Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(290)

Issue 239703011: Reland: Add seccomp sandbox for non-SFI NaCl (Closed)

Created:
6 years, 8 months ago by hamaji
Modified:
6 years, 8 months ago
CC:
chromium-reviews, agl, jln+watch_chromium.org, Alexander Potapenko
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Visibility:
Public.

Description

Reland: Add seccomp sandbox for non-SFI NaCl This is the reland of https://codereview.chromium.org/196793023/ In the old patch, ldflags! for ASan was specified in nacl_loader target, which is a static_library. Now we set this in nacl_helper target. The diff from the previous change is: https://codereview.chromium.org/240783003/ All syscalls except whitelisted ones will cause SIGSYS. We test the sandbox with BPF_TEST and BPF_TEST_DEATH, which appropriately fork the process so the main process of the test will never enable the sandbox. TEST=Our app works with this sandbox on i686 and ARM TEST=Build chrome and nacl_helper on i686, x86-64, and ARM TEST=./out/Release/components_unittests --gtest_filter='NaClNonSfi*' TEST=SFI NaCl apps still work TEST=trybots BUG=359285 R=jln@chromium.org, mseaborn@chromium.org TBR=jochen Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=264651

Patch Set 1 #

Total comments: 2

Patch Set 2 : fix asan test #

Total comments: 6

Patch Set 3 : #

Total comments: 5

Patch Set 4 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1551 lines, -22 lines) Patch
M components/components_tests.gyp View 1 chunk +10 lines, -0 lines 0 comments Download
M components/nacl.gyp View 1 5 chunks +27 lines, -13 lines 0 comments Download
M components/nacl/loader/nacl_helper_linux.cc View 2 chunks +2 lines, -1 line 0 comments Download
M components/nacl/loader/nonsfi/DEPS View 1 chunk +1 line, -0 lines 0 comments Download
A components/nacl/loader/nonsfi/nonsfi_sandbox.h View 1 chunk +39 lines, -0 lines 0 comments Download
A components/nacl/loader/nonsfi/nonsfi_sandbox.cc View 1 2 3 1 chunk +319 lines, -0 lines 0 comments Download
A components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc View 1 2 1 chunk +606 lines, -0 lines 0 comments Download
A components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc View 1 2 3 1 chunk +486 lines, -0 lines 0 comments Download
M sandbox/linux/sandbox_linux.gypi View 1 chunk +16 lines, -0 lines 0 comments Download
M sandbox/linux/sandbox_linux_test_sources.gypi View 2 chunks +1 line, -4 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h View 1 chunk +7 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc View 6 chunks +25 lines, -4 lines 0 comments Download
M sandbox/linux/seccomp-bpf/bpf_tests.h View 1 chunk +6 lines, -0 lines 0 comments Download
M sandbox/linux/tests/unit_tests.h View 1 2 1 chunk +6 lines, -0 lines 0 comments Download

Messages

Total messages: 17 (0 generated)
hamaji
Thanks for the review in the previous change. The previous change was reverted because it ...
6 years, 8 months ago (2014-04-17 07:01:50 UTC) #1
jochen (gone - plz use gerrit)
On 2014/04/17 07:01:50, hamaji wrote: > Thanks for the review in the previous change. The ...
6 years, 8 months ago (2014-04-17 08:23:04 UTC) #2
hamaji
On 2014/04/17 08:23:04, jochen (OOO until Apr 22) wrote: > On 2014/04/17 07:01:50, hamaji wrote: ...
6 years, 8 months ago (2014-04-17 17:20:45 UTC) #3
jln (very slow on Chromium)
Note: in general when you reland a CL, it's better to first upload the original ...
6 years, 8 months ago (2014-04-17 17:28:05 UTC) #4
hamaji
https://codereview.chromium.org/239703011/diff/1/components/nacl/loader/nonsfi/nonsfi_sandbox.cc File components/nacl/loader/nonsfi/nonsfi_sandbox.cc (right): https://codereview.chromium.org/239703011/diff/1/components/nacl/loader/nonsfi/nonsfi_sandbox.cc#newcode253 components/nacl/loader/nonsfi/nonsfi_sandbox.cc:253: On 2014/04/17 17:28:06, jln wrote: > Maybe add something ...
6 years, 8 months ago (2014-04-17 18:25:36 UTC) #5
hamaji
On 2014/04/17 17:28:05, jln wrote: > Note: in general when you reland a CL, it's ...
6 years, 8 months ago (2014-04-17 18:26:13 UTC) #6
jln (very slow on Chromium)
This lgtm. However I wonder if we could just gracefully deny these system calls in ...
6 years, 8 months ago (2014-04-17 18:34:16 UTC) #7
hamaji
https://codereview.chromium.org/239703011/diff/20001/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc File components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc (right): https://codereview.chromium.org/239703011/diff/20001/components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc#newcode79 components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc:79: BPF_TEST(NaClNonSfiSandboxTest, clone_by_pthread_create, On 2014/04/17 18:34:17, jln wrote: > sandbox/linux/tests/unit_tests.h ...
6 years, 8 months ago (2014-04-17 19:13:42 UTC) #8
hamaji
+blundell for components_tests.gyp. This gyp file is not different from the previous version.
6 years, 8 months ago (2014-04-17 19:19:05 UTC) #9
jln (very slow on Chromium)
On 2014/04/17 19:19:05, hamaji wrote: > +blundell for components_tests.gyp. > > This gyp file is ...
6 years, 8 months ago (2014-04-17 19:20:43 UTC) #10
Mark Seaborn
LGTM https://codereview.chromium.org/239703011/diff/40001/components/nacl/loader/nonsfi/nonsfi_sandbox.cc File components/nacl/loader/nonsfi/nonsfi_sandbox.cc (right): https://codereview.chromium.org/239703011/diff/40001/components/nacl/loader/nonsfi/nonsfi_sandbox.cc#newcode38 components/nacl/loader/nonsfi/nonsfi_sandbox.cc:38: inline bool IsRunningOnASAN() { Not used any more? ...
6 years, 8 months ago (2014-04-17 19:36:57 UTC) #11
Mark Seaborn
BTW, it rather tiresome to have changes reverted because of ASan. Making NaCl (whether SFI ...
6 years, 8 months ago (2014-04-17 19:41:06 UTC) #12
hamaji
https://codereview.chromium.org/239703011/diff/40001/components/nacl/loader/nonsfi/nonsfi_sandbox.cc File components/nacl/loader/nonsfi/nonsfi_sandbox.cc (right): https://codereview.chromium.org/239703011/diff/40001/components/nacl/loader/nonsfi/nonsfi_sandbox.cc#newcode38 components/nacl/loader/nonsfi/nonsfi_sandbox.cc:38: inline bool IsRunningOnASAN() { On 2014/04/17 19:36:57, Mark Seaborn ...
6 years, 8 months ago (2014-04-17 19:42:06 UTC) #13
hamaji
The CQ bit was checked by hamaji@chromium.org
6 years, 8 months ago (2014-04-17 19:42:16 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/hamaji@chromium.org/239703011/60001
6 years, 8 months ago (2014-04-17 19:43:47 UTC) #15
Mark Seaborn
BTW, I would recommend committing Non-SFI NaCl changes manually rather than using the CQ at ...
6 years, 8 months ago (2014-04-17 21:41:16 UTC) #16
hamaji
6 years, 8 months ago (2014-04-17 21:51:18 UTC) #17
Message was sent while issue was closed.
Committed patchset #4 manually as r264651 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698