Commit 75206f40 authored by Leo Zhang's avatar Leo Zhang Committed by Commit Bot

Preload decoder DSO before engaging the sandbox

Due to an upcoming change in glibc, we won't be able to support
dlopening after engaging the sandbox unless a very new kernel.

So we preload the libimedecoder in the sandbox hook and remove the
permissions of its shared library dependencies from the sandbox.


TEST=builds and run on vm.

Bug: 837156
Change-Id: I64bcb651c055553390785d8cb1eaa2e516157a3b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2423826Reviewed-by: default avatarMatthew Denton <mpdenton@chromium.org>
Commit-Queue: Leo Zhang <googleo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#810065}
parent cb4872e5
...@@ -24,6 +24,7 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] = ...@@ -24,6 +24,7 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] =
FILE_PATH_LITERAL("/home/chronos/" IME_DIR_STRING); FILE_PATH_LITERAL("/home/chronos/" IME_DIR_STRING);
const base::FilePath::CharType kLanguageDataDirName[] = const base::FilePath::CharType kLanguageDataDirName[] =
FILE_PATH_LITERAL("google"); FILE_PATH_LITERAL("google");
const char kCrosImeDecoderLib[] = "libimedecoder.so";
#else #else
// IME service does not support third-party IME yet, so the paths below kind // IME service does not support third-party IME yet, so the paths below kind
// of act like a placeholder. In the future, put some well-designed paths here. // of act like a placeholder. In the future, put some well-designed paths here.
...@@ -35,6 +36,8 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] = ...@@ -35,6 +36,8 @@ const base::FilePath::CharType kSharedInputMethodsDirPath[] =
FILE_PATH_LITERAL("/tmp/" IME_DIR_STRING); FILE_PATH_LITERAL("/tmp/" IME_DIR_STRING);
const base::FilePath::CharType kLanguageDataDirName[] = const base::FilePath::CharType kLanguageDataDirName[] =
FILE_PATH_LITERAL("data"); FILE_PATH_LITERAL("data");
// IME service does not support third-party IME decoder yet.
const char kCrosImeDecoderLib[] = "";
#endif #endif
const char kGoogleKeyboardDownloadDomain[] = "dl.google.com"; const char kGoogleKeyboardDownloadDomain[] = "dl.google.com";
......
...@@ -44,6 +44,10 @@ extern const base::FilePath::CharType kLanguageDataDirName[]; ...@@ -44,6 +44,10 @@ extern const base::FilePath::CharType kLanguageDataDirName[];
// The domain of Google Keyboard language dictionary download URL. // The domain of Google Keyboard language dictionary download URL.
COMPONENT_EXPORT(CHROMEOS_IME_CONSTANTS) COMPONENT_EXPORT(CHROMEOS_IME_CONSTANTS)
extern const char kGoogleKeyboardDownloadDomain[]; extern const char kGoogleKeyboardDownloadDomain[];
// The name of ChromeOS IME decoder shared Library.
COMPONENT_EXPORT(CHROMEOS_IME_CONSTANTS)
extern const char kCrosImeDecoderLib[];
} // namespace ime } // namespace ime
} // namespace chromeos } // namespace chromeos
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
#include "base/bind_helpers.h" #include "base/bind_helpers.h"
#include "base/files/file_path.h" #include "base/files/file_path.h"
#include "base/files/file_util.h" #include "base/files/file_util.h"
#include "build/buildflag.h"
#include "chromeos/services/ime/constants.h" #include "chromeos/services/ime/constants.h"
#include "chromeos/services/ime/public/cpp/buildflags.h" #include "chromeos/services/ime/public/cpp/buildflags.h"
#include "chromeos/services/ime/public/proto/messages.pb.h" #include "chromeos/services/ime/public/proto/messages.pb.h"
...@@ -20,13 +19,6 @@ namespace { ...@@ -20,13 +19,6 @@ namespace {
// Whether to create a fake main entry. // Whether to create a fake main entry.
bool g_fake_main_entry_for_testing = false; bool g_fake_main_entry_for_testing = false;
#if BUILDFLAG(ENABLE_CROS_IME_SANITY_TEST_SO)
// This is for development purposes only.
const char kDecoderLibName[] = "imesanitytest";
#else
const char kDecoderLibName[] = "imedecoder";
#endif
// A client delegate that makes calls on client side. // A client delegate that makes calls on client side.
class ClientDelegate : public ImeClientDelegate { class ClientDelegate : public ImeClientDelegate {
public: public:
