OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/zygote/nacl_fork_delegate_linux.h" | 5 #include "components/nacl/zygote/nacl_fork_delegate_linux.h" |
6 | 6 |
7 #include <signal.h> | 7 #include <signal.h> |
8 #include <stdlib.h> | 8 #include <stdlib.h> |
9 #include <sys/resource.h> | 9 #include <sys/resource.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 17 matching lines...) Expand all Loading... | |
28 #include "base/process/launch.h" | 28 #include "base/process/launch.h" |
29 #include "base/strings/string_split.h" | 29 #include "base/strings/string_split.h" |
30 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" | 30 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" |
31 #include "build/build_config.h" | 31 #include "build/build_config.h" |
32 #include "components/nacl/common/nacl_nonsfi_util.h" | 32 #include "components/nacl/common/nacl_nonsfi_util.h" |
33 #include "components/nacl/common/nacl_paths.h" | 33 #include "components/nacl/common/nacl_paths.h" |
34 #include "components/nacl/common/nacl_switches.h" | 34 #include "components/nacl/common/nacl_switches.h" |
35 #include "components/nacl/loader/nacl_helper_linux.h" | 35 #include "components/nacl/loader/nacl_helper_linux.h" |
36 #include "content/public/common/content_descriptors.h" | 36 #include "content/public/common/content_descriptors.h" |
37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
38 #include "sandbox/linux/services/namespace_sandbox.h" | |
39 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | |
38 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" | 40 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" |
39 #include "sandbox/linux/suid/common/sandbox.h" | 41 #include "sandbox/linux/suid/common/sandbox.h" |
40 | 42 |
41 namespace { | 43 namespace { |
42 | 44 |
43 // Note these need to match up with their counterparts in nacl_helper_linux.c | 45 // Note these need to match up with their counterparts in nacl_helper_linux.c |
44 // and nacl_helper_bootstrap_linux.c. | 46 // and nacl_helper_bootstrap_linux.c. |
45 const char kNaClHelperReservedAtZero[] = | 47 const char kNaClHelperReservedAtZero[] = |
46 "--reserved_at_zero=0xXXXXXXXXXXXXXXXX"; | 48 "--reserved_at_zero=0xXXXXXXXXXXXXXXXX"; |
47 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX"; | 49 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX"; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
130 void AddNaClZygoteForkDelegates( | 132 void AddNaClZygoteForkDelegates( |
131 ScopedVector<content::ZygoteForkDelegate>* delegates) { | 133 ScopedVector<content::ZygoteForkDelegate>* delegates) { |
132 delegates->push_back(new NaClForkDelegate(false /* nonsfi_mode */)); | 134 delegates->push_back(new NaClForkDelegate(false /* nonsfi_mode */)); |
133 delegates->push_back(new NaClForkDelegate(true /* nonsfi_mode */)); | 135 delegates->push_back(new NaClForkDelegate(true /* nonsfi_mode */)); |
134 } | 136 } |
135 | 137 |
136 NaClForkDelegate::NaClForkDelegate(bool nonsfi_mode) | 138 NaClForkDelegate::NaClForkDelegate(bool nonsfi_mode) |
137 : nonsfi_mode_(nonsfi_mode), status_(kNaClHelperUnused), fd_(-1) { | 139 : nonsfi_mode_(nonsfi_mode), status_(kNaClHelperUnused), fd_(-1) { |
138 } | 140 } |
139 | 141 |
140 void NaClForkDelegate::Init(const int sandboxdesc, | 142 void NaClForkDelegate::Init(const int sandboxdesc, bool enable_layer1_sandbox) { |
jln (very slow on Chromium)
2015/02/06 02:17:03
Why not const? (again it's for paranoia on making
rickyz (no longer on Chrome)
2015/02/06 03:01:02
Oops, it was lost in my revert, fixed.
