syzkaller

reactos/syzkaller

Fork 0

mirror of https://github.com/reactos/syzkaller.git synced 2024-11-24 20:09:49 +00:00

Commit Graph

Author	SHA1	Message	Date
Zach Riggle	0eca949a6c	RFC: android: Add support for untrusted_app sandboxing (#697 ) executor: add support for android_untrusted_app sandbox This adds a new sandbox type, 'android_untrusted_app', which restricts syz-executor to the privileges which are available to third-party applications, e.g. those installed from the Google Play store. In particular, this uses the UID space reserved for applications (instead of the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534) as well as a set of groups which the Android-specific kernels are aware of, and finally ensures that the SELinux context is set appropriately. Dependencies on libselinux are avoided by manually implementing the few functions that are needed to change the context of the current process, and arbitrary files. The underlying mechanisms are relatively simple. Fixes google/syzkaller#643 Test: make presubmit Bug: http://b/112900774	2018-09-17 11:33:11 +02:00
Dmitry Vyukov	649477b6a5	pkg/ipc: remove abort signal and buffer size They were needed for intermediate gvisor support. Now that we have end-to-end support for gvisor, they are not needed anymore. Remove.	2018-08-03 18:29:20 +02:00
Dmitry Vyukov	6bfd4f09db	pkg/ipc: move flags into subpackage Move all ipc flags into pkg/ipc/ipcconfig package so that importing pkg/ipc does pull in the flags.	2018-08-03 18:12:24 +02:00

Author

SHA1

Message

Date

Zach Riggle

0eca949a6c

RFC: android: Add support for untrusted_app sandboxing (#697 )

executor: add support for android_untrusted_app sandbox

This adds a new sandbox type, 'android_untrusted_app', which restricts
syz-executor to the privileges which are available to third-party applications,
e.g. those installed from the Google Play store.

In particular, this uses the UID space reserved for applications (instead of
the 'setuid' sandbox, which uses the traditional 'nobody' user / 65534)
as well as a set of groups which the Android-specific kernels are aware of,
and finally ensures that the SELinux context is set appropriately.

Dependencies on libselinux are avoided by manually implementing the few
functions that are needed to change the context of the current process,
and arbitrary files.  The underlying mechanisms are relatively simple.

Fixes google/syzkaller#643

Test: make presubmit
Bug: http://b/112900774

2018-09-17 11:33:11 +02:00

Dmitry Vyukov

649477b6a5

pkg/ipc: remove abort signal and buffer size

They were needed for intermediate gvisor support.
Now that we have end-to-end support for gvisor,
they are not needed anymore. Remove.

2018-08-03 18:29:20 +02:00

Dmitry Vyukov

6bfd4f09db

pkg/ipc: move flags into subpackage

Move all ipc flags into pkg/ipc/ipcconfig package
so that importing pkg/ipc does pull in the flags.

2018-08-03 18:12:24 +02:00

3 Commits