Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Unified Diff: sandbox/linux/seccomp-bpf/sandbox_bpf.h

Issue 759473002: Linux sandbox: change seccomp detection and initialization. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@refactor_startsandbox
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 895c659f698541c1e1440991574245e6f43f7658..4a6c06c6a56143cc538d1a7546683a20bf93d9a0 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -21,36 +21,16 @@ class Policy;
class SANDBOX_EXPORT SandboxBPF {
public:
- enum SandboxStatus {
- STATUS_UNKNOWN, // Status prior to calling supportsSeccompSandbox()
- STATUS_UNSUPPORTED, // The kernel does not appear to support sandboxing
- STATUS_UNAVAILABLE, // Currently unavailable but might work again later
- STATUS_AVAILABLE, // Sandboxing is available but not currently active
- STATUS_ENABLED // The sandbox is now active
- };
-
- // Depending on the level of kernel support, seccomp-bpf may require the
- // process to be single-threaded in order to enable it. When calling
- // StartSandbox(), the program should indicate whether or not the sandbox
- // should try and engage with multi-thread support.
- enum SandboxThreadState {
- PROCESS_INVALID,
- PROCESS_SINGLE_THREADED, // The program is currently single-threaded.
- // Note: PROCESS_MULTI_THREADED requires experimental kernel support that
- // has not been contributed to upstream Linux.
- PROCESS_MULTI_THREADED, // The program may be multi-threaded.
+ enum SeccompLevel {
jln (very slow on Chromium) 2014/11/25 01:24:29 I considered making this an enum class, but since
mdempsky 2014/11/25 03:14:06 One solution might be to change "int SupportsSecco
jln (very slow on Chromium) 2014/11/25 03:36:01 I considered that, but in practice in content:: th
+ SECCOMP_NONE = 0,
+ SECCOMP_SINGLE_THREADED = 1 << 0,
+ SECCOMP_MULTI_THREADED = 1 << 1,
};
// Constructors and destructors.
// NOTE: Setting a policy and starting the sandbox is a one-way operation.
- // The kernel does not provide any option for unloading a loaded
- // sandbox. Strictly speaking, that means we should disallow calling
- // the destructor, if StartSandbox() has ever been called. In practice,
- // this makes it needlessly complicated to operate on "Sandbox"
- // objects. So, we instead opted to allow object destruction. But it
- // should be noted that during its lifetime, the object probably made
- // irreversible state changes to the runtime environment. These changes
- // stay in effect even after the destructor has been run.
+ // The kernel does not provide any option for unloading a loaded sandbox. The
+ // sandbox remains engaged even when the object is destructed.
SandboxBPF();
~SandboxBPF();
@@ -59,14 +39,9 @@ class SANDBOX_EXPORT SandboxBPF {
// system calls.
static bool IsValidSyscallNumber(int sysnum);
- // Detect if the kernel supports the seccomp sandbox. The result of calling
- // this function will be cached. The first time this function is called, the
- // running process must be unsandboxed (able to use /proc) and monothreaded.
- static SandboxStatus SupportsSeccompSandbox();
-
- // Determines if the kernel has support for the seccomp() system call to
- // synchronize BPF filters across a thread group.
- static SandboxStatus SupportsSeccompThreadFilterSynchronization();
+ // Detect if the kernel supports the seccomp sandbox. Returns a bitmask
+ // of values in SeccompLevel.
+ static int SupportsSeccompSandbox();
// The sandbox needs to be able to access files in "/proc/self/tasks/". If
// this
@@ -94,11 +69,10 @@ class SANDBOX_EXPORT SandboxBPF {
// directly suitable as a return value for a trap handler.
static intptr_t ForwardSyscall(const struct arch_seccomp_data& args);
- // This is the main public entry point. It finds all system calls that
- // need rewriting, sets up the resources needed by the sandbox, and
- // enters Seccomp mode.
- // The calling process must specify its current SandboxThreadState, as a way
- // to tell the sandbox which type of kernel support it should engage.
+ // This is the main public entry point. It sets up the resources needed by
+ // the sandbox, and enters Seccomp mode.
+ // The calling process must a |seccomp_level| to tell the sandbox which type
+ // of kernel support it should engage.
// It is possible to stack multiple sandboxes by creating separate "Sandbox"
// objects and calling "StartSandbox()" on each of them. Please note, that
// this requires special care, though, as newly stacked sandboxes can never
@@ -107,7 +81,7 @@ class SANDBOX_EXPORT SandboxBPF {
// disallowed.
// Finally, stacking does add more kernel overhead than having a single
// combined policy. So, it should only be used if there are no alternatives.
- bool StartSandbox(SandboxThreadState thread_state) WARN_UNUSED_RESULT;
+ bool StartSandbox(SeccompLevel seccomp_level) WARN_UNUSED_RESULT;
// Assembles a BPF filter program from the current policy. After calling this
// function, you must not call any other sandboxing function.
@@ -129,12 +103,6 @@ class SANDBOX_EXPORT SandboxBPF {
bool RunFunctionInPolicy(void (*code_in_sandbox)(),
scoped_ptr<bpf_dsl::Policy> policy);
- // Performs a couple of sanity checks to verify that the kernel supports the
- // features that we need for successful sandboxing.
- // The caller has to make sure that "this" has not yet been initialized with
- // any other policies.
- bool KernelSupportSeccompBPF();
-
// Assembles and installs a filter based on the policy that has previously
// been configured with SetSandboxPolicy().
void InstallFilter(bool must_sync_threads);
@@ -144,8 +112,6 @@ class SANDBOX_EXPORT SandboxBPF {
// by the sandbox internals. It should not be used by production code.
void VerifyProgram(const CodeGen::Program& program);
- static SandboxStatus status_;
-
bool quiet_;
int proc_task_fd_;
bool sandbox_has_started_;
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/seccomp-bpf/sandbox_bpf.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698