| OLD | NEW |
|---|
| 1 #include "debug.h" | 1 #include "debug.h" |
| 2 #include "sandbox_impl.h" | 2 #include "sandbox_impl.h" |
| 3 | 3 |
| 4 namespace playground { | 4 namespace playground { |
| 5 | 5 |
| 6 int Sandbox::sandbox_mprotect(const void *addr, size_t len, int prot) { | 6 int Sandbox::sandbox_mprotect(const void *addr, size_t len, int prot) { |
| 7 Debug::syscall(__NR_mprotect, "Executing handler"); | 7 Debug::syscall(__NR_mprotect, "Executing handler"); |
| 8 struct { | 8 struct { |
| 9 int sysnum; | 9 int sysnum; |
| 10 long long cookie; | 10 long long cookie; |
| 11 MProtect mprotect_req; | 11 MProtect mprotect_req; |
| 12 } __attribute__((packed)) request; | 12 } __attribute__((packed)) request; |
| 13 request.sysnum = __NR_mprotect; | 13 request.sysnum = __NR_mprotect; |
| 14 request.cookie = cookie(); | 14 request.cookie = cookie(); |
| 15 request.mprotect_req.addr = addr; | 15 request.mprotect_req.addr = addr; |
| 16 request.mprotect_req.len = len; | 16 request.mprotect_req.len = len; |
| 17 request.mprotect_req.prot = prot; | 17 request.mprotect_req.prot = prot; |
| 18 | 18 |
| 19 long rc; | 19 long rc; |
| 20 SysCalls sys; | 20 SysCalls sys; |
| 21 if (write(sys, processFdPub(), &request, sizeof(request)) != | 21 if (write(sys, processFdPub(), &request, sizeof(request)) != |
| 22 sizeof(request) || | 22 sizeof(request) || |
| 23 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { | 23 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { |
| 24 die("Failed to forward mprotect() request [sandbox]"); | 24 die("Failed to forward mprotect() request [sandbox]"); |
| 25 } | 25 } |
| 26 return static_cast<int>(rc); | 26 return static_cast<int>(rc); |
| 27 } | 27 } |
| 28 | 28 |
| 29 bool Sandbox::process_mprotect(int parentProc, int sandboxFd, int threadFdPub, | 29 bool Sandbox::process_mprotect(int parentMapsFd, int sandboxFd, |
| 30 int threadFd, SecureMem::Args* mem) { | 30 int threadFdPub, int threadFd, |
| 31 SecureMem::Args* mem) { |
| 31 // Read request | 32 // Read request |
| 32 SysCalls sys; | 33 SysCalls sys; |
| 33 MProtect mprotect_req; | 34 MProtect mprotect_req; |
| 34 if (read(sys, sandboxFd, &mprotect_req, sizeof(mprotect_req)) != | 35 if (read(sys, sandboxFd, &mprotect_req, sizeof(mprotect_req)) != |
| 35 sizeof(mprotect_req)) { | 36 sizeof(mprotect_req)) { |
| 36 die("Failed to read parameters for mprotect() [process]"); | 37 die("Failed to read parameters for mprotect() [process]"); |
| 37 } | 38 } |
| 38 | 39 |
| 39 // Cannot change permissions on any memory region that was part of the | 40 // Cannot change permissions on any memory region that was part of the |
| 40 // original memory mappings. | 41 // original memory mappings. |
| (...skipping 16 matching lines...) Expand all Loading... |
| 57 | 58 |
| 58 // Changing permissions on memory regions that were newly mapped inside of | 59 // Changing permissions on memory regions that were newly mapped inside of |
| 59 // the sandbox is OK. | 60 // the sandbox is OK. |
| 60 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_mprotect, | 61 SecureMem::sendSystemCall(threadFdPub, false, -1, mem, __NR_mprotect, |
| 61 mprotect_req.addr, mprotect_req.len, | 62 mprotect_req.addr, mprotect_req.len, |
| 62 mprotect_req.prot); | 63 mprotect_req.prot); |
| 63 return true; | 64 return true; |
| 64 } | 65 } |
| 65 | 66 |
| 66 } // namespace | 67 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 371047:
Allow the seccomp sandbox to be enabled, even if the suid sandbox has... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/