summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
...
* Seccomp-BPF: disable ASAN on SandboxSyscall()jln@chromium.org2012-11-271-0/+5
| | | | | | | | | | | | | SandboxSyscall uses variadic arguments from the stack and it seems to confuse ASAN. BUG=162925 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11416209 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169733 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Verify the return value when changing memory protection.rvargas@google.com2012-11-272-2/+6
| | | | | | | BUG=162073 TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169545 0039d316-1c4b-4281-b951-d872f2087c98
* setuid tools: open /proc directories relativelyjln@chromium.org2012-11-271-21/+44
| | | | | | | | | | | | | Fix a race where we could end-up opening the wrong /proc/pid/fd because we were using absolute paths. BUG=162489 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11418160 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169541 0039d316-1c4b-4281-b951-d872f2087c98
* SECCOMP-BPF: Added support for greylisting of system calls.markus@chromium.org2012-11-2214-67/+1074
| | | | | | | | | | | | | | | | | | | | | | In addition to a Sandbox::Trap() handler, we now have a Sandbox::UnsafeTrap() handler. This feature should only be used for debugging purposes as it subverts the security of the sandbox. But it is useful to track down problems with the sandboxing policy. Within an unsafe trap handler, all sandbox restrictions are lifted. This, for example, allows us to allow system calls that would normally be denied by the policy, but to log their arguments, return value, and call stack. N.B.: this is the second attempt at submitting this CL. See https://chromiumcodereview.appspot.com/11363212/ for previous code reviews BUG=130662 TEST=sandbox_linux_unittests NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11419121 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169213 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox BPF: print pointer size in testjln@chromium.org2012-11-211-0/+2
| | | | | | | | | | | Print the size of pointers in the CallSupports test. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11416143 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169125 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 168969 - Added support for greylisting of system calls.nona@chromium.org2012-11-2114-1008/+67
| | | | | | | | | | | | | | | | | | | | | | | | Reason: SigBus test failure -- LOG -- SandboxBpf.SigBus: sandbox/linux/tests/unit_tests.cc:65: Failure Value of: subprocess_exit_status Actual: 1 Expected: kExpectedValue Which is: 42 --------- BUG=130662 TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/11363212 TBR=markus@chromium.org Review URL: https://codereview.chromium.org/11418112 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168993 0039d316-1c4b-4281-b951-d872f2087c98
* Added support for greylisting of system calls.markus@chromium.org2012-11-2114-67/+1008
| | | | | | | | | | BUG=130662 TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/11363212 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168969 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Increase the default timeout of multiprocess tests to 1 minute.rvargas@google.com2012-11-171-1/+1
| | | | | | | | | | | This means that external timeouts (the test framework) are now the dominant factor to detect a hung test. BUG=137652 TEST=none Review URL: https://codereview.chromium.org/11299052 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168336 0039d316-1c4b-4281-b951-d872f2087c98
* Move eintr_wrapper.h from base to base/posixbrettw@chromium.org2012-11-143-3/+3
| | | | | | Review URL: https://codereview.chromium.org/11366229 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@167739 0039d316-1c4b-4281-b951-d872f2087c98
* Fix memory smashing on the sandbox PolicyRulecpu@chromium.org2012-11-143-10/+52
| | | | | | | | | | | | | | | | | | | | | | | | | PolicyRule copy ctor was not taking into account that the source policy rule could be using some 'constants' memory at the bottom, so adding further opcodes to the new policy rule would overwrite the copied ones. In other words, this pattern PolicyRule pr_orig(ASK_BROKER); pr_orig.AddStringMatch(...); PolicyRule pr_copy(pr_orig); pr_copy.AddStringMatch(...); Was broken. This was not impacting the chrome sbox code because we don't mutate the new rule after copy construction. Acknoledgments to Ashutosh Mehra from Adobe Corp for pointing the bug and providing a test case. BUG=160890 TEST=new unittest added Review URL: https://codereview.chromium.org/11275301 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@167571 0039d316-1c4b-4281-b951-d872f2087c98
* Pass a pointer with auxilliary data to a policy function.markus@chromium.org2012-10-317-97/+143
| | | | | | | | | | | | | | This data can be used by the policy to communicate with the method that set up policy. In BPF_TEST()s it allows us to avoid global variables. BUG=130662 TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/11230048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@165123 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp-BPF: relax failure in probe process setupjln@chromium.org2012-10-301-24/+52
