Blame - cros-disks/sandboxed_process.cc - chromium.googlesource.com/chromiumos/platform2

blob: 4e4007dbd4a9fa165c9dbc3ce6250f8e9caa9d0f [file] [log] [blame]

Ben Chan	6f391cb	2012-03-21 17:38:21 -0700	[diff] [blame]	1	// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
Ben Chan	5ccd9fe	2013-11-13 18:28:27 -0800	[diff] [blame]	5	#include "cros-disks/sandboxed_process.h"
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	6
François Degros	54abc1d	2020-02-05 18:43:21 +1100	[diff] [blame]	7	#include <utility>
				8
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	9	#include <stdlib.h>
				10
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	11	#include <sys/mount.h>
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	12	#include <sys/wait.h>
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	13	#include <unistd.h>
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	14
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	15	#include <base/bind.h>
Qijiang Fan	713061e	2021-03-08 15:45:12 +0900	[diff] [blame]	16	#include <base/check.h>
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	17	#include <base/files/file_util.h>
				18	#include <base/files/scoped_file.h>
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	19	#include <base/logging.h>
Qijiang Fan	886c469	2021-02-19 11:54:10 +0900	[diff] [blame]	20	#include <base/notreached.h>
François Degros	2ca49ef	2019-10-02 15:02:36 +1000	[diff] [blame]	21	#include <base/posix/safe_strerror.h>
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	22	#include <chromeos/libminijail.h>
				23
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	24	#include "cros-disks/mount_options.h"
François Degros	5593b8c	2019-07-25 12:27:42 +1000	[diff] [blame]	25	#include "cros-disks/quote.h"
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	26	#include "cros-disks/sandboxed_init.h"
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	27
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	28	namespace cros_disks {
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	29	namespace {
				30
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	31	int Exec(char* const args[], char* const env[]) {
François Degros	5593b8c	2019-07-25 12:27:42 +1000	[diff] [blame]	32	const char* const path = args[0];
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	33	execve(path, args, env);
François Degros	a97ad49	2019-10-04 12:12:12 +1000	[diff] [blame]	34	const int ret =
				35	(errno == ENOENT ? MINIJAIL_ERR_NO_COMMAND : MINIJAIL_ERR_NO_ACCESS);
				36	PLOG(ERROR) << "Cannot exec " << quote(path);
				37	return ret;
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	38	}
				39
				40	} // namespace
				41
Ben Chan	de0e3f6	2017-09-26 06:28:39 -0700	[diff] [blame]	42	SandboxedProcess::SandboxedProcess() : jail_(minijail_new()) {
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	43	CHECK(jail_) << "Failed to create a process jail";
				44	}
				45
				46	SandboxedProcess::~SandboxedProcess() {
				47	minijail_destroy(jail_);
				48	}
				49
Ben Chan	213c6d9	2019-04-10 16:21:52 -0700	[diff] [blame]	50	void SandboxedProcess::LoadSeccompFilterPolicy(const std::string& policy_file) {
Ben Chan	98f8ae0	2011-10-04 16:34:34 -0700	[diff] [blame]	51	minijail_parse_seccomp_filters(jail_, policy_file.c_str());
				52	minijail_use_seccomp_filter(jail_);
				53	}
				54
Ben Chan	0dd4188	2017-05-24 00:46:10 -0700	[diff] [blame]	55	void SandboxedProcess::NewCgroupNamespace() {
				56	minijail_namespace_cgroups(jail_);
				57	}
				58
				59	void SandboxedProcess::NewIpcNamespace() {
				60	minijail_namespace_ipc(jail_);
				61	}
				62
Ben Chan	44125df	2017-05-22 11:29:11 -0700	[diff] [blame]	63	void SandboxedProcess::NewMountNamespace() {
				64	minijail_namespace_vfs(jail_);
				65	}
				66
Jorge Lucangeli Obes	0a388a2	2020-04-06 11:43:21 -0400	[diff] [blame]	67	void SandboxedProcess::EnterExistingMountNamespace(const std::string& ns_path) {
				68	minijail_namespace_enter_vfs(jail_, ns_path.c_str());
				69	}
				70
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	71	void SandboxedProcess::NewPidNamespace() {
				72	minijail_namespace_pids(jail_);
				73	minijail_run_as_init(jail_);
Sergei Datsenko	1c8f215	2019-06-19 15:21:21 +1000	[diff] [blame]	74	minijail_reset_signal_mask(jail_);
				75	minijail_reset_signal_handlers(jail_);
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	76	run_custom_init_ = true;
				77	}
				78
Sergei Datsenko	1cf9f3d	2019-01-02 14:39:48 +1100	[diff] [blame]	79	bool SandboxedProcess::SetUpMinimalMounts() {
				80	if (minijail_bind(jail_, "/", "/", 0))
				81	return false;
				82	if (minijail_bind(jail_, "/proc", "/proc", 0))
				83	return false;
				84	minijail_remount_proc_readonly(jail_);
Sergei Datsenko	d3d5c4c	2021-02-03 14:45:59 +1100	[diff] [blame]	85	minijail_mount_tmp_size(jail_, 128 * 1024 * 1024);
Anand K Mistry	238aae1	2019-01-22 15:02:46 +1100	[diff] [blame]	86
				87	// Create a minimal /dev with a very restricted set of device nodes.
