mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-01 17:23:59 +00:00
Bug 1041886 - Break out Linux sandbox logging into its own header. r=kang
This commit is contained in:
parent
6ace183a93
commit
e020caf2de
@ -4,7 +4,8 @@
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "mozilla/Sandbox.h"
|
||||
#include "Sandbox.h"
|
||||
#include "SandboxLogging.h"
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
@ -34,7 +35,6 @@
|
||||
|
||||
#if defined(ANDROID)
|
||||
#include "android_ucontext.h"
|
||||
#include <android/log.h>
|
||||
#endif
|
||||
|
||||
#include "linux_seccomp.h"
|
||||
@ -44,11 +44,6 @@
|
||||
#include "sandbox/linux/seccomp-bpf/die.h"
|
||||
|
||||
namespace mozilla {
|
||||
#if defined(ANDROID)
|
||||
#define LOG_ERROR(args...) __android_log_print(ANDROID_LOG_ERROR, "Sandbox", ## args)
|
||||
#else
|
||||
#define LOG_ERROR(fmt, args...) fprintf(stderr, "Sandbox: " fmt "\n", ## args)
|
||||
#endif
|
||||
|
||||
#ifdef MOZ_GMP_SANDBOX
|
||||
// For media plugins, we can start the sandbox before we dlopen the
|
||||
@ -77,7 +72,8 @@ struct SandboxFlags {
|
||||
// fail with EFAULT if supported and EINVAL if not, without
|
||||
// changing the process's state.
|
||||
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr) != -1) {
|
||||
MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr) didn't fail");
|
||||
MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr)"
|
||||
" didn't fail");
|
||||
}
|
||||
isSupported = errno == EFAULT;
|
||||
}
|
||||
@ -120,12 +116,12 @@ SandboxLogJSStack(void)
|
||||
unused << frame->GetName(funName);
|
||||
|
||||
if (!funName.IsVoid() || !fileName.IsVoid()) {
|
||||
LOG_ERROR("JS frame %d: %s %s line %d", i,
|
||||
funName.IsVoid() ?
|
||||
"(anonymous)" : NS_ConvertUTF16toUTF8(funName).get(),
|
||||
fileName.IsVoid() ?
|
||||
"(no file)" : NS_ConvertUTF16toUTF8(fileName).get(),
|
||||
lineNumber);
|
||||
SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i,
|
||||
funName.IsVoid() ?
|
||||
"(anonymous)" : NS_ConvertUTF16toUTF8(funName).get(),
|
||||
fileName.IsVoid() ?
|
||||
"(no file)" : NS_ConvertUTF16toUTF8(fileName).get(),
|
||||
lineNumber);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIStackFrame> nextFrame;
|
||||
@ -175,13 +171,13 @@ Reporter(int nr, siginfo_t *info, void *void_context)
|
||||
int flags = int(args[1]);
|
||||
|
||||
if ((flags & O_ACCMODE) != O_RDONLY) {
|
||||
LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)",
|
||||
path, flags);
|
||||
SANDBOX_LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)",
|
||||
path, flags);
|
||||
} else if (strcmp(path, gMediaPluginFilePath) != 0) {
|
||||
LOG_ERROR("attempt to open file %s which is not the media plugin %s",
|
||||
path, gMediaPluginFilePath);
|
||||
SANDBOX_LOG_ERROR("attempt to open file %s which is not the media plugin"
|
||||
" %s", path, gMediaPluginFilePath);
|
||||
} else if (gMediaPluginFileDesc == -1) {
|
||||
LOG_ERROR("multiple opens of media plugin file unimplemented");
|
||||
SANDBOX_LOG_ERROR("multiple opens of media plugin file unimplemented");
|
||||
} else {
|
||||
SECCOMP_RESULT(ctx) = gMediaPluginFileDesc;
|
||||
gMediaPluginFileDesc = -1;
|
||||
@ -190,16 +186,17 @@ Reporter(int nr, siginfo_t *info, void *void_context)
|
||||
}
|
||||
#endif
|
||||
|
||||
LOG_ERROR("seccomp sandbox violation: pid %d, syscall %lu, args %lu %lu %lu"
|
||||
" %lu %lu %lu. Killing process.", pid, syscall_nr,
|
||||
args[0], args[1], args[2], args[3], args[4], args[5]);
|
||||
SANDBOX_LOG_ERROR("seccomp sandbox violation: pid %d, syscall %lu,"
|
||||
" args %lu %lu %lu %lu %lu %lu. Killing process.",
|
||||
pid, syscall_nr,
|
||||
args[0], args[1], args[2], args[3], args[4], args[5]);
|
||||
|
||||
#ifdef MOZ_CRASHREPORTER
|
||||
// Bug 1017393: record syscall number somewhere useful.
