Chromium Code Reviews Chromium Code Reviews
Issue 280303002:
Add sandbox support for AsanCoverage. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
| 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "content/public/common/sandbox_linux.h" | 12 #include "content/public/common/sandbox_linux.h" |
| 13 | 13 |
| 14 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ | |
| 15 defined(LEAK_SANITIZER) | |
| 16 #include <sanitizer/common_interface_defs.h> | |
| 17 #endif | |
| 18 | |
| 14 template <typename T> struct DefaultSingletonTraits; | 19 template <typename T> struct DefaultSingletonTraits; |
| 15 namespace base { | 20 namespace base { |
| 16 class Thread; | 21 class Thread; |
| 17 } | 22 } |
| 18 namespace sandbox { class SetuidSandboxClient; } | 23 namespace sandbox { class SetuidSandboxClient; } |
| 19 | 24 |
| 20 namespace content { | 25 namespace content { |
| 21 | 26 |
| 22 // A singleton class to represent and change our sandboxing state for the | 27 // A singleton class to represent and change our sandboxing state for the |
| 23 // three main Linux sandboxes. | 28 // three main Linux sandboxes. |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 75 | 80 |
| 76 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 81 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
| 77 // never be called with threads started. If we detect that threads have | 82 // never be called with threads started. If we detect that threads have |
| 78 // started we will crash. | 83 // started we will crash. |
| 79 bool StartSeccompBPF(const std::string& process_type); | 84 bool StartSeccompBPF(const std::string& process_type); |
| 80 | 85 |
| 81 // Limit the address space of the current process (and its children). | 86 // Limit the address space of the current process (and its children). |
| 82 // to make some vulnerabilities harder to exploit. | 87 // to make some vulnerabilities harder to exploit. |
| 83 bool LimitAddressSpace(const std::string& process_type); | 88 bool LimitAddressSpace(const std::string& process_type); |
| 84 | 89 |
| 90 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ | |
| 91 defined(LEAK_SANITIZER) | |
| 92 __sanitizer_sandbox_arguments* sanitizer_args() const { | |
|
jln (very slow on Chromium)
2014/05/14 17:49:41
Since this is a scoped_ptr and we're not doing a t
| |
| 93 return sanitizer_args_.get(); | |
| 94 }; | |
| 95 #endif | |
| 96 | |
| 85 private: | 97 private: |
| 86 friend struct DefaultSingletonTraits<LinuxSandbox>; | 98 friend struct DefaultSingletonTraits<LinuxSandbox>; |
| 87 | 99 |
| 88 // Some methods are static and get an instance of the Singleton. These | 100 // Some methods are static and get an instance of the Singleton. These |
| 89 // are the non-static implementations. | 101 // are the non-static implementations. |
| 90 bool InitializeSandboxImpl(); | 102 bool InitializeSandboxImpl(); |
| 91 void StopThreadImpl(base::Thread* thread); | 103 void StopThreadImpl(base::Thread* thread); |
| 92 // We must have been pre_initialized_ before using this. | 104 // We must have been pre_initialized_ before using this. |
| 93 bool seccomp_bpf_supported() const; | 105 bool seccomp_bpf_supported() const; |
| 94 // Returns true if it can be determined that the current process has open | 106 // Returns true if it can be determined that the current process has open |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 110 // ourselves sandboxed. | 122 // ourselves sandboxed. |
| 111 int proc_fd_; | 123 int proc_fd_; |
| 112 bool seccomp_bpf_started_; | 124 bool seccomp_bpf_started_; |
| 113 // The value returned by GetStatus(). Gets computed once and then cached. | 125 // The value returned by GetStatus(). Gets computed once and then cached. |
| 114 int sandbox_status_flags_; | 126 int sandbox_status_flags_; |
| 115 // Did PreinitializeSandbox() run? | 127 // Did PreinitializeSandbox() run? |
| 116 bool pre_initialized_; | 128 bool pre_initialized_; |
| 117 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. | 129 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. |
| 118 bool yama_is_enforcing_; // Accurate if pre_initialized_. | 130 bool yama_is_enforcing_; // Accurate if pre_initialized_. |
| 119 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 131 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
| 132 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ | |
| 133 defined(LEAK_SANITIZER) | |
| 134 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | |
| 135 #endif | |
| 120 | 136 |
| 121 ~LinuxSandbox(); | 137 ~LinuxSandbox(); |
| 122 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 138 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
| 123 }; | 139 }; |
| 124 | 140 |
| 125 } // namespace content | 141 } // namespace content |
| 126 | 142 |
| 127 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 143 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
| OLD | NEW |
