| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "debug.h" | |
| 6 #include "sandbox_impl.h" | |
| 7 | |
| 8 namespace playground { | |
| 9 | |
| 10 long Sandbox::sandbox_access(const char *pathname, int mode) { | |
| 11 long long tm; | |
| 12 Debug::syscall(&tm, __NR_access, "Executing handler"); | |
| 13 size_t len = strlen(pathname); | |
| 14 struct Request { | |
| 15 int sysnum; | |
| 16 long long cookie; | |
| 17 Access access_req; | |
| 18 char pathname[0]; | |
| 19 } __attribute__((packed)) *request; | |
| 20 char data[sizeof(struct Request) + len]; | |
| 21 request = reinterpret_cast<struct Request*>(data); | |
| 22 request->sysnum = __NR_access; | |
| 23 request->cookie = cookie(); | |
| 24 request->access_req.path_length = len; | |
| 25 request->access_req.mode = mode; | |
| 26 memcpy(request->pathname, pathname, len); | |
| 27 | |
| 28 long rc; | |
| 29 SysCalls sys; | |
| 30 if (write(sys, processFdPub(), request, sizeof(data)) != (int)sizeof(data) || | |
| 31 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { | |
| 32 die("Failed to forward access() request [sandbox]"); | |
| 33 } | |
| 34 Debug::elapsed(tm, __NR_access); | |
| 35 return rc; | |
| 36 } | |
| 37 | |
| 38 bool Sandbox::process_access(int parentMapsFd, int sandboxFd, int threadFdPub, | |
| 39 int threadFd, SecureMem::Args* mem) { | |
| 40 // Read request | |
| 41 SysCalls sys; | |
| 42 Access access_req; | |
| 43 if (read(sys, sandboxFd, &access_req, sizeof(access_req)) != | |
| 44 sizeof(access_req)) { | |
| 45 read_parm_failed: | |
| 46 die("Failed to read parameters for access() [process]"); | |
| 47 } | |
| 48 int rc = -ENAMETOOLONG; | |
| 49 if (access_req.path_length >= sizeof(mem->pathname)) { | |
| 50 char buf[32]; | |
| 51 while (access_req.path_length > 0) { | |
| 52 size_t len = access_req.path_length > sizeof(buf) ? | |
| 53 sizeof(buf) : access_req.path_length; | |
| 54 ssize_t i = read(sys, sandboxFd, buf, len); | |
| 55 if (i <= 0) { | |
| 56 goto read_parm_failed; | |
| 57 } | |
| 58 access_req.path_length -= i; | |
| 59 } | |
| 60 if (write(sys, threadFd, &rc, sizeof(rc)) != sizeof(rc)) { | |
| 61 die("Failed to return data from access() [process]"); | |
| 62 } | |
| 63 return false; | |
| 64 } | |
| 65 | |
| 66 if (!g_policy.allow_file_namespace) { | |
| 67 // After locking the mutex, we can no longer abandon the system call. So, | |
| 68 // perform checks before clobbering the securely shared memory. | |
| 69 char tmp[access_req.path_length]; | |
| 70 if (read(sys, sandboxFd, tmp, access_req.path_length) != | |
| 71 (ssize_t)access_req.path_length) { | |
| 72 goto read_parm_failed; | |
| 73 } | |
| 74 Debug::message(("Denying access to \"" + std::string(tmp) + "\"").c_str()); | |
| 75 SecureMem::abandonSystemCall(threadFd, -EACCES); | |
| 76 return false; | |
| 77 } | |
| 78 | |
| 79 SecureMem::lockSystemCall(parentMapsFd, mem); | |
| 80 if (read(sys, sandboxFd, mem->pathname, access_req.path_length) != | |
| 81 (ssize_t)access_req.path_length) { | |
| 82 goto read_parm_failed; | |
| 83 } | |
| 84 mem->pathname[access_req.path_length] = '\000'; | |
| 85 | |
| 86 // TODO(markus): Implement sandboxing policy | |
| 87 Debug::message(("Allowing access to \"" + std::string(mem->pathname) + | |
| 88 "\"").c_str()); | |
| 89 | |
| 90 // Tell trusted thread to access the file. | |
| 91 SecureMem::sendSystemCall(threadFdPub, true, parentMapsFd, mem, __NR_access, | |
| 92 mem->pathname - (char*)mem + (char*)mem->self, | |
| 93 access_req.mode); | |
| 94 return true; | |
| 95 } | |
| 96 | |
| 97 } // namespace | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3225010:
Pull seccomp-sandbox in via DEPS rather than using an in-tree copy... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/