diff options
| author | Julien Tinnes <jln@chromium.org> | 2014-09-19 17:13:06 -0700 |
|---|---|---|
| committer | Julien Tinnes <jln@chromium.org> | 2014-09-20 00:14:53 +0000 |
| commit | a993af23aca15e7e24643d9892e746a9dfbf6fa6 (patch) | |
| tree | 9e2a07692f481c6e28c17997c1b9530b3c641e08 /content | |
| parent | dadcc31e94943d59ecef9209e09a557d1594b68a (diff) | |
| download | chromium_src-a993af23aca15e7e24643d9892e746a9dfbf6fa6.zip chromium_src-a993af23aca15e7e24643d9892e746a9dfbf6fa6.tar.gz chromium_src-a993af23aca15e7e24643d9892e746a9dfbf6fa6.tar.bz2 | |
Linux sandbox: add behind-flag USR2 handler for crash debugging.
When --allow-sandbox-debugging is used, we set-up a new signal
handler in the Zygote (inherited by all renderers) that performs a
chroot().
This allows testing of sandbox violation crash report with official
binaries shipping to users.
BUG=415842
R=mdempsky@chromium.org
Review URL: https://codereview.chromium.org/585123003
Cr-Commit-Position: refs/heads/master@{#295826}
Diffstat (limited to 'content')
| -rw-r--r-- | content/zygote/zygote_main_linux.cc | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc index b77471a..361511e 100644 --- a/content/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -7,6 +7,7 @@ #include <dlfcn.h> #include <fcntl.h> #include <pthread.h> +#include <signal.h> #include <string.h> #include <sys/socket.h> #include <sys/types.h> @@ -22,6 +23,7 @@ #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket_linux.h" #include "base/rand_util.h" +#include "base/strings/safe_sprintf.h" #include "base/strings/string_number_conversions.h" #include "base/sys_info.h" #include "build/build_config.h" @@ -64,6 +66,43 @@ namespace content { +namespace { + +void DoChrootSignalHandler(int) { + const int old_errno = errno; + const char kFirstMessage[] = "Chroot signal handler called.\n"; + ignore_result(write(STDERR_FILENO, kFirstMessage, sizeof(kFirstMessage) - 1)); + + const int chroot_ret = chroot("/"); + + char kSecondMessage[100]; + const ssize_t printed = + base::strings::SafeSPrintf(kSecondMessage, + "chroot() returned %d. Errno is %d.\n", + chroot_ret, + errno); + if (printed > 0 && printed < static_cast<ssize_t>(sizeof(kSecondMessage))) { + ignore_result(write(STDERR_FILENO, kSecondMessage, printed)); + } + errno = old_errno; +} + +// This is a quick hack to allow testing sandbox crash reports in production +// binaries. +// This installs a signal handler for SIGUSR2 that performs a chroot(). +// In most of our BPF policies, it is a "watched" system call which will +// trigger a SIGSYS signal whose handler will crash. +// This has been added during the investigation of https://crbug.com/415842. +void InstallSandboxCrashTestHandler() { + struct sigaction act = {}; + act.sa_handler = DoChrootSignalHandler; + CHECK_EQ(0, sigemptyset(&act.sa_mask)); + act.sa_flags = 0; + + PCHECK(0 == sigaction(SIGUSR2, &act, NULL)); +} +} // namespace + // See http://code.google.com/p/chromium/wiki/LinuxZygote static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, @@ -410,7 +449,12 @@ static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox, LOG(ERROR) << "Failed to set non-dumpable flag"; return false; } + } else { + // If sandbox debugging is allowed, install a handler for sandbox-related + // crash testing. + InstallSandboxCrashTestHandler(); } + #endif return true; |