| |
141 const bool enable_layer1_sandbox) { | |
142 VLOG(1) << "NaClForkDelegate::Init()"; | 143 VLOG(1) << "NaClForkDelegate::Init()"; |
143 | 144 |
144 // Only launch the non-SFI helper process if non-SFI mode is enabled. | 145 // Only launch the non-SFI helper process if non-SFI mode is enabled. |
145 if (nonsfi_mode_ && !IsNonSFIModeEnabled()) { | 146 if (nonsfi_mode_ && !IsNonSFIModeEnabled()) { |
146 return; | 147 return; |
147 } | 148 } |
148 | 149 |
150 // TODO(rickyz): Make IsSuidSandboxChild a static function. | |
151 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client( | |
152 sandbox::SetuidSandboxClient::Create()); | |
153 const bool using_setuid_sandbox = setuid_sandbox_client->IsSuidSandboxChild(); | |
154 const bool using_namespace_sandbox = | |
155 sandbox::NamespaceSandbox::InNewUserNamespace(); | |
156 | |
157 CHECK(!(using_setuid_sandbox && using_namespace_sandbox)); | |
158 if (enable_layer1_sandbox) { | |
159 CHECK(using_setuid_sandbox || using_namespace_sandbox); | |
160 } | |
161 | |
149 scoped_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( | 162 scoped_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( |
150 sandbox::SetuidSandboxHost::Create()); | 163 sandbox::SetuidSandboxHost::Create()); |
151 | 164 |
152 // For communications between the NaCl loader process and | 165 // For communications between the NaCl loader process and |
153 // the SUID sandbox. | 166 // the SUID sandbox. |
154 int nacl_sandbox_descriptor = | 167 int nacl_sandbox_descriptor = |
155 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; | 168 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; |
156 // Confirm a hard-wired assumption. | 169 // Confirm a hard-wired assumption. |
157 DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor); | 170 DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor); |
158 | 171 |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
202 base::CommandLine::StringVector argv_to_launch; | 215 base::CommandLine::StringVector argv_to_launch; |
203 { | 216 { |
204 base::CommandLine cmd_line(base::CommandLine::NO_PROGRAM); | 217 base::CommandLine cmd_line(base::CommandLine::NO_PROGRAM); |
205 if (use_nacl_bootstrap) | 218 if (use_nacl_bootstrap) |
206 cmd_line.SetProgram(helper_bootstrap_exe); | 219 cmd_line.SetProgram(helper_bootstrap_exe); |
207 else | 220 else |
208 cmd_line.SetProgram(helper_exe); | 221 cmd_line.SetProgram(helper_exe); |
209 | 222 |
210 // Append any switches that need to be forwarded to the NaCl helper. | 223 // Append any switches that need to be forwarded to the NaCl helper. |
211 static const char* kForwardSwitches[] = { | 224 static const char* kForwardSwitches[] = { |
225 switches::kAllowSandboxDebugging, | |
212 switches::kDisableSeccompFilterSandbox, | 226 switches::kDisableSeccompFilterSandbox, |
213 switches::kEnableNaClDebug, | 227 switches::kEnableNaClDebug, |
214 switches::kNaClDangerousNoSandboxNonSfi, | 228 switches::kNaClDangerousNoSandboxNonSfi, |
215 switches::kNoSandbox, | 229 switches::kNoSandbox, |
216 }; | 230 }; |
217 const base::CommandLine& current_cmd_line = | 231 const base::CommandLine& current_cmd_line = |
218 *base::CommandLine::ForCurrentProcess(); | 232 *base::CommandLine::ForCurrentProcess(); |
219 cmd_line.CopySwitchesFrom(current_cmd_line, kForwardSwitches, | 233 cmd_line.CopySwitchesFrom(current_cmd_line, kForwardSwitches, |
220 arraysize(kForwardSwitches)); | 234 arraysize(kForwardSwitches)); |
221 | 235 |
(...skipping 10 matching lines...) Expand all Loading... | |
232 bootstrap_prepend.push_back(kNaClHelperReservedAtZero); | 246 bootstrap_prepend.push_back(kNaClHelperReservedAtZero); |
233 bootstrap_prepend.push_back(kNaClHelperRDebug); | 247 bootstrap_prepend.push_back(kNaClHelperRDebug); |
234 argv_to_launch.insert(argv_to_launch.begin() + 1, | 248 argv_to_launch.insert(argv_to_launch.begin() + 1, |
235 bootstrap_prepend.begin(), | 249 bootstrap_prepend.begin(), |
236 bootstrap_prepend.end()); | 250 bootstrap_prepend.end()); |
237 } | 251 } |
238 | 252 |
239 base::LaunchOptions options; | 253 base::LaunchOptions options; |
240 | 254 |
241 base::ScopedFD dummy_fd; | 255 base::ScopedFD dummy_fd; |
242 if (enable_layer1_sandbox) { | 256 if (using_setuid_sandbox) { |
243 // NaCl needs to keep tight control of the cmd_line, so prepend the | 257 // NaCl needs to keep tight control of the cmd_line, so prepend the |
