| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "mandoline/app/desktop/linux_sandbox.h" | 5 #include "mojo/runner/linux_sandbox.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/debug/leak_annotations.h" | 11 #include "base/debug/leak_annotations.h" |
| 12 #include "base/posix/eintr_wrapper.h" | 12 #include "base/posix/eintr_wrapper.h" |
| 13 #include "base/rand_util.h" | 13 #include "base/rand_util.h" |
| 14 #include "base/sys_info.h" | 14 #include "base/sys_info.h" |
| 15 #include "sandbox/linux/bpf_dsl/policy.h" | 15 #include "sandbox/linux/bpf_dsl/policy.h" |
| 16 #include "sandbox/linux/bpf_dsl/trap_registry.h" | 16 #include "sandbox/linux/bpf_dsl/trap_registry.h" |
| 17 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" | 17 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
| 18 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | 18 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" |
| 19 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 19 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 20 #include "sandbox/linux/services/credentials.h" | 20 #include "sandbox/linux/services/credentials.h" |
| 21 #include "sandbox/linux/services/namespace_sandbox.h" | 21 #include "sandbox/linux/services/namespace_sandbox.h" |
| 22 #include "sandbox/linux/services/proc_util.h" | 22 #include "sandbox/linux/services/proc_util.h" |
| 23 #include "sandbox/linux/services/thread_helpers.h" |
| 23 | 24 |
| 24 using sandbox::syscall_broker::BrokerFilePermission; | 25 using sandbox::syscall_broker::BrokerFilePermission; |
| 25 | 26 |
| 26 namespace mandoline { | 27 namespace mandoline { |
| 27 | 28 |
| 28 namespace { | 29 namespace { |
| 29 | 30 |
| 30 intptr_t SandboxSIGSYSHandler(const struct sandbox::arch_seccomp_data& args, | 31 intptr_t SandboxSIGSYSHandler(const struct sandbox::arch_seccomp_data& args, |
| 31 void* aux) { | 32 void* aux) { |
| 32 RAW_CHECK(aux); | 33 RAW_CHECK(aux); |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 | 92 |
| 92 LinuxSandbox::LinuxSandbox(const std::vector<BrokerFilePermission>& permissions) | 93 LinuxSandbox::LinuxSandbox(const std::vector<BrokerFilePermission>& permissions) |
| 93 : broker_(new sandbox::syscall_broker::BrokerProcess(EPERM, permissions)) { | 94 : broker_(new sandbox::syscall_broker::BrokerProcess(EPERM, permissions)) { |
| 94 broker_->Init( | 95 broker_->Init( |
| 95 base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities)); | 96 base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities)); |
| 96 policy_.reset(new SandboxPolicy(broker_.get())); | 97 policy_.reset(new SandboxPolicy(broker_.get())); |
| 97 } | 98 } |
| 98 | 99 |
| 99 LinuxSandbox::~LinuxSandbox() {} | 100 LinuxSandbox::~LinuxSandbox() {} |
| 100 | 101 |
| 101 // static | |
| 102 std::vector<BrokerFilePermission> LinuxSandbox::GetPermissions() { | |
| 103 std::vector<BrokerFilePermission> permissions; | |
| 104 permissions.push_back(BrokerFilePermission::ReadOnly("/dev/urandom")); | |
| 105 permissions.push_back(BrokerFilePermission::ReadOnly("/etc/ld.so.cache")); | |
| 106 permissions.push_back(BrokerFilePermission::ReadOnlyRecursive("/lib/")); | |
| 107 permissions.push_back(BrokerFilePermission::ReadOnlyRecursive("/usr/lib/")); | |
| 108 return permissions; | |
| 109 } | |
| 110 | |
| 111 void LinuxSandbox::Warmup() { | 102 void LinuxSandbox::Warmup() { |
| 112 proc_fd_ = sandbox::ProcUtil::OpenProc(); | 103 proc_fd_ = sandbox::ProcUtil::OpenProc(); |
| 113 warmed_up_ = true; | 104 warmed_up_ = true; |
| 105 |
| 106 // Verify that we haven't started threads or grabbed directory file |
| 107 // descriptors. |
| 108 sandbox::ThreadHelpers::AssertSingleThreaded(proc_fd_.get()); |
| 109 CHECK(!sandbox::ProcUtil::HasOpenDirectory(proc_fd_.get())); |
| 114 } | 110 } |
| 115 | 111 |
| 116 void LinuxSandbox::EngageNamespaceSandbox() { | 112 void LinuxSandbox::EngageNamespaceSandbox() { |
| 117 CHECK(warmed_up_); | 113 CHECK(warmed_up_); |
| 118 CHECK_EQ(1, getpid()); | 114 CHECK_EQ(1, getpid()); |
| 119 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); | 115 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); |
| 120 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 116 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
| 121 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get())); | 117 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get())); |
| 122 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get())); | 118 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get())); |
| 123 } | 119 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 136 // The Broker is now bound to this process and should only be destroyed when | 132 // The Broker is now bound to this process and should only be destroyed when |
| 137 // the process exits or is killed. | 133 // the process exits or is killed. |
| 138 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release()); | 134 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release()); |
| 139 } | 135 } |
| 140 | 136 |
| 141 void LinuxSandbox::Seal() { | 137 void LinuxSandbox::Seal() { |
| 142 proc_fd_.reset(); | 138 proc_fd_.reset(); |
| 143 } | 139 } |
| 144 | 140 |
| 145 } // namespace mandoline | 141 } // namespace mandoline |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1264463005:
mandoline sandbox: prewarm libraries before we raise the sandbox. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master