Add sandbox support for AsanCoverage.

content/common/sandbox_linux/sandbox_linux.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_
 
 #include <string>
 
 #include "base/basictypes.h"
@@ skipping 64 matching lines @@
 
   // Check the policy and eventually start the seccomp-bpf sandbox. This should
   // never be called with threads started. If we detect that threads have
   // started we will crash.
   bool StartSeccompBPF(const std::string& process_type);
 
   // Limit the address space of the current process (and its children).
   // to make some vulnerabilities harder to exploit.
   bool LimitAddressSpace(const std::string& process_type);
 
+#if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+     defined(LEAK_SANITIZER))  && defined(OS_LINUX)
+  void SetSanitizerArgs(void *sanitizer_args);

[jln (very slow on Chromium), 2014/05/13 01:17:35]

style: "void* blah" in Chromium.

[jln (very slow on Chromium), 2014/05/13 01:17:35]

Note: it's ok to just call it set_sanitizer_args() and define it inline, since
it's a trivial mutator.

[earthdok, 2014/05/14 17:00:26]

Done.

+#endif
+
  private:
   friend struct DefaultSingletonTraits<LinuxSandbox>;
 
   // Some methods are static and get an instance of the Singleton. These
   // are the non-static implementations.
   bool InitializeSandboxImpl();
   void StopThreadImpl(base::Thread* thread);
   // We must have been pre_initialized_ before using this.
   bool seccomp_bpf_supported() const;
   // Returns true if it can be determined that the current process has open
@@ skipping 15 matching lines @@
   // ourselves sandboxed.
   int proc_fd_;
   bool seccomp_bpf_started_;
   // The value returned by GetStatus(). Gets computed once and then cached.
   int sandbox_status_flags_;
   // Did PreinitializeSandbox() run?
   bool pre_initialized_;
   bool seccomp_bpf_supported_;  // Accurate if pre_initialized_.
   bool yama_is_enforcing_;  // Accurate if pre_initialized_.
   scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
+#if (defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+     defined(LEAK_SANITIZER))  && defined(OS_LINUX)

[jln (very slow on Chromium), 2014/05/13 01:17:35]

You're in _linux, so you can remove the last defined()

[earthdok, 2014/05/14 17:00:26]

Done.

+  void *sanitizer_args_;

[jln (very slow on Chromium), 2014/05/13 01:17:35]

style: "void* blah" in chromium.

[jln (very slow on Chromium), 2014/05/13 01:17:35]

How about doing the following instead:

1. scoped_ptr<struct sanitizer_args> sanitizer_args_;
2. Allocate it and zero it in the constructor.
3. SetSanitizerArgs takes three arguments instead and sets the structure members
(therefore, only sandbox_linux.cc needs to know about them).
4. __sanitizer_sandbox_on_notify uses sanitizer_args.release() to pass ownership
to *SAN.

3. (alternative): have a simple sanitizer_args() const { return sanitizer_args_;
} method and continue to do this inline.

[earthdok, 2014/05/14 17:00:26]

Done.

[earthdok, 2014/05/14 17:00:26]

Note that *SAN doesn't actually take ownership of this struct.

The drawback of this approach is that the interface (SetSanitizerArgs) would
have to be changed every time new structure members are added, even though some
callers might not care about setting them.
I've implemented this solution, although I'm not sure I understood you right.

+#endif
 
   ~LinuxSandbox();
   DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_