OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
11 | 11 |
12 #include <limits> | 12 #include <limits> |
13 | 13 |
14 #include "base/bind.h" | 14 #include "base/bind.h" |
15 #include "base/callback_helpers.h" | 15 #include "base/callback_helpers.h" |
16 #include "base/command_line.h" | 16 #include "base/command_line.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/memory/singleton.h" | 18 #include "base/memory/singleton.h" |
19 #include "base/posix/eintr_wrapper.h" | 19 #include "base/posix/eintr_wrapper.h" |
20 #include "base/strings/string_number_conversions.h" | 20 #include "base/strings/string_number_conversions.h" |
21 #include "base/time/time.h" | 21 #include "base/time/time.h" |
22 #include "content/common/sandbox_linux.h" | 22 #include "content/common/sandbox_linux.h" |
23 #include "content/common/sandbox_seccomp_bpf_linux.h" | 23 #include "content/common/sandbox_seccomp_bpf_linux.h" |
24 #include "content/public/common/content_switches.h" | 24 #include "content/public/common/content_switches.h" |
25 #include "content/public/common/sandbox_linux.h" | 25 #include "content/public/common/sandbox_linux.h" |
26 #include "sandbox/linux/services/credentials.h" | |
27 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | 26 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
28 | 27 |
29 namespace { | 28 namespace { |
30 | 29 |
31 void LogSandboxStarted(const std::string& sandbox_name) { | 30 void LogSandboxStarted(const std::string& sandbox_name) { |
32 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 31 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
33 const std::string process_type = | 32 const std::string process_type = |
34 command_line.GetSwitchValueASCII(switches::kProcessType); | 33 command_line.GetSwitchValueASCII(switches::kProcessType); |
35 const std::string activated_sandbox = | 34 const std::string activated_sandbox = |
36 "Activated " + sandbox_name + " sandbox for process type: " + | 35 "Activated " + sandbox_name + " sandbox for process type: " + |
(...skipping 19 matching lines...) Expand all Loading... |
56 } | 55 } |
57 | 56 |
58 bool IsRunningTSAN() { | 57 bool IsRunningTSAN() { |
59 #if defined(THREAD_SANITIZER) | 58 #if defined(THREAD_SANITIZER) |
60 return true; | 59 return true; |
61 #else | 60 #else |
62 return false; | 61 return false; |
63 #endif | 62 #endif |
64 } | 63 } |
65 | 64 |
| 65 struct DIRDeleter { |
| 66 void operator()(DIR* d) { |
| 67 PCHECK(closedir(d) == 0); |
| 68 } |
| 69 }; |
| 70 |
| 71 // |proc_fd| should be a file descriptor to /proc (useful if the process |
| 72 // is sandboxed) or -1. |
| 73 // If |proc_fd| is -1, this function will return false if /proc/self/fd |
| 74 // cannot be opened. |
| 75 bool CurrentProcessHasOpenDirectories(int proc_fd) { |
| 76 int proc_self_fd = -1; |
| 77 if (proc_fd >= 0) { |
| 78 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); |
| 79 } else { |
| 80 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); |
| 81 if (proc_self_fd < 0) { |
| 82 // If not available, guess false. |
| 83 // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what |
| 84 // other situations are here. http://crbug.com/314985 |
| 85 return false; |
| 86 } |
| 87 } |
| 88 CHECK_GE(proc_self_fd, 0); |
| 89 |
| 90 // Ownership of proc_self_fd is transferred here, it must not be closed |
| 91 // or modified afterwards except via dir. |
| 92 scoped_ptr<DIR, DIRDeleter> dir(fdopendir(proc_self_fd)); |
| 93 CHECK(dir); |
| 94 |
| 95 struct dirent e; |
| 96 struct dirent* de; |
| 97 while (!readdir_r(dir.get(), &e, &de) && de) { |
| 98 if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) { |
| 99 continue; |
| 100 } |
| 101 |
| 102 int fd_num; |
| 103 CHECK(base::StringToInt(e.d_name, &fd_num)); |
| 104 if (fd_num == proc_fd || fd_num == proc_self_fd) { |
| 105 continue; |
| 106 } |
| 107 |
| 108 struct stat s; |
| 109 // It's OK to use proc_self_fd here, fstatat won't modify it. |
| 110 CHECK(fstatat(proc_self_fd, e.d_name, &s, 0) == 0); |
| 111 if (S_ISDIR(s.st_mode)) { |
| 112 return true; |
| 113 } |
| 114 } |
| 115 |
| 116 // No open unmanaged directories found. |
| 117 return false; |
| 118 } |
| 119 |
66 } // namespace | 120 } // namespace |
67 | 121 |
68 namespace content { | 122 namespace content { |
69 | 123 |
70 LinuxSandbox::LinuxSandbox() | 124 LinuxSandbox::LinuxSandbox() |
71 : proc_fd_(-1), | 125 : proc_fd_(-1), |
72 seccomp_bpf_started_(false), | 126 seccomp_bpf_started_(false), |
73 pre_initialized_(false), | 127 pre_initialized_(false), |
74 seccomp_bpf_supported_(false), | 128 seccomp_bpf_supported_(false), |
75 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { | 129 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
277 | 331 |
278 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); | 332 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); |
279 bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize); | 333 bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize); |
280 return limited_as && limited_data; | 334 return limited_as && limited_data; |
281 #else | 335 #else |
282 return false; | 336 return false; |
283 #endif // !defined(ADDRESS_SANITIZER) | 337 #endif // !defined(ADDRESS_SANITIZER) |
284 } | 338 } |
285 | 339 |
286 bool LinuxSandbox::HasOpenDirectories() { | 340 bool LinuxSandbox::HasOpenDirectories() { |
287 return sandbox::Credentials().HasOpenDirectory(proc_fd_); | 341 return CurrentProcessHasOpenDirectories(proc_fd_); |
288 } | 342 } |
289 | 343 |
290 void LinuxSandbox::SealSandbox() { | 344 void LinuxSandbox::SealSandbox() { |
291 if (proc_fd_ >= 0) { | 345 if (proc_fd_ >= 0) { |
292 int ret = HANDLE_EINTR(close(proc_fd_)); | 346 int ret = HANDLE_EINTR(close(proc_fd_)); |
293 CHECK_EQ(0, ret); | 347 CHECK_EQ(0, ret); |
294 proc_fd_ = -1; | 348 proc_fd_ = -1; |
295 } | 349 } |
296 } | 350 } |
297 | 351 |
298 } // namespace content | 352 } // namespace content |
299 | 353 |
OLD | NEW |