| Index: sandbox/linux/seccomp-bpf/die.cc
|
| diff --git a/sandbox/linux/seccomp-bpf/die.cc b/sandbox/linux/seccomp-bpf/die.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..777c9d1139298f46d78bb1ef0a97667b48414015
|
| --- /dev/null
|
| +++ b/sandbox/linux/seccomp-bpf/die.cc
|
| @@ -0,0 +1,88 @@
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "sandbox/linux/seccomp-bpf/die.h"
|
| +
|
| +#include <errno.h>
|
| +#include <signal.h>
|
| +#include <stdio.h>
|
| +#include <sys/prctl.h>
|
| +#include <sys/syscall.h>
|
| +#include <unistd.h>
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/posix/eintr_wrapper.h"
|
| +#include "sandbox/linux/seccomp-bpf/syscall.h"
|
| +
|
| +namespace sandbox {
|
| +
|
| +void Die::ExitGroup() {
|
| + // exit_group() should exit our program. After all, it is defined as a
|
| + // function that doesn't return. But things can theoretically go wrong.
|
| + // Especially, since we are dealing with system call filters. Continuing
|
| + // execution would be very bad in most cases where ExitGroup() gets called.
|
| + // So, we'll try a few other strategies too.
|
| + Syscall::Call(__NR_exit_group, 1);
|
| +
|
| + // We have no idea what our run-time environment looks like. So, signal
|
| + // handlers might or might not do the right thing. Try to reset settings
|
| + // to a defined state; but we have not way to verify whether we actually
|
| + // succeeded in doing so. Nonetheless, triggering a fatal signal could help
|
| + // us terminate.
|
| + signal(SIGSEGV, SIG_DFL);
|
| + Syscall::Call(__NR_prctl, PR_SET_DUMPABLE, (void*)0, (void*)0, (void*)0);
|
| + if (*(volatile char*)0) {
|
| + }
|
| +
|
| + // If there is no way for us to ask for the program to exit, the next
|
| + // best thing we can do is to loop indefinitely. Maybe, somebody will notice
|
| + // and file a bug...
|
| + // We in fact retry the system call inside of our loop so that it will
|
| + // stand out when somebody tries to diagnose the problem by using "strace".
|
| + for (;;) {
|
| + Syscall::Call(__NR_exit_group, 1);
|
| + }
|
| +}
|
| +
|
| +void Die::SandboxDie(const char* msg, const char* file, int line) {
|
| + if (simple_exit_) {
|
| + LogToStderr(msg, file, line);
|
| + } else {
|
| + logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg;
|
| + }
|
| + ExitGroup();
|
| +}
|
| +
|
| +void Die::RawSandboxDie(const char* msg) {
|
| + if (!msg)
|
| + msg = "";
|
| + RAW_LOG(FATAL, msg);
|
| + ExitGroup();
|
| +}
|
| +
|
| +void Die::SandboxInfo(const char* msg, const char* file, int line) {
|
| + if (!suppress_info_) {
|
| + logging::LogMessage(file, line, logging::LOG_INFO).stream() << msg;
|
| + }
|
| +}
|
| +
|
| +void Die::LogToStderr(const char* msg, const char* file, int line) {
|
| + if (msg) {
|
| + char buf[40];
|
| + snprintf(buf, sizeof(buf), "%d", line);
|
| + std::string s = std::string(file) + ":" + buf + ":" + msg + "\n";
|
| +
|
| + // No need to loop. Short write()s are unlikely and if they happen we
|
| + // probably prefer them over a loop that blocks.
|
| + ignore_result(
|
| + HANDLE_EINTR(Syscall::Call(__NR_write, 2, s.c_str(), s.length())));
|
| + }
|
| +}
|
| +
|
| +bool Die::simple_exit_ = false;
|
| +bool Die::suppress_info_ = false;
|
| +
|
| +} // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 670183003:
Update from chromium 62675d9fb31fb8cedc40f68e78e8445a74f362e7 (Closed)
Base URL: git@github.com:domokit/mojo.git@master