| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 #include <linux/unistd.h> | 6 #include <linux/unistd.h> |
| 7 #include <stdio.h> | 7 #include <stdio.h> |
| 8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/posix/eintr_wrapper.h" | 13 #include "base/posix/eintr_wrapper.h" |
| 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | 14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" |
| 15 #include "sandbox/linux/seccomp-bpf/syscall.h" | 15 #include "sandbox/linux/seccomp-bpf/syscall.h" |
| 16 | 16 |
| 17 namespace sandbox { | 17 namespace sandbox { |
| 18 | 18 |
| 19 void Die::ExitGroup() { | 19 void Die::ExitGroup() { |
| 20 // exit_group() should exit our program. After all, it is defined as a | 20 // exit_group() should exit our program. After all, it is defined as a |
| 21 // function that doesn't return. But things can theoretically go wrong. | 21 // function that doesn't return. But things can theoretically go wrong. |
| 22 // Especially, since we are dealing with system call filters. Continuing | 22 // Especially, since we are dealing with system call filters. Continuing |
| 23 // execution would be very bad in most cases where ExitGroup() gets called. | 23 // execution would be very bad in most cases where ExitGroup() gets called. |
| 24 // So, we'll try a few other strategies too. | 24 // So, we'll try a few other strategies too. |
| 25 SandboxSyscall(__NR_exit_group, 1); | 25 Syscall::Call(__NR_exit_group, 1); |
| 26 | 26 |
| 27 // We have no idea what our run-time environment looks like. So, signal | 27 // We have no idea what our run-time environment looks like. So, signal |
| 28 // handlers might or might not do the right thing. Try to reset settings | 28 // handlers might or might not do the right thing. Try to reset settings |
| 29 // to a defined state; but we have not way to verify whether we actually | 29 // to a defined state; but we have not way to verify whether we actually |
| 30 // succeeded in doing so. Nonetheless, triggering a fatal signal could help | 30 // succeeded in doing so. Nonetheless, triggering a fatal signal could help |
| 31 // us terminate. | 31 // us terminate. |
| 32 signal(SIGSEGV, SIG_DFL); | 32 signal(SIGSEGV, SIG_DFL); |
| 33 SandboxSyscall(__NR_prctl, PR_SET_DUMPABLE, (void*)0, (void*)0, (void*)0); | 33 Syscall::Call(__NR_prctl, PR_SET_DUMPABLE, (void*)0, (void*)0, (void*)0); |
| 34 if (*(volatile char*)0) { | 34 if (*(volatile char*)0) { |
| 35 } | 35 } |
| 36 | 36 |
| 37 // If there is no way for us to ask for the program to exit, the next | 37 // If there is no way for us to ask for the program to exit, the next |
| 38 // best thing we can do is to loop indefinitely. Maybe, somebody will notice | 38 // best thing we can do is to loop indefinitely. Maybe, somebody will notice |
| 39 // and file a bug... | 39 // and file a bug... |
| 40 // We in fact retry the system call inside of our loop so that it will | 40 // We in fact retry the system call inside of our loop so that it will |
| 41 // stand out when somebody tries to diagnose the problem by using "strace". | 41 // stand out when somebody tries to diagnose the problem by using "strace". |
| 42 for (;;) { | 42 for (;;) { |
| 43 SandboxSyscall(__NR_exit_group, 1); | 43 Syscall::Call(__NR_exit_group, 1); |
| 44 } | 44 } |
| 45 } | 45 } |
| 46 | 46 |
| 47 void Die::SandboxDie(const char* msg, const char* file, int line) { | 47 void Die::SandboxDie(const char* msg, const char* file, int line) { |
| 48 if (simple_exit_) { | 48 if (simple_exit_) { |
| 49 LogToStderr(msg, file, line); | 49 LogToStderr(msg, file, line); |
| 50 } else { | 50 } else { |
| 51 logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg; | 51 logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg; |
| 52 } | 52 } |
| 53 ExitGroup(); | 53 ExitGroup(); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 68 | 68 |
| 69 void Die::LogToStderr(const char* msg, const char* file, int line) { | 69 void Die::LogToStderr(const char* msg, const char* file, int line) { |
| 70 if (msg) { | 70 if (msg) { |
| 71 char buf[40]; | 71 char buf[40]; |
| 72 snprintf(buf, sizeof(buf), "%d", line); | 72 snprintf(buf, sizeof(buf), "%d", line); |
| 73 std::string s = std::string(file) + ":" + buf + ":" + msg + "\n"; | 73 std::string s = std::string(file) + ":" + buf + ":" + msg + "\n"; |
| 74 | 74 |
| 75 // No need to loop. Short write()s are unlikely and if they happen we | 75 // No need to loop. Short write()s are unlikely and if they happen we |
| 76 // probably prefer them over a loop that blocks. | 76 // probably prefer them over a loop that blocks. |
| 77 ignore_result( | 77 ignore_result( |
| 78 HANDLE_EINTR(SandboxSyscall(__NR_write, 2, s.c_str(), s.length()))); | 78 HANDLE_EINTR(Syscall::Call(__NR_write, 2, s.c_str(), s.length()))); |
| 79 } | 79 } |
| 80 } | 80 } |
| 81 | 81 |
| 82 bool Die::simple_exit_ = false; | 82 bool Die::simple_exit_ = false; |
| 83 bool Die::suppress_info_ = false; | 83 bool Die::suppress_info_ = false; |
| 84 | 84 |
| 85 } // namespace sandbox | 85 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 330723003:
Clean-up the SandboxSyscall interface (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src