| | | | | | | | | | | | | | | | When we set-up the probe process to test seccomp-bpf availability, setting a pipe on stderr can sometimes fail. Presumably if this descriptor is backed by a file on a file system that will return an error on close(). We don't consider not being able to set-up the pipe on stderr as a fatal error anymore. BUG=152530 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/11300014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@164850 0039d316-1c4b-4281-b951-d872f2087c98
* Remove all the "set noparent" directivesdpranke@chromium.org2012-10-191-2/+0
| | | | | | | | | | | | | Now that OWNERS supports per-file owners, we can limit the scope of the top-level wildcard to just DEPS, and make darin and ben owners for everything else and remove the broad use of "set noparent". R=ben@chromium.org, darin@chromium.org BUG=88315 Review URL: https://codereview.chromium.org/11191038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@163069 0039d316-1c4b-4281-b951-d872f2087c98
* Minor fix for gcc builidng problem.shenhan@google.com2012-10-191-1/+2
| | | | | | | | | | | | Added explicit type conversion in initilization list. BUG=None TEST=Built using gcc 4.7. Review URL: https://chromiumcodereview.appspot.com/11193050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162945 0039d316-1c4b-4281-b951-d872f2087c98
* SANDBOX-BPF: Initial version of the updated code generator.markus@chromium.org2012-10-1914-153/+1469
| | | | | | | | | | | | | | | | | | | | | | | | | | | New code generator that is more generic and can automatically reorder instructions to meet the constraints of BPF programs. Previously, we were very careful to emit instructions in just the right order so that there would only ever be forward jumps. As we add more features to our BPF programs, this code is getting fragile. So, instead, we now use standard compiler techniques; we first build a graph of all the instructions, then we split them into basic blocks, we perform some basic optimizations (at the moment, this is just the merging of common tails of instructions), we sort the basic blocks topologically, and then we reassemble all the blocks into a BPF program. There should be no functional change, but this code is the pre-requisite for upcoming changes. BUG=130662 TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10690011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162924 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 162293 - Enable DEP earlier on Vista and belowmattm@chromium.org2012-10-173-29/+29
| | | | | | | | | | | | | We can't enable DEP at launch prior to Win7, but we can queue an APC to enable immediately after the loader finishes. BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10944015 TBR=jschuh@chromium.org Review URL: https://codereview.chromium.org/11194027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162300 0039d316-1c4b-4281-b951-d872f2087c98
* Enable DEP earlier on Vista and belowjschuh@chromium.org2012-10-173-29/+29
| | | | | | | | | | We can't enable DEP at launch prior to Win7, but we can queue an APC to enable immediately after the loader finishes. BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10944015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162293 0039d316-1c4b-4281-b951-d872f2087c98
* Add a platform-specific syscall number iterator.jorgelo@chromium.org2012-10-159-107/+401
| | | | | | | | | | | | | | | Avoid needlessly expensive scanning of system call ranges. This CL improves how we deal with discontiguous ranges of system call numbers. (Original CL by markus@chromium.org) TEST=sandbox_linux_unittests on x86_64 and ARM BUG=148856 Review URL: https://chromiumcodereview.appspot.com/11096012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161943 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: handle EINTR in error reporting setup.jln@chromium.org2012-10-111-3/+8
| | | | | | | | | | | | | | | Wrap dup2 with HANDLE_EINTR in the error reporting set-up for the BPF support detection process. We also print errno as an attempt to obtain more information on this puzzling bug. BUG=152530 Review URL: https://chromiumcodereview.appspot.com/11103021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161443 0039d316-1c4b-4281-b951-d872f2087c98
* Re-enable the tests for jobless children and add some more to them.pastarmovj@chromium.org2012-10-111-17/+100
| | | | | | | | | | | | | The new tests do aral end-to-end testing that the JOB_NONE flag works as expected. BUG=79091 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/11017012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161245 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 160252 - Make mitigation failures CHECKjschuh@chromium.org2012-10-051-17/+23
| | | | | | | | | | | | This is a temporary change to narrow down failures enabling mitigations on Win8. I'll revert once the cause is determined. BUG=153399 Review URL: https://codereview.chromium.org/11040046 TBR=jschuh@chromium.org Review URL: https://codereview.chromium.org/11026071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160419 0039d316-1c4b-4281-b951-d872f2087c98
