diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-22 06:13:48 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-22 06:13:48 +0000 |
| commit | 002da7b2877ebd64d6ae62d98bf2a196c0a98eae (patch) | |
| tree | b9ba7e5af01127acfd1b36fda8a066b75f94f3f6 /sandbox | |
| parent | fef93553fa5a28c5e73e343c51566fa9da873fe9 (diff) | |
| download | chromium_src-002da7b2877ebd64d6ae62d98bf2a196c0a98eae.zip chromium_src-002da7b2877ebd64d6ae62d98bf2a196c0a98eae.tar.gz chromium_src-002da7b2877ebd64d6ae62d98bf2a196c0a98eae.tar.bz2 | |
Linux sandbox: use openat() instead of open() in broker process.
The broker process needs to perform system calls directly.
syscall(__NR_open, ...) was used, however __NR_open doesn't exist on
the modern ARM64 architecture. We replace this call with openat(AT_FDCWD, ...).
This is a re-land of https://codereview.chromium.org/208823003/
BUG=354852
TBR=jorgelo
Review URL: https://codereview.chromium.org/208813006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258793 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/linux/services/broker_process.cc | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc index 2956cf9..47aec25 100644 --- a/sandbox/linux/services/broker_process.cc +++ b/sandbox/linux/services/broker_process.cc @@ -25,6 +25,7 @@ #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket_linux.h" #include "base/process/process_metrics.h" +#include "base/third_party/valgrind/valgrind.h" #include "build/build_config.h" #include "sandbox/linux/services/linux_syscalls.h" @@ -34,6 +35,22 @@ namespace { +bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } + +// A little open(2) wrapper to handle some oddities for us. In the general case +// make a direct system call since we want to keep in control of the broker +// process' system calls profile to be able to loosely sandbox it. +int sys_open(const char* pathname, int flags) { + // Always pass a defined |mode| in case flags mistakenly contains O_CREAT. + const int mode = 0; + if (IsRunningOnValgrind()) { + // Valgrind does not support AT_FDCWD, just use libc's open() in this case. + return open(pathname, flags, mode); + } else { + return syscall(__NR_openat, AT_FDCWD, pathname, flags, mode); + } +} + static const size_t kMaxMessageLength = 4096; // Some flags are local to the current process and cannot be sent over a Unix @@ -433,9 +450,7 @@ void BrokerProcess::OpenFileForIPC(const std::string& requested_filename, if (safe_to_open_file) { CHECK(file_to_open); - // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't - // hurt to always pass a third argument though. - int opened_fd = syscall(__NR_open, file_to_open, flags, 0); + int opened_fd = sys_open(file_to_open, flags); if (opened_fd < 0) { write_pickle->WriteInt(-errno); } else { |