Merge from Chromium at DEPS revision 267aeeb8d85c
This commit was generated by merge_to_master.py.
Change-Id: Id3aac9713b301fae64408cdaee0888724eeb7c0e
diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
index 9f481d6..659af01 100644
--- a/sandbox/linux/BUILD.gn
+++ b/sandbox/linux/BUILD.gn
@@ -35,6 +35,7 @@
}
source_set("sandbox_linux_test_utils") {
+ testonly = true
sources = [
"tests/sandbox_test_runner.cc",
"tests/sandbox_test_runner.h",
@@ -85,6 +86,11 @@
"//testing/gtest",
]
+ if (is_linux) {
+ # Don't use this on Android.
+ libs = [ "rt" ]
+ }
+
if (compile_suid_client) {
sources += [
"suid/client/setuid_sandbox_client_unittest.cc",
@@ -92,13 +98,14 @@
}
if (use_seccomp_bpf) {
sources += [
+ "bpf_dsl/bpf_dsl_more_unittest.cc",
"bpf_dsl/bpf_dsl_unittest.cc",
"bpf_dsl/cons_unittest.cc",
"seccomp-bpf-helpers/baseline_policy_unittest.cc",
+ "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc",
"seccomp-bpf/bpf_tests_unittest.cc",
"seccomp-bpf/codegen_unittest.cc",
"seccomp-bpf/errorcode_unittest.cc",
- "seccomp-bpf/sandbox_bpf_unittest.cc",
"seccomp-bpf/syscall_iterator_unittest.cc",
"seccomp-bpf/syscall_unittest.cc",
]
@@ -146,7 +153,6 @@
"seccomp-bpf/linux_seccomp.h",
"seccomp-bpf/sandbox_bpf.cc",
"seccomp-bpf/sandbox_bpf.h",
- "seccomp-bpf/sandbox_bpf_compatibility_policy.h",
"seccomp-bpf/sandbox_bpf_policy.cc",
"seccomp-bpf/sandbox_bpf_policy.h",
"seccomp-bpf/syscall.cc",
@@ -185,39 +191,27 @@
]
}
-if (compile_seccomp_bpf_demo) {
- # A demonstration program for the seccomp-bpf sandbox.
- executable("seccomp_bpf_demo") {
+if (is_linux) {
+# The setuid sandbox for Linux.
+ executable("chrome_sandbox") {
sources = [
- "seccomp-bpf/demo.cc",
+ "suid/common/sandbox.h",
+ "suid/common/suid_unsafe_environment_variables.h",
+ "suid/process_util.h",
+ "suid/process_util_linux.c",
+ "suid/sandbox.c",
]
- deps = [
- ":seccomp_bpf",
+
+ cflags = [
+ # For ULLONG_MAX
+ "-std=gnu99",
+ # These files have a suspicious comparison.
+ # TODO fix this and re-enable this warning.
+ "-Wno-sign-compare",
]
}
}
-# The setuid sandbox for Linux.
-executable("chrome_sandbox") {
- sources = [
- "suid/common/sandbox.h",
- "suid/common/suid_unsafe_environment_variables.h",
- "suid/linux_util.c",
- "suid/linux_util.h",
- "suid/process_util.h",
- "suid/process_util_linux.c",
- "suid/sandbox.c",
- ]
-
- cflags = [
- # For ULLONG_MAX
- "-std=gnu99",
- # These files have a suspicious comparison.
- # TODO fix this and re-enable this warning.
