| OLD | NEW |
|---|
| 1 #ifndef SANDBOX_IMPL_H__ | 1 #ifndef SANDBOX_IMPL_H__ |
| 2 #define SANDBOX_IMPL_H__ | 2 #define SANDBOX_IMPL_H__ |
| 3 | 3 |
| 4 #include <asm/ldt.h> | 4 #include <asm/ldt.h> |
| 5 #include <errno.h> | 5 #include <errno.h> |
| 6 #include <fcntl.h> | 6 #include <fcntl.h> |
| 7 #include <limits.h> | 7 #include <limits.h> |
| 8 #include <linux/prctl.h> | 8 #include <linux/prctl.h> |
| 9 #include <linux/unistd.h> | 9 #include <linux/unistd.h> |
| 10 #include <netinet/in.h> | 10 #include <netinet/in.h> |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 class Sandbox { | 42 class Sandbox { |
| 43 // TODO(markus): restrict access to our private file handles | 43 // TODO(markus): restrict access to our private file handles |
| 44 public: | 44 public: |
| 45 enum { kMaxThreads = 100 }; | 45 enum { kMaxThreads = 100 }; |
| 46 | 46 |
| 47 | 47 |
| 48 // There are a lot of reasons why the Seccomp sandbox might not be available. | 48 // There are a lot of reasons why the Seccomp sandbox might not be available. |
| 49 // This could be because the kernel does not support Seccomp mode, or it | 49 // This could be because the kernel does not support Seccomp mode, or it |
| 50 // could be because we fail to successfully rewrite all system call entry | 50 // could be because we fail to successfully rewrite all system call entry |
| 51 // points. | 51 // points. |
| 52 static int supportsSeccompSandbox() asm("SupportsSeccompSandbox"); | 52 // "proc_fd" should be a file descriptor for "/proc", or -1 if not provided |
| 53 // by the caller. |
| 54 static int supportsSeccompSandbox(int proc_fd) |
| 55 asm("SupportsSeccompSandbox"); |
| 56 |
| 57 // The sandbox needs to be able to access "/proc/self/maps". If this file |
| 58 // is not accessible when "startSandbox()" gets called, the caller can |
| 59 // provide an already opened file descriptor by calling "setProcSelfMaps()". |
| 60 // The sandbox becomes the newer owner of this file descriptor and will |
| 61 // eventually close it when "startSandbox()" executes. |
| 62 static void setProcSelfMaps(int proc_self_maps) |
| 63 asm("SeccompSandboxSetProcSelfMaps"); |
| 53 | 64 |
| 54 // This is the main public entry point. It finds all system calls that | 65 // This is the main public entry point. It finds all system calls that |
| 55 // need rewriting, sets up the resources needed by the sandbox, and | 66 // need rewriting, sets up the resources needed by the sandbox, and |
| 56 // enters Seccomp mode. | 67 // enters Seccomp mode. |
| 57 static void startSandbox() asm("StartSeccompSandbox"); | 68 static void startSandbox() asm("StartSeccompSandbox"); |
| 58 | 69 |
| 59 private: | 70 private: |
| 60 // syscall_table.c has to be implemented in C, as C++ does not support | 71 // syscall_table.c has to be implemented in C, as C++ does not support |
| 61 // designated initializers for arrays. The only other alternative would be | 72 // designated initializers for arrays. The only other alternative would be |
| 62 // to have a source code generator for this table. | 73 // to have a source code generator for this table. |
| 63 // | 74 // |
| 64 // We would still like the C source file to include our header file. This | 75 // We would still like the C source file to include our header file. This |
| 65 // requires some define statements to transform C++ specific constructs to | 76 // requires some define statements to transform C++ specific constructs to |
| 66 // something that is palatable to a C compiler. | 77 // something that is palatable to a C compiler. |
| 67 #define STATIC static | 78 #define STATIC static |
| (...skipping 514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 582 ; | 593 ; |
| 583 | 594 |
| 584 // Return a secure memory structure that can be used by a newly created | 595 // Return a secure memory structure that can be used by a newly created |