* Make mitigation failures CHECKjschuh@chromium.org2012-10-041-23/+17
| | | | | | | | | This is a temporary change to narrow down failures enabling mitigations on Win8. I'll revert once the cause is determined. BUG=153399 Review URL: https://codereview.chromium.org/11040046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160252 0039d316-1c4b-4281-b951-d872f2087c98
* Temporarily disable failing integration tests on Windowsbartfab@chromium.org2012-10-041-5/+5
| | | | | | | | | | | | | These tests are failing due to timing issues on the slower bots after crrev.com/160133 landed. Julian will fiddle with the timings and re- enable the tests tomorrow. BUG=79091 TBR=pastarmovj@chromium.org Review URL: https://codereview.chromium.org/11030028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160137 0039d316-1c4b-4281-b951-d872f2087c98
* Add a parameter to the sandbox policy to allow sandboxed process to run ↵pastarmovj@chromium.org2012-10-0410-26/+211
| | | | | | | | | | | | | | | | | | | outside of a job and wire it to a cmd line flag. This is needed for running chrome in Citrix or RemoteApp (Terminal Services) environments. These envoronments both start the main process inside a job spawned by rdpinit.exe (at least in the RemoteApp case) and the process are not allowed to escape it therefore when the job assignment is attempted it failes with ERROR_PERMISSION_DENIED. This is not a problem in Windows 8/Server 2012 because these allow nested jobs so we should only respect this flag for versions older than that. BUG=79091 TEST=Start Chrome as a published app with --allow-no-job and observe it spawning renderer processes properly. Review URL: https://chromiumcodereview.appspot.com/10908171 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160133 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 159850 - Enable handle tracing in Canary, Dev, and all debug builds ↵alexeypa@google.com2012-10-031-11/+6
| | | | | | | | | | | | | | | of Chrome (Windows only). BUG=131699,153148 Enabling handle tracing for the whole lifetime of a process uncovers to many bugs, causing lots of crashes. A supression or selective enablement mechanism is required to make it work. Review URL: https://chromiumcodereview.appspot.com/11035012 TBR=alexeypa@chromium.org Review URL: https://codereview.chromium.org/11043021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159914 0039d316-1c4b-4281-b951-d872f2087c98
* Enable handle tracing in Canary, Dev, and all debug builds of Chrome ↵alexeypa@chromium.org2012-10-031-6/+11
| | | | | | | | | | | (Windows only). BUG=131699,153148 Review URL: https://chromiumcodereview.appspot.com/11035012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159850 0039d316-1c4b-4281-b951-d872f2087c98
* Improve error handling in ApplyProcessMitigationsToCurrentProcessjschuh@chromium.org2012-10-021-7/+15
| | | | | | | BUG=153399 Review URL: https://codereview.chromium.org/11036009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159632 0039d316-1c4b-4281-b951-d872f2087c98
* Add extra buckets to CrashExitCodes histogram for sandbox terminations.eroman@chromium.org2012-09-281-2/+3
| | | | | | | | BUG=152814 Review URL: https://chromiumcodereview.appspot.com/10981061 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159215 0039d316-1c4b-4281-b951-d872f2087c98
* Remove GetModuleHandleHelper(), which was only needed for Win2k (which we ↵pkasting@chromium.org2012-09-226-83/+26
| | | | | | | | | | don't support). BUG=none TEST=none Review URL: https://codereview.chromium.org/10951038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@158165 0039d316-1c4b-4281-b951-d872f2087c98
* Make ProcessMitigationsTest.CheckWin8 work in debug buildsjschuh@chromium.org2012-09-221-11/+15
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10956050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@158132 0039d316-1c4b-4281-b951-d872f2087c98
* Cleanup: avoid foo ? true : false, part 2.thestig@chromium.org2012-09-195-14/+9
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10942004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@157509 0039d316-1c4b-4281-b951-d872f2087c98
* Fix sandbox_bpf_unittest compile on ARMjorgelo@chromium.org2012-09-151-1/+1
| | | | | | | | | | BUG=None TEST=Compile and run sandbox_linux_unittests on ARM. Review URL: https://chromiumcodereview.appspot.com/10908270 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156944 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-309/+767
| | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156657 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 156550 - Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-746/+309
| | | | | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/10907217 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156556 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-309/+746
| | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156550 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 156315 - Add sandbox support for Windows process mitigationsjschuh@chromium.org2012-09-1217-738/+304
| | | | | | | | | | BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10690058 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/10918197 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156322 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigationsjschuh@chromium.org2012-09-1217-304/+738
| | | | | | | BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156315 0039d316-1c4b-4281-b951-d872f2087c98
* Disable FilePolicyTest, DISABLED_TestReparsePointtbreisacher@chromium.org2012-09-071-1/+2
| | | | | | | | | | BUG=146944 TBR=nsylvain@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10910125 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155286 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Add support for Windows 8' AppContainer.rvargas@google.com2012-09-0517-82/+665
| | | | | | | | | | | | | Both sandboxes are not fully compatible yet; it is not possible to enable the AppContainer if the process is to be fully sandboxed (USER_LOCKDOWN), but the sandbox is user configurable anyway. BUG=none TEST=sbox_unittests, sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10825425 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154986 0039d316-1c4b-4281-b951-d872f2087c98
* Refactored ErrorCode into it's own class. Removed operators and made themmarkus@chromium.org2012-08-3113-162/+449
| | | | | | | | | | | | | | | | explicit functions. Added code that allows testing of the sandbox infrastructure with Valgrind (this currently only works when building with the Makefile; we still need to decide if and how we want to expose this to our unittests). Added a way to unittest the ErrorCode class. BUG=n/a TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10833044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154397 0039d316-1c4b-4281-b951-d872f2087c98
* Move STARTUPINFO manipulation into SpawnTargetjschuh@chromium.org2012-08-283-13/+25
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10878071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153606 0039d316-1c4b-4281-b951-d872f2087c98
* Simplified unit testing of sandboxing code. We now have helper methods that ↵markus@chromium.org2012-08-2713-229/+453
| | | | | | | | | | | | | | | | | | | | | run all tests inside their own processes. And we have another set of helpers that ensure we actually set a sandboxing policy and don't forget to start the sandbox prior to running the tests. Also simplified the handling of unexpected failure and termination of the sandbox'd process. TODO: we still don't have a good story for testing fatal errors. We will eventually need some form of exit tests. BUG=n/a TEST=sandbox_linux_unittests Review URL: https://chromiumcodereview.appspot.com/10878033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153555 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Disable a test that fails on Win64.rvargas@google.com2012-08-231-0/+2
| | | | | | | | BUG=6944 TEST=none Review URL: https://chromiumcodereview.appspot.com/10860081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153035 0039d316-1c4b-4281-b951-d872f2087c98
* Re-enable sandbox ClientFastServer test.jln@chromium.org2012-08-221-3/+0
| | | | | | | | | | BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10831414 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152806 0039d316-1c4b-4281-b951-d872f2087c98
* Add full ARM syscall list.jorgelo@chromium.org2012-08-212-12/+1361
| | | | | | | | | | BUG=141157 TEST=Build and boot on daisy, check about:sandbox for "Seccomp-BPF Yes". Review URL: https://chromiumcodereview.appspot.com/10837316 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152448 0039d316-1c4b-4281-b951-d872f2087c98
* Add ARM syscalls to syscall sets.jorgelo@chromium.org2012-08-171-0/+4
| | | | | | | | | | BUG=141157 TEST=Build and boot on daisy. Review URL: https://chromiumcodereview.appspot.com/10830348 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152164 0039d316-1c4b-4281-b951-d872f2087c98
* Correct style issues in Linux sandbox code.jln@chromium.org2012-08-173-7/+10
| | | | | | | | NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10818015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152123 0039d316-1c4b-4281-b951-d872f2087c98
* Add basic ARM policy to seccomp-bpf sandbox.jorgelo@chromium.org2012-08-151-0/+28
| | | | | | | | | | BUG=141157 TEST=about:sandbox on daisy shows "Seccomp-BPF Yes". Review URL: https://chromiumcodereview.appspot.com/10836243 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151650 0039d316-1c4b-4281-b951-d872f2087c98
* Add basic ARM support to the seccomp-bpf sandbox.jorgelo@chromium.org2012-08-104-31/+86
| | | | | | | | | | BUG=141157 TEST=unit tests on daisy. Review URL: https://chromiumcodereview.appspot.com/10827223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151007 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-102-45/+110
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10837151 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150957 0039d316-1c4b-4281-b951-d872f2087c98