Linux: add BPF sandbox status in about:sandbox

This adds the status of the BPF sandbox in about:sandbox. This is of course pretty limited because the real status depends on the process type. We assume renderers. BUG= TBR=joi@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10829156 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149896 0039d316-1c4b-4281-b951-d872f2087c98

Linux: add BPF sandbox status in about:sandbox
This adds the status of the BPF sandbox in about:sandbox. This is of course pretty limited because the real status depends on the process type. We assume renderers. BUG= TBR=joi@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10829156 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149896 0039d316-1c4b-4281-b951-d872f2087c98
80f09e9a · jln@chromium.org · 0d44b274 · 80f09e9a · 80f09e9a · 80f09e9a
Commit 80f09e9a authored Aug 03, 2012 by jln@chromium.org
5 changed files
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -16249,8 +16249,11 @@ Battery full
      <message name="IDS_ABOUT_SANDBOX_NET_NAMESPACES" desc="This a technical term for an attribute of the SUID sandbox. A namespace is a technical term which refers to set of names for objects which are disjoint from the members of all other namespaces.">
        Network namespaces
      </message>
-      <message name="IDS_ABOUT_SANDBOX_SECCOMP_SANDBOX" desc="The name of a type of sandbox used by Chrome on UNIX like systems. 'Seccomp' is a technical term which should be left untranslated.">
-        Seccomp sandbox
+      <message name="IDS_ABOUT_SANDBOX_SECCOMP_LEGACY_SANDBOX" desc="The name of a type of sandbox used by Chrome on UNIX like systems. 'Seccomp-legacy' is a technical term which should be left untranslated.">
+        Seccomp-legacy sandbox
+      </message>
+      <message name="IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX" desc="The name of a type of sandbox used by Chrome on UNIX like systems. 'Seccomp-BPF' is a technical term which should be left untranslated.">
+        Seccomp-BPF sandbox
      </message>
      <message name="IDS_ABOUT_SANDBOX_OK" desc="A message telling the user that their sandbox is sufficient.">
        You are adequately sandboxed.

--- a/chrome/browser/ui/webui/about_ui.cc
+++ b/chrome/browser/ui/webui/about_ui.cc
@@ -975,14 +975,19 @@ std::string AboutSandbox() {
                  status & content::kSandboxLinuxPIDNS);
  AboutSandboxRow(&data, "&nbsp;&nbsp;", IDS_ABOUT_SANDBOX_NET_NAMESPACES,
                  status & content::kSandboxLinuxNetNS);
-  AboutSandboxRow(&data, "", IDS_ABOUT_SANDBOX_SECCOMP_SANDBOX,
-                  status & content::kSandboxLinuxSeccomp);
+  AboutSandboxRow(&data, "", IDS_ABOUT_SANDBOX_SECCOMP_LEGACY_SANDBOX,
+                  status & content::kSandboxLinuxSeccompLegacy);
+  AboutSandboxRow(&data, "", IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX,
+                  status & content::kSandboxLinuxSeccompBpf);

  data.append("</table>");

+  // We do not consider the seccomp-bpf status here as the renderers
+  // policy is weak at the moment.
+  // TODO(jln): fix when whe have better renderer policies.
  bool good = ((status & content::kSandboxLinuxSUID) &&
               (status & content::kSandboxLinuxPIDNS)) ||
-              (status & content::kSandboxLinuxSeccomp);
+              (status & content::kSandboxLinuxSeccompLegacy);
  if (good) {
    data.append("<p style=\"color: green\">");
    data.append(l10n_util::GetStringUTF8(IDS_ABOUT_SANDBOX_OK));

--- a/content/common/sandbox_linux.cc
+++ b/content/common/sandbox_linux.cc
@@ -160,7 +160,12 @@ int LinuxSandbox::GetStatus() const {
      ShouldEnableSeccompLegacy(switches::kRendererProcess)) {
    // We report whether the sandbox will be activated when renderers go
    // through sandbox initialization.
-    sandbox_flags |= kSandboxLinuxSeccomp;
+    sandbox_flags |= kSandboxLinuxSeccompLegacy;
+  }
+  if (seccomp_bpf_supported() &&
+      SandboxSeccompBpf::ShouldEnableSeccompBpf(switches::kRendererProcess)) {
+    // Same here, what we report is what we will do for the renderer.
+    sandbox_flags |= kSandboxLinuxSeccompBpf;
  }
  return sandbox_flags;
 }

--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -510,6 +510,15 @@ bool SandboxSeccompBpf::IsSeccompBpfDesired() {
  }
 }

+bool SandboxSeccompBpf::ShouldEnableSeccompBpf(
+    const std::string& process_type) {
+#if defined(SECCOMP_BPF_SANDBOX)
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  return !ShouldDisableBpfSandbox(command_line, process_type);
+#endif
+  return false;
+}
+
 bool SandboxSeccompBpf::SupportsSandbox() {
 #if defined(SECCOMP_BPF_SANDBOX)
  // TODO(jln): pass the saved proc_fd_ from the LinuxSandbox singleton
@@ -528,7 +537,7 @@ bool SandboxSeccompBpf::StartSandbox(const std::string& process_type) {

  if (IsSeccompBpfDesired() &&  // Global switches policy.
      // Process-specific policy.
-      !ShouldDisableBpfSandbox(command_line, process_type) &&
+      ShouldEnableSeccompBpf(process_type) &&
      SupportsSandbox()) {
    return StartBpfSandbox_x86(command_line, process_type);
  }

--- a/content/public/common/sandbox_linux.h
+++ b/content/public/common/sandbox_linux.h
@@ -21,7 +21,10 @@ enum LinuxSandboxStatus {
  kSandboxLinuxNetNS = 1 << 2,

  // seccomp-legacy sandbox active.
-  kSandboxLinuxSeccomp = 1 << 3,
+  kSandboxLinuxSeccompLegacy = 1 << 3,
+
+  // seccomp-bpf sandbox active.
+  kSandboxLinuxSeccompBpf = 1 << 4,
 };

 }  // namespace content