OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 5 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
6 | 6 |
7 // Some headers on Android are missing cdefs: crbug.com/172337. | |
8 // (We can't use OS_ANDROID here since build_config.h is not included). | |
9 #if defined(ANDROID) | |
10 #include <sys/cdefs.h> | |
11 #endif | |
12 | |
13 #include <errno.h> | 7 #include <errno.h> |
14 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
15 #include <sys/types.h> | 9 #include <sys/types.h> |
16 #include <unistd.h> | 10 #include <unistd.h> |
17 | 11 |
18 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
19 #include "base/files/scoped_file.h" | 13 #include "base/files/scoped_file.h" |
20 #include "base/logging.h" | 14 #include "base/logging.h" |
21 #include "base/macros.h" | 15 #include "base/macros.h" |
22 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
23 #include "base/posix/eintr_wrapper.h" | 17 #include "base/posix/eintr_wrapper.h" |
24 #include "base/third_party/valgrind/valgrind.h" | 18 #include "base/third_party/valgrind/valgrind.h" |
| 19 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
25 #include "sandbox/linux/bpf_dsl/codegen.h" | 20 #include "sandbox/linux/bpf_dsl/codegen.h" |
26 #include "sandbox/linux/bpf_dsl/policy.h" | 21 #include "sandbox/linux/bpf_dsl/policy.h" |
27 #include "sandbox/linux/bpf_dsl/policy_compiler.h" | 22 #include "sandbox/linux/bpf_dsl/policy_compiler.h" |
28 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" | 23 #include "sandbox/linux/bpf_dsl/seccomp_macros.h" |
29 #include "sandbox/linux/bpf_dsl/syscall_set.h" | 24 #include "sandbox/linux/bpf_dsl/syscall_set.h" |
30 #include "sandbox/linux/seccomp-bpf/die.h" | 25 #include "sandbox/linux/seccomp-bpf/die.h" |
31 #include "sandbox/linux/seccomp-bpf/syscall.h" | 26 #include "sandbox/linux/seccomp-bpf/syscall.h" |
32 #include "sandbox/linux/seccomp-bpf/trap.h" | 27 #include "sandbox/linux/seccomp-bpf/trap.h" |
33 #include "sandbox/linux/services/proc_util.h" | 28 #include "sandbox/linux/services/proc_util.h" |
34 #include "sandbox/linux/services/syscall_wrappers.h" | 29 #include "sandbox/linux/services/syscall_wrappers.h" |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 } | 103 } |
109 | 104 |
110 uint64_t EscapePC() { | 105 uint64_t EscapePC() { |
111 intptr_t rv = Syscall::Call(-1); | 106 intptr_t rv = Syscall::Call(-1); |
112 if (rv == -1 && errno == ENOSYS) { | 107 if (rv == -1 && errno == ENOSYS) { |
113 return 0; | 108 return 0; |
114 } | 109 } |
115 return static_cast<uint64_t>(static_cast<uintptr_t>(rv)); | 110 return static_cast<uint64_t>(static_cast<uintptr_t>(rv)); |
116 } | 111 } |
117 | 112 |
| 113 intptr_t SandboxPanicTrap(const struct arch_seccomp_data&, void* aux) { |
| 114 SANDBOX_DIE(static_cast<const char*>(aux)); |
| 115 } |
| 116 |
| 117 bpf_dsl::ResultExpr SandboxPanic(const char* error) { |
| 118 return bpf_dsl::Trap(SandboxPanicTrap, error); |
| 119 } |
| 120 |
118 } // namespace | 121 } // namespace |
119 | 122 |
120 SandboxBPF::SandboxBPF(bpf_dsl::Policy* policy) | 123 SandboxBPF::SandboxBPF(bpf_dsl::Policy* policy) |
121 : proc_fd_(), sandbox_has_started_(false), policy_(policy) { | 124 : proc_fd_(), sandbox_has_started_(false), policy_(policy) { |
122 } | 125 } |
123 | 126 |
124 SandboxBPF::~SandboxBPF() { | 127 SandboxBPF::~SandboxBPF() { |
125 } | 128 } |
126 | 129 |
127 // static | 130 // static |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
218 bool force_verification) { | 221 bool force_verification) { |
219 #if !defined(NDEBUG) | 222 #if !defined(NDEBUG) |
220 force_verification = true; | 223 force_verification = true; |
221 #endif | 224 #endif |
222 DCHECK(policy_); | 225 DCHECK(policy_); |
223 | 226 |
224 bpf_dsl::PolicyCompiler compiler(policy_.get(), Trap::Registry()); | 227 bpf_dsl::PolicyCompiler compiler(policy_.get(), Trap::Registry()); |
225 if (Trap::SandboxDebuggingAllowedByUser()) { | 228 if (Trap::SandboxDebuggingAllowedByUser()) { |
226 compiler.DangerousSetEscapePC(EscapePC()); | 229 compiler.DangerousSetEscapePC(EscapePC()); |
227 } | 230 } |
| 231 compiler.SetPanicFunc(SandboxPanic); |
228 return compiler.Compile(force_verification); | 232 return compiler.Compile(force_verification); |
229 } | 233 } |
230 | 234 |
231 void SandboxBPF::InstallFilter(bool must_sync_threads) { | 235 void SandboxBPF::InstallFilter(bool must_sync_threads) { |
232 // We want to be very careful in not imposing any requirements on the | 236 // We want to be very careful in not imposing any requirements on the |
233 // policies that are set with SetSandboxPolicy(). This means, as soon as | 237 // policies that are set with SetSandboxPolicy(). This means, as soon as |
234 // the sandbox is active, we shouldn't be relying on libraries that could | 238 // the sandbox is active, we shouldn't be relying on libraries that could |
235 // be making system calls. This, for example, means we should avoid | 239 // be making system calls. This, for example, means we should avoid |
236 // using the heap and we should avoid using STL functions. | 240 // using the heap and we should avoid using STL functions. |
237 // Temporarily copy the contents of the "program" vector into a | 241 // Temporarily copy the contents of the "program" vector into a |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
270 } else { | 274 } else { |
271 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { | 275 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { |
272 SANDBOX_DIE("Kernel refuses to turn on BPF filters"); | 276 SANDBOX_DIE("Kernel refuses to turn on BPF filters"); |
273 } | 277 } |
274 } | 278 } |
275 | 279 |
276 sandbox_has_started_ = true; | 280 sandbox_has_started_ = true; |
277 } | 281 } |
278 | 282 |
279 } // namespace sandbox | 283 } // namespace sandbox |
OLD | NEW |