- "-Wno-sign-compare",
- ]
-}
-
component("sandbox_services") {
sources = [
"services/broker_process.cc",
@@ -251,10 +245,12 @@
source_set("sandbox_services_headers") {
sources = [
"services/android_arm_ucontext.h",
+ "services/android_arm64_ucontext.h",
"services/android_futex.h",
"services/android_ucontext.h",
"services/android_i386_ucontext.h",
"services/arm_linux_syscalls.h",
+ "services/arm64_linux_syscalls.h",
"services/linux_syscalls.h",
"services/x86_32_linux_syscalls.h",
"services/x86_64_linux_syscalls.h",
@@ -272,19 +268,21 @@
]
}
-component("suid_sandbox_client") {
- sources = [
- "suid/common/sandbox.h",
- "suid/common/suid_unsafe_environment_variables.h",
- "suid/client/setuid_sandbox_client.cc",
- "suid/client/setuid_sandbox_client.h",
- ]
- defines = [ "SANDBOX_IMPLEMENTATION" ]
+if (compile_suid_client) {
+ component("suid_sandbox_client") {
+ sources = [
+ "suid/common/sandbox.h",
+ "suid/common/suid_unsafe_environment_variables.h",
+ "suid/client/setuid_sandbox_client.cc",
+ "suid/client/setuid_sandbox_client.h",
+ ]
+ defines = [ "SANDBOX_IMPLEMENTATION" ]
- deps = [
- ":sandbox_services",
- "//base",
- ]
+ deps = [
+ ":sandbox_services",
+ "//base",
+ ]
+ }
}
if (is_android) {
diff --git a/sandbox/linux/OWNERS b/sandbox/linux/OWNERS
index 0d68cd3..f39e967 100644
--- a/sandbox/linux/OWNERS
+++ b/sandbox/linux/OWNERS
@@ -1,4 +1,3 @@
-cevans@chromium.org
jln@chromium.org
jorgelo@chromium.org
mdempsky@chromium.org
diff --git a/sandbox/linux/bpf_dsl/DEPS b/sandbox/linux/bpf_dsl/DEPS
index 01595a4..69ef84c 100644
--- a/sandbox/linux/bpf_dsl/DEPS
+++ b/sandbox/linux/bpf_dsl/DEPS
@@ -1,3 +1,4 @@
include_rules = [
"+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services", # for bpf_dsl_more_unittest.cc
]
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.cc b/sandbox/linux/bpf_dsl/bpf_dsl.cc
index 66cd09c..8144d80 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl.cc
@@ -6,67 +6,128 @@
#include <errno.h>
+#include <limits>
+
#include "base/logging.h"
#include "base/memory/ref_counted.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-using namespace sandbox::bpf_dsl::internal;
-typedef ::sandbox::Trap::TrapFnc TrapFnc;
-
namespace sandbox {
namespace bpf_dsl {
namespace {
-class AllowResultExprImpl : public ResultExprImpl {
+class AllowResultExprImpl : public internal::ResultExprImpl {
public:
AllowResultExprImpl() {}
+
virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
return ErrorCode(ErrorCode::ERR_ALLOWED);
}
private:
virtual ~AllowResultExprImpl() {}
+
DISALLOW_COPY_AND_ASSIGN(AllowResultExprImpl);
};
-class ErrorResultExprImpl : public ResultExprImpl {
+class ErrorResultExprImpl : public internal::ResultExprImpl {
public:
explicit ErrorResultExprImpl(int err) : err_(err) {
CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO);
}
+
virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
return ErrorCode(err_);
}
private:
virtual ~ErrorResultExprImpl() {}
+
int err_;
+
DISALLOW_COPY_AND_ASSIGN(ErrorResultExprImpl);
};
-class TrapResultExprImpl : public ResultExprImpl {
+class KillResultExprImpl : public internal::ResultExprImpl {
public:
- TrapResultExprImpl(TrapFnc func, void* arg) : func_(func), arg_(arg) {
