OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/zygote/nacl_fork_delegate_linux.h" | 5 #include "components/nacl/zygote/nacl_fork_delegate_linux.h" |
6 | 6 |
7 #include <signal.h> | 7 #include <signal.h> |
8 #include <stdlib.h> | 8 #include <stdlib.h> |
9 #include <sys/resource.h> | 9 #include <sys/resource.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 17 matching lines...) Expand all Loading... |
28 #include "base/process/launch.h" | 28 #include "base/process/launch.h" |
29 #include "base/strings/string_split.h" | 29 #include "base/strings/string_split.h" |
30 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" | 30 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" |
31 #include "build/build_config.h" | 31 #include "build/build_config.h" |
32 #include "components/nacl/common/nacl_nonsfi_util.h" | 32 #include "components/nacl/common/nacl_nonsfi_util.h" |
33 #include "components/nacl/common/nacl_paths.h" | 33 #include "components/nacl/common/nacl_paths.h" |
34 #include "components/nacl/common/nacl_switches.h" | 34 #include "components/nacl/common/nacl_switches.h" |
35 #include "components/nacl/loader/nacl_helper_linux.h" | 35 #include "components/nacl/loader/nacl_helper_linux.h" |
36 #include "content/public/common/content_descriptors.h" | 36 #include "content/public/common/content_descriptors.h" |
37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
| 38 #include "sandbox/linux/services/namespace_sandbox.h" |
| 39 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
38 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" | 40 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" |
39 #include "sandbox/linux/suid/common/sandbox.h" | 41 #include "sandbox/linux/suid/common/sandbox.h" |
40 | 42 |
41 namespace { | 43 namespace { |
42 | 44 |
43 // Note these need to match up with their counterparts in nacl_helper_linux.c | 45 // Note these need to match up with their counterparts in nacl_helper_linux.c |
44 // and nacl_helper_bootstrap_linux.c. | 46 // and nacl_helper_bootstrap_linux.c. |
45 const char kNaClHelperReservedAtZero[] = | 47 const char kNaClHelperReservedAtZero[] = |
46 "--reserved_at_zero=0xXXXXXXXXXXXXXXXX"; | 48 "--reserved_at_zero=0xXXXXXXXXXXXXXXXX"; |
47 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX"; | 49 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX"; |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 | 141 |
140 void NaClForkDelegate::Init(const int sandboxdesc, | 142 void NaClForkDelegate::Init(const int sandboxdesc, |
141 const bool enable_layer1_sandbox) { | 143 const bool enable_layer1_sandbox) { |
142 VLOG(1) << "NaClForkDelegate::Init()"; | 144 VLOG(1) << "NaClForkDelegate::Init()"; |
143 | 145 |
144 // Only launch the non-SFI helper process if non-SFI mode is enabled. | 146 // Only launch the non-SFI helper process if non-SFI mode is enabled. |
145 if (nonsfi_mode_ && !IsNonSFIModeEnabled()) { | 147 if (nonsfi_mode_ && !IsNonSFIModeEnabled()) { |
146 return; | 148 return; |
147 } | 149 } |
148 | 150 |
| 151 // TODO(rickyz): Make IsSuidSandboxChild a static function. |
| 152 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client( |
| 153 sandbox::SetuidSandboxClient::Create()); |
| 154 const bool using_setuid_sandbox = setuid_sandbox_client->IsSuidSandboxChild(); |
| 155 const bool using_namespace_sandbox = |
| 156 sandbox::NamespaceSandbox::InNewUserNamespace(); |
| 157 |
| 158 CHECK(!(using_setuid_sandbox && using_namespace_sandbox)); |
| 159 if (enable_layer1_sandbox) { |
| 160 CHECK(using_setuid_sandbox || using_namespace_sandbox); |
| 161 } |
| 162 |
149 scoped_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( | 163 scoped_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( |
150 sandbox::SetuidSandboxHost::Create()); | 164 sandbox::SetuidSandboxHost::Create()); |
151 | 165 |
152 // For communications between the NaCl loader process and | 166 // For communications between the NaCl loader process and |
153 // the SUID sandbox. | 167 // the browser process. |
154 int nacl_sandbox_descriptor = | 168 int nacl_sandbox_descriptor = |
155 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; | 169 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; |
156 // Confirm a hard-wired assumption. | 170 // Confirm a hard-wired assumption. |
157 DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor); | 171 DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor); |
158 | 172 |
159 int fds[2]; | 173 int fds[2]; |
160 PCHECK(0 == socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds)); | 174 PCHECK(0 == socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds)); |
161 base::FileHandleMappingVector fds_to_map; | 175 base::FileHandleMappingVector fds_to_map; |
162 fds_to_map.push_back(std::make_pair(fds[1], kNaClZygoteDescriptor)); | 176 fds_to_map.push_back(std::make_pair(fds[1], kNaClZygoteDescriptor)); |
163 fds_to_map.push_back(std::make_pair(sandboxdesc, nacl_sandbox_descriptor)); | 177 fds_to_map.push_back(std::make_pair(sandboxdesc, nacl_sandbox_descriptor)); |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
