
| 280 CHECK(policy); | 284 CHECK(policy); |
| 281 StartSandboxWithPolicy(policy.release()); | 285 StartSandboxWithPolicy(policy.release()); |
| 282 return true; | 286 return true; |
| 283 } | 287 } |
| 284 #endif // defined(SECCOMP_BPF_SANDBOX) | 288 #endif // defined(USE_SECCOMP_BPF) |
| 285 return false; | 289 return false; |
| 286 } | 290 } |
| 287 | 291 |
| 288 scoped_ptr<sandbox::SandboxBPFPolicy> | 292 scoped_ptr<sandbox::SandboxBPFPolicy> |
| 289 SandboxSeccompBPF::GetBaselinePolicy() { | 293 SandboxSeccompBPF::GetBaselinePolicy() { |
| 290 #if defined(SECCOMP_BPF_SANDBOX) | 294 #if defined(USE_SECCOMP_BPF) |
| 291 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); | 295 return scoped_ptr<sandbox::SandboxBPFPolicy>(new BaselinePolicy); |
| 292 #else | 296 #else |
| 293 return scoped_ptr<sandbox::SandboxBPFPolicy>(); | 297 return scoped_ptr<sandbox::SandboxBPFPolicy>(); |
| 294 #endif // defined(SECCOMP_BPF_SANDBOX) | 298 #endif // defined(USE_SECCOMP_BPF) |
| 295 } | 299 } |
| 296 | 300 |
| 297 } // namespace content | 301 } // namespace content |
| OLD | NEW |
