OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 #endif // !defined(ARCH_CPU_ARM64) | 55 #endif // !defined(ARCH_CPU_ARM64) |
56 | 56 |
57 #endif // | 57 #endif // |
58 | 58 |
59 namespace content { | 59 namespace content { |
60 | 60 |
61 #if defined(USE_SECCOMP_BPF) | 61 #if defined(USE_SECCOMP_BPF) |
62 namespace { | 62 namespace { |
63 | 63 |
64 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, | 64 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, |
65 base::ScopedFD proc_task_fd); | 65 base::ScopedFD proc_fd); |
66 | 66 |
67 inline bool IsChromeOS() { | 67 inline bool IsChromeOS() { |
68 #if defined(OS_CHROMEOS) | 68 #if defined(OS_CHROMEOS) |
69 return true; | 69 return true; |
70 #else | 70 #else |
71 return false; | 71 return false; |
72 #endif | 72 #endif |
73 } | 73 } |
74 | 74 |
75 inline bool IsArchitectureArm() { | 75 inline bool IsArchitectureArm() { |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
141 syscall_ret = socket(AF_NETLINK, SOCK_DGRAM, 0); | 141 syscall_ret = socket(AF_NETLINK, SOCK_DGRAM, 0); |
142 CHECK_EQ(-1, syscall_ret); | 142 CHECK_EQ(-1, syscall_ret); |
143 CHECK_EQ(EPERM, errno); | 143 CHECK_EQ(EPERM, errno); |
144 #endif // !defined(NDEBUG) | 144 #endif // !defined(NDEBUG) |
145 } | 145 } |
146 } | 146 } |
147 | 147 |
148 | 148 |
149 // This function takes ownership of |policy|. | 149 // This function takes ownership of |policy|. |
150 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, | 150 void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy, |
151 base::ScopedFD proc_task_fd) { | 151 base::ScopedFD proc_fd) { |
152 // Starting the sandbox is a one-way operation. The kernel doesn't allow | 152 // Starting the sandbox is a one-way operation. The kernel doesn't allow |
153 // us to unload a sandbox policy after it has been started. Nonetheless, | 153 // us to unload a sandbox policy after it has been started. Nonetheless, |
154 // in order to make the use of the "Sandbox" object easier, we allow for | 154 // in order to make the use of the "Sandbox" object easier, we allow for |
155 // the object to be destroyed after the sandbox has been started. Note that | 155 // the object to be destroyed after the sandbox has been started. Note that |
156 // doing so does not stop the sandbox. | 156 // doing so does not stop the sandbox. |
157 SandboxBPF sandbox(policy); | 157 SandboxBPF sandbox(policy); |
158 | 158 |
159 sandbox.SetProcTaskFd(proc_task_fd.Pass()); | 159 sandbox.SetProcFd(proc_fd.Pass()); |
160 CHECK(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); | 160 CHECK(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED)); |
161 } | 161 } |
162 | 162 |
163 // nacl_helper needs to be tiny and includes only part of content/ | 163 // nacl_helper needs to be tiny and includes only part of content/ |
164 // in its dependencies. Make sure to not link things that are not needed. | 164 // in its dependencies. Make sure to not link things that are not needed. |
165 #if !defined(IN_NACL_HELPER) | 165 #if !defined(IN_NACL_HELPER) |
166 scoped_ptr<SandboxBPFBasePolicy> GetGpuProcessSandbox() { | 166 scoped_ptr<SandboxBPFBasePolicy> GetGpuProcessSandbox() { |
167 const base::CommandLine& command_line = | 167 const base::CommandLine& command_line = |
168 *base::CommandLine::ForCurrentProcess(); | 168 *base::CommandLine::ForCurrentProcess(); |
169 bool allow_sysv_shm = false; | 169 bool allow_sysv_shm = false; |
(...skipping 10 matching lines...) Expand all Loading... |
180 command_line.GetSwitchValueASCII(switches::kUseGL) == | 180 command_line.GetSwitchValueASCII(switches::kUseGL) == |
181 gfx::kGLImplementationEGLName; | 181 gfx::kGLImplementationEGLName; |
182 return scoped_ptr<SandboxBPFBasePolicy>( | 182 return scoped_ptr<SandboxBPFBasePolicy>( |
183 new GpuProcessPolicy(allow_mincore)); | 183 new GpuProcessPolicy(allow_mincore)); |
184 } | 184 } |
185 } | 185 } |
186 | 186 |
187 // Initialize the seccomp-bpf sandbox. | 187 // Initialize the seccomp-bpf sandbox. |
188 bool StartBPFSandbox(const base::CommandLine& command_line, | 188 bool StartBPFSandbox(const base::CommandLine& command_line, |
189 const std::string& process_type, | 189 const std::string& process_type, |
190 base::ScopedFD proc_task_fd) { | 190 base::ScopedFD proc_fd) { |
191 scoped_ptr<SandboxBPFBasePolicy> policy; | 191 scoped_ptr<SandboxBPFBasePolicy> policy; |
192 | 192 |
193 if (process_type == switches::kGpuProcess) { | 193 if (process_type == switches::kGpuProcess) { |
194 policy.reset(GetGpuProcessSandbox().release()); | 194 policy.reset(GetGpuProcessSandbox().release()); |
195 } else if (process_type == switches::kRendererProcess) { | 195 } else if (process_type == switches::kRendererProcess) { |
196 policy.reset(new RendererProcessPolicy); | 196 policy.reset(new RendererProcessPolicy); |
197 } else if (process_type == switches::kPpapiPluginProcess) { | 197 } else if (process_type == switches::kPpapiPluginProcess) { |
