Home | History | Annotate | Download | only in seccomp-bpf 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include <errno.h>
      6 #include <linux/unistd.h>
      7 #include <stdio.h>
      8 #include <sys/prctl.h>
      9 
     10 #include <string>
     11 
     12 #include "base/logging.h"
     13 #include "base/posix/eintr_wrapper.h"
     14 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
     15 #include "sandbox/linux/seccomp-bpf/syscall.h"
     16 
     17 namespace sandbox {
     18 
     19 void Die::ExitGroup() {
     20   // exit_group() should exit our program. After all, it is defined as a
     21   // function that doesn't return. But things can theoretically go wrong.
     22   // Especially, since we are dealing with system call filters. Continuing
     23   // execution would be very bad in most cases where ExitGroup() gets called.
     24   // So, we'll try a few other strategies too.
     25   SandboxSyscall(__NR_exit_group, 1);
     26 
     27   // We have no idea what our run-time environment looks like. So, signal
     28   // handlers might or might not do the right thing. Try to reset settings
     29   // to a defined state; but we have not way to verify whether we actually
     30   // succeeded in doing so. Nonetheless, triggering a fatal signal could help
     31   // us terminate.
     32   signal(SIGSEGV, SIG_DFL);
     33   SandboxSyscall(__NR_prctl, PR_SET_DUMPABLE, (void*)0, (void*)0, (void*)0);
     34   if (*(volatile char*)0) {
     35   }
     36 
     37   // If there is no way for us to ask for the program to exit, the next
     38   // best thing we can do is to loop indefinitely. Maybe, somebody will notice
     39   // and file a bug...
     40   // We in fact retry the system call inside of our loop so that it will
     41   // stand out when somebody tries to diagnose the problem by using "strace".
     42   for (;;) {
     43     SandboxSyscall(__NR_exit_group, 1);
     44   }
     45 }
     46 
     47 void Die::SandboxDie(const char* msg, const char* file, int line) {
     48   if (simple_exit_) {
     49     LogToStderr(msg, file, line);
     50   } else {
     51     logging::LogMessage(file, line, logging::LOG_FATAL).stream() << msg;
     52   }
     53   ExitGroup();
     54 }
     55 
     56 void Die::RawSandboxDie(const char* msg) {
     57   if (!msg)
     58     msg = "";
     59   RAW_LOG(FATAL, msg);
     60   ExitGroup();
     61 }
     62 
     63 void Die::SandboxInfo(const char* msg, const char* file, int line) {
     64   if (!suppress_info_) {
     65     logging::LogMessage(file, line, logging::LOG_INFO).stream() << msg;
     66   }
     67 }
     68 
     69 void Die::LogToStderr(const char* msg, const char* file, int line) {
     70   if (msg) {
     71     char buf[40];
     72     snprintf(buf, sizeof(buf), "%d", line);
     73     std::string s = std::string(file) + ":" + buf + ":" + msg + "\n";
     74 
     75     // No need to loop. Short write()s are unlikely and if they happen we
     76     // probably prefer them over a loop that blocks.
     77     ignore_result(
     78         HANDLE_EINTR(SandboxSyscall(__NR_write, 2, s.c_str(), s.length())));
     79   }
     80 }
     81 
     82 bool Die::simple_exit_ = false;
     83 bool Die::suppress_info_ = false;
     84 
     85 }  // namespace sandbox
     86