Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(713)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp/ipc.cc

Issue 371047: Allow the seccomp sandbox to be enabled, even if the suid sandbox has... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp/ioctl.cc ('k') | sandbox/linux/seccomp/madvise.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
1 #include "debug.h" 1 #include "debug.h"
2 #include "sandbox_impl.h" 2 #include "sandbox_impl.h"
3 3
4 namespace playground { 4 namespace playground {
5 5
6 #ifndef IPC_PRIVATE 6 #ifndef IPC_PRIVATE
7 #define IPC_PRIVATE 0 7 #define IPC_PRIVATE 0
8 #endif 8 #endif
9 #ifndef IPC_RMID 9 #ifndef IPC_RMID
10 #define IPC_RMID 0 10 #define IPC_RMID 0
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
101 long rc; 101 long rc;
102 SysCalls sys; 102 SysCalls sys;
103 if (write(sys, processFdPub(), &request, sizeof(request)) != 103 if (write(sys, processFdPub(), &request, sizeof(request)) !=
104 sizeof(request) || 104 sizeof(request) ||
105 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { 105 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) {
106 die("Failed to forward shmget() request [sandbox]"); 106 die("Failed to forward shmget() request [sandbox]");
107 } 107 }
108 return static_cast<int>(rc); 108 return static_cast<int>(rc);
109 } 109 }
110 110
111 bool Sandbox::process_shmat(int parentProc, int sandboxFd, int threadFdPub, 111 bool Sandbox::process_shmat(int parentMapsFd, int sandboxFd, int threadFdPub,
112 int threadFd, SecureMem::Args* mem) { 112 int threadFd, SecureMem::Args* mem) {
113 // Read request 113 // Read request
114 ShmAt shmat_req; 114 ShmAt shmat_req;
115 SysCalls sys; 115 SysCalls sys;
116 if (read(sys, sandboxFd, &shmat_req, sizeof(shmat_req)) != 116 if (read(sys, sandboxFd, &shmat_req, sizeof(shmat_req)) !=
117 sizeof(shmat_req)) { 117 sizeof(shmat_req)) {
118 die("Failed to read parameters for shmat() [process]"); 118 die("Failed to read parameters for shmat() [process]");
119 } 119 }
120 120
121 // We only allow attaching to the shm identifier that was returned by 121 // We only allow attaching to the shm identifier that was returned by
122 // the most recent call to shmget(IPC_PRIVATE) 122 // the most recent call to shmget(IPC_PRIVATE)
123 if (shmat_req.shmaddr || shmat_req.shmflg || shmat_req.shmid != mem->shmId) { 123 if (shmat_req.shmaddr || shmat_req.shmflg || shmat_req.shmid != mem->shmId) {
124 mem->shmId = -1; 124 mem->shmId = -1;
125 SecureMem::abandonSystemCall(threadFd, -EINVAL); 125 SecureMem::abandonSystemCall(threadFd, -EINVAL);
126 return false; 126 return false;
127 } 127 }
128 128
129 mem->shmId = -1; 129 mem->shmId = -1;
130 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, 130 SecureMem::sendSystemCall(threadFdPub, false, -1, mem,
131 __NR_shmat, shmat_req.shmid, shmat_req.shmaddr, 131 __NR_shmat, shmat_req.shmid, shmat_req.shmaddr,
132 shmat_req.shmflg); 132 shmat_req.shmflg);
133 return true; 133 return true;
134 } 134 }
135 135
136 bool Sandbox::process_shmctl(int parentProc, int sandboxFd, int threadFdPub, 136 bool Sandbox::process_shmctl(int parentMapsFd, int sandboxFd, int threadFdPub,
137 int threadFd, SecureMem::Args* mem) { 137 int threadFd, SecureMem::Args* mem) {
138 // Read request 138 // Read request
139 ShmCtl shmctl_req; 139 ShmCtl shmctl_req;
140 SysCalls sys; 140 SysCalls sys;
141 if (read(sys, sandboxFd, &shmctl_req, sizeof(shmctl_req)) != 141 if (read(sys, sandboxFd, &shmctl_req, sizeof(shmctl_req)) !=
142 sizeof(shmctl_req)) { 142 sizeof(shmctl_req)) {
143 die("Failed to read parameters for shmctl() [process]"); 143 die("Failed to read parameters for shmctl() [process]");
144 } 144 }
145 145
146 // The only shmctl() operation that we need to support is removal. This 146 // The only shmctl() operation that we need to support is removal. This
147 // operation is generally safe. 147 // operation is generally safe.