198 policy.reset(new PpapiProcessPolicy); | 198 policy.reset(new PpapiProcessPolicy); |
199 } else if (process_type == switches::kUtilityProcess) { | 199 } else if (process_type == switches::kUtilityProcess) { |
200 policy.reset(new UtilityProcessPolicy); | 200 policy.reset(new UtilityProcessPolicy); |
201 } else { | 201 } else { |
202 NOTREACHED(); | 202 NOTREACHED(); |
203 policy.reset(new AllowAllPolicy); | 203 policy.reset(new AllowAllPolicy); |
204 } | 204 } |
205 | 205 |
206 CHECK(policy->PreSandboxHook()); | 206 CHECK(policy->PreSandboxHook()); |
207 StartSandboxWithPolicy(policy.release(), proc_task_fd.Pass()); | 207 StartSandboxWithPolicy(policy.release(), proc_fd.Pass()); |
208 | 208 |
209 RunSandboxSanityChecks(process_type); | 209 RunSandboxSanityChecks(process_type); |
210 return true; | 210 return true; |
211 } | 211 } |
212 #else // defined(IN_NACL_HELPER) | 212 #else // defined(IN_NACL_HELPER) |
213 bool StartBPFSandbox(const base::CommandLine& command_line, | 213 bool StartBPFSandbox(const base::CommandLine& command_line, |
214 const std::string& process_type) { | 214 const std::string& process_type) { |
215 NOTREACHED(); | 215 NOTREACHED(); |
216 // Avoid -Wunused-function with no-op code. | 216 // Avoid -Wunused-function with no-op code. |
217 ignore_result(IsChromeOS); | 217 ignore_result(IsChromeOS); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
260 | 260 |
261 bool SandboxSeccompBPF::SupportsSandboxWithTsync() { | 261 bool SandboxSeccompBPF::SupportsSandboxWithTsync() { |
262 #if defined(USE_SECCOMP_BPF) | 262 #if defined(USE_SECCOMP_BPF) |
263 return SandboxBPF::SupportsSeccompSandbox( | 263 return SandboxBPF::SupportsSeccompSandbox( |
264 SandboxBPF::SeccompLevel::MULTI_THREADED); | 264 SandboxBPF::SeccompLevel::MULTI_THREADED); |
265 #endif | 265 #endif |
266 return false; | 266 return false; |
267 } | 267 } |
268 | 268 |
269 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type, | 269 bool SandboxSeccompBPF::StartSandbox(const std::string& process_type, |
270 base::ScopedFD proc_task_fd) { | 270 base::ScopedFD proc_fd) { |
271 #if defined(USE_SECCOMP_BPF) | 271 #if defined(USE_SECCOMP_BPF) |
272 const base::CommandLine& command_line = | 272 const base::CommandLine& command_line = |
273 *base::CommandLine::ForCurrentProcess(); | 273 *base::CommandLine::ForCurrentProcess(); |
274 | 274 |
275 if (IsSeccompBPFDesired() && // Global switches policy. | 275 if (IsSeccompBPFDesired() && // Global switches policy. |
276 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. | 276 ShouldEnableSeccompBPF(process_type) && // Process-specific policy. |
277 SupportsSandbox()) { | 277 SupportsSandbox()) { |
278 // If the kernel supports the sandbox, and if the command line says we | 278 // If the kernel supports the sandbox, and if the command line says we |
279 // should enable it, enable it or die. | 279 // should enable it, enable it or die. |
280 bool started_sandbox = | 280 bool started_sandbox = |
281 StartBPFSandbox(command_line, process_type, proc_task_fd.Pass()); | 281 StartBPFSandbox(command_line, process_type, proc_fd.Pass()); |
282 CHECK(started_sandbox); | 282 CHECK(started_sandbox); |
283 return true; | 283 return true; |
284 } | 284 } |
285 #endif | 285 #endif |
286 return false; | 286 return false; |
287 } | 287 } |
288 | 288 |
289 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( | 289 bool SandboxSeccompBPF::StartSandboxWithExternalPolicy( |
290 scoped_ptr<sandbox::bpf_dsl::Policy> policy, | 290 scoped_ptr<sandbox::bpf_dsl::Policy> policy, |
291 base::ScopedFD proc_task_fd) { | 291 base::ScopedFD proc_fd) { |
292 #if defined(USE_SECCOMP_BPF) | 292 #if defined(USE_SECCOMP_BPF) |
293 if (IsSeccompBPFDesired() && SupportsSandbox()) { | 293 if (IsSeccompBPFDesired() && SupportsSandbox()) { |
294 CHECK(policy); | 294 CHECK(policy); |
295 StartSandboxWithPolicy(policy.release(), proc_task_fd.Pass()); | 295 StartSandboxWithPolicy(policy.release(), proc_fd.Pass()); |
296 return true; | 296 return true; |
297 } | 297 } |
298 #endif // defined(USE_SECCOMP_BPF) | 298 #endif // defined(USE_SECCOMP_BPF) |
299 return false; | 299 return false; |
300 } | 300 } |
301 | 301 |
302 scoped_ptr<sandbox::bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() { | 302 scoped_ptr<sandbox::bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() { |
303 #if defined(USE_SECCOMP_BPF) | 303 #if defined(USE_SECCOMP_BPF) |
304 return scoped_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); | 304 return scoped_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); |
305 #else | 305 #else |
306 return scoped_ptr<sandbox::bpf_dsl::Policy>(); | 306 return scoped_ptr<sandbox::bpf_dsl::Policy>(); |
307 #endif // defined(USE_SECCOMP_BPF) | 307 #endif // defined(USE_SECCOMP_BPF) |
308 } | 308 } |
309 | 309 |
310 } // namespace content | 310 } // namespace content |
OLD | NEW |