Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(814)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 2005183002: Handle inconsistent PR_SET_TIMERSLACK_PID values on Android. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index f5cbef00855d2945e7340e51444d2bba3fccaa88..3f9778ecb29a4313216790202e1143dbb01bebfb 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -47,11 +47,6 @@
#define PR_SET_VMA 0x53564d41
#endif
-// https://android.googlesource.com/platform/system/core/+/lollipop-release/libcutils/sched_policy.c
-#if !defined(PR_SET_TIMERSLACK_PID)
-#define PR_SET_TIMERSLACK_PID 41
-#endif
-
#ifndef PR_SET_PTRACER
#define PR_SET_PTRACER 0x59616d61
#endif
@@ -158,9 +153,38 @@ ResultExpr RestrictPrctl() {
return Switch(option)
.CASES((PR_GET_NAME, PR_SET_NAME, PR_GET_DUMPABLE, PR_SET_DUMPABLE
#if defined(OS_ANDROID)
- ,
- PR_SET_VMA, PR_SET_TIMERSLACK_PID, PR_SET_PTRACER
+ , PR_SET_VMA, PR_SET_PTRACER
+// https://android.googlesource.com/platform/system/core/+/lollipop-release/libcutils/sched_policy.c
+#if defined(PR_SET_TIMERSLACK_PID)
+ , PR_SET_TIMERSLACK_PID
+#else
Robert Sesek 2016/05/24 14:51:40 I think we need to permit all three unconditionall
rickyz (no longer on Chrome) 2016/05/24 21:04:06 Oops, I don't know what I was thinking - thanks fo
+
+// Depending on the Android kernel version, this prctl may have different
+// values. Since PR_SET_TIMERSLACK_PID was not defined in any header, we have no
+// way of knowing which is the correct one to allow, so we must allow them all.
+//
+// The effect is:
+// On 3.14 kernels, this allows PR_SET_TIMERSLACK_PID and 43 and 127 (invalid
+// prctls which will return EINVAL)
+// On 3.18 kernels, this allows PR_SET_TIMERSLACK_PID and PR_SET_THP_DISABLE.
+// On 4.1 kernels and up, this allows PR_SET_TIMERSLACK_PID, PR_SET_THP_DISABLE,
+// and PR_MPX_ENABLE_MANAGEMENT.
+
+// https://android.googlesource.com/kernel/common/+/android-3.14/include/uapi/linux/prctl.h
+#define PR_SET_TIMERSLACK_PID_1 41
+
+// https://android.googlesource.com/kernel/common/+/android-3.18/include/uapi/linux/prctl.h
+#define PR_SET_TIMERSLACK_PID_2 43
+
+// https://android.googlesource.com/kernel/common/+/android-4.1/include/uapi/linux/prctl.h and up
+#define PR_SET_TIMERSLACK_PID_3 127
+
+ , PR_SET_TIMERSLACK_PID_1
+ , PR_SET_TIMERSLACK_PID_2
+ , PR_SET_TIMERSLACK_PID_3
#endif
+
+#endif // defined(OS_ANDROID)
),
Allow())
.Default(CrashSIGSYSPrctl());
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698