Commit 75206f40 authored by Leo Zhang's avatar Leo Zhang Committed by Commit Bot

Preload decoder DSO before engaging the sandbox

Due to an upcoming change in glibc, we won't be able to support
dlopening after engaging the sandbox unless a very new kernel.

So we preload the libimedecoder in the sandbox hook and remove the
permissions of its shared library dependencies from the sandbox.


TEST=builds and run on vm.

Bug: 837156
Change-Id: I64bcb651c055553390785d8cb1eaa2e516157a3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2423826Reviewed-by: default avatarMatthew Denton <mpdenton@chromium.org>
Commit-Queue: Leo Zhang <googleo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#810065}
parent cb4872e5
......@@ -24,6 +24,7 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] =
FILE_PATH_LITERAL("/home/chronos/" IME_DIR_STRING);
const base::FilePath::CharType kLanguageDataDirName[] =
FILE_PATH_LITERAL("google");
const char kCrosImeDecoderLib[] = "libimedecoder.so";
#else
// IME service does not support third-party IME yet, so the paths below kind
// of act like a placeholder. In the future, put some well-designed paths here.
......@@ -35,6 +36,8 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] =
FILE_PATH_LITERAL("/tmp/" IME_DIR_STRING);
const base::FilePath::CharType kLanguageDataDirName[] =
FILE_PATH_LITERAL("data");
// IME service does not support third-party IME decoder yet.
const char kCrosImeDecoderLib[] = "";
#endif
const char kGoogleKeyboardDownloadDomain[] = "dl.google.com";
......
......@@ -44,6 +44,10 @@ extern const base::FilePath::CharType kLanguageDataDirName[];
// The domain of Google Keyboard language dictionary download URL.
COMPONENT_EXPORT(CHROMEOS_IME_CONSTANTS)
extern const char kGoogleKeyboardDownloadDomain[];
// The name of ChromeOS IME decoder shared Library.
COMPONENT_EXPORT(CHROMEOS_IME_CONSTANTS)
extern const char kCrosImeDecoderLib[];
} // namespace ime
} // namespace chromeos
......
......@@ -7,7 +7,6 @@
#include "base/bind_helpers.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "build/buildflag.h"
#include "chromeos/services/ime/constants.h"
#include "chromeos/services/ime/public/cpp/buildflags.h"
#include "chromeos/services/ime/public/proto/messages.pb.h"
......@@ -20,13 +19,6 @@ namespace {
// Whether to create a fake main entry.
bool g_fake_main_entry_for_testing = false;
#if BUILDFLAG(ENABLE_CROS_IME_SANITY_TEST_SO)
// This is for development purposes only.
const char kDecoderLibName[] = "imesanitytest";
#else
const char kDecoderLibName[] = "imedecoder";
#endif
// A client delegate that makes calls on client side.
class ClientDelegate : public ImeClientDelegate {
public:
......@@ -79,7 +71,7 @@ void FakeEngineMainEntryForTesting() {
DecoderEngine::DecoderEngine(ImeCrosPlatform* platform) : platform_(platform) {
if (g_fake_main_entry_for_testing) {
// TODO(b/156897880): Impl the fake main entry.
// TODO(b/156897880): Add a fake main entry.
} else {
if (!TryLoadDecoder()) {
LOG(ERROR) << "DecoderEngine INIT FAILED!";
......@@ -93,8 +85,8 @@ bool DecoderEngine::TryLoadDecoder() {
if (engine_main_entry_)
return true;
// Load the decoder library.
base::FilePath lib_path(base::GetNativeLibraryName(kDecoderLibName));
// Load the decoder whose DSO has been preloaded before sandbox is engaged.
base::FilePath lib_path(kCrosImeDecoderLib);
library_ = base::ScopedNativeLibrary(lib_path);
if (!library_.is_valid()) {
......
......@@ -4,6 +4,7 @@
#include "chromeos/services/ime/ime_sandbox_hook.h"
#include <dlfcn.h>
#include <vector>
#include "base/files/file_path.h"
......@@ -31,22 +32,11 @@ inline constexpr bool CrosImeSharedDataEnabled() {
#endif
}
void AddSharedLibraryAndDepsPath(
std::vector<BrokerFilePermission>* permissions) {
// Where IME decoder shared library and its dependencies will live.
static const char* kReadOnlyLibDirs[] =
#if defined(__x86_64__) || defined(__aarch64__)
{"/usr/lib64", "/lib64"};
#else
{"/usr/lib", "/lib"};
#endif
constexpr int dlopen_flag = RTLD_LAZY | RTLD_NODELETE;
for (const char* dir : kReadOnlyLibDirs) {
std::string path(dir);
permissions->push_back(
BrokerFilePermission::StatOnlyWithIntermediateDirs(path));
permissions->push_back(BrokerFilePermission::ReadOnlyRecursive(path + "/"));
}
void PreloadSharedLibrary() {
if (!dlopen(kCrosImeDecoderLib, dlopen_flag))
LOG(ERROR) << "Unable to open " << kCrosImeDecoderLib << " : " << dlerror();
}
void AddBundleFolder(std::vector<BrokerFilePermission>* permissions) {
......@@ -93,7 +83,7 @@ std::vector<BrokerFilePermission> GetImeFilePermissions() {
BrokerFilePermission::ReadOnly("/dev/urandom"),
BrokerFilePermission::ReadOnly("/sys/devices/system/cpu")};
AddSharedLibraryAndDepsPath(&permissions);
PreloadSharedLibrary();
AddBundleFolder(&permissions);
AddUserDataFolder(&permissions);
AddSharedDataFolderIfEnabled(&permissions);
......
......@@ -10,10 +10,7 @@ import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni")
buildflag_header("buildflags") {
header = "buildflags.h"
flags = [
"ENABLE_CROS_IME_SHARED_DATA=$enable_cros_ime_shared_data",
"ENABLE_CROS_IME_SANITY_TEST_SO=$enable_cros_ime_sanity_test_so",
]
flags = [ "ENABLE_CROS_IME_SHARED_DATA=$enable_cros_ime_shared_data" ]
}
source_set("rulebased") {
......
......@@ -5,8 +5,4 @@
declare_args() {
# Enable share language modules between IME services.
enable_cros_ime_shared_data = false
# Enable to load a shared library for sanity tests only.
# This is for debugging purposes only.
enable_cros_ime_sanity_test_so = false
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment