OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
69 } | 69 } |
70 | 70 |
71 bool IsRunningTSAN() { | 71 bool IsRunningTSAN() { |
72 #if defined(THREAD_SANITIZER) | 72 #if defined(THREAD_SANITIZER) |
73 return true; | 73 return true; |
74 #else | 74 #else |
75 return false; | 75 return false; |
76 #endif | 76 #endif |
77 } | 77 } |
78 | 78 |
79 // Try to open /proc/self/task/ with the help of |proc_fd|. |proc_fd| can be | 79 // Get a file descriptor to /proc. Either duplicate |proc_fd| or try to open |
80 // -1. Will return -1 on error and set errno like open(2). | 80 // it by using the filesystem directly. |
81 // TODO(jln): get rid of this ugly interface. | 81 // TODO(jln): get rid of this ugly interface. |
jln (very slow on Chromium)
2015/02/24 01:45:38
This will be cleaned-up when refactoring how we st
| |
82 int OpenProcTaskFd(int proc_fd) { | 82 base::ScopedFD OpenProc(int proc_fd) { |
83 int proc_self_task = -1; | 83 int ret_proc_fd = -1; |
84 if (proc_fd >= 0) { | 84 if (proc_fd >= 0) { |
85 // If a handle to /proc is available, use it. This allows to bypass file | 85 // If a handle to /proc is available, use it. This allows to bypass file |
86 // system restrictions. | 86 // system restrictions. |
87 proc_self_task = HANDLE_EINTR( | 87 ret_proc_fd = |
88 openat(proc_fd, "self/task/", O_RDONLY | O_DIRECTORY | O_CLOEXEC)); | 88 HANDLE_EINTR(openat(proc_fd, ".", O_RDONLY | O_DIRECTORY | O_CLOEXEC)); |
89 } else { | 89 } else { |
90 // Otherwise, make an attempt to access the file system directly. | 90 // Otherwise, make an attempt to access the file system directly. |
91 proc_self_task = HANDLE_EINTR(openat(AT_FDCWD, "/proc/self/task/", | 91 ret_proc_fd = HANDLE_EINTR( |
92 O_RDONLY | O_DIRECTORY | O_CLOEXEC)); | 92 openat(AT_FDCWD, "/proc/", O_RDONLY | O_DIRECTORY | O_CLOEXEC)); |
93 } | 93 } |
94 return proc_self_task; | 94 DCHECK_LE(0, ret_proc_fd); |
95 return base::ScopedFD(ret_proc_fd); | |
95 } | 96 } |
96 | 97 |
97 } // namespace | 98 } // namespace |
98 | 99 |
99 namespace content { | 100 namespace content { |
100 | 101 |
101 LinuxSandbox::LinuxSandbox() | 102 LinuxSandbox::LinuxSandbox() |
102 : proc_fd_(-1), | 103 : proc_fd_(-1), |
103 seccomp_bpf_started_(false), | 104 seccomp_bpf_started_(false), |
104 sandbox_status_flags_(kSandboxLinuxInvalid), | 105 sandbox_status_flags_(kSandboxLinuxInvalid), |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
176 void LinuxSandbox::EngageNamespaceSandbox() { | 177 void LinuxSandbox::EngageNamespaceSandbox() { |
177 CHECK(pre_initialized_); | 178 CHECK(pre_initialized_); |
178 // Check being in a new PID namespace created by the namespace sandbox and | 179 // Check being in a new PID namespace created by the namespace sandbox and |
179 // being the init process. | 180 // being the init process. |
180 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); | 181 CHECK(sandbox::NamespaceSandbox::InNewPidNamespace()); |
181 const pid_t pid = getpid(); | 182 const pid_t pid = getpid(); |
182 CHECK_EQ(1, pid); | 183 CHECK_EQ(1, pid); |
183 | 184 |
184 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 185 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
185 // Note: this requires SealSandbox() to be called later in this process to be | 186 // Note: this requires SealSandbox() to be called later in this process to be |
186 // safe, as this class is keeping a file descriptor to /proc. | 187 // safe, as this class is keeping a file descriptor to /proc/. |
187 CHECK(!HasOpenDirectories()); | 188 CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_)); |
188 CHECK(sandbox::Credentials::DropFileSystemAccess()); | 189 CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_)); |
189 CHECK(IsSingleThreaded()); | |
190 CHECK(sandbox::Credentials::DropAllCapabilities()); | |
191 | 190 |
192 // This needs to happen after moving to a new user NS, since doing so involves | 191 // This needs to happen after moving to a new user NS, since doing so involves |
193 // writing the UID/GID map. | 192 // writing the UID/GID map. |
194 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); | 193 CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers()); |
195 } | 194 } |
196 | 195 |
197 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { | 196 std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() { |