|
||||
info->si_addr = reinterpret_cast<void*>(syscall_nr);
|
||||
bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context);
|
||||
if (!dumped) {
|
||||
LOG_ERROR("Failed to write minidump");
|
||||
SANDBOX_LOG_ERROR("Failed to write minidump");
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -266,13 +263,13 @@ static void
|
||||
InstallSyscallFilter(const sock_fprog *prog)
|
||||
{
|
||||
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
|
||||
LOG_ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno));
|
||||
SANDBOX_LOG_ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno));
|
||||
MOZ_CRASH("prctl(PR_SET_NO_NEW_PRIVS)");
|
||||
}
|
||||
|
||||
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, (unsigned long)prog, 0, 0)) {
|
||||
LOG_ERROR("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s",
|
||||
strerror(errno));
|
||||
SANDBOX_LOG_ERROR("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s",
|
||||
strerror(errno));
|
||||
MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)");
|
||||
}
|
||||
}
|
||||
@ -349,19 +346,19 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
myTid = syscall(__NR_gettid);
|
||||
taskdp = opendir("/proc/self/task");
|
||||
if (taskdp == nullptr) {
|
||||
LOG_ERROR("opendir /proc/self/task: %s\n", strerror(errno));
|
||||
SANDBOX_LOG_ERROR("opendir /proc/self/task: %s\n", strerror(errno));
|
||||
MOZ_CRASH();
|
||||
}
|
||||
signum = FindFreeSignalNumber();
|
||||
if (signum == 0) {
|
||||
LOG_ERROR("No available signal numbers!");
|
||||
SANDBOX_LOG_ERROR("No available signal numbers!");
|
||||
MOZ_CRASH();
|
||||
}
|
||||
void (*oldHandler)(int);
|
||||
oldHandler = signal(signum, SetThreadSandboxHandler);
|
||||
if (oldHandler != SIG_DFL) {
|
||||
// See the comment on FindFreeSignalNumber about race conditions.
|
||||
LOG_ERROR("signal %d in use by handler %p!\n", signum, oldHandler);
|
||||
SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n", signum, oldHandler);
|
||||
MOZ_CRASH();
|
||||
}
|
||||
|
||||
@ -388,12 +385,12 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
sSetSandboxDone = 0;
|
||||
if (syscall(__NR_tgkill, pid, tid, signum) != 0) {
|
||||
if (errno == ESRCH) {
|
||||
LOG_ERROR("Thread %d unexpectedly exited.", tid);
|
||||
SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
|
||||
// Rescan threads, in case it forked before exiting.
|
||||
sandboxProgress = true;
|
||||
continue;
|
||||
}
|
||||
LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
|
||||
SANDBOX_LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
|
||||
MOZ_CRASH();
|
||||
}
|
||||
// It's unlikely, but if the thread somehow manages to exit
|
||||
@ -420,7 +417,7 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
if (syscall(__NR_futex, reinterpret_cast<int*>(&sSetSandboxDone),
|
||||
FUTEX_WAIT, 0, &futexTimeout) != 0) {
|
||||
if (errno != EWOULDBLOCK && errno != ETIMEDOUT && errno != EINTR) {
|
||||
LOG_ERROR("FUTEX_WAIT: %s\n", strerror(errno));
|
||||
SANDBOX_LOG_ERROR("FUTEX_WAIT: %s\n", strerror(errno));
|
||||
MOZ_CRASH();
|
||||
}
|
||||
}
|
||||
@ -434,7 +431,7 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
// Has the thread ceased to exist?
