| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 6 | 6 |
| 7 // Some headers on Android are missing cdefs: crbug.com/172337. | 7 // Some headers on Android are missing cdefs: crbug.com/172337. |
| 8 // (We can't use OS_ANDROID here since build_config.h is not included). | 8 // (We can't use OS_ANDROID here since build_config.h is not included). |
| 9 #if defined(ANDROID) | 9 #if defined(ANDROID) |
| 10 #include <sys/cdefs.h> | 10 #include <sys/cdefs.h> |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 261 } | 261 } |
| 262 int fds[2]; | 262 int fds[2]; |
| 263 if (pipe2(fds, O_NONBLOCK | O_CLOEXEC)) { | 263 if (pipe2(fds, O_NONBLOCK | O_CLOEXEC)) { |
| 264 SANDBOX_DIE("pipe() failed"); | 264 SANDBOX_DIE("pipe() failed"); |
| 265 } | 265 } |
| 266 | 266 |
| 267 if (fds[0] <= 2 || fds[1] <= 2) { | 267 if (fds[0] <= 2 || fds[1] <= 2) { |
| 268 SANDBOX_DIE("Process started without standard file descriptors"); | 268 SANDBOX_DIE("Process started without standard file descriptors"); |
| 269 } | 269 } |
| 270 | 270 |
| 271 // This code is using fork() and should only ever run single-threaded. |
| 272 // Most of the code below is "async-signal-safe" and only minor changes |
| 273 // would be needed to support threads. |
| 274 DCHECK(IsSingleThreaded(proc_fd_)); |
| 271 pid_t pid = fork(); | 275 pid_t pid = fork(); |
| 272 if (pid < 0) { | 276 if (pid < 0) { |
| 273 // Die if we cannot fork(). We would probably fail a little later | 277 // Die if we cannot fork(). We would probably fail a little later |
| 274 // anyway, as the machine is likely very close to running out of | 278 // anyway, as the machine is likely very close to running out of |
| 275 // memory. | 279 // memory. |
| 276 // But what we don't want to do is return "false", as a crafty | 280 // But what we don't want to do is return "false", as a crafty |
| 277 // attacker might cause fork() to fail at will and could trick us | 281 // attacker might cause fork() to fail at will and could trick us |
| 278 // into running without a sandbox. | 282 // into running without a sandbox. |
| 279 sigprocmask(SIG_SETMASK, &old_mask, NULL); // OK, if it fails | 283 sigprocmask(SIG_SETMASK, &old_mask, NULL); // OK, if it fails |
| 280 SANDBOX_DIE("fork() failed unexpectedly"); | 284 SANDBOX_DIE("fork() failed unexpectedly"); |
| (...skipping 728 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1009 &*conds_->insert(failed).first); | 1013 &*conds_->insert(failed).first); |
| 1010 } | 1014 } |
| 1011 | 1015 |
| 1012 ErrorCode SandboxBPF::Kill(const char* msg) { | 1016 ErrorCode SandboxBPF::Kill(const char* msg) { |
| 1013 return Trap(BPFFailure, const_cast<char*>(msg)); | 1017 return Trap(BPFFailure, const_cast<char*>(msg)); |
| 1014 } | 1018 } |
| 1015 | 1019 |
| 1016 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; | 1020 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; |
| 1017 | 1021 |
| 1018 } // namespace sandbox | 1022 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 100623014:
Revert 240670 "Revert 239894 "Linux Sandbox: check no threads be..." (Closed)
Base URL: svn://svn.chromium.org/chrome/