233 bootstrap_prepend.push_back(kNaClHelperReservedAtZero); | 247 bootstrap_prepend.push_back(kNaClHelperReservedAtZero); |
234 bootstrap_prepend.push_back(kNaClHelperRDebug); | 248 bootstrap_prepend.push_back(kNaClHelperRDebug); |
235 argv_to_launch.insert(argv_to_launch.begin() + 1, | 249 argv_to_launch.insert(argv_to_launch.begin() + 1, |
236 bootstrap_prepend.begin(), | 250 bootstrap_prepend.begin(), |
237 bootstrap_prepend.end()); | 251 bootstrap_prepend.end()); |
238 } | 252 } |
239 | 253 |
240 base::LaunchOptions options; | 254 base::LaunchOptions options; |
241 | 255 |
242 base::ScopedFD dummy_fd; | 256 base::ScopedFD dummy_fd; |
243 if (enable_layer1_sandbox) { | 257 if (using_setuid_sandbox) { |
244 // NaCl needs to keep tight control of the cmd_line, so prepend the | 258 // NaCl needs to keep tight control of the cmd_line, so prepend the |
245 // setuid sandbox wrapper manually. | 259 // setuid sandbox wrapper manually. |
246 base::FilePath sandbox_path = setuid_sandbox_host->GetSandboxBinaryPath(); | 260 base::FilePath sandbox_path = setuid_sandbox_host->GetSandboxBinaryPath(); |
247 argv_to_launch.insert(argv_to_launch.begin(), sandbox_path.value()); | 261 argv_to_launch.insert(argv_to_launch.begin(), sandbox_path.value()); |
248 setuid_sandbox_host->SetupLaunchOptions(&options, &fds_to_map, &dummy_fd); | 262 setuid_sandbox_host->SetupLaunchOptions(&options, &fds_to_map, &dummy_fd); |
249 setuid_sandbox_host->SetupLaunchEnvironment(); | 263 setuid_sandbox_host->SetupLaunchEnvironment(); |
250 } | 264 } |
251 | 265 |
252 options.fds_to_remap = &fds_to_map; | 266 options.fds_to_remap = &fds_to_map; |
253 | 267 |
254 // The NaCl processes spawned may need to exceed the ambient soft limit | 268 // The NaCl processes spawned may need to exceed the ambient soft limit |
255 // on RLIMIT_AS to allocate the untrusted address space and its guard | 269 // on RLIMIT_AS to allocate the untrusted address space and its guard |
256 // regions. The nacl_helper itself cannot just raise its own limit, | 270 // regions. The nacl_helper itself cannot just raise its own limit, |
257 // because the existing limit may prevent the initial exec of | 271 // because the existing limit may prevent the initial exec of |
258 // nacl_helper_bootstrap from succeeding, with its large address space | 272 // nacl_helper_bootstrap from succeeding, with its large address space |
259 // reservation. | 273 // reservation. |
260 std::vector<int> max_these_limits; | 274 std::vector<int> max_these_limits; |
261 max_these_limits.push_back(RLIMIT_AS); | 275 max_these_limits.push_back(RLIMIT_AS); |
262 options.maximize_rlimits = &max_these_limits; | 276 options.maximize_rlimits = &max_these_limits; |
263 | 277 |
264 // To avoid information leaks in Non-SFI mode, clear the environment for | 278 // To avoid information leaks in Non-SFI mode, clear the environment for |
265 // the NaCl Helper process. | 279 // the NaCl Helper process. |
266 options.clear_environ = true; | 280 options.clear_environ = true; |
267 AddPassthroughEnvToOptions(&options); | 281 AddPassthroughEnvToOptions(&options); |
268 | 282 |
269 if (!base::LaunchProcess(argv_to_launch, options).IsValid()) | 283 base::Process process = |
| 284 using_namespace_sandbox |
| 285 ? sandbox::NamespaceSandbox::LaunchProcess(argv_to_launch, options) |
| 286 : base::LaunchProcess(argv_to_launch, options); |
| 287 |
| 288 if (!process.IsValid()) |
270 status_ = kNaClHelperLaunchFailed; | 289 status_ = kNaClHelperLaunchFailed; |
271 // parent and error cases are handled below | 290 // parent and error cases are handled below |
272 | 291 |
273 if (enable_layer1_sandbox) { | 292 if (using_setuid_sandbox) { |
274 // Sanity check that dummy_fd was kept alive for LaunchProcess. | 293 // Sanity check that dummy_fd was kept alive for LaunchProcess. |
275 DCHECK(dummy_fd.is_valid()); | 294 DCHECK(dummy_fd.is_valid()); |
276 } | 295 } |
277 } | 296 } |
278 if (IGNORE_EINTR(close(fds[1])) != 0) | 297 if (IGNORE_EINTR(close(fds[1])) != 0) |
279 LOG(ERROR) << "close(fds[1]) failed"; | 298 LOG(ERROR) << "close(fds[1]) failed"; |
280 if (status_ == kNaClHelperUnused) { | 299 if (status_ == kNaClHelperUnused) { |
281 const ssize_t kExpectedLength = strlen(kNaClHelperStartupAck); | 300 const ssize_t kExpectedLength = strlen(kNaClHelperStartupAck); |
282 char buf[kExpectedLength]; | 301 char buf[kExpectedLength]; |
283 | 302 |
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
436 pass_through_vars.push_back(kNaClVerbosity); | 455 pass_through_vars.push_back(kNaClVerbosity); |
437 pass_through_vars.push_back(sandbox::kSandboxEnvironmentApiRequest); | 456 pass_through_vars.push_back(sandbox::kSandboxEnvironmentApiRequest); |
438 for (size_t i = 0; i < pass_through_vars.size(); ++i) { | 457 for (size_t i = 0; i < pass_through_vars.size(); ++i) { |
439 std::string temp; | 458 std::string temp; |
440 if (env->GetVar(pass_through_vars[i].c_str(), &temp)) | 459 if (env->GetVar(pass_through_vars[i].c_str(), &temp)) |
441 options->environ[pass_through_vars[i]] = temp; | 460 options->environ[pass_through_vars[i]] = temp; |
442 } | 461 } |
443 } | 462 } |
444 | 463 |
445 } // namespace nacl | 464 } // namespace nacl |
OLD | NEW |