Linux Sandbox: add resource limits to NaCl

content/common/sandbox_linux/sandbox_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <dirent.h>
 #include <fcntl.h>
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
@@ skipping 18 matching lines @@
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h"
 #include "content/common/sandbox_linux/sandbox_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/sandbox_linux.h"
 #include "sandbox/linux/services/credentials.h"
 #include "sandbox/linux/services/namespace_sandbox.h"
 #include "sandbox/linux/services/proc_util.h"
+#include "sandbox/linux/services/resource_limits.h"
 #include "sandbox/linux/services/thread_helpers.h"
 #include "sandbox/linux/services/yama.h"
 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
 
 #if defined(ANY_OF_AMTLU_SANITIZER)
 #include <sanitizer/common_interface_defs.h>
 #endif
 
 using sandbox::Yama;
 
@@ skipping 11 matching lines @@
   const base::CommandLine& command_line =
       *base::CommandLine::ForCurrentProcess();
   const std::string process_type =
       command_line.GetSwitchValueASCII(switches::kProcessType);
   const std::string activated_sandbox =
       "Activated " + sandbox_name + " sandbox for process type: " +
       process_type + ".";
   VLOG(1) << activated_sandbox;
 }
 
-bool AddResourceLimit(int resource, rlim_t limit) {
-  struct rlimit old_rlimit;
-  if (getrlimit(resource, &old_rlimit))
-    return false;
-  // Make sure we don't raise the existing limit.
-  const struct rlimit new_rlimit = {
-      std::min(old_rlimit.rlim_cur, limit),
-      std::min(old_rlimit.rlim_max, limit)
-      };
-  int rc = setrlimit(resource, &new_rlimit);
-  return rc == 0;
-}
-
 bool IsRunningTSAN() {
 #if defined(THREAD_SANITIZER)
   return true;
 #else
   return false;
 #endif
 }
 
 // Try to open /proc/self/task/ with the help of |proc_fd|. |proc_fd| can be
 // -1. Will return -1 on error and set errno like open(2).
@@ skipping 320 matching lines @@
   if (process_type == switches::kRendererProcess ||
       process_type == switches::kGpuProcess) {
     address_space_limit = 1L << 34;
   }
 #endif  // defined(__LP64__)
 
   // On all platforms, add a limit to the brk() heap that would prevent
   // allocations that can't be index by an int.
   const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max();
 
-  bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit);
-  bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize);
+  bool limited_as =
+      sandbox::ResourceLimits::Lower(RLIMIT_AS, address_space_limit);
+  bool limited_data =
+      sandbox::ResourceLimits::Lower(RLIMIT_DATA, kNewDataSegmentMaxSize);
 
   // Cache the resource limit before turning on the sandbox.
   base::SysInfo::AmountOfVirtualMemory();
 
   return limited_as && limited_data;
 #else
-  // Silence the compiler warning about unused function. This doesn't actually
-  // call AddResourceLimit().
-  ignore_result(AddResourceLimit);
   base::SysInfo::AmountOfVirtualMemory();
   return false;
 #endif  // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) &&
         // !defined(THREAD_SANITIZER)
 }
 
 bool LinuxSandbox::HasOpenDirectories() const {
   return sandbox::ProcUtil::HasOpenDirectory(proc_fd_);
 }
 
@@ skipping 21 matching lines @@
 
 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const {
   DCHECK(thread);
   base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_));
   PCHECK(proc_self_task.is_valid());
   CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(),
                                                          thread));
 }
 
 }  // namespace content