Handle inconsistent PR_SET_TIMERSLACK_PID values on Android.

sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <fcntl.h>
 #include <linux/net.h>
@@ skipping 29 matching lines @@
 
 #if !defined(F_DUPFD_CLOEXEC)
 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6)
 #endif
 
 // https://android.googlesource.com/platform/bionic/+/lollipop-release/libc/private/bionic_prctl.h
 #if !defined(PR_SET_VMA)
 #define PR_SET_VMA 0x53564d41
 #endif
 
-// https://android.googlesource.com/platform/system/core/+/lollipop-release/libcutils/sched_policy.c
-#if !defined(PR_SET_TIMERSLACK_PID)
-#define PR_SET_TIMERSLACK_PID 41
-#endif
-
 #ifndef PR_SET_PTRACER
 #define PR_SET_PTRACER 0x59616d61
 #endif
 
 #endif  // defined(OS_ANDROID)
 
 #if defined(__arm__) && !defined(MAP_STACK)
 #define MAP_STACK 0x20000  // Daisy build environment has old headers.
 #endif
 
@@ skipping 86 matching lines @@
       .Else(CrashSIGSYSClone());
 }
 
 ResultExpr RestrictPrctl() {
   // Will need to add seccomp compositing in the future. PR_SET_PTRACER is
   // used by breakpad but not needed anymore.
   const Arg<int> option(0);
   return Switch(option)
       .CASES((PR_GET_NAME, PR_SET_NAME, PR_GET_DUMPABLE, PR_SET_DUMPABLE
 #if defined(OS_ANDROID)
-              ,
-              PR_SET_VMA, PR_SET_TIMERSLACK_PID, PR_SET_PTRACER
+              , PR_SET_VMA, PR_SET_PTRACER
+// https://android.googlesource.com/platform/system/core/+/lollipop-release/libcutils/sched_policy.c
+#if defined(PR_SET_TIMERSLACK_PID)
+              , PR_SET_TIMERSLACK_PID
+#else

[Robert Sesek, 2016/05/24 14:51:40]

I think we need to permit all three unconditionally, otherwise if this is
compiled against one version of Bionic that includes PR_SET_TIMERSLACK_PID, it
will fail on other Androids using a different kernel version.

[rickyz (no longer on Chrome), 2016/05/24 21:04:06]

Oops, I don't know what I was thinking - thanks for the catch!

+
+// Depending on the Android kernel version, this prctl may have different
+// values. Since PR_SET_TIMERSLACK_PID was not defined in any header, we have no
+// way of knowing which is the correct one to allow, so we must allow them all.
+//
+// The effect is:
+// On 3.14 kernels, this allows PR_SET_TIMERSLACK_PID and 43 and 127 (invalid
+// prctls which will return EINVAL)
+// On 3.18 kernels, this allows PR_SET_TIMERSLACK_PID and PR_SET_THP_DISABLE.
+// On 4.1 kernels and up, this allows PR_SET_TIMERSLACK_PID, PR_SET_THP_DISABLE,
+// and PR_MPX_ENABLE_MANAGEMENT.
+
+// https://android.googlesource.com/kernel/common/+/android-3.14/include/uapi/linux/prctl.h
+#define PR_SET_TIMERSLACK_PID_1 41
+
+// https://android.googlesource.com/kernel/common/+/android-3.18/include/uapi/linux/prctl.h
+#define PR_SET_TIMERSLACK_PID_2 43
+
+// https://android.googlesource.com/kernel/common/+/android-4.1/include/uapi/linux/prctl.h and up
+#define PR_SET_TIMERSLACK_PID_3 127
+
+              , PR_SET_TIMERSLACK_PID_1
+              , PR_SET_TIMERSLACK_PID_2
+              , PR_SET_TIMERSLACK_PID_3
 #endif
+
+#endif  // defined(OS_ANDROID)
               ),
              Allow())
       .Default(CrashSIGSYSPrctl());
 }
 
 ResultExpr RestrictIoctl() {
   const Arg<int> request(1);
   return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default(
       CrashSIGSYSIoctl());
 }
@@ skipping 150 matching lines @@
               CLOCK_MONOTONIC_COARSE,
               CLOCK_PROCESS_CPUTIME_ID,
               CLOCK_REALTIME,
               CLOCK_REALTIME_COARSE,
               CLOCK_THREAD_CPUTIME_ID),
              Allow())
       .Default(CrashSIGSYS());
 }
 
 }  // namespace sandbox.