198 std::vector<int> fds; | 197 std::vector<int> fds; |
199 if (proc_fd_ >= 0) { | 198 if (proc_fd_ >= 0) { |
200 fds.push_back(proc_fd_); | 199 fds.push_back(proc_fd_); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
250 } | 249 } |
251 } | 250 } |
252 | 251 |
253 return sandbox_status_flags_; | 252 return sandbox_status_flags_; |
254 } | 253 } |
255 | 254 |
256 // Threads are counted via /proc/self/task. This is a little hairy because of | 255 // Threads are counted via /proc/self/task. This is a little hairy because of |
257 // PID namespaces and existing sandboxes, so "self" must really be used instead | 256 // PID namespaces and existing sandboxes, so "self" must really be used instead |
258 // of using the pid. | 257 // of using the pid. |
259 bool LinuxSandbox::IsSingleThreaded() const { | 258 bool LinuxSandbox::IsSingleThreaded() const { |
260 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); | 259 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
261 | 260 |
262 CHECK(proc_self_task.is_valid()) | 261 CHECK(proc_fd.is_valid()) << "Could not count threads, the sandbox was not " |
263 << "Could not count threads, the sandbox was not " | 262 << "pre-initialized properly."; |
264 << "pre-initialized properly."; | |
265 | 263 |
266 const bool is_single_threaded = | 264 const bool is_single_threaded = |
267 sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get()); | 265 sandbox::ThreadHelpers::IsSingleThreaded(proc_fd.get()); |
268 | 266 |
269 return is_single_threaded; | 267 return is_single_threaded; |
270 } | 268 } |
271 | 269 |
272 bool LinuxSandbox::seccomp_bpf_started() const { | 270 bool LinuxSandbox::seccomp_bpf_started() const { |
273 return seccomp_bpf_started_; | 271 return seccomp_bpf_started_; |
274 } | 272 } |
275 | 273 |
276 sandbox::SetuidSandboxClient* | 274 sandbox::SetuidSandboxClient* |
277 LinuxSandbox::setuid_sandbox_client() const { | 275 LinuxSandbox::setuid_sandbox_client() const { |
278 return setuid_sandbox_client_.get(); | 276 return setuid_sandbox_client_.get(); |
279 } | 277 } |
280 | 278 |
281 // For seccomp-bpf, we use the SandboxSeccompBPF class. | 279 // For seccomp-bpf, we use the SandboxSeccompBPF class. |
282 bool LinuxSandbox::StartSeccompBPF(const std::string& process_type) { | 280 bool LinuxSandbox::StartSeccompBPF(const std::string& process_type) { |
283 CHECK(!seccomp_bpf_started_); | 281 CHECK(!seccomp_bpf_started_); |
284 CHECK(pre_initialized_); | 282 CHECK(pre_initialized_); |
285 if (seccomp_bpf_supported()) { | 283 if (seccomp_bpf_supported()) { |
286 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); | |
287 seccomp_bpf_started_ = | 284 seccomp_bpf_started_ = |
288 SandboxSeccompBPF::StartSandbox(process_type, proc_self_task.Pass()); | 285 SandboxSeccompBPF::StartSandbox(process_type, OpenProc(proc_fd_)); |
289 } | 286 } |
290 | 287 |
291 if (seccomp_bpf_started_) { | 288 if (seccomp_bpf_started_) { |
292 LogSandboxStarted("seccomp-bpf"); | 289 LogSandboxStarted("seccomp-bpf"); |
293 } | 290 } |
294 | 291 |
295 return seccomp_bpf_started_; | 292 return seccomp_bpf_started_; |
296 } | 293 } |
297 | 294 |
298 bool LinuxSandbox::InitializeSandboxImpl() { | 295 bool LinuxSandbox::InitializeSandboxImpl() { |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
445 (sandbox_status_flags_ != kSandboxLinuxInvalid) && | 442 (sandbox_status_flags_ != kSandboxLinuxInvalid) && |
446 (GetStatus() & kSandboxLinuxSeccompBPF); | 443 (GetStatus() & kSandboxLinuxSeccompBPF); |
447 } | 444 } |
448 if (promised_seccomp_bpf_would_start) { | 445 if (promised_seccomp_bpf_would_start) { |
449 CHECK(seccomp_bpf_started_); | 446 CHECK(seccomp_bpf_started_); |
450 } | 447 } |
451 } | 448 } |
452 | 449 |
453 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 450 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
454 DCHECK(thread); | 451 DCHECK(thread); |
455 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); | 452 base::ScopedFD proc_fd(OpenProc(proc_fd_)); |
456 PCHECK(proc_self_task.is_valid()); | 453 PCHECK(proc_fd.is_valid()); |
457 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), | 454 CHECK( |
458 thread)); | 455 sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_fd.get(), thread)); |
459 } | 456 } |
460 | 457 |
461 } // namespace content | 458 } // namespace content |
OLD | NEW |