OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
11 | 11 |
12 #include <limits> | 12 #include <limits> |
13 | 13 |
14 #include "base/bind.h" | 14 #include "base/bind.h" |
15 #include "base/callback_helpers.h" | 15 #include "base/callback_helpers.h" |
16 #include "base/command_line.h" | 16 #include "base/command_line.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/memory/singleton.h" | 18 #include "base/memory/singleton.h" |
19 #include "base/posix/eintr_wrapper.h" | 19 #include "base/posix/eintr_wrapper.h" |
20 #include "base/strings/string_number_conversions.h" | 20 #include "base/strings/string_number_conversions.h" |
21 #include "base/time/time.h" | 21 #include "base/time/time.h" |
22 #include "content/common/sandbox_linux.h" | 22 #include "content/common/sandbox_linux.h" |
23 #include "content/common/sandbox_seccomp_bpf_linux.h" | 23 #include "content/common/sandbox_seccomp_bpf_linux.h" |
24 #include "content/public/common/content_switches.h" | 24 #include "content/public/common/content_switches.h" |
25 #include "content/public/common/sandbox_linux.h" | 25 #include "content/public/common/sandbox_linux.h" |
| 26 #include "sandbox/linux/services/credentials.h" |
26 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | 27 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
27 | 28 |
28 namespace { | 29 namespace { |
29 | 30 |
30 void LogSandboxStarted(const std::string& sandbox_name) { | 31 void LogSandboxStarted(const std::string& sandbox_name) { |
31 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 32 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
32 const std::string process_type = | 33 const std::string process_type = |
33 command_line.GetSwitchValueASCII(switches::kProcessType); | 34 command_line.GetSwitchValueASCII(switches::kProcessType); |
34 const std::string activated_sandbox = | 35 const std::string activated_sandbox = |
35 "Activated " + sandbox_name + " sandbox for process type: " + | 36 "Activated " + sandbox_name + " sandbox for process type: " + |
(...skipping 19 matching lines...) Expand all Loading... |
55 } | 56 } |
56 | 57 |
57 bool IsRunningTSAN() { | 58 bool IsRunningTSAN() { |
58 #if defined(THREAD_SANITIZER) | 59 #if defined(THREAD_SANITIZER) |
59 return true; | 60 return true; |
60 #else | 61 #else |
61 return false; | 62 return false; |
62 #endif | 63 #endif |
63 } | 64 } |
64 | 65 |
65 struct DIRDeleter { | |
66 void operator()(DIR* d) { | |
67 PCHECK(closedir(d) == 0); | |
68 } | |
69 }; | |
70 | |
71 // |proc_fd| should be a file descriptor to /proc (useful if the process | |
72 // is sandboxed) or -1. | |
73 // If |proc_fd| is -1, this function will return false if /proc/self/fd | |
74 // cannot be opened. | |
75 bool CurrentProcessHasOpenDirectories(int proc_fd) { | |
76 int proc_self_fd = -1; | |
77 if (proc_fd >= 0) { | |
78 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); | |
79 } else { | |
80 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); | |
81 if (proc_self_fd < 0) { | |
82 // If not available, guess false. | |
83 // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what | |
84 // other situations are here. http://crbug.com/314985 | |
85 return false; | |
86 } | |
87 } | |
88 CHECK_GE(proc_self_fd, 0); | |
89 | |
90 // Ownership of proc_self_fd is transferred here, it must not be closed | |
91 // or modified afterwards except via dir. | |
92 scoped_ptr<DIR, DIRDeleter> dir(fdopendir(proc_self_fd)); | |
93 CHECK(dir); | |
94 | |
95 struct dirent e; | |
96 struct dirent* de; | |
97 while (!readdir_r(dir.get(), &e, &de) && de) { | |
98 if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) { | |
99 continue; | |
100 } | |
101 | |
102 int fd_num; | |
103 CHECK(base::StringToInt(e.d_name, &fd_num)); | |
104 if (fd_num == proc_fd || fd_num == proc_self_fd) { | |
105 continue; | |
106 } | |
107 | |
108 struct stat s; | |
109 // It's OK to use proc_self_fd here, fstatat won't modify it. | |
110 CHECK(fstatat(proc_self_fd, e.d_name, &s, 0) == 0); | |
111 if (S_ISDIR(s.st_mode)) { | |
112 return true; | |
113 } | |
114 } | |
115 | |
116 // No open unmanaged directories found. | |
117 return false; | |
118 } | |
119 | |
120 } // namespace | 66 } // namespace |
121 | 67 |
122 namespace content { | 68 namespace content { |
123 | 69 |
124 LinuxSandbox::LinuxSandbox() | 70 LinuxSandbox::LinuxSandbox() |
125 : proc_fd_(-1), | 71 : proc_fd_(-1), |
126 seccomp_bpf_started_(false), | 72 seccomp_bpf_started_(false), |
127 pre_initialized_(false), | 73 pre_initialized_(false), |
128 seccomp_bpf_supported_(false), | 74 seccomp_bpf_supported_(false), |
129 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { | 75 setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) { |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
331 | 277 |
332 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); | 278 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); |
333 bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize); | 279 bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize); |
334 return limited_as && limited_data; | 280 return limited_as && limited_data; |
335 #else | 281 #else |
336 return false; | 282 return false; |
337 #endif // !defined(ADDRESS_SANITIZER) | 283 #endif // !defined(ADDRESS_SANITIZER) |
338 } | 284 } |
339 | 285 |
340 bool LinuxSandbox::HasOpenDirectories() { | 286 bool LinuxSandbox::HasOpenDirectories() { |
341 return CurrentProcessHasOpenDirectories(proc_fd_); | 287 return sandbox::Credentials().HasOpenDirectory(proc_fd_); |
342 } | 288 } |
343 | 289 |
344 void LinuxSandbox::SealSandbox() { | 290 void LinuxSandbox::SealSandbox() { |
345 if (proc_fd_ >= 0) { | 291 if (proc_fd_ >= 0) { |
346 int ret = HANDLE_EINTR(close(proc_fd_)); | 292 int ret = HANDLE_EINTR(close(proc_fd_)); |
347 CHECK_EQ(0, ret); | 293 CHECK_EQ(0, ret); |
348 proc_fd_ = -1; | 294 proc_fd_ = -1; |
349 } | 295 } |
350 } | 296 } |
351 | 297 |
352 } // namespace content | 298 } // namespace content |
353 | 299 |
OLD | NEW |