| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. | 5 // Sanitizers internally use some syscalls which non-SFI NaCl disallows. |
| 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ | 6 #if !defined(ADDRESS_SANITIZER) && !defined(THREAD_SANITIZER) && \ |
| 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) | 7 !defined(MEMORY_SANITIZER) && !defined(LEAK_SANITIZER) |
| 8 | 8 |
| 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" | 9 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h" |
| 10 | 10 |
| 11 #include <errno.h> | 11 #include <errno.h> |
| 12 #include <fcntl.h> | 12 #include <fcntl.h> |
| 13 #include <linux/net.h> | 13 #include <linux/net.h> |
| 14 #include <pthread.h> | 14 #include <pthread.h> |
| 15 #include <sched.h> | 15 #include <sched.h> |
| 16 #include <signal.h> | 16 #include <signal.h> |
| 17 #include <stdlib.h> | 17 #include <stdlib.h> |
| 18 #include <string.h> | 18 #include <string.h> |
| 19 #include <sys/mman.h> | 19 #include <sys/mman.h> |
| 20 #include <sys/prctl.h> | 20 #include <sys/prctl.h> |
| 21 #include <sys/socket.h> | 21 #include <sys/socket.h> |
| 22 #include <sys/syscall.h> | 22 #include <sys/syscall.h> |
| 23 #include <sys/types.h> | 23 #include <sys/types.h> |
| 24 #include <sys/wait.h> | 24 #include <sys/wait.h> |
| 25 #include <time.h> | 25 #include <time.h> |
| 26 #include <unistd.h> | 26 #include <unistd.h> |
| 27 | 27 |
| 28 #include <memory> |
| 29 |
| 28 #include "base/at_exit.h" | 30 #include "base/at_exit.h" |
| 29 #include "base/bind.h" | 31 #include "base/bind.h" |
| 30 #include "base/callback.h" | 32 #include "base/callback.h" |
| 31 #include "base/compiler_specific.h" | 33 #include "base/compiler_specific.h" |
| 32 #include "base/files/scoped_file.h" | 34 #include "base/files/scoped_file.h" |
| 33 #include "base/logging.h" | 35 #include "base/logging.h" |
| 34 #include "base/macros.h" | 36 #include "base/macros.h" |
| 35 #include "base/posix/eintr_wrapper.h" | 37 #include "base/posix/eintr_wrapper.h" |
| 36 #include "base/sys_info.h" | 38 #include "base/sys_info.h" |
| 37 #include "base/threading/thread.h" | 39 #include "base/threading/thread.h" |
| (...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 600 | 602 |
| 601 // The following tests check for several restrictions in tgkill(). A delegate is | 603 // The following tests check for several restrictions in tgkill(). A delegate is |
| 602 // needed to be able to call getpid() from inside the process that will be | 604 // needed to be able to call getpid() from inside the process that will be |
| 603 // sandboxed, but before the sandbox is installed. | 605 // sandboxed, but before the sandbox is installed. |
| 604 template<void(*callback)(int pid, int tid)> | 606 template<void(*callback)(int pid, int tid)> |
| 605 class TgkillDelegate : public sandbox::BPFTesterDelegate { | 607 class TgkillDelegate : public sandbox::BPFTesterDelegate { |
| 606 public: | 608 public: |
| 607 TgkillDelegate() {} | 609 TgkillDelegate() {} |
| 608 ~TgkillDelegate() override {} | 610 ~TgkillDelegate() override {} |
| 609 | 611 |
| 610 scoped_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { | 612 std::unique_ptr<sandbox::bpf_dsl::Policy> GetSandboxBPFPolicy() override { |
| 611 // These two values must be obtained when running in the sandboxed process. | 613 // These two values must be obtained when running in the sandboxed process. |
| 612 // They cannot be set in the constructor and are also not available from | 614 // They cannot be set in the constructor and are also not available from |
| 613 // within |RunTestFunction|. | 615 // within |RunTestFunction|. |
| 614 pid_ = getpid(); | 616 pid_ = getpid(); |
| 615 tid_ = syscall(__NR_gettid); | 617 tid_ = syscall(__NR_gettid); |
| 616 | 618 |
| 617 return scoped_ptr<sandbox::bpf_dsl::Policy>( | 619 return std::unique_ptr<sandbox::bpf_dsl::Policy>( |
| 618 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); | 620 new nacl::nonsfi::NaClNonSfiBPFSandboxPolicy()); |
| 619 } | 621 } |
| 620 | 622 |
| 621 void RunTestFunction() override { | 623 void RunTestFunction() override { |
| 622 callback(pid_, tid_); | 624 callback(pid_, tid_); |
| 623 } | 625 } |
| 624 | 626 |
| 625 // These are longs as a temporary workaround for crbug.com/532992. | 627 // These are longs as a temporary workaround for crbug.com/532992. |
| 626 long pid_; | 628 long pid_; |
| 627 long tid_; | 629 long tid_; |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 694 RESTRICT_SYSCALL_EPERM_TEST(ptrace); | 696 RESTRICT_SYSCALL_EPERM_TEST(ptrace); |
| 695 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); | 697 RESTRICT_SYSCALL_EPERM_TEST(set_robust_list); |
| 696 #if defined(__i386__) || defined(__x86_64__) | 698 #if defined(__i386__) || defined(__x86_64__) |
| 697 RESTRICT_SYSCALL_EPERM_TEST(time); | 699 RESTRICT_SYSCALL_EPERM_TEST(time); |
| 698 #endif | 700 #endif |
| 699 | 701 |
| 700 } // namespace | 702 } // namespace |
| 701 | 703 |
| 702 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && | 704 #endif // !ADDRESS_SANITIZER && !THREAD_SANITIZER && |
| 703 // !MEMORY_SANITIZER && !LEAK_SANITIZER | 705 // !MEMORY_SANITIZER && !LEAK_SANITIZER |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1849323003:
Convert //sandbox to use std::unique_ptr (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master