Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(488)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox.cc

Issue 1295513003: Non-SFI mode: Sandbox support for NaCl async-signals. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Used the correct constant for SIGUSR1 Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('j') | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/nonsfi/nonsfi_sandbox.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
index 475c28c28c637f4975287402af9c28b65132117c..e71dcd809babc4ca6af22ad9c9840d5872722a19 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
@@ -22,6 +22,7 @@
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
#include "sandbox/linux/system_headers/linux_futex.h"
+#include "sandbox/linux/system_headers/linux_signal.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
// Chrome OS Daisy (ARM) build environment and PNaCl toolchain do not define
@@ -83,7 +84,11 @@ ResultExpr RestrictClone() {
clone_flags |= CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
#endif
const Arg<int> flags(0);
- return If(flags == clone_flags, Allow()).Else(CrashSIGSYSClone());
+ // TODO(lhchavez): Add CLONE_PARENT_SETTID unconditionally to the allowed
+ // flags after the NaCl roll.
+ return If(flags == clone_flags ||
+ flags == (clone_flags | CLONE_PARENT_SETTID),
+ Allow()).Else(CrashSIGSYSClone());
}
ResultExpr RestrictFutexOperation() {
@@ -146,6 +151,18 @@ ResultExpr RestrictMmap() {
Allow()).Else(CrashSIGSYS());
}
+ResultExpr RestrictTgkill() {
+ const Arg<int> tgid(0), tid(1), signum(2);
+ // Only sending SIGUSR1 to a thread in the same process is allowed.
+ return If(tgid == getpid() &&
jln (very slow on Chromium) 2015/08/17 21:21:11 Don't use getpid() in policies. This should be a p
Luis Héctor Chávez 2015/08/17 22:13:07 Done.
+ // Arg does not support a greater-than operator, so two separate
+ // checks are needed to ensure tid is positive.
+ tid != 0 &&
jln (very slow on Chromium) 2015/08/17 21:21:11 FYI, this check isn't strictly necessary, Linux do
Luis Héctor Chávez 2015/08/17 22:13:07 Acknowledged.
+ (tid & (1u << 31)) == 0 && // tid is non-negative.
+ signum == LINUX_SIGUSR1,
+ Allow()).Else(CrashSIGSYS());
+}
+
#if !defined(OS_NACL_NONSFI) && (defined(__x86_64__) || defined(__arm__))
ResultExpr RestrictSocketpair() {
// Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
@@ -304,6 +321,9 @@ ResultExpr NaClNonSfiBPFSandboxPolicy::EvaluateSyscall(int sysno) const {
#endif
#endif
+ case __NR_tgkill:
+ return RestrictTgkill();
+
case __NR_brk:
// The behavior of brk on Linux is different from other system
// calls. It does not return errno but the current break on
« no previous file with comments | « no previous file | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('j') | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698