...@@ -79,7 +71,7 @@ void FakeEngineMainEntryForTesting() { ...@@ -79,7 +71,7 @@ void FakeEngineMainEntryForTesting() {
DecoderEngine::DecoderEngine(ImeCrosPlatform* platform) : platform_(platform) { DecoderEngine::DecoderEngine(ImeCrosPlatform* platform) : platform_(platform) {
if (g_fake_main_entry_for_testing) { if (g_fake_main_entry_for_testing) {
// TODO(b/156897880): Impl the fake main entry. // TODO(b/156897880): Add a fake main entry.
} else { } else {
if (!TryLoadDecoder()) { if (!TryLoadDecoder()) {
LOG(ERROR) << "DecoderEngine INIT FAILED!"; LOG(ERROR) << "DecoderEngine INIT FAILED!";
...@@ -93,8 +85,8 @@ bool DecoderEngine::TryLoadDecoder() { ...@@ -93,8 +85,8 @@ bool DecoderEngine::TryLoadDecoder() {
if (engine_main_entry_) if (engine_main_entry_)
return true; return true;
// Load the decoder library. // Load the decoder whose DSO has been preloaded before sandbox is engaged.
base::FilePath lib_path(base::GetNativeLibraryName(kDecoderLibName)); base::FilePath lib_path(kCrosImeDecoderLib);
library_ = base::ScopedNativeLibrary(lib_path); library_ = base::ScopedNativeLibrary(lib_path);
if (!library_.is_valid()) { if (!library_.is_valid()) {
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
#include "chromeos/services/ime/ime_sandbox_hook.h" #include "chromeos/services/ime/ime_sandbox_hook.h"
#include <dlfcn.h>
#include <vector> #include <vector>
#include "base/files/file_path.h" #include "base/files/file_path.h"
...@@ -31,22 +32,11 @@ inline constexpr bool CrosImeSharedDataEnabled() { ...@@ -31,22 +32,11 @@ inline constexpr bool CrosImeSharedDataEnabled() {
#endif #endif
} }
void AddSharedLibraryAndDepsPath( constexpr int dlopen_flag = RTLD_LAZY | RTLD_NODELETE;
std::vector<BrokerFilePermission>* permissions) {
// Where IME decoder shared library and its dependencies will live.
static const char* kReadOnlyLibDirs[] =
#if defined(__x86_64__) || defined(__aarch64__)
{"/usr/lib64", "/lib64"};
#else
{"/usr/lib", "/lib"};
#endif
for (const char* dir : kReadOnlyLibDirs) { void PreloadSharedLibrary() {
std::string path(dir); if (!dlopen(kCrosImeDecoderLib, dlopen_flag))
permissions->push_back( LOG(ERROR) << "Unable to open " << kCrosImeDecoderLib << " : " << dlerror();
BrokerFilePermission::StatOnlyWithIntermediateDirs(path));
permissions->push_back(BrokerFilePermission::ReadOnlyRecursive(path + "/"));
}
} }
void AddBundleFolder(std::vector<BrokerFilePermission>* permissions) { void AddBundleFolder(std::vector<BrokerFilePermission>* permissions) {
...@@ -93,7 +83,7 @@ std::vector<BrokerFilePermission> GetImeFilePermissions() { ...@@ -93,7 +83,7 @@ std::vector<BrokerFilePermission> GetImeFilePermissions() {
BrokerFilePermission::ReadOnly("/dev/urandom"), BrokerFilePermission::ReadOnly("/dev/urandom"),
BrokerFilePermission::ReadOnly("/sys/devices/system/cpu")}; BrokerFilePermission::ReadOnly("/sys/devices/system/cpu")};
AddSharedLibraryAndDepsPath(&permissions); PreloadSharedLibrary();
AddBundleFolder(&permissions); AddBundleFolder(&permissions);
AddUserDataFolder(&permissions); AddUserDataFolder(&permissions);
AddSharedDataFolderIfEnabled(&permissions); AddSharedDataFolderIfEnabled(&permissions);
......
...@@ -10,10 +10,7 @@ import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni") ...@@ -10,10 +10,7 @@ import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni")
buildflag_header("buildflags") { buildflag_header("buildflags") {
header = "buildflags.h" header = "buildflags.h"
flags = [ flags = [ "ENABLE_CROS_IME_SHARED_DATA=$enable_cros_ime_shared_data" ]
"ENABLE_CROS_IME_SHARED_DATA=$enable_cros_ime_shared_data",
"ENABLE_CROS_IME_SANITY_TEST_SO=$enable_cros_ime_sanity_test_so",
]
} }
source_set("rulebased") { source_set("rulebased") {
......
...@@ -5,8 +5,4 @@ ...@@ -5,8 +5,4 @@
declare_args() { declare_args() {
# Enable share language modules between IME services. # Enable share language modules between IME services.
enable_cros_ime_shared_data = false enable_cros_ime_shared_data = false
# Enable to load a shared library for sanity tests only.
# This is for debugging purposes only.
enable_cros_ime_sanity_test_so = false
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment