| Index: components/nacl/loader/nacl_helper_linux.cc
|
| diff --git a/components/nacl/loader/nacl_helper_linux.cc b/components/nacl/loader/nacl_helper_linux.cc
|
| index 26578c02de1a9ee59081bff9b858e305c092458b..d3032bff2530839d76f7c40e41a686121e660ff3 100644
|
| --- a/components/nacl/loader/nacl_helper_linux.cc
|
| +++ b/components/nacl/loader/nacl_helper_linux.cc
|
| @@ -28,6 +28,7 @@
|
| #include "base/posix/unix_domain_socket_linux.h"
|
| #include "base/process/kill.h"
|
| #include "base/rand_util.h"
|
| +#include "components/nacl/common/nacl_switches.h"
|
| #include "components/nacl/loader/nacl_listener.h"
|
| #include "components/nacl/loader/nacl_sandbox_linux.h"
|
| #include "content/public/common/zygote_fork_delegate_linux.h"
|
| @@ -43,6 +44,46 @@ struct NaClLoaderSystemInfo {
|
| long number_of_cores;
|
| };
|
|
|
| +// This is a poor man's check on whether we are sandboxed.
|
| +bool IsSandboxed() {
|
| + int proc_fd = open("/proc/self/exe", O_RDONLY);
|
| + if (proc_fd >= 0) {
|
| + close(proc_fd);
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +void InitializeSandbox(bool uses_nonsfi_mode) {
|
| + if (uses_nonsfi_mode) {
|
| + const bool can_be_no_sandbox = CommandLine::ForCurrentProcess()->HasSwitch(
|
| + switches::kNaClDangerousNoSandboxNonSfi);
|
| + const bool setuid_sandbox_enabled = IsSandboxed();
|
| + if (!setuid_sandbox_enabled) {
|
| + if (can_be_no_sandbox)
|
| + LOG(ERROR) << "DANGEROUS: Running non-SFI NaCl without SUID sandbox!";
|
| + else
|
| + LOG(FATAL) << "SUID sandbox is mandatory for non-SFI NaCl";
|
| + }
|
| + const bool bpf_sandbox_initialized = InitializeBPFSandbox();
|
| + if (!bpf_sandbox_initialized) {
|
| + if (can_be_no_sandbox) {
|
| + LOG(ERROR)
|
| + << "DANGEROUS: Running non-SFI NaCl without seccomp-bpf sandbox!";
|
| + } else {
|
| + LOG(FATAL) << "Could not initialize NaCl's second "
|
| + << "layer sandbox (seccomp-bpf) for non-SFI mode.";
|
| + }
|
| + }
|
| + } else {
|
| + const bool bpf_sandbox_initialized = InitializeBPFSandbox();
|
| + if (!bpf_sandbox_initialized) {
|
| + LOG(ERROR) << "Could not initialize NaCl's second "
|
| + << "layer sandbox (seccomp-bpf) for SFI mode.";
|
| + }
|
| + }
|
| +}
|
| +
|
| // The child must mimic the behavior of zygote_main_linux.cc on the child
|
| // side of the fork. See zygote_main_linux.cc:HandleForkRequest from
|
| // if (!child) {
|
| @@ -53,11 +94,7 @@ void BecomeNaClLoader(const std::vector<int>& child_fds,
|
| // don't need zygote FD any more
|
| if (IGNORE_EINTR(close(kNaClZygoteDescriptor)) != 0)
|
| LOG(ERROR) << "close(kNaClZygoteDescriptor) failed.";
|
| - bool sandbox_initialized = InitializeBPFSandbox();
|
| - if (!sandbox_initialized) {
|
| - LOG(ERROR) << "Could not initialize NaCl's second "
|
| - << "layer sandbox (seccomp-bpf).";
|
| - }
|
| + InitializeSandbox(uses_nonsfi_mode);
|
| base::GlobalDescriptors::GetInstance()->Set(
|
| kPrimaryIPCChannel,
|
| child_fds[content::ZygoteForkDelegate::kBrowserFDIndex]);
|
| @@ -186,16 +223,6 @@ bool HandleGetTerminationStatusRequest(PickleIterator* input_iter,
|
| return true;
|
| }
|
|
|
| -// This is a poor man's check on whether we are sandboxed.
|
| -bool IsSandboxed() {
|
| - int proc_fd = open("/proc/self/exe", O_RDONLY);
|
| - if (proc_fd >= 0) {
|
| - close(proc_fd);
|
| - return false;
|
| - }
|
| - return true;
|
| -}
|
| -
|
| // Honor a command |command_type|. Eventual command parameters are
|
| // available in |input_iter| and eventual file descriptors attached to
|
| // the command are in |attached_fds|.
|
|
|
Chromium Code Reviews
Issue 226033002:
Ensure seccomp-bpf cannot be silently disabled for non-SFI NaCl (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src