Linux sandbox: Allow mincore for SharedMemoryTracker

We'd like to use CountResidentBytes in child processes to know resident size of base::SharedMemory, but this function is currently unavailable in sandboxed processes since this function uses 'mincore' syscall. This CL changes the sandbox policy to allow mincore everywhere on Linux and Android. Bug: 741984 Change-Id: Ie3e595c872e2ec52d2b36660cee0a6710012859a Reviewed-on: https://chromium-review.googlesource.com/566757 Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#487390}

Linux sandbox: Allow mincore for SharedMemoryTracker
We'd like to use CountResidentBytes in child processes to know resident size of base::SharedMemory, but this function is currently unavailable in sandboxed processes since this function uses 'mincore' syscall. This CL changes the sandbox policy to allow mincore everywhere on Linux and Android. Bug: 741984 Change-Id: Ie3e595c872e2ec52d2b36660cee0a6710012859a Reviewed-on: https://chromium-review.googlesource.com/566757 Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#487390}
94cba8e2 · Hajime Hoshi · Commit Bot · 6330d60e · 94cba8e2 · 94cba8e2
Commit 94cba8e2 authored Jul 18, 2017 by Hajime Hoshi Committed by Commit Bot Jul 18, 2017
5 changed files
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -237,10 +237,7 @@ bool UpdateProcessTypeAndEnableSandbox(

 }  // namespace

-GpuProcessPolicy::GpuProcessPolicy() : GpuProcessPolicy(false) {}
-
-GpuProcessPolicy::GpuProcessPolicy(bool allow_mincore)
-    : broker_process_(NULL), allow_mincore_(allow_mincore) {}
+GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {}

 GpuProcessPolicy::~GpuProcessPolicy() {}

@@ -253,11 +250,7 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
    case __NR_ioctl:
      return Allow();
    case __NR_mincore:
-      if (allow_mincore_) {
-        return Allow();
-      } else {
-        return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
-      }
+      return Allow();
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
    // The Nvidia driver uses flags not in the baseline policy
    // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT)

--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.h
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.h
@@ -24,7 +24,6 @@ namespace content {
 class GpuProcessPolicy : public SandboxBPFBasePolicy {
 public:
  GpuProcessPolicy();
-  explicit GpuProcessPolicy(bool allow_mincore);
  ~GpuProcessPolicy() override;

  sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
@@ -58,9 +57,6 @@ class GpuProcessPolicy : public SandboxBPFBasePolicy {
  // which executes iff the sandbox is going to be enabled afterwards.
  sandbox::syscall_broker::BrokerProcess* broker_process_;

-  // eglCreateWindowSurface() needs mincore().
-  bool allow_mincore_;
-
  DISALLOW_COPY_AND_ASSIGN(GpuProcessPolicy);
 };


--- a/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_renderer_policy_linux.cc
@@ -73,6 +73,7 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
 #if defined(__i386__) || defined(__arm__)
    case __NR_ugetrlimit:
 #endif
+    case __NR_mincore:  // See crbug.com/741984.
    case __NR_mremap:  // See crbug.com/149834.
    case __NR_pread64:
    case __NR_pwrite64:

--- a/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
@@ -37,10 +37,6 @@
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"

-#if !defined(IN_NACL_HELPER)
-#include "ui/gl/gl_switches.h"
-#endif  // !defined(IN_NACL_HELPER)
-
 using sandbox::BaselinePolicy;
 using sandbox::SandboxBPF;
 using sandbox::SyscallSets;
@@ -171,11 +167,7 @@ std::unique_ptr<SandboxBPFBasePolicy> GetGpuProcessSandbox() {
    return std::unique_ptr<SandboxBPFBasePolicy>(
        new CrosArmGpuProcessPolicy(allow_sysv_shm));
  } else {
-    bool allow_mincore = command_line.HasSwitch(switches::kUseGL) &&
-                         command_line.GetSwitchValueASCII(switches::kUseGL) ==
-                             gl::kGLImplementationEGLName;
-    return std::unique_ptr<SandboxBPFBasePolicy>(
-        new GpuProcessPolicy(allow_mincore));
+    return std::unique_ptr<SandboxBPFBasePolicy>(new GpuProcessPolicy());
  }
 }


--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
@@ -88,10 +88,11 @@ ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {
    case __NR_getdents64:
    case __NR_getpriority:
    case __NR_ioctl:
-#if defined(__i386__)
-    // While mincore is on multiple arches, it is only used on Android by x86.
-    case __NR_mincore:  // https://crbug.com/701137
-#endif
+    // TODO(https://crbug.com/739879): Mincore should only be allowed in the
+    // baseline policy for x86 (https://crbug.com/701137), but currently this
+    // policy is used directly by //content, and mincore needs to be allowed per
+    // https://crbug.com/741984.
+    case __NR_mincore:
    case __NR_mremap:
 #if defined(__i386__)
    // Used on pre-N to initialize threads in ART.