OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h" |
| 6 |
| 7 #include <errno.h> |
| 8 #include <signal.h> |
| 9 #include <sys/prctl.h> |
| 10 #include <unistd.h> |
| 11 |
| 12 #include "base/command_line.h" |
| 13 #include "base/logging.h" |
| 14 #include "base/macros.h" |
| 15 #include "base/strings/safe_sprintf.h" |
| 16 #include "content/public/common/content_switches.h" |
| 17 |
| 18 namespace content { |
| 19 |
| 20 namespace { |
| 21 |
| 22 void DoChrootSignalHandler(int) { |
| 23 const int old_errno = errno; |
| 24 const char kFirstMessage[] = "Chroot signal handler called.\n"; |
| 25 ignore_result(write(STDERR_FILENO, kFirstMessage, sizeof(kFirstMessage) - 1)); |
| 26 |
| 27 const int chroot_ret = chroot("/"); |
| 28 |
| 29 char kSecondMessage[100]; |
| 30 const ssize_t printed = base::strings::SafeSPrintf( |
| 31 kSecondMessage, "chroot() returned %d. Errno is %d.\n", chroot_ret, |
| 32 errno); |
| 33 if (printed > 0 && printed < static_cast<ssize_t>(sizeof(kSecondMessage))) { |
| 34 ignore_result(write(STDERR_FILENO, kSecondMessage, printed)); |
| 35 } |
| 36 errno = old_errno; |
| 37 } |
| 38 |
| 39 // This is a quick hack to allow testing sandbox crash reports in production |
| 40 // binaries. |
| 41 // This installs a signal handler for SIGUSR2 that performs a chroot(). |
| 42 // In most of our BPF policies, it is a "watched" system call which will |
| 43 // trigger a SIGSYS signal whose handler will crash. |
| 44 // This has been added during the investigation of https://crbug.com/415842. |
| 45 void InstallCrashTestHandler() { |
| 46 struct sigaction act = {}; |
| 47 act.sa_handler = DoChrootSignalHandler; |
| 48 CHECK_EQ(0, sigemptyset(&act.sa_mask)); |
| 49 act.sa_flags = 0; |
| 50 |
| 51 PCHECK(0 == sigaction(SIGUSR2, &act, NULL)); |
| 52 } |
| 53 |
| 54 bool IsSandboxDebuggingEnabled() { |
| 55 const base::CommandLine& command_line = |
| 56 *base::CommandLine::ForCurrentProcess(); |
| 57 return command_line.HasSwitch(switches::kAllowSandboxDebugging); |
| 58 } |
| 59 |
| 60 } // namespace |
| 61 |
| 62 // static |
| 63 bool SandboxDebugHandling::SetDumpableStatusAndHandlers() { |
| 64 if (IsSandboxDebuggingEnabled()) { |
| 65 // If sandbox debugging is allowed, install a handler for sandbox-related |
| 66 // crash testing. |
| 67 InstallCrashTestHandler(); |
| 68 return true; |
| 69 } |
| 70 |
| 71 if (prctl(PR_SET_DUMPABLE, 0) != 0) { |
| 72 PLOG(ERROR) << "Failed to set non-dumpable flag"; |
| 73 return false; |
| 74 } |
| 75 |
| 76 return prctl(PR_GET_DUMPABLE) == 0; |
| 77 } |
| 78 |
| 79 } // namespace content |
OLD | NEW |