| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 | 12 |
| 13 #include <memory> | 13 #include <memory> |
| 14 | 14 |
| 15 #include "base/command_line.h" | 15 #include "base/command_line.h" |
| 16 #include "base/logging.h" | 16 #include "base/logging.h" |
| 17 #include "base/macros.h" | 17 #include "base/macros.h" |
| 18 #include "build/build_config.h" | 18 #include "build/build_config.h" |
| 19 #include "content/public/common/content_switches.h" | 19 #include "content/public/common/content_switches.h" |
| 20 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 20 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 21 #include "sandbox/sandbox_features.h" |
| 21 | 22 |
| 22 #if defined(USE_SECCOMP_BPF) | 23 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 23 | 24 |
| 24 #include "base/files/scoped_file.h" | 25 #include "base/files/scoped_file.h" |
| 25 #include "base/posix/eintr_wrapper.h" | 26 #include "base/posix/eintr_wrapper.h" |
| 26 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" | 27 #include "content/common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.h" |
| 27 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" | 28 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" |
| 28 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" | 29 #include "content/common/sandbox_linux/bpf_ppapi_policy_linux.h" |
| 29 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" | 30 #include "content/common/sandbox_linux/bpf_renderer_policy_linux.h" |
| 30 #include "content/common/sandbox_linux/bpf_utility_policy_linux.h" | 31 #include "content/common/sandbox_linux/bpf_utility_policy_linux.h" |
| 31 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" | 32 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" |
| 32 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" | 33 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 51 // Make sure that seccomp-bpf does not get disabled by mistake. Also make sure | 52 // Make sure that seccomp-bpf does not get disabled by mistake. Also make sure |
| 52 // that we think twice about this when adding a new architecture. | 53 // that we think twice about this when adding a new architecture. |
| 53 #if !defined(ARCH_CPU_ARM64) | 54 #if !defined(ARCH_CPU_ARM64) |
| 54 #error "Seccomp-bpf disabled on supported architecture!" | 55 #error "Seccomp-bpf disabled on supported architecture!" |
| 55 #endif // !defined(ARCH_CPU_ARM64) | 56 #endif // !defined(ARCH_CPU_ARM64) |
| 56 | 57 |
| 57 #endif // | 58 #endif // |
| 58 | 59 |
| 59 namespace content { | 60 namespace content { |
| 60 | 61 |
| 61 #if defined(USE_SECCOMP_BPF) | 62 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 62 namespace { | 63 namespace { |
| 63 | 64 |
| 64 // This function takes ownership of |policy|. | 65 // This function takes ownership of |policy|. |
| 65 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, | 66 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, |
| 66 base::ScopedFD proc_fd) { | 67 base::ScopedFD proc_fd) { |
| 67 // Starting the sandbox is a one-way operation. The kernel doesn't allow | 68 // Starting the sandbox is a one-way operation. The kernel doesn't allow |
| 68 // us to unload a sandbox policy after it has been started. Nonetheless, | 69 // us to unload a sandbox policy after it has been started. Nonetheless, |
| 69 // in order to make the use of the "Sandbox" object easier, we allow for | 70 // in order to make the use of the "Sandbox" object easier, we allow for |
| 70 // the object to be destroyed after the sandbox has been started. Note that | 71 // the object to be destroyed after the sandbox has been started. Note that |
| 71 // doing so does not stop the sandbox. | 72 // doing so does not stop the sandbox. |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 !command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) { | 225 !command_line.HasSwitch(switches::kDisableSeccompFilterSandbox)) { |
| 225 return true; | 226 return true; |
| 226 } else { | 227 } else { |
| 227 return false; | 228 return false; |
| 228 } | 229 } |
| 229 } | 230 } |
| 230 | 231 |
| 231 #if !defined(OS_NACL_NONSFI) | 232 #if !defined(OS_NACL_NONSFI) |
| 232 bool SandboxSeccompBPF::ShouldEnableSeccompBPF( | 233 bool SandboxSeccompBPF::ShouldEnableSeccompBPF( |
| 233 const std::string& process_type) { | 234 const std::string& process_type) { |
| 234 #if defined(USE_SECCOMP_BPF) | 235 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 235 const base::CommandLine& command_line = | 236 const base::CommandLine& command_line = |
| 236 *base::CommandLine::ForCurrentProcess(); | 237 *base::CommandLine::ForCurrentProcess(); |
| 237 if (process_type == switches::kGpuProcess) | 238 if (process_type == switches::kGpuProcess) |
| 238 return !command_line.HasSwitch(switches::kDisableGpuSandbox); | 239 return !command_line.HasSwitch(switches::kDisableGpuSandbox); |