|
||||
if (syscall(__NR_tgkill, pid, tid, 0) != 0) {
|
||||
if (errno == ESRCH) {
|
||||
LOG_ERROR("Thread %d unexpectedly exited.", tid);
|
||||
SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
|
||||
}
|
||||
// Rescan threads, in case it forked before exiting.
|
||||
// Also, if it somehow failed in a way that wasn't ESRCH,
|
||||
@ -447,8 +444,9 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
if (now.tv_sec > timeLimit.tv_nsec ||
|
||||
(now.tv_sec == timeLimit.tv_nsec &&
|
||||
now.tv_nsec > timeLimit.tv_nsec)) {
|
||||
LOG_ERROR("Thread %d unresponsive for %d seconds. Killing process.",
|
||||
tid, crashDelay);
|
||||
SANDBOX_LOG_ERROR("Thread %d unresponsive for %d seconds."
|
||||
" Killing process.",
|
||||
tid, crashDelay);
|
||||
MOZ_CRASH();
|
||||
}
|
||||
}
|
||||
@ -458,7 +456,8 @@ BroadcastSetThreadSandbox(SandboxType aType)
|
||||
oldHandler = signal(signum, SIG_DFL);
|
||||
if (oldHandler != SetThreadSandboxHandler) {
|
||||
// See the comment on FindFreeSignalNumber about race conditions.
|
||||
LOG_ERROR("handler for signal %d was changed to %p!", signum, oldHandler);
|
||||
SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!",
|
||||
signum, oldHandler);
|
||||
MOZ_CRASH();
|
||||
}
|
||||
unused << closedir(taskdp);
|
||||
@ -471,7 +470,7 @@ static void
|
||||
SetCurrentProcessSandbox(SandboxType aType)
|
||||
{
|
||||
if (InstallSyscallReporter()) {
|
||||
LOG_ERROR("install_syscall_reporter() failed\n");
|
||||
SANDBOX_LOG_ERROR("install_syscall_reporter() failed\n");
|
||||
}
|
||||
|
||||
BroadcastSetThreadSandbox(aType);
|
||||
@ -524,7 +523,8 @@ SetMediaPluginSandbox(const char *aFilePath)
|
||||
gMediaPluginFilePath = strdup(aFilePath);
|
||||
gMediaPluginFileDesc = open(aFilePath, O_RDONLY | O_CLOEXEC);
|
||||
if (gMediaPluginFileDesc == -1) {
|
||||
LOG_ERROR("failed to open plugin file %s: %s", aFilePath, strerror(errno));
|
||||
SANDBOX_LOG_ERROR("failed to open plugin file %s: %s",
|
||||
aFilePath, strerror(errno));
|
||||
MOZ_CRASH();
|
||||
}
|
||||
}
|
||||
@ -549,7 +549,7 @@ namespace sandbox {
|
||||
void
|
||||
Die::SandboxDie(const char* msg, const char* file, int line)
|
||||
{
|
||||
LOG_ERROR("%s:%d: %s\n", file, line, msg);
|
||||
SANDBOX_LOG_ERROR("%s:%d: %s\n", file, line, msg);
|
||||
_exit(127);
|
||||
}
|
||||
|
||||
|
22
security/sandbox/linux/SandboxLogging.h
Normal file
22
security/sandbox/linux/SandboxLogging.h
Normal file
@ -0,0 +1,22 @@
|
||||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifndef mozilla_SandboxLogging_h
|
||||
#define mozilla_SandboxLogging_h
|
||||
|
||||
#if defined(ANDROID)
|
||||
#include <android/log.h>
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(ANDROID)
|
||||
#define SANDBOX_LOG_ERROR(args...) __android_log_print(ANDROID_LOG_ERROR, "Sandbox", ## args)
|
||||
#else
|
||||
#define SANDBOX_LOG_ERROR(fmt, args...) fprintf(stderr, "Sandbox: " fmt "\n", ## args)
|
||||
#endif
|
||||
|
||||
#endif // mozilla_SandboxLogging_h
|
Loading…
Reference in New Issue
Block a user