| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <linux/net.h> | 10 #include <linux/net.h> |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 | 40 |
| 41 #if !defined(F_DUPFD_CLOEXEC) | 41 #if !defined(F_DUPFD_CLOEXEC) |
| 42 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 42 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
| 43 #endif | 43 #endif |
| 44 | 44 |
| 45 // https://android.googlesource.com/platform/bionic/+/lollipop-release/libc/priv
ate/bionic_prctl.h | 45 // https://android.googlesource.com/platform/bionic/+/lollipop-release/libc/priv
ate/bionic_prctl.h |
| 46 #if !defined(PR_SET_VMA) | 46 #if !defined(PR_SET_VMA) |
| 47 #define PR_SET_VMA 0x53564d41 | 47 #define PR_SET_VMA 0x53564d41 |
| 48 #endif | 48 #endif |
| 49 | 49 |
| 50 // https://android.googlesource.com/platform/system/core/+/lollipop-release/libc
utils/sched_policy.c | |
| 51 #if !defined(PR_SET_TIMERSLACK_PID) | |
| 52 #define PR_SET_TIMERSLACK_PID 41 | |
| 53 #endif | |
| 54 | |
| 55 #ifndef PR_SET_PTRACER | 50 #ifndef PR_SET_PTRACER |
| 56 #define PR_SET_PTRACER 0x59616d61 | 51 #define PR_SET_PTRACER 0x59616d61 |
| 57 #endif | 52 #endif |
| 58 | 53 |
| 59 #endif // defined(OS_ANDROID) | 54 #endif // defined(OS_ANDROID) |
| 60 | 55 |
| 61 #if defined(__arm__) && !defined(MAP_STACK) | 56 #if defined(__arm__) && !defined(MAP_STACK) |
| 62 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 57 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
| 63 #endif | 58 #endif |
| 64 | 59 |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 151 .Else(CrashSIGSYSClone()); | 146 .Else(CrashSIGSYSClone()); |
| 152 } | 147 } |
| 153 | 148 |
| 154 ResultExpr RestrictPrctl() { | 149 ResultExpr RestrictPrctl() { |
| 155 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is | 150 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is |
| 156 // used by breakpad but not needed anymore. | 151 // used by breakpad but not needed anymore. |
| 157 const Arg<int> option(0); | 152 const Arg<int> option(0); |
| 158 return Switch(option) | 153 return Switch(option) |
| 159 .CASES((PR_GET_NAME, PR_SET_NAME, PR_GET_DUMPABLE, PR_SET_DUMPABLE | 154 .CASES((PR_GET_NAME, PR_SET_NAME, PR_GET_DUMPABLE, PR_SET_DUMPABLE |
| 160 #if defined(OS_ANDROID) | 155 #if defined(OS_ANDROID) |
| 161 , | 156 , PR_SET_VMA, PR_SET_PTRACER |
| 162 PR_SET_VMA, PR_SET_TIMERSLACK_PID, PR_SET_PTRACER | 157 |
| 163 #endif | 158 // Enable PR_SET_TIMERSLACK_PID, an Android custom prctl which is used in: |
| 159 // https://android.googlesource.com/platform/system/core/+/lollipop-release/libc
utils/sched_policy.c. |
| 160 // Depending on the Android kernel version, this prctl may have different |
| 161 // values. Since we don't know the correct value for the running kernel, we must |
| 162 // allow them all. |
| 163 // |
| 164 // The effect is: |
| 165 // On 3.14 kernels, this allows PR_SET_TIMERSLACK_PID and 43 and 127 (invalid |
| 166 // prctls which will return EINVAL) |
| 167 // On 3.18 kernels, this allows PR_SET_TIMERSLACK_PID, PR_SET_THP_DISABLE, and |
| 168 // 127 (invalid). |
| 169 // On 4.1 kernels and up, this allows PR_SET_TIMERSLACK_PID, PR_SET_THP_DISABLE, |
| 170 // and PR_MPX_ENABLE_MANAGEMENT. |
| 171 |
| 172 // https://android.googlesource.com/kernel/common/+/android-3.14/include/uapi/li
nux/prctl.h |
| 173 #define PR_SET_TIMERSLACK_PID_1 41 |
| 174 |
| 175 // https://android.googlesource.com/kernel/common/+/android-3.18/include/uapi/li
nux/prctl.h |
| 176 #define PR_SET_TIMERSLACK_PID_2 43 |
| 177 |
| 178 // https://android.googlesource.com/kernel/common/+/android-4.1/include/uapi/lin
ux/prctl.h and up |
| 179 #define PR_SET_TIMERSLACK_PID_3 127 |
| 180 |
| 181 , PR_SET_TIMERSLACK_PID_1 |
| 182 , PR_SET_TIMERSLACK_PID_2 |
| 183 , PR_SET_TIMERSLACK_PID_3 |
| 184 #endif // defined(OS_ANDROID) |
| 164 ), | 185 ), |
| 165 Allow()) | 186 Allow()) |
| 166 .Default(CrashSIGSYSPrctl()); | 187 .Default(CrashSIGSYSPrctl()); |
| 167 } | 188 } |
| 168 | 189 |
| 169 ResultExpr RestrictIoctl() { | 190 ResultExpr RestrictIoctl() { |
| 170 const Arg<int> request(1); | 191 const Arg<int> request(1); |
| 171 return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default( | 192 return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default( |
| 172 CrashSIGSYSIoctl()); | 193 CrashSIGSYSIoctl()); |
| 173 } | 194 } |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 CLOCK_MONOTONIC_COARSE, | 345 CLOCK_MONOTONIC_COARSE, |
| 325 CLOCK_PROCESS_CPUTIME_ID, | 346 CLOCK_PROCESS_CPUTIME_ID, |
| 326 CLOCK_REALTIME, | 347 CLOCK_REALTIME, |
| 327 CLOCK_REALTIME_COARSE, | 348 CLOCK_REALTIME_COARSE, |
| 328 CLOCK_THREAD_CPUTIME_ID), | 349 CLOCK_THREAD_CPUTIME_ID), |
| 329 Allow()) | 350 Allow()) |
| 330 .Default(CrashSIGSYS()); | 351 .Default(CrashSIGSYS()); |
| 331 } | 352 } |
| 332 | 353 |
| 333 } // namespace sandbox. | 354 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2005183002:
Handle inconsistent PR_SET_TIMERSLACK_PID values on Android. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master