| 239 | 240 |
| 240 return true; | 241 return true; |
| 241 #endif // USE_SECCOMP_BPF | 242 #endif // USE_SECCOMP_BPF |
| 242 return false; | 243 return false; |
| 243 } | 244 } |
| 244 #endif // !defined(OS_NACL_NONSFI) | 245 #endif // !defined(OS_NACL_NONSFI) |
| 245 | 246 |
| 246 bool SandboxSeccompBPF::SupportsSandbox() { | 247 bool SandboxSeccompBPF::SupportsSandbox() { |
| 247 #if defined(USE_SECCOMP_BPF) | 248 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 248 return SandboxBPF::SupportsSeccompSandbox( | 249 return SandboxBPF::SupportsSeccompSandbox( |
| 249 SandboxBPF::SeccompLevel::SINGLE_THREADED); | 250 SandboxBPF::SeccompLevel::SINGLE_THREADED); |
| 250 #endif | 251 #endif |
| 251 return false; | 252 return false; |
| 252 } | 253 } |
| 253 | 254 |
| 254 #if !defined(OS_NACL_NONSFI) | 255 #if !defined(OS_NACL_NONSFI) |
| 255 bool SandboxSeccompBPF::SupportsSandboxWithTsync() { | 256 bool SandboxSeccompBPF::SupportsSandboxWithTsync() { |
| 256 #if defined(USE_SECCOMP_BPF) | 257 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 257 return SandboxBPF::SupportsSeccompSandbox( | 258 return SandboxBPF::SupportsSeccompSandbox( |
| 258 SandboxBPF::SeccompLevel::MULTI_THREADED); | 259 SandboxBPF::SeccompLevel::MULTI_THREADED); |
| 259 #endif | 260 #endif |
| 260 return false; | 261 return false; |
| 261 } | 262 } |
| 262 | 263 |
| 263 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type, | 264 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type, |
| 264 base::ScopedFD proc_fd) { | 265 base::ScopedFD proc_fd) { |
| 265 #if defined(USE_SECCOMP_BPF) | 266 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 266 const base::CommandLine& command_line = | 267 const base::CommandLine& command_line = |
| 267 *base::CommandLine::ForCurrentProcess(); | 268 *base::CommandLine::ForCurrentProcess(); |
| 268 | 269 |
| 269 if (IsSeccompBPFDesired() && // Global switches policy. | 270 if (IsSeccompBPFDesired() && // Global switches policy. |
| 270 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. | 271 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. |
| 271 SupportsSandbox()) { | 272 SupportsSandbox()) { |
| 272 // If the kernel supports the sandbox, and if the command line says we | 273 // If the kernel supports the sandbox, and if the command line says we |
| 273 // should enable it, enable it or die. | 274 // should enable it, enable it or die. |
| 274 bool started_sandbox = | 275 bool started_sandbox = |
| 275 StartBPFSandbox(command_line, process_type, std::move(proc_fd)); | 276 StartBPFSandbox(command_line, process_type, std::move(proc_fd)); |
| 276 CHECK(started_sandbox); | 277 CHECK(started_sandbox); |
| 277 return true; | 278 return true; |
| 278 } | 279 } |
| 279 #endif | 280 #endif |
| 280 return false; | 281 return false; |
| 281 } | 282 } |
| 282 #endif // !defined(OS_NACL_NONSFI) | 283 #endif // !defined(OS_NACL_NONSFI) |
| 283 | 284 |
| 284 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( | 285 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( |
| 285 std::unique_ptr<sandbox::bpf_dsl::Policy> policy, | 286 std::unique_ptr<sandbox::bpf_dsl::Policy> policy, |
| 286 base::ScopedFD proc_fd) { | 287 base::ScopedFD proc_fd) { |
| 287 #if defined(USE_SECCOMP_BPF) | 288 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 288 if (IsSeccompBPFDesired() && SupportsSandbox()) { | 289 if (IsSeccompBPFDesired() && SupportsSandbox()) { |
| 289 CHECK(policy); | 290 CHECK(policy); |
| 290 StartSandboxWithPolicy(policy.release(), std::move(proc_fd)); | 291 StartSandboxWithPolicy(policy.release(), std::move(proc_fd)); |
| 291 return true; | 292 return true; |
| 292 } | 293 } |
| 293 #endif // defined(USE_SECCOMP_BPF) | 294 #endif // BUILDFLAG(USE_SECCOMP_BPF) |
| 294 return false; | 295 return false; |
| 295 } | 296 } |
| 296 | 297 |
| 297 #if !defined(OS_NACL_NONSFI) | 298 #if !defined(OS_NACL_NONSFI) |
| 298 std::unique_ptr<sandbox::bpf_dsl::Policy> | 299 std::unique_ptr<sandbox::bpf_dsl::Policy> |
| 299 SandboxSeccompBPF::GetBaselinePolicy() { | 300 SandboxSeccompBPF::GetBaselinePolicy() { |
| 300 #if defined(USE_SECCOMP_BPF) | 301 #if BUILDFLAG(USE_SECCOMP_BPF) |
| 301 return std::unique_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); | 302 return std::unique_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); |
| 302 #else | 303 #else |
| 303 return std::unique_ptr<sandbox::bpf_dsl::Policy>(); | 304 return std::unique_ptr<sandbox::bpf_dsl::Policy>(); |
| 304 #endif // defined(USE_SECCOMP_BPF) | 305 #endif // BUILDFLAG(USE_SECCOMP_BPF) |
| 305 } | 306 } |
| 306 #endif // !defined(OS_NACL_NONSFI) | 307 #endif // !defined(OS_NACL_NONSFI) |
| 307 | 308 |
| 308 } // namespace content | 309 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2523253002:
Convert use_seccomp_bpf to the BUILDFLAG system. (Closed)
