OLD | NEW |
(Empty) | |
| 1 #include <sys/time.h> |
| 2 #include <sys/resource.h> |
| 3 |
| 4 #include "SkCanvas.h" |
| 5 #include "SkCommandLineFlags.h" |
| 6 #include "SkData.h" |
| 7 #include "SkForceLinking.h" |
| 8 #include "SkGraphics.h" |
| 9 #include "SkImageEncoder.h" |
| 10 #include "SkImageInfo.h" |
| 11 #include "SkStream.h" |
| 12 #include "SkSurface.h" |
| 13 |
| 14 #include "seccomp_bpf.h" |
| 15 |
| 16 __SK_FORCE_IMAGE_DECODER_LINKING; |
| 17 |
| 18 DEFINE_string(out, "", "Filename of the PNG to write to."); |
| 19 |
| 20 static bool install_syscall_filter() { |
| 21 struct sock_filter filter[] = { |
| 22 /* Grab the system call number. */ |
| 23 EXAMINE_SYSCALL, |
| 24 /* List allowed syscalls. */ |
| 25 ALLOW_SYSCALL(exit_group), |
| 26 ALLOW_SYSCALL(exit), |
| 27 ALLOW_SYSCALL(fstat), |
| 28 ALLOW_SYSCALL(read), |
| 29 ALLOW_SYSCALL(write), |
| 30 ALLOW_SYSCALL(close), |
| 31 ALLOW_SYSCALL(mmap), |
| 32 ALLOW_SYSCALL(munmap), |
| 33 ALLOW_SYSCALL(brk), |
| 34 KILL_PROCESS, |
| 35 }; |
| 36 struct sock_fprog prog = { |
| 37 SK_ARRAY_COUNT(filter), |
| 38 filter, |
| 39 }; |
| 40 |
| 41 // Lock down the app so that it can't get new privs, such as setuid. |
| 42 // Calling this is a requirement for an unpriviledged process to use mode |
| 43 // 2 seccomp filters, ala SECCOMP_MODE_FILTER, otherwise we'd have to be |
| 44 // root. |
| 45 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { |
| 46 perror("prctl(NO_NEW_PRIVS)"); |
| 47 goto failed; |
| 48 } |
| 49 // Now call seccomp and restrict the system calls that can be made to only |
| 50 // the ones in the provided filter list. |
| 51 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { |
| 52 perror("prctl(SECCOMP)"); |
| 53 goto failed; |
| 54 } |
| 55 return true; |
| 56 |
| 57 failed: |
| 58 if (errno == EINVAL) { |
| 59 fprintf(stderr, "SECCOMP_FILTER is not available. :(\n"); |
| 60 } |
| 61 return false; |
| 62 } |
| 63 |
| 64 static void setLimits() { |
| 65 struct rlimit n; |
| 66 |
| 67 // Limit to 5 seconds of CPU. |
| 68 n.rlim_cur = 5; |
| 69 n.rlim_max = 5; |
| 70 if (setrlimit(RLIMIT_CPU, &n)) { |
| 71 perror("setrlimit(RLIMIT_CPU)"); |
| 72 } |
| 73 |
| 74 // Limit to 50M of Address space. |
| 75 n.rlim_cur = 50000000; |
| 76 n.rlim_max = 50000000; |
| 77 if (setrlimit(RLIMIT_AS, &n)) { |
| 78 perror("setrlimit(RLIMIT_CPU)"); |
| 79 } |
| 80 } |
| 81 |
| 82 extern void draw(SkCanvas* canvas); |
| 83 |
| 84 int main(int argc, char** argv) { |
| 85 SkCommandLineFlags::Parse(argc, argv); |
| 86 SkAutoGraphics init; |
| 87 |
| 88 if (FLAGS_out.count() == 0) { |
| 89 perror("The --out flag must have an argument."); |
| 90 return 1; |
| 91 } |
| 92 SkFILEWStream stream(FLAGS_out[0]); |
| 93 |
| 94 SkImageInfo info = SkImageInfo::MakeN32(300, 300, kPremul_SkAlphaType); |
| 95 SkAutoTUnref<SkSurface> surface(SkSurface::NewRaster(info)); |
| 96 SkCanvas* canvas = surface->getCanvas(); |
| 97 |
| 98 setLimits(); |
| 99 |
| 100 if (!install_syscall_filter()) { |
| 101 return 1; |
| 102 } |
| 103 |
| 104 draw(canvas); |
| 105 |
| 106 // Write out the image as a PNG. |
| 107 SkAutoTUnref<SkImage> image(surface->newImageSnapshot()); |
| 108 SkAutoTUnref<SkData> data(image->encode(SkImageEncoder::kPNG_Type, 100)); |
| 109 if (NULL == data.get()) { |
| 110 printf("Failed to encode\n"); |
| 111 exit(1); |
| 112 } |
| 113 stream.write(data->data(), data->size()); |
| 114 } |
OLD | NEW |