OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
6 | 6 |
7 // Some headers on Android are missing cdefs: crbug.com/172337. | 7 // Some headers on Android are missing cdefs: crbug.com/172337. |
8 // (We can't use OS_ANDROID here since build_config.h is not included). | 8 // (We can't use OS_ANDROID here since build_config.h is not included). |
9 #if defined(ANDROID) | 9 #if defined(ANDROID) |
10 #include <sys/cdefs.h> | 10 #include <sys/cdefs.h> |
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
261 } | 261 } |
262 int fds[2]; | 262 int fds[2]; |
263 if (pipe2(fds, O_NONBLOCK | O_CLOEXEC)) { | 263 if (pipe2(fds, O_NONBLOCK | O_CLOEXEC)) { |
264 SANDBOX_DIE("pipe() failed"); | 264 SANDBOX_DIE("pipe() failed"); |
265 } | 265 } |
266 | 266 |
267 if (fds[0] <= 2 || fds[1] <= 2) { | 267 if (fds[0] <= 2 || fds[1] <= 2) { |
268 SANDBOX_DIE("Process started without standard file descriptors"); | 268 SANDBOX_DIE("Process started without standard file descriptors"); |
269 } | 269 } |
270 | 270 |
| 271 // This code is using fork() and should only ever run single-threaded. |
| 272 // Most of the code below is "async-signal-safe" and only minor changes |
| 273 // would be needed to support threads. |
| 274 DCHECK(IsSingleThreaded(proc_fd_)); |
271 pid_t pid = fork(); | 275 pid_t pid = fork(); |
272 if (pid < 0) { | 276 if (pid < 0) { |
273 // Die if we cannot fork(). We would probably fail a little later | 277 // Die if we cannot fork(). We would probably fail a little later |
274 // anyway, as the machine is likely very close to running out of | 278 // anyway, as the machine is likely very close to running out of |
275 // memory. | 279 // memory. |
276 // But what we don't want to do is return "false", as a crafty | 280 // But what we don't want to do is return "false", as a crafty |
277 // attacker might cause fork() to fail at will and could trick us | 281 // attacker might cause fork() to fail at will and could trick us |
278 // into running without a sandbox. | 282 // into running without a sandbox. |
279 sigprocmask(SIG_SETMASK, &old_mask, NULL); // OK, if it fails | 283 sigprocmask(SIG_SETMASK, &old_mask, NULL); // OK, if it fails |
280 SANDBOX_DIE("fork() failed unexpectedly"); | 284 SANDBOX_DIE("fork() failed unexpectedly"); |
(...skipping 728 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1009 &*conds_->insert(failed).first); | 1013 &*conds_->insert(failed).first); |
1010 } | 1014 } |
1011 | 1015 |
1012 ErrorCode SandboxBPF::Kill(const char* msg) { | 1016 ErrorCode SandboxBPF::Kill(const char* msg) { |
1013 return Trap(BPFFailure, const_cast<char*>(msg)); | 1017 return Trap(BPFFailure, const_cast<char*>(msg)); |
1014 } | 1018 } |
1015 | 1019 |
1016 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; | 1020 SandboxBPF::SandboxStatus SandboxBPF::status_ = STATUS_UNKNOWN; |
1017 | 1021 |
1018 } // namespace sandbox | 1022 } // namespace sandbox |
OLD | NEW |