OLD | NEW |
1 /* | 1 /* |
2 * Copyright (c) 2014 The Native Client Authors. All rights reserved. | 2 * Copyright (c) 2014 The Native Client Authors. All rights reserved. |
3 * Use of this source code is governed by a BSD-style license that can be | 3 * Use of this source code is governed by a BSD-style license that can be |
4 * found in the LICENSE file. | 4 * found in the LICENSE file. |
5 */ | 5 */ |
6 | 6 |
7 #ifndef NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ | 7 #ifndef NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ |
8 #define NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ | 8 #define NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ |
9 | 9 |
10 #include <stdbool.h> | 10 #include <stdbool.h> |
11 #include <stdlib.h> | 11 #include <stdlib.h> |
12 #include <stdint.h> | 12 #include <stdint.h> |
13 #include <unistd.h> | 13 #include <unistd.h> |
14 | 14 |
| 15 /* |
| 16 * An integer type capable of holding an address converted from an untrusted |
| 17 * pointer. Functions in the minsfi_ptr.h header file convert between |
| 18 * native and untrusted pointers without loss of information. |
| 19 */ |
| 20 typedef uint32_t sfiptr_t; |
| 21 |
15 typedef struct { | 22 typedef struct { |
16 uint32_t ptr_size; /* size of sandboxed pointers in bits */ | 23 uint32_t ptr_size; /* size of sandboxed pointers in bits */ |
17 uint32_t dataseg_offset; | 24 uint32_t dataseg_offset; |
18 uint32_t dataseg_size; | 25 uint32_t dataseg_size; |
19 const char *dataseg_template; | 26 const char *dataseg_template; |
20 } MinsfiManifest; | 27 } MinsfiManifest; |
21 | 28 |
22 typedef struct { | 29 typedef struct { |
23 uint32_t offset; | 30 sfiptr_t offset; |
24 uint32_t length; | 31 uint32_t length; |
25 } MinsfiMemoryRegion; | 32 } MinsfiMemoryRegion; |
26 | 33 |
27 typedef struct { | 34 typedef struct { |
28 MinsfiMemoryRegion dataseg; | 35 MinsfiMemoryRegion dataseg; |
29 MinsfiMemoryRegion heap; | 36 MinsfiMemoryRegion heap; |
30 MinsfiMemoryRegion stack; | 37 MinsfiMemoryRegion stack; |
31 } MinsfiMemoryLayout; | 38 } MinsfiMemoryLayout; |
32 | 39 |
33 typedef struct { | 40 typedef struct { |
34 char *mem_base; | 41 char *mem_base; |
35 uint64_t mem_alloc_size; | 42 uint64_t mem_alloc_size; |
36 uint32_t ptr_mask; | 43 sfiptr_t ptr_mask; |
37 MinsfiMemoryLayout mem_layout; | 44 MinsfiMemoryLayout mem_layout; |
38 } MinsfiSandbox; | 45 } MinsfiSandbox; |
39 | 46 |
40 /* | 47 /* |
41 * Computes the boundaries of the individual regions of the sandbox's address | 48 * Computes the boundaries of the individual regions of the sandbox's address |
42 * subspace and stores them into the given minsfi_layout data structure. | 49 * subspace and stores them into the given minsfi_layout data structure. |
43 * Returns FALSE if a layout cannot be created for the given parameters. | 50 * Returns FALSE if a layout cannot be created for the given parameters. |
44 */ | 51 */ |
45 bool MinsfiGenerateMemoryLayout(const MinsfiManifest *manifest, | 52 bool MinsfiGenerateMemoryLayout(const MinsfiManifest *manifest, |
46 uint32_t page_size, MinsfiMemoryLayout *layout); | 53 uint32_t page_size, MinsfiMemoryLayout *layout); |
47 | 54 |
48 /* | 55 /* |
49 * This function initializes the address subspace of the sandbox. Protection of | 56 * This function initializes the address subspace of the sandbox. Protection of |
50 * the pages allocated to the data segment, heap and stack is set to read/write, | 57 * the pages allocated to the data segment, heap and stack is set to read/write, |
51 * the rest is no-access. The data segment template is copied into the sandbox. | 58 * the rest is no-access. The data segment template is copied into the sandbox. |
52 * | 59 * |
53 * The function returns TRUE if the initialization was successful, and stores | 60 * The function returns TRUE if the initialization was successful, and stores |
54 * information about the sandbox into the given MinsfiSandbox struct. | 61 * information about the sandbox into the given MinsfiSandbox struct. |
55 */ | 62 */ |
56 bool MinsfiInitSandbox(const MinsfiManifest *manifest, MinsfiSandbox *sb); | 63 bool MinsfiInitSandbox(const MinsfiManifest *manifest, MinsfiSandbox *sb); |
57 | 64 |
58 /* | 65 /* |
| 66 * Arguments are passed to the sandbox with a single pointer to an array of |
| 67 * integers called 'info' where: |
| 68 * info[0] = argc |
| 69 * info[j+1] = untrusted pointer to argv[j] (for 0 <= j < argc) |
| 70 * The sandbox will expect this array to be stored at the bottom of the |
| 71 * untrusted stack and will start growing the stack backwards from the given |
| 72 * address. |
| 73 * |
| 74 * This function will iterate over the arguments, store the argv[*] strings |
| 75 * at the bottom of the untrusted stack and prepend it with the 'info' data |
| 76 * structure as described above. |
| 77 */ |
| 78 sfiptr_t MinsfiCopyArguments(int argc, char *argv[], const MinsfiSandbox *sb); |
| 79 |
| 80 /* |
59 * Unmaps a memory region given by the provided base and the declared pointer | 81 * Unmaps a memory region given by the provided base and the declared pointer |
60 * size of the sandbox. The function returns FALSE if munmap() fails. | 82 * size of the sandbox. The function returns FALSE if munmap() fails. |
61 */ | 83 */ |
62 bool MinsfiUnmapSandbox(const MinsfiSandbox *sb); | 84 bool MinsfiUnmapSandbox(const MinsfiSandbox *sb); |
63 | 85 |
64 /* | 86 /* |
65 * Returns information about the active sandbox, or NULL if there is no | 87 * Returns information about the active sandbox, or NULL if there is no |
66 * initialized sandbox at the moment. | 88 * initialized sandbox at the moment. |
67 */ | 89 */ |
68 const MinsfiSandbox *MinsfiGetActiveSandbox(void); | 90 const MinsfiSandbox *MinsfiGetActiveSandbox(void); |
69 | 91 |
70 /* | 92 /* |
71 * Sets the sandbox which all trampolines will refer to. Internally copies the | 93 * Sets the sandbox which all trampolines will refer to. Internally copies the |
72 * data structure to its own storage. | 94 * data structure to its own storage. |
73 */ | 95 */ |
74 void MinsfiSetActiveSandbox(const MinsfiSandbox *sb); | 96 void MinsfiSetActiveSandbox(const MinsfiSandbox *sb); |
75 | 97 |
76 #endif // NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ | 98 #endif // NATIVE_CLIENT_SRC_INCLUDE_MINSFI_PRIV_H_ |
OLD | NEW |