OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 } // namespace | 105 } // namespace |
106 | 106 |
107 namespace content { | 107 namespace content { |
108 | 108 |
109 LinuxSandbox::LinuxSandbox() | 109 LinuxSandbox::LinuxSandbox() |
110 : proc_fd_(-1), | 110 : proc_fd_(-1), |
111 seccomp_bpf_started_(false), | 111 seccomp_bpf_started_(false), |
112 sandbox_status_flags_(kSandboxLinuxInvalid), | 112 sandbox_status_flags_(kSandboxLinuxInvalid), |
113 pre_initialized_(false), | 113 pre_initialized_(false), |
114 seccomp_bpf_supported_(false), | 114 seccomp_bpf_supported_(false), |
| 115 seccomp_bpf_with_tsync_supported_(false), |
115 yama_is_enforcing_(false), | 116 yama_is_enforcing_(false), |
116 initialize_sandbox_ran_(false), | 117 initialize_sandbox_ran_(false), |
117 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) | 118 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) |
118 { | 119 { |
119 if (setuid_sandbox_client_ == NULL) { | 120 if (setuid_sandbox_client_ == NULL) { |
120 LOG(FATAL) << "Failed to instantiate the setuid sandbox client."; | 121 LOG(FATAL) << "Failed to instantiate the setuid sandbox client."; |
121 } | 122 } |
122 #if defined(ANY_OF_AMTLU_SANITIZER) | 123 #if defined(ANY_OF_AMTLU_SANITIZER) |
123 sanitizer_args_ = make_scoped_ptr(new __sanitizer_sandbox_arguments); | 124 sanitizer_args_ = make_scoped_ptr(new __sanitizer_sandbox_arguments); |
124 *sanitizer_args_ = {0}; | 125 *sanitizer_args_ = {0}; |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 // as well. | 161 // as well. |
161 proc_fd_ = open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC); | 162 proc_fd_ = open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC); |
162 CHECK_GE(proc_fd_, 0); | 163 CHECK_GE(proc_fd_, 0); |
163 // We "pre-warm" the code that detects supports for seccomp BPF. | 164 // We "pre-warm" the code that detects supports for seccomp BPF. |
164 if (SandboxSeccompBPF::IsSeccompBPFDesired()) { | 165 if (SandboxSeccompBPF::IsSeccompBPFDesired()) { |
165 if (!SandboxSeccompBPF::SupportsSandbox()) { | 166 if (!SandboxSeccompBPF::SupportsSandbox()) { |
166 VLOG(1) << "Lacking support for seccomp-bpf sandbox."; | 167 VLOG(1) << "Lacking support for seccomp-bpf sandbox."; |
167 } else { | 168 } else { |
168 seccomp_bpf_supported_ = true; | 169 seccomp_bpf_supported_ = true; |
169 } | 170 } |
| 171 |
| 172 if (SandboxSeccompBPF::SupportsSandboxWithTsync()) { |
| 173 seccomp_bpf_with_tsync_supported_ = true; |
| 174 } |
170 } | 175 } |
171 | 176 |
172 // Yama is a "global", system-level status. We assume it will not regress | 177 // Yama is a "global", system-level status. We assume it will not regress |
173 // after startup. | 178 // after startup. |
174 const int yama_status = Yama::GetStatus(); | 179 const int yama_status = Yama::GetStatus(); |
175 yama_is_enforcing_ = (yama_status & Yama::STATUS_PRESENT) && | 180 yama_is_enforcing_ = (yama_status & Yama::STATUS_PRESENT) && |
176 (yama_status & Yama::STATUS_ENFORCING); | 181 (yama_status & Yama::STATUS_ENFORCING); |
177 pre_initialized_ = true; | 182 pre_initialized_ = true; |
178 } | 183 } |
179 | 184 |
(...skipping 24 matching lines...) Expand all Loading... |
204 sandbox_status_flags_ |= kSandboxLinuxNetNS; | 209 sandbox_status_flags_ |= kSandboxLinuxNetNS; |
205 } | 210 } |
206 | 211 |
207 // We report whether the sandbox will be activated when renderers, workers | 212 // We report whether the sandbox will be activated when renderers, workers |
208 // and PPAPI plugins go through sandbox initialization. | 213 // and PPAPI plugins go through sandbox initialization. |
209 if (seccomp_bpf_supported() && | 214 if (seccomp_bpf_supported() && |
210 SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) { | 215 SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) { |
211 sandbox_status_flags_ |= kSandboxLinuxSeccompBPF; | 216 sandbox_status_flags_ |= kSandboxLinuxSeccompBPF; |
212 } | 217 } |
213 | 218 |
| 219 if (seccomp_bpf_with_tsync_supported() && |
| 220 SandboxSeccompBPF::ShouldEnableSeccompBPF(switches::kRendererProcess)) { |
| 221 sandbox_status_flags_ |= kSandboxLinuxSeccompTSYNC; |
| 222 } |
| 223 |
214 if (yama_is_enforcing_) { | 224 if (yama_is_enforcing_) { |
215 sandbox_status_flags_ |= kSandboxLinuxYama; | 225 sandbox_status_flags_ |= kSandboxLinuxYama; |
216 } | 226 } |
217 } | 227 } |
218 | 228 |
219 return sandbox_status_flags_; | 229 return sandbox_status_flags_; |
220 } | 230 } |
221 | 231 |
222 // Threads are counted via /proc/self/task. This is a little hairy because of | 232 // Threads are counted via /proc/self/task. This is a little hairy because of |
223 // PID namespaces and existing sandboxes, so "self" must really be used instead | 233 // PID namespaces and existing sandboxes, so "self" must really be used instead |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
330 void LinuxSandbox::StopThreadImpl(base::Thread* thread) { | 340 void LinuxSandbox::StopThreadImpl(base::Thread* thread) { |
331 DCHECK(thread); | 341 DCHECK(thread); |
332 StopThreadAndEnsureNotCounted(thread); | 342 StopThreadAndEnsureNotCounted(thread); |
333 } | 343 } |
334 | 344 |
335 bool LinuxSandbox::seccomp_bpf_supported() const { | 345 bool LinuxSandbox::seccomp_bpf_supported() const { |
336 CHECK(pre_initialized_); | 346 CHECK(pre_initialized_); |
337 return seccomp_bpf_supported_; | 347 return seccomp_bpf_supported_; |
338 } | 348 } |
339 | 349 |
| 350 bool LinuxSandbox::seccomp_bpf_with_tsync_supported() const { |
| 351 CHECK(pre_initialized_); |
| 352 return seccomp_bpf_with_tsync_supported_; |
| 353 } |
| 354 |
340 bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) { | 355 bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) { |
341 (void) process_type; | 356 (void) process_type; |
342 #if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ | 357 #if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ |
343 !defined(THREAD_SANITIZER) | 358 !defined(THREAD_SANITIZER) |
344 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); | 359 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); |
345 if (command_line->HasSwitch(switches::kNoSandbox)) { | 360 if (command_line->HasSwitch(switches::kNoSandbox)) { |
346 return false; | 361 return false; |
347 } | 362 } |
348 | 363 |
349 // Limit the address space to 4GB. | 364 // Limit the address space to 4GB. |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
414 | 429 |
415 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 430 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
416 DCHECK(thread); | 431 DCHECK(thread); |
417 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); | 432 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); |
418 PCHECK(proc_self_task.is_valid()); | 433 PCHECK(proc_self_task.is_valid()); |
419 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), | 434 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), |
420 thread)); | 435 thread)); |
421 } | 436 } |
422 | 437 |
423 } // namespace content | 438 } // namespace content |
OLD | NEW |