File: nacl_sandbox_linux.h

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (87 lines) | stat: -rw-r--r-- 3,344 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
#define COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_

#include <memory>

#include "base/files/scoped_file.h"

namespace sandbox {
class SetuidSandboxClient;
}

namespace nacl {

// NaClSandbox supports two independent layers of sandboxing.
// layer-1 uses a chroot. It requires both InitializeLayerOneSandbox() and
// SealLayerOneSandbox() to have been called to be enforcing.
// layer-2 uses seccomp-bpf. It requires the layer-1 sandbox to not yet be
// sealed when being engaged.
// For the layer-1 sandbox to work, the current process must be a child of
// the setuid sandbox. InitializeLayerOneSandbox() can only be called once
// per instance of the setuid sandbox.
//
// A typical use case of this class would be:
// 1. Load libraries and do some pre-initialization
// 2. InitializeLayerOneSandbox();
// 3. Do some more initializations (it is ok to fork() here).
// 4. CHECK(!HasOpenDirectory));
//    (This check is not strictly necessary, as the only possibility for a
//    new directory descriptor to exist after (2) has been called is via IPC)).
// 5. InitializeLayerTwoSandbox();
// 6. SealLayerOneSandbox();
// 7. CheckSandboxingStateWithPolicy();
class NaClSandbox {
 public:
  NaClSandbox();

  NaClSandbox(const NaClSandbox&) = delete;
  NaClSandbox& operator=(const NaClSandbox&) = delete;

  ~NaClSandbox();

  // This API will only work if the layer-1 sandbox is not sealed and the
  // layer-2 sandbox is not engaged.
  bool IsSingleThreaded();
  // Check whether the current process owns any directory file descriptors. This
  // will ignore any directory file descriptor owned by this object (i.e. those
  // that will be closed after SealLayerOneSandbox()) is called.
  // This API will only work if the layer-1 sandbox is not sealed and the
  // layer-2 sandbox is not engaged.
  bool HasOpenDirectory();
  // Will attempt to initialize the layer-1 sandbox, depending on flags and the
  // environment. It can only succeed if the current process is a child of the
  // setuid sandbox or was started by the namespace sandbox.
  void InitializeLayerOneSandbox();
  // Will attempt to initialize the layer-2 sandbox, depending on flags and the
  // environment.
  // This layer will also add a limit to how much of the address space can be
  // used.
  void InitializeLayerTwoSandbox();
  // Seal the layer-1 sandbox, making it enforcing.
  void SealLayerOneSandbox();
  // Check that the current sandboxing state matches the level of sandboxing
  // expected for NaCl in the current configuration. Crash if it does not.
  void CheckSandboxingStateWithPolicy();

  bool layer_one_enabled() { return layer_one_enabled_; }
  bool layer_two_enabled() { return layer_two_enabled_; }

 private:
  void CheckForExpectedNumberOfOpenFds();

  bool layer_one_enabled_;
  bool layer_one_sealed_;
  bool layer_two_enabled_;
  // |proc_fd_| must be released before the layer-1 sandbox is considered
  // enforcing.
  base::ScopedFD proc_fd_;
  std::unique_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
};

}  // namespace nacl

#endif  // COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_