chrome/nacl/nacl_sandbox_linux.cc - Issue 16881004: Move chrome/nacl to components/nacl.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: chrome/nacl/nacl_sandbox_linux.cc

Issue 16881004: Move chrome/nacl to components/nacl. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Create a zygote folder Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/nacl/nacl_sandbox_linux.h"

6

7 #include <signal.h>

8 #include <sys/ptrace.h>

9

10 #include "base/callback.h"

11 #include "base/compiler_specific.h"

12 #include "base/logging.h"

13 #include "content/public/common/sandbox_init.h"

14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

15 #include "sandbox/linux/services/linux_syscalls.h"

16

17 using playground2::ErrorCode;

18 using playground2::Sandbox;

19

20 namespace {

21

22 // This policy does very little:

23 // - Any invalid system call for the current architecture is handled by

24 // the baseline policy.

25 // - ptrace() is denied.

26 // - Anything else is allowed.

27 // Note that the seccomp-bpf sandbox always prevents cross-architecture

28 // system calls (on x86, long/compatibility/x32).

29 // So even this trivial policy has a security benefit.

30 ErrorCode NaClBpfSandboxPolicy(

31 playground2::Sandbox* sb, int sysnum, void* aux) {

32 const playground2::BpfSandboxPolicyCallback baseline_policy =

33 content::GetBpfSandboxBaselinePolicy();

34 if (!playground2::Sandbox::IsValidSyscallNumber(sysnum)) {

35 return baseline_policy.Run(sb, sysnum, aux);

36 }

37 switch (sysnum) {

38 case __NR_ptrace:

39 return ErrorCode(EPERM);

40 default:

41 return ErrorCode(ErrorCode::ERR_ALLOWED);

42 }

43 NOTREACHED();

44 // GCC wants this.

45 return ErrorCode(EPERM);

46 }

47

48 void RunSandboxSanityChecks() {

49 errno = 0;

50 // Make a ptrace request with an invalid PID.

51 long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL);

52 CHECK_EQ(-1, ptrace_ret);

53 // Without the sandbox on, this ptrace call would ESRCH instead.

54 CHECK_EQ(EPERM, errno);

55 }

56

57 } // namespace

58

59 bool InitializeBpfSandbox() {

60 bool sandbox_is_initialized =

61 content::InitializeSandbox(NaClBpfSandboxPolicy);

62 RunSandboxSanityChecks();

63 if (sandbox_is_initialized) {

64 // TODO(jln): Find a way to fix this.

65 // The sandbox' SIGSYS handler trips NaCl, so we disable it.

66 // If SIGSYS is triggered it'll now execute the default action

67 // (CORE). This will make it hard to track down bugs and sandbox violations.

68 CHECK(signal(SIGSYS, SIG_DFL) != SIG_ERR);

69 return true;

70 }

71 return false;

72 }

OLD	NEW

« no previous file with comments | « chrome/nacl/nacl_sandbox_linux.h ('k') | chrome/nacl/nacl_validation_db.h » ('j') | no next file with comments »