244 // setuid sandbox wrapper manually. | 258 // setuid sandbox wrapper manually. |
245 base::FilePath sandbox_path = setuid_sandbox_host->GetSandboxBinaryPath(); | 259 base::FilePath sandbox_path = setuid_sandbox_host->GetSandboxBinaryPath(); |
246 argv_to_launch.insert(argv_to_launch.begin(), sandbox_path.value()); | 260 argv_to_launch.insert(argv_to_launch.begin(), sandbox_path.value()); |
247 setuid_sandbox_host->SetupLaunchOptions(&options, &fds_to_map, &dummy_fd); | 261 setuid_sandbox_host->SetupLaunchOptions(&options, &fds_to_map, &dummy_fd); |
248 setuid_sandbox_host->SetupLaunchEnvironment(); | 262 setuid_sandbox_host->SetupLaunchEnvironment(); |
249 } | 263 } |
250 | 264 |
251 options.fds_to_remap = &fds_to_map; | 265 options.fds_to_remap = &fds_to_map; |
252 | 266 |
253 // The NaCl processes spawned may need to exceed the ambient soft limit | 267 // The NaCl processes spawned may need to exceed the ambient soft limit |
254 // on RLIMIT_AS to allocate the untrusted address space and its guard | 268 // on RLIMIT_AS to allocate the untrusted address space and its guard |
255 // regions. The nacl_helper itself cannot just raise its own limit, | 269 // regions. The nacl_helper itself cannot just raise its own limit, |
256 // because the existing limit may prevent the initial exec of | 270 // because the existing limit may prevent the initial exec of |
257 // nacl_helper_bootstrap from succeeding, with its large address space | 271 // nacl_helper_bootstrap from succeeding, with its large address space |
258 // reservation. | 272 // reservation. |
259 std::vector<int> max_these_limits; | 273 std::vector<int> max_these_limits; |
260 max_these_limits.push_back(RLIMIT_AS); | 274 max_these_limits.push_back(RLIMIT_AS); |
261 options.maximize_rlimits = &max_these_limits; | 275 options.maximize_rlimits = &max_these_limits; |
262 | 276 |
263 // To avoid information leaks in Non-SFI mode, clear the environment for | 277 // To avoid information leaks in Non-SFI mode, clear the environment for |
264 // the NaCl Helper process. | 278 // the NaCl Helper process. |
265 options.clear_environ = true; | 279 options.clear_environ = true; |
266 AddPassthroughEnvToOptions(&options); | 280 AddPassthroughEnvToOptions(&options); |
267 | 281 |
268 if (!base::LaunchProcess(argv_to_launch, options).IsValid()) | 282 base::Process process = |
283 using_namespace_sandbox | |
284 ? sandbox::NamespaceSandbox::LaunchProcess(argv_to_launch, options) | |
285 : base::LaunchProcess(argv_to_launch, options); | |
286 | |
287 if (!process.IsValid()) | |
269 status_ = kNaClHelperLaunchFailed; | 288 status_ = kNaClHelperLaunchFailed; |
270 // parent and error cases are handled below | 289 // parent and error cases are handled below |
271 | 290 |
272 if (enable_layer1_sandbox) { | 291 if (using_setuid_sandbox) { |
273 // Sanity check that dummy_fd was kept alive for LaunchProcess. | 292 // Sanity check that dummy_fd was kept alive for LaunchProcess. |
274 DCHECK(dummy_fd.is_valid()); | 293 DCHECK(dummy_fd.is_valid()); |
275 } | 294 } |
276 } | 295 } |
277 if (IGNORE_EINTR(close(fds[1])) != 0) | 296 if (IGNORE_EINTR(close(fds[1])) != 0) |
278 LOG(ERROR) << "close(fds[1]) failed"; | 297 LOG(ERROR) << "close(fds[1]) failed"; |
279 if (status_ == kNaClHelperUnused) { | 298 if (status_ == kNaClHelperUnused) { |
280 const ssize_t kExpectedLength = strlen(kNaClHelperStartupAck); | 299 const ssize_t kExpectedLength = strlen(kNaClHelperStartupAck); |
281 char buf[kExpectedLength]; | 300 char buf[kExpectedLength]; |
282 | 301 |
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
435 pass_through_vars.push_back(kNaClVerbosity); | 454 pass_through_vars.push_back(kNaClVerbosity); |
436 pass_through_vars.push_back(sandbox::kSandboxEnvironmentApiRequest); | 455 pass_through_vars.push_back(sandbox::kSandboxEnvironmentApiRequest); |
437 for (size_t i = 0; i < pass_through_vars.size(); ++i) { | 456 for (size_t i = 0; i < pass_through_vars.size(); ++i) { |
438 std::string temp; | 457 std::string temp; |
439 if (env->GetVar(pass_through_vars[i].c_str(), &temp)) | 458 if (env->GetVar(pass_through_vars[i].c_str(), &temp)) |
440 options->environ[pass_through_vars[i]] = temp; | 459 options->environ[pass_through_vars[i]] = temp; |
441 } | 460 } |
442 } | 461 } |
443 | 462 |
444 } // namespace nacl | 463 } // namespace nacl |
OLD | NEW |