148 if ((shmctl_req.cmd & ~(IPC_64 | IPC_RMID)) || shmctl_req.buf) { 148 if ((shmctl_req.cmd & ~(IPC_64 | IPC_RMID)) || shmctl_req.buf) {
149 mem->shmId = -1; 149 mem->shmId = -1;
150 SecureMem::abandonSystemCall(threadFd, -EINVAL); 150 SecureMem::abandonSystemCall(threadFd, -EINVAL);
151 return false; 151 return false;
152 } 152 }
153 153
154 mem->shmId = -1; 154 mem->shmId = -1;
155 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, 155 SecureMem::sendSystemCall(threadFdPub, false, -1, mem,
156 __NR_shmctl, shmctl_req.shmid, shmctl_req.cmd, 156 __NR_shmctl, shmctl_req.shmid, shmctl_req.cmd,
157 shmctl_req.buf); 157 shmctl_req.buf);
158 return true; 158 return true;
159 } 159 }
160 160
161 bool Sandbox::process_shmdt(int parentProc, int sandboxFd, int threadFdPub, 161 bool Sandbox::process_shmdt(int parentMapsFd, int sandboxFd, int threadFdPub,
162 int threadFd, SecureMem::Args* mem) { 162 int threadFd, SecureMem::Args* mem) {
163 // Read request 163 // Read request
164 ShmDt shmdt_req; 164 ShmDt shmdt_req;
165 SysCalls sys; 165 SysCalls sys;
166 if (read(sys, sandboxFd, &shmdt_req, sizeof(shmdt_req)) != 166 if (read(sys, sandboxFd, &shmdt_req, sizeof(shmdt_req)) !=
167 sizeof(shmdt_req)) { 167 sizeof(shmdt_req)) {
168 die("Failed to read parameters for shmdt() [process]"); 168 die("Failed to read parameters for shmdt() [process]");
169 } 169 }
170 170
171 // Detaching shared memory segments it generally safe, but just in case 171 // Detaching shared memory segments it generally safe, but just in case
(...skipping 14 matching lines...) Expand all
186 return false; 186 return false;
187 } 187 }
188 } 188 }
189 189
190 mem->shmId = -1; 190 mem->shmId = -1;
191 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, 191 SecureMem::sendSystemCall(threadFdPub, false, -1, mem,
192 __NR_shmdt, shmdt_req.shmaddr); 192 __NR_shmdt, shmdt_req.shmaddr);
193 return true; 193 return true;
194 } 194 }
195 195
196 bool Sandbox::process_shmget(int parentProc, int sandboxFd, int threadFdPub, 196 bool Sandbox::process_shmget(int parentMapsFd, int sandboxFd, int threadFdPub,
197 int threadFd, SecureMem::Args* mem) { 197 int threadFd, SecureMem::Args* mem) {
198 // Read request 198 // Read request
199 ShmGet shmget_req; 199 ShmGet shmget_req;
200 SysCalls sys; 200 SysCalls sys;
201 if (read(sys, sandboxFd, &shmget_req, sizeof(shmget_req)) != 201 if (read(sys, sandboxFd, &shmget_req, sizeof(shmget_req)) !=
202 sizeof(shmget_req)) { 202 sizeof(shmget_req)) {
203 die("Failed to read parameters for shmget() [process]"); 203 die("Failed to read parameters for shmget() [process]");
204 } 204 }
205 205
206 // We do not want to allow the sandboxed application to access arbitrary 206 // We do not want to allow the sandboxed application to access arbitrary
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
254 long rc; 254 long rc;
255 SysCalls sys; 255 SysCalls sys;
256 if (write(sys, processFdPub(), &request, sizeof(request)) != 256 if (write(sys, processFdPub(), &request, sizeof(request)) !=
257 sizeof(request) || 257 sizeof(request) ||
258 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { 258 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) {
259 die("Failed to forward ipc() request [sandbox]"); 259 die("Failed to forward ipc() request [sandbox]");
260 } 260 }
261 return static_cast<int>(rc); 261 return static_cast<int>(rc);
262 } 262 }
263 263
264 bool Sandbox::process_ipc(int parentProc, int sandboxFd, int threadFdPub, 264 bool Sandbox::process_ipc(int parentMapsFd, int sandboxFd, int threadFdPub,
265 int threadFd, SecureMem::Args* mem) { 265 int threadFd, SecureMem::Args* mem) {
266 // Read request 266 // Read request
267 IPC ipc_req; 267 IPC ipc_req;
268 SysCalls sys; 268 SysCalls sys;
269 if (read(sys, sandboxFd, &ipc_req, sizeof(ipc_req)) != sizeof(ipc_req)) { 269 if (read(sys, sandboxFd, &ipc_req, sizeof(ipc_req)) != sizeof(ipc_req)) {
270 die("Failed to read parameters for ipc() [process]"); 270 die("Failed to read parameters for ipc() [process]");
271 } 271 }
272 272
273 // We do not support all of the SysV IPC calls. In fact, we only support 273 // We do not support all of the SysV IPC calls. In fact, we only support
274 // the minimum feature set necessary for Chrome's renderers to share memory 274 // the minimum feature set necessary for Chrome's renderers to share memory
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
328 // other SysV IPC calls. 328 // other SysV IPC calls.
329 deny: 329 deny:
330 mem->shmId = -1; 330 mem->shmId = -1;
331 SecureMem::abandonSystemCall(threadFd, -EINVAL); 331 SecureMem::abandonSystemCall(threadFd, -EINVAL);
332 return false; 332 return false;
333 } 333 }
334 } 334 }
335 #endif 335 #endif
336 336
337 } // namespace 337 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp/ioctl.cc ('k') | sandbox/linux/seccomp/madvise.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698