				88	minijail_mount_dev(jail_);
Sergei Datsenko	82e7091	2019-10-23 10:51:08 +1100	[diff] [blame]	89	if (minijail_bind(jail_, "/dev/log", "/dev/log", 0))
				90	return false;
Sergei Datsenko	1cf9f3d	2019-01-02 14:39:48 +1100	[diff] [blame]	91	return true;
				92	}
				93
				94	bool SandboxedProcess::BindMount(const std::string& from,
				95	const std::string& to,
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	96	bool writeable,
				97	bool recursive) {
Sergei Datsenko	3928f78	2020-12-31 09:14:04 +1100	[diff] [blame]	98	int flags = MS_BIND;
Anand K Mistry	956a550	2019-03-06 17:12:59 +1100	[diff] [blame]	99	if (!writeable) {
				100	flags \|= MS_RDONLY;
				101	}
				102	if (recursive) {
				103	flags \|= MS_REC;
				104	}
				105	return minijail_mount(jail_, from.c_str(), to.c_str(), "", flags) == 0;
Sergei Datsenko	1cf9f3d	2019-01-02 14:39:48 +1100	[diff] [blame]	106	}
				107
				108	bool SandboxedProcess::Mount(const std::string& src,
				109	const std::string& to,
				110	const std::string& type,
				111	const char* data) {
				112	return minijail_mount_with_data(jail_, src.c_str(), to.c_str(), type.c_str(),
				113	0, data) == 0;
				114	}
				115
				116	bool SandboxedProcess::EnterPivotRoot() {
Allen Webb	2b6e35d	2019-02-21 10:06:31 -0800	[diff] [blame]	117	return minijail_enter_pivot_root(jail_, "/mnt/empty") == 0;
Sergei Datsenko	1cf9f3d	2019-01-02 14:39:48 +1100	[diff] [blame]	118	}
				119
Ben Chan	0dd4188	2017-05-24 00:46:10 -0700	[diff] [blame]	120	void SandboxedProcess::NewNetworkNamespace() {
				121	minijail_namespace_net(jail_);
				122	}
				123
Ben Chan	44125df	2017-05-22 11:29:11 -0700	[diff] [blame]	124	void SandboxedProcess::SkipRemountPrivate() {
				125	minijail_skip_remount_private(jail_);
				126	}
				127
Ben Chan	0dd4188	2017-05-24 00:46:10 -0700	[diff] [blame]	128	void SandboxedProcess::SetNoNewPrivileges() {
				129	minijail_no_new_privs(jail_);
				130	}
				131
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	132	void SandboxedProcess::SetCapabilities(uint64_t capabilities) {
				133	minijail_use_caps(jail_, capabilities);
				134	}
				135
				136	void SandboxedProcess::SetGroupId(gid_t group_id) {
				137	minijail_change_gid(jail_, group_id);
				138	}
				139
				140	void SandboxedProcess::SetUserId(uid_t user_id) {
				141	minijail_change_uid(jail_, user_id);
				142	}
				143
François Degros	54abc1d	2020-02-05 18:43:21 +1100	[diff] [blame]	144	void SandboxedProcess::SetSupplementaryGroupIds(base::span<const gid_t> gids) {
				145	minijail_set_supplementary_gids(jail_, gids.size(), gids.data());
				146	}
				147
Derek Basehore	1709caf	2020-07-17 17:06:38 -0700	[diff] [blame]	148	bool SandboxedProcess::AddToCgroup(const std::string& cgroup) {
				149	return minijail_add_to_cgroup(jail_, cgroup.c_str()) == 0;
				150	}
				151
Austin Tankiang	9318502	2019-05-20 14:13:20 +1000	[diff] [blame]	152	void SandboxedProcess::CloseOpenFds() {
				153	minijail_close_open_fds(jail_);
				154	}
				155
				156	bool SandboxedProcess::PreserveFile(const base::File& file) {
				157	return minijail_preserve_fd(jail_, file.GetPlatformFile(),
				158	file.GetPlatformFile()) == 0;
				159	}
				160
François Degros	1ef6994	2019-10-01 15:31:17 +1000	[diff] [blame]	161	pid_t SandboxedProcess::StartImpl(base::ScopedFD in_fd,
				162	base::ScopedFD out_fd,
				163	base::ScopedFD err_fd) {
François Degros	5593b8c	2019-07-25 12:27:42 +1000	[diff] [blame]	164	char* const* const args = GetArguments();
				165	DCHECK(args && args[0]);
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	166	char* const* const env = GetEnvironment();
				167	DCHECK(env);
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	168
Ben Chan	acac395	2012-04-24 22:50:01 -0700	[diff] [blame]	169	pid_t child_pid = kInvalidProcessId;
François Degros	1ef6994	2019-10-01 15:31:17 +1000	[diff] [blame]	170
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	171	if (!run_custom_init_) {
François Degros	1ef6994	2019-10-01 15:31:17 +1000	[diff] [blame]	172	minijail_preserve_fd(jail_, in_fd.get(), STDIN_FILENO);
				173	minijail_preserve_fd(jail_, out_fd.get(), STDOUT_FILENO);
				174	minijail_preserve_fd(jail_, err_fd.get(), STDERR_FILENO);
				175
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	176	const int ret = minijail_run_env_pid_pipes(
				177	jail_, args[0], args, env, &child_pid, nullptr, nullptr, nullptr);
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	178	if (ret < 0) {
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	179	LOG(ERROR) << "Cannot start minijail process: "
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	180	<< base::safe_strerror(-ret);
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	181	return kInvalidProcessId;
				182	}
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	183	} else {
François Degros	1ef6994	2019-10-01 15:31:17 +1000	[diff] [blame]	184	SandboxedInit init(std::move(in_fd), std::move(out_fd), std::move(err_fd),
				185	SubprocessPipe::Open(SubprocessPipe::kChildToParent,
				186	&custom_init_control_fd_));
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	187
				188	// Create child process.