| 585 // thread. | 596 // thread. |
| 586 static SecureMem::Args* getSecureMem(); | 597 static SecureMem::Args* getSecureMem(); |
| 587 | 598 |
| 588 // This functions runs in the trusted process at startup and finds all the | 599 // This functions runs in the trusted process at startup and finds all the |
| 589 // memory mappings that existed when the sandbox was first enabled. Going | 600 // memory mappings that existed when the sandbox was first enabled. Going |
| 590 // forward, all these mappings are off-limits for operations such as | 601 // forward, all these mappings are off-limits for operations such as |
| 591 // mmap(), munmap(), and mprotect(). | 602 // mmap(), munmap(), and mprotect(). |
| 592 static void initializeProtectedMap(int fd); | 603 static int initializeProtectedMap(int fd); |
| 593 | 604 |
| 594 // Helper functions that allows the trusted process to get access to | 605 // Helper functions that allows the trusted process to get access to |
| 595 // "/proc/self/maps" in the sandbox. | 606 // "/proc/self/maps" in the sandbox. |
| 596 static void snapshotMemoryMappings(int processFd); | 607 static void snapshotMemoryMappings(int processFd, int proc_self_maps); |
| 597 | 608 |
| 598 // Main loop for the trusted process. | 609 // Main loop for the trusted process. |
| 599 static void trustedProcess(int parentProc, int processFdPub, int sandboxFd, | 610 static void trustedProcess(int parentMapsFd, int processFdPub, |
| 600 int cloneFd, SecureMem::Args* secureArena) | 611 int sandboxFd, int cloneFd, |
| 612 SecureMem::Args* secureArena) |
| 601 __attribute__((noreturn)); | 613 __attribute__((noreturn)); |
| 602 | 614 |
| 603 // Fork()s of the trusted process. | 615 // Fork()s of the trusted process. |
| 604 static SecureMem::Args* createTrustedProcess(int processFdPub, int sandboxFd, | 616 static SecureMem::Args* createTrustedProcess(int processFdPub, int sandboxFd, |
| 605 int cloneFdPub, int cloneFd); | 617 int cloneFdPub, int cloneFd); |
| 606 | 618 |
| 607 // Creates the trusted thread for the initial thread, then enables | 619 // Creates the trusted thread for the initial thread, then enables |
| 608 // Seccomp mode. | 620 // Seccomp mode. |
| 609 static void createTrustedThread(int processFdPub, int cloneFdPub, | 621 static void createTrustedThread(int processFdPub, int cloneFdPub, |
| 610 SecureMem::Args* secureMem); | 622 SecureMem::Args* secureMem); |
| 611 | 623 |
| 624 static int proc_self_maps_; |
| 612 static enum SandboxStatus { | 625 static enum SandboxStatus { |
| 613 STATUS_UNKNOWN, STATUS_UNSUPPORTED, STATUS_AVAILABLE, STATUS_ENABLED | 626 STATUS_UNKNOWN, STATUS_UNSUPPORTED, STATUS_AVAILABLE, STATUS_ENABLED |
| 614 } status_; | 627 } status_; |
| 615 static int pid_; | 628 static int pid_; |
| 616 static int processFdPub_; | 629 static int processFdPub_; |
| 617 static int cloneFdPub_; | 630 static int cloneFdPub_; |
| 618 | 631 |
| 619 #ifdef __i386__ | 632 #ifdef __i386__ |
| 620 struct SocketCallArgInfo; | 633 struct SocketCallArgInfo; |
| 621 static const struct SocketCallArgInfo socketCallArgInfo[]; | 634 static const struct SocketCallArgInfo socketCallArgInfo[]; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 634 static ProtectedMap protectedMap_; | 647 static ProtectedMap protectedMap_; |
| 635 static std::vector<SecureMem::Args*> secureMemPool_; | 648 static std::vector<SecureMem::Args*> secureMemPool_; |
| 636 }; | 649 }; |
| 637 | 650 |
| 638 } // namespace | 651 } // namespace |
| 639 | 652 |
| 640 using playground::Sandbox; | 653 using playground::Sandbox; |
| 641 #endif // __cplusplus | 654 #endif // __cplusplus |
| 642 | 655 |
| 643 #endif // SANDBOX_IMPL_H__ | 656 #endif // SANDBOX_IMPL_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 371047:
Allow the seccomp sandbox to be enabled, even if the suid sandbox has... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/