Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(297)

Unified Diff: src/trusted/service_runtime/sel_main.c

Issue 1211173002: add restricted filesystem access to sel_ldr Base URL: https://chromium.googlesource.com/native_client/src/native_client.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/trusted/service_runtime/sel_main.c
diff --git a/src/trusted/service_runtime/sel_main.c b/src/trusted/service_runtime/sel_main.c
index 627771f13092d28a3651020c35c2e7d2b96d62e5..bbbea4fde11367c4b133766007718c71b06231e8 100644
--- a/src/trusted/service_runtime/sel_main.c
+++ b/src/trusted/service_runtime/sel_main.c
@@ -127,6 +127,7 @@ static void PrintUsage(void) {
"Usage: sel_ldr [-h d:D] [-r d:D] [-w d:D] [-i d:D]\n"
" [-f nacl_file]\n"
" [-l log_file]\n"
+ " [-m fs_root]\n"
" [-X d] [-acFglQRsSQv]\n"
" -- [nacl_file] [args]\n"
"\n");
@@ -151,6 +152,14 @@ static void PrintUsage(void) {
" -R an RPC supplies the NaCl module.\n"
" No nacl_file argument is expected, and the -f flag cannot be\n"
" used with this flag.\n"
+ " -m directory to mount as root.\n"
+ " If not provided (and -a is also missing), no filesystem access\n"
+ " of any kind is allowed. If provided, safely allows read/write\n"
+ " access to just the provided folder as if it were the FS root.\n"
+ " If read-only access is desired, setting appropriate "
+ " filesystem-level permissions for the user sel_ldr runs as\n"
+ " should be adequate. If both -m and -a are passed, -m behavior\n"
+ " supersedes -a for filesystem operations.\n"
"\n"
" (testing flags)\n"
" -a allow file access plus some other syscalls! dangerous!\n"
@@ -186,6 +195,7 @@ static int my_getopt(int argc, char *const *argv, const char *shortopts) {
struct SelLdrOptions {
char *nacl_file;
char *blob_library_file;
+ char *root_mount;
int app_argc;
char **app_argv;
@@ -212,6 +222,7 @@ static void SelLdrOptionsCtor(struct SelLdrOptions *options) {
options->nacl_file = NULL;
options->blob_library_file = NULL;
+ options->root_mount = NULL;
options->app_argc = 0;
options->app_argv = NULL;
@@ -259,7 +270,7 @@ static void NaClSelLdrParseArgs(int argc, char **argv,
#if NACL_LINUX
"+D:z:"
#endif
- "aB:cdeE:f:Fgh:i:l:pqQr:RsSvw:X:Z")) != -1) {
+ "aB:cdeE:f:Fgh:i:l:m:pqQr:RsSvw:X:Z")) != -1) {
switch (opt) {
case 'a':
if (!options->quiet)
@@ -352,6 +363,9 @@ static void NaClSelLdrParseArgs(int argc, char **argv,
NaClLogSetFile(optarg);
}
break;
+ case 'm':
+ options->root_mount = optarg;
+ break;
case 'p':
options->enable_env_passthrough = 1;
break;
@@ -601,6 +615,10 @@ int NaClSelLdrMain(int argc, char **argv) {
NaClInsecurelyBypassAllAclChecks();
}
+ if (options->root_mount != NULL) {
+ NaClMountRootFolder(options->root_mount);
jtolds 2015/06/25 23:05:05 super open to other names for all these things. it
+ }
+
nap->ignore_validator_result = (options->debug_mode_ignore_validator > 0);
nap->skip_validator = (options->debug_mode_ignore_validator > 1);
nap->enable_exception_handling = options->enable_exception_handling;
@@ -782,7 +800,7 @@ int NaClSelLdrMain(int argc, char **argv) {
*
* We cannot enable the sandbox if file access is enabled.
*/
- if (!NaClAclBypassChecks && g_enable_outer_sandbox_func != NULL) {
+ if (!NaClFileAccessEnabled() && g_enable_outer_sandbox_func != NULL) {
g_enable_outer_sandbox_func();
}

Powered by Google App Engine
This is Rietveld 408576698