1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <errno.h> 6 #include <linux/unistd.h> 7 #include <stdio.h> 8 #include <sys/prctl.h> 9 10 #include <string> 11 12 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 13 #include "sandbox/linux/seccomp-bpf/syscall.h" 14 15 16 namespace playground2 { 17 18 void Die::ExitGroup() { 19 // exit_group() should exit our program. After all, it is defined as a 20 // function that doesn't return. But things can theoretically go wrong. 21 // Especially, since we are dealing with system call filters. Continuing 22 // execution would be very bad in most cases where ExitGroup() gets called. 23 // So, we'll try a few other strategies too. 24 SandboxSyscall(__NR_exit_group, 1); 25 26 // We have no idea what our run-time environment looks like. So, signal 27 // handlers might or might not do the right thing. Try to reset settings 28 // to a defined state; but we have not way to verify whether we actually 29 // succeeded in doing so. Nonetheless, triggering a fatal signal could help 30 // us terminate. 31 signal(SIGSEGV, SIG_DFL); 32 SandboxSyscall(__NR_prctl, PR_SET_DUMPABLE, (void *)0, (void *)0, (void *)0); 33 if (*(volatile char *)0) { } 34 35 // If there is no way for us to ask for the program to exit, the next 36 // best thing we can do is to loop indefinitely. Maybe, somebody will notice 37 // and file a bug... 38 // We in fact retry the system call inside of our loop so that it will 39 // stand out when somebody tries to diagnose the problem by using "strace". 40 for (;;) { 41 SandboxSyscall(__NR_exit_group, 1); 42 } 43 } 44 45 void Die::SandboxDie(const char *msg, const char *file, int line) { 46 if (simple_exit_) { 47 LogToStderr(msg, file, line); 48 } else { 49 #if defined(SECCOMP_BPF_STANDALONE) 50 Die::LogToStderr(msg, file, line); 51 #else 52 logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg; 53 #endif 54 } 55 ExitGroup(); 56 } 57 58 void Die::SandboxInfo(const char *msg, const char *file, int line) { 59 if (!suppress_info_) { 60 #if defined(SECCOMP_BPF_STANDALONE) 61 Die::LogToStderr(msg, file, line); 62 #else 63 logging::LogMessage(file, line, logging::LOG_INFO).stream() << msg; 64 #endif 65 } 66 } 67 68 void Die::LogToStderr(const char *msg, const char *file, int line) { 69 if (msg) { 70 char buf[40]; 71 snprintf(buf, sizeof(buf), "%d", line); 72 std::string s = std::string(file) + ":" + buf + ":" + msg + "\n"; 73 74 // No need to loop. Short write()s are unlikely and if they happen we 75 // probably prefer them over a loop that blocks. 76 if (HANDLE_EINTR(SandboxSyscall(__NR_write, 2, s.c_str(), s.length()))) { } 77 } 78 } 79 80 bool Die::simple_exit_ = false; 81 bool Die::suppress_info_ = false; 82 83 } // namespace 84