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	189	child_pid = minijail_fork(jail_);
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	190	if (child_pid < 0) {
				191	LOG(ERROR) << "Cannot run minijail_fork: "
				192	<< base::safe_strerror(-child_pid);
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	193	return kInvalidProcessId;
				194	}
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	195
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	196	if (child_pid == 0) {
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	197	// In child process.
François Degros	ee31821	2020-07-14 14:11:42 +1000	[diff] [blame]	198	init.RunInsideSandboxNoReturn(base::BindOnce(Exec, args, env));
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	199	NOTREACHED();
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	200	} else {
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	201	// In parent process.
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	202	CHECK(base::SetNonBlocking(custom_init_control_fd_.get()));
				203	}
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	204	}
François Degros	87d8a12	2019-09-20 14:50:08 +1000	[diff] [blame]	205
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	206	return child_pid;
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	207	}
				208
				209	int SandboxedProcess::WaitImpl() {
François Degros	2ca49ef	2019-10-02 15:02:36 +1000	[diff] [blame]	210	while (true) {
				211	const int status = minijail_wait(jail_);
				212	if (status >= 0) {
				213	return status;
				214	}
				215
				216	const int err = -status;
				217	if (err != EINTR) {
				218	LOG(ERROR) << "Cannot wait for process " << pid() << ": "
				219	<< base::safe_strerror(err);
				220	return MINIJAIL_ERR_INIT;
				221	}
				222	}
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	223	}
				224
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	225	int SandboxedProcess::WaitNonBlockingImpl() {
François Degros	02c5c71	2019-10-03 13:00:11 +1000	[diff] [blame]	226	int exit_code;
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	227
				228	if (run_custom_init_ &&
François Degros	02c5c71	2019-10-03 13:00:11 +1000	[diff] [blame]	229	SandboxedInit::PollLauncherStatus(&custom_init_control_fd_, &exit_code)) {
				230	return exit_code;
Sergei Datsenko	495f5da	2019-06-06 17:44:23 +1000	[diff] [blame]	231	}
				232
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	233	// TODO(chromium:971667) Use Minijail's non-blocking wait once it exists.
François Degros	02c5c71	2019-10-03 13:00:11 +1000	[diff] [blame]	234	int wstatus;
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	235	const pid_t child_pid = pid();
				236	const int ret = waitpid(child_pid, &wstatus, WNOHANG);
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	237	if (ret < 0) {
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	238	PLOG(ERROR) << "Cannot wait for process " << child_pid;
				239	return MINIJAIL_ERR_INIT;
Ben Chan	acac395	2012-04-24 22:50:01 -0700	[diff] [blame]	240	}
				241
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	242	if (ret == 0) {
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	243	// Process is still running.
				244	return -1;
Sergei Datsenko	cd676b7	2019-05-10 11:42:05 +1000	[diff] [blame]	245	}
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	246
François Degros	92bbea4	2019-09-13 10:42:52 +1000	[diff] [blame]	247	return SandboxedInit::WStatusToStatus(wstatus);
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	248	}
				249
Sergei Datsenko	f5553d1	2020-11-25 07:51:59 +1100	[diff] [blame]	250	int FakeSandboxedProcess::OnProcessLaunch(
				251	const std::vector<std::string>& argv) {
				252	return 0;
				253	}
				254
				255	pid_t FakeSandboxedProcess::StartImpl(base::ScopedFD,
				256	base::ScopedFD,
				257	base::ScopedFD) {
				258	DCHECK(!ret_code_);
				259	ret_code_ = OnProcessLaunch(arguments());
				260	return 42;
				261	}
				262
				263	int FakeSandboxedProcess::WaitImpl() {
				264	DCHECK(ret_code_);
				265	return ret_code_.value();
				266	}
				267
				268	int FakeSandboxedProcess::WaitNonBlockingImpl() {
				269	if (ret_code_)
				270	return ret_code_.value();
				271	return -1;
				272	}
				273
Ben Chan	f68ea49	2011-08-23 10:11:08 -0700	[diff] [blame]	274	} // namespace cros_disks