Chromium Code Reviews Chromium Code Reviews
Issue 284153005:
Bootstrap Sandbox: Ensure swap_integer messages are read-only. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/mac/os_compatibility.h" | 5 #include "sandbox/mac/os_compatibility.h" |
| 6 | 6 |
| 7 #include <servers/bootstrap.h> | 7 #include <servers/bootstrap.h> |
| 8 #include <unistd.h> | 8 #include <unistd.h> |
| 9 | 9 |
| 10 #include "base/mac/mac_util.h" | 10 #include "base/mac/mac_util.h" |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 36 mach_msg_header_t Head; | 36 mach_msg_header_t Head; |
| 37 NDR_record_t NDR; | 37 NDR_record_t NDR; |
| 38 name_t servicename; | 38 name_t servicename; |
| 39 pid_t targetpid; | 39 pid_t targetpid; |
| 40 uuid_t instanceid; | 40 uuid_t instanceid; |
| 41 uint64_t flags; | 41 uint64_t flags; |
| 42 }; | 42 }; |
| 43 | 43 |
| 44 // look_up2_reply_10_7 is the same as the 10_6 version. | 44 // look_up2_reply_10_7 is the same as the 10_6 version. |
| 45 | 45 |
| 46 // Verified from: | |
| 47 // launchd-329.3.3 (10.6.8) | |
| 48 // launchd-392.39 (10.7.5) | |
| 49 // launchd-442.26.2 (10.8.5) | |
| 50 // launchd-842.1.4 (10.9.0) | |
| 51 typedef int vproc_gsk_t; // Defined as an enum in liblaunch/vproc_priv.h. | |
| 52 struct swap_integer_request_10_6 { | |
| 53 mach_msg_header_t Head; | |
| 54 NDR_record_t NDR; | |
| 55 vproc_gsk_t inkey; | |
| 56 vproc_gsk_t outkey; | |
| 57 int64_t inval; | |
| 58 }; | |
| 59 | |
| 46 // TODO(rsesek): Libc provides strnlen() starting in 10.7. | 60 // TODO(rsesek): Libc provides strnlen() starting in 10.7. |
| 47 size_t strnlen(const char* str, size_t maxlen) { | 61 size_t strnlen(const char* str, size_t maxlen) { |
| 48 size_t len = 0; | 62 size_t len = 0; |
| 49 for (; len < maxlen; ++len, ++str) { | 63 for (; len < maxlen; ++len, ++str) { |
| 50 if (*str == '\0') | 64 if (*str == '\0') |
| 51 break; | 65 break; |
| 52 } | 66 } |
| 53 return len; | 67 return len; |
| 54 } | 68 } |
| 55 | 69 |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 70 reply->Head.msgh_size = sizeof(R); | 84 reply->Head.msgh_size = sizeof(R); |
| 71 reply->Head.msgh_bits = | 85 reply->Head.msgh_bits = |
| 72 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE) | | 86 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE) | |
| 73 MACH_MSGH_BITS_COMPLEX; | 87 MACH_MSGH_BITS_COMPLEX; |
| 74 reply->msgh_body.msgh_descriptor_count = 1; | 88 reply->msgh_body.msgh_descriptor_count = 1; |
| 75 reply->service_port.name = port; | 89 reply->service_port.name = port; |
| 76 reply->service_port.disposition = MACH_MSG_TYPE_PORT_SEND; | 90 reply->service_port.disposition = MACH_MSG_TYPE_PORT_SEND; |
| 77 reply->service_port.type = MACH_MSG_PORT_DESCRIPTOR; | 91 reply->service_port.type = MACH_MSG_PORT_DESCRIPTOR; |
| 78 } | 92 } |
| 79 | 93 |
| 94 template <typename R> | |
| 95 bool LaunchdSwapIntegerIsGetOnly(const mach_msg_header_t* header) { | |
| 96 const R* request = reinterpret_cast<const R*>(header); | |
| 97 return request->inkey == 0 && request->inval == 0 && request->outkey != 0; | |
|
Mark Mentovai
2014/05/15 22:36:56
OK, although request->inval doesn’t matter if requ
Robert Sesek
2014/05/15 22:54:17
Yes, I was being pedantic in case they accidentall
| |
| 98 } | |
| 99 | |
| 80 } // namespace | 100 } // namespace |
| 81 | 101 |
| 82 const LaunchdCompatibilityShim GetLaunchdCompatibilityShim() { | 102 const LaunchdCompatibilityShim GetLaunchdCompatibilityShim() { |
| 83 LaunchdCompatibilityShim shim = { | 103 LaunchdCompatibilityShim shim = { |
| 84 .msg_id_look_up2 = 404, | 104 .msg_id_look_up2 = 404, |
| 85 .msg_id_swap_integer = 416, | 105 .msg_id_swap_integer = 416, |
| 86 .look_up2_fill_reply = &LaunchdLookUp2FillReply<look_up2_reply_10_6> | 106 .look_up2_fill_reply = &LaunchdLookUp2FillReply<look_up2_reply_10_6>, |
| 107 .swap_integer_is_get_only = | |
| 108 &LaunchdSwapIntegerIsGetOnly<swap_integer_request_10_6>, | |
| 87 }; | 109 }; |
| 88 | 110 |
| 89 if (base::mac::IsOSSnowLeopard()) { | 111 if (base::mac::IsOSSnowLeopard()) { |
| 90 shim.look_up2_get_request_name = | 112 shim.look_up2_get_request_name = |
| 91 &LaunchdLookUp2GetRequestName<look_up2_request_10_6>; | 113 &LaunchdLookUp2GetRequestName<look_up2_request_10_6>; |
| 92 } else if (base::mac::IsOSLionOrLater() && | 114 } else if (base::mac::IsOSLionOrLater() && |
| 93 !base::mac::IsOSLaterThanMavericks_DontCallThis()) { | 115 !base::mac::IsOSLaterThanMavericks_DontCallThis()) { |
| 94 shim.look_up2_get_request_name = | 116 shim.look_up2_get_request_name = |
| 95 &LaunchdLookUp2GetRequestName<look_up2_request_10_7>; | 117 &LaunchdLookUp2GetRequestName<look_up2_request_10_7>; |
| 96 } else { | 118 } else { |
| 97 DLOG(ERROR) << "Unknown OS, using launchd compatibility shim from 10.7."; | 119 DLOG(ERROR) << "Unknown OS, using launchd compatibility shim from 10.7."; |
| 98 shim.look_up2_get_request_name = | 120 shim.look_up2_get_request_name = |
| 99 &LaunchdLookUp2GetRequestName<look_up2_request_10_7>; | 121 &LaunchdLookUp2GetRequestName<look_up2_request_10_7>; |
| 100 } | 122 } |
| 101 | 123 |
| 102 return shim; | 124 return shim; |
| 103 } | 125 } |
| 104 | 126 |
| 105 } // namespace sandbox | 127 } // namespace sandbox |
| OLD | NEW |
