Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(379)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.cc

Issue 280303002: Add sandbox support for AsanCoverage. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix build error Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/sandbox_linux/sandbox_linux.h ('k') | content/gpu/gpu_main.cc » ('j') | content/zygote/zygote_main_linux.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <dirent.h> 5 #include <dirent.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <sys/resource.h> 7 #include <sys/resource.h>
8 #include <sys/stat.h> 8 #include <sys/stat.h>
9 #include <sys/time.h> 9 #include <sys/time.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 16 matching lines...) Expand all
27 #include "build/build_config.h" 27 #include "build/build_config.h"
28 #include "content/common/sandbox_linux/sandbox_linux.h" 28 #include "content/common/sandbox_linux/sandbox_linux.h"
29 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" 29 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
30 #include "content/public/common/content_switches.h" 30 #include "content/public/common/content_switches.h"
31 #include "content/public/common/sandbox_linux.h" 31 #include "content/public/common/sandbox_linux.h"
32 #include "sandbox/linux/services/credentials.h" 32 #include "sandbox/linux/services/credentials.h"
33 #include "sandbox/linux/services/thread_helpers.h" 33 #include "sandbox/linux/services/thread_helpers.h"
34 #include "sandbox/linux/services/yama.h" 34 #include "sandbox/linux/services/yama.h"
35 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" 35 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
36 36
37 #if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ 37 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
38 defined(LEAK_SANITIZER)) 38 defined(LEAK_SANITIZER)
39 #include <sanitizer/common_interface_defs.h> 39 #include <sanitizer/common_interface_defs.h>
40 #endif 40 #endif
41 41
42 using sandbox::Yama; 42 using sandbox::Yama;
43 43
44 namespace { 44 namespace {
45 45
46 struct FDCloser { 46 struct FDCloser {
47 inline void operator()(int* fd) const { 47 inline void operator()(int* fd) const {
48 DCHECK(fd); 48 DCHECK(fd);
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 107
108 namespace content { 108 namespace content {
109 109
110 LinuxSandbox::LinuxSandbox() 110 LinuxSandbox::LinuxSandbox()
111 : proc_fd_(-1), 111 : proc_fd_(-1),
112 seccomp_bpf_started_(false), 112 seccomp_bpf_started_(false),
113 sandbox_status_flags_(kSandboxLinuxInvalid), 113 sandbox_status_flags_(kSandboxLinuxInvalid),
114 pre_initialized_(false), 114 pre_initialized_(false),
115 seccomp_bpf_supported_(false), 115 seccomp_bpf_supported_(false),
116 yama_is_enforcing_(false), 116 yama_is_enforcing_(false),
117 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { 117 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create())
118 {
118 if (setuid_sandbox_client_ == NULL) { 119 if (setuid_sandbox_client_ == NULL) {
119 LOG(FATAL) << "Failed to instantiate the setuid sandbox client."; 120 LOG(FATAL) << "Failed to instantiate the setuid sandbox client.";
120 } 121 }
122 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
123 defined(LEAK_SANITIZER)
124 sanitizer_args_ = make_scoped_ptr(new __sanitizer_sandbox_arguments);
125 *sanitizer_args_ = {0};
126 #endif
121 } 127 }
122 128
123 LinuxSandbox::~LinuxSandbox() { 129 LinuxSandbox::~LinuxSandbox() {
124 } 130 }
125 131
126 LinuxSandbox* LinuxSandbox::GetInstance() { 132 LinuxSandbox* LinuxSandbox::GetInstance() {
127 LinuxSandbox* instance = Singleton<LinuxSandbox>::get(); 133 LinuxSandbox* instance = Singleton<LinuxSandbox>::get();
128 CHECK(instance); 134 CHECK(instance);
129 return instance; 135 return instance;
130 } 136 }
131 137
132 void LinuxSandbox::PreinitializeSandbox() { 138 void LinuxSandbox::PreinitializeSandbox() {
133 CHECK(!pre_initialized_); 139 CHECK(!pre_initialized_);
134 seccomp_bpf_supported_ = false; 140 seccomp_bpf_supported_ = false;
135 #if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ 141 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
136 defined(LEAK_SANITIZER)) && defined(OS_LINUX) 142 defined(LEAK_SANITIZER)
137 // Sanitizers need to open some resources before the sandbox is enabled. 143 // Sanitizers need to open some resources before the sandbox is enabled.
138 // This should not fork, not launch threads, not open a directory. 144 // This should not fork, not launch threads, not open a directory.
139 __sanitizer_sandbox_on_notify(/*args*/ NULL); 145 __sanitizer_sandbox_on_notify(sanitizer_args());
146 sanitizer_args_.reset();
140 #endif 147 #endif
141 148
142 #if !defined(NDEBUG) 149 #if !defined(NDEBUG)
143 // The in-process stack dumping needs to open /proc/self/maps and cache 150 // The in-process stack dumping needs to open /proc/self/maps and cache
144 // its contents before the sandbox is enabled. It also pre-opens the 151 // its contents before the sandbox is enabled. It also pre-opens the
145 // object files that are already loaded in the process address space. 152 // object files that are already loaded in the process address space.
146 base::debug::EnableInProcessStackDumpingForSandbox(); 153 base::debug::EnableInProcessStackDumpingForSandbox();
147 154
148 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't 155 // Open proc_fd_ only in Debug mode so that forgetting to close it doesn't
149 // produce a sandbox escape in Release mode. 156 // produce a sandbox escape in Release mode.
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after
403 410
404 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { 411 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const {
405 DCHECK(thread); 412 DCHECK(thread);
406 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); 413 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_));
407 PCHECK(proc_self_task.is_valid()); 414 PCHECK(proc_self_task.is_valid());
408 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), 415 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(),
409 thread)); 416 thread));
410 } 417 }
411 418
412 } // namespace content 419 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_linux/sandbox_linux.h ('k') | content/gpu/gpu_main.cc » ('j') | content/zygote/zygote_main_linux.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698