| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <dirent.h> | 5 #include <dirent.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
| 8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
| 9 #include <sys/time.h> | 9 #include <sys/time.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 133 void LinuxSandbox::PreinitializeSandbox() { | 133 void LinuxSandbox::PreinitializeSandbox() { |
| 134 CHECK(!pre_initialized_); | 134 CHECK(!pre_initialized_); |
| 135 seccomp_bpf_supported_ = false; | 135 seccomp_bpf_supported_ = false; |
| 136 #if defined(ANY_OF_AMTLU_SANITIZER) | 136 #if defined(ANY_OF_AMTLU_SANITIZER) |
| 137 // Sanitizers need to open some resources before the sandbox is enabled. | 137 // Sanitizers need to open some resources before the sandbox is enabled. |
| 138 // This should not fork, not launch threads, not open a directory. | 138 // This should not fork, not launch threads, not open a directory. |
| 139 __sanitizer_sandbox_on_notify(sanitizer_args()); | 139 __sanitizer_sandbox_on_notify(sanitizer_args()); |
| 140 sanitizer_args_.reset(); | 140 sanitizer_args_.reset(); |
| 141 #endif | 141 #endif |
| 142 | 142 |
| 143 #if !defined(NDEBUG) | 143 #if !defined(NDEBUG) || (defined(CFI_ENFORCEMENT) && !defined(OFFICIAL_BUILD)) |
| 144 // The in-process stack dumping needs to open /proc/self/maps and cache | 144 // The in-process stack dumping needs to open /proc/self/maps and cache |
| 145 // its contents before the sandbox is enabled. It also pre-opens the | 145 // its contents before the sandbox is enabled. It also pre-opens the |
| 146 // object files that are already loaded in the process address space. | 146 // object files that are already loaded in the process address space. |
| 147 base::debug::EnableInProcessStackDumpingForSandbox(); | 147 base::debug::EnableInProcessStackDumpingForSandbox(); |
| 148 #endif // !defined(NDEBUG) | 148 #endif // !defined(NDEBUG) |
| 149 | 149 |
| 150 // Open proc_fd_. It would break the security of the setuid sandbox if it was | 150 // Open proc_fd_. It would break the security of the setuid sandbox if it was |
| 151 // not closed. | 151 // not closed. |
| 152 // If LinuxSandbox::PreinitializeSandbox() runs, InitializeSandbox() must run | 152 // If LinuxSandbox::PreinitializeSandbox() runs, InitializeSandbox() must run |
| 153 // as well. | 153 // as well. |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 | 454 |
| 455 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 455 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
| 456 DCHECK(thread); | 456 DCHECK(thread); |
| 457 base::ScopedFD proc_fd(OpenProc(proc_fd_)); | 457 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
| 458 PCHECK(proc_fd.is_valid()); | 458 PCHECK(proc_fd.is_valid()); |
| 459 CHECK( | 459 CHECK( |
| 460 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); | 460 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
| 461 } | 461 } |
| 462 | 462 |
| 463 } // namespace content | 463 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1269673003:
CFI: Enable stack traces in renderer process in non-official CFI builds. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master