+ explicit KillResultExprImpl(const char* msg) : msg_(msg) { DCHECK(msg_); }
+
+ virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
+ return sb->Kill(msg_);
+ }
+
+ private:
+ virtual ~KillResultExprImpl() {}
+
+ const char* msg_;
+
+ DISALLOW_COPY_AND_ASSIGN(KillResultExprImpl);
+};
+
+class TraceResultExprImpl : public internal::ResultExprImpl {
+ public:
+ TraceResultExprImpl(uint16_t aux) : aux_(aux) {}
+
+ virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
+ return ErrorCode(ErrorCode::ERR_TRACE + aux_);
+ }
+
+ private:
+ virtual ~TraceResultExprImpl() {}
+
+ uint16_t aux_;
+
+ DISALLOW_COPY_AND_ASSIGN(TraceResultExprImpl);
+};
+
+class TrapResultExprImpl : public internal::ResultExprImpl {
+ public:
+ TrapResultExprImpl(Trap::TrapFnc func, const void* arg)
+ : func_(func), arg_(arg) {
DCHECK(func_);
}
+
virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
return sb->Trap(func_, arg_);
}
private:
virtual ~TrapResultExprImpl() {}
- TrapFnc func_;
- void* arg_;
+
+ Trap::TrapFnc func_;
+ const void* arg_;
+
DISALLOW_COPY_AND_ASSIGN(TrapResultExprImpl);
};
-class IfThenResultExprImpl : public ResultExprImpl {
+class UnsafeTrapResultExprImpl : public internal::ResultExprImpl {
public:
- IfThenResultExprImpl(BoolExpr cond,
- ResultExpr then_result,
- ResultExpr else_result)
+ UnsafeTrapResultExprImpl(Trap::TrapFnc func, const void* arg)
+ : func_(func), arg_(arg) {
+ DCHECK(func_);
+ }
+
+ virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
+ return sb->UnsafeTrap(func_, arg_);
+ }
+
+ private:
+ virtual ~UnsafeTrapResultExprImpl() {}
+
+ Trap::TrapFnc func_;
+ const void* arg_;
+
+ DISALLOW_COPY_AND_ASSIGN(UnsafeTrapResultExprImpl);
+};
+
+class IfThenResultExprImpl : public internal::ResultExprImpl {
+ public:
+ IfThenResultExprImpl(const BoolExpr& cond,
+ const ResultExpr& then_result,
+ const ResultExpr& else_result)
: cond_(cond), then_result_(then_result), else_result_(else_result) {}
+
virtual ErrorCode Compile(SandboxBPF* sb) const OVERRIDE {
return cond_->Compile(
sb, then_result_->Compile(sb), else_result_->Compile(sb));
@@ -74,37 +135,62 @@
private:
virtual ~IfThenResultExprImpl() {}
+
BoolExpr cond_;
ResultExpr then_result_;
ResultExpr else_result_;
+
DISALLOW_COPY_AND_ASSIGN(IfThenResultExprImpl);
};
-class PrimitiveBoolExprImpl : public BoolExprImpl {
+class ConstBoolExprImpl : public internal::BoolExprImpl {
public:
- PrimitiveBoolExprImpl(int argno,
- ErrorCode::ArgType is_32bit,
- ErrorCode::Operation op,
- uint64_t value)
- : argno_(argno), is_32bit_(is_32bit), op_(op), value_(value) {}
+ ConstBoolExprImpl(bool value) : value_(value) {}
+
virtual ErrorCode Compile(SandboxBPF* sb,
ErrorCode true_ec,
ErrorCode false_ec) const OVERRIDE {
- return sb->Cond(argno_, is_32bit_, op_, value_, true_ec, false_ec);
+ return value_ ? true_ec : false_ec;
+ }
+
+ private:
+ virtual ~ConstBoolExprImpl() {}
+
+ bool value_;
+
+ DISALLOW_COPY_AND_ASSIGN(ConstBoolExprImpl);
+};
+
+class PrimitiveBoolExprImpl : public internal::BoolExprImpl {
+ public:
+ PrimitiveBoolExprImpl(int argno,
+ ErrorCode::ArgType is_32bit,
+ uint64_t mask,
+ uint64_t value)
+ : argno_(argno), is_32bit_(is_32bit), mask_(mask), value_(value) {}
+
+ virtual ErrorCode Compile(SandboxBPF* sb,
+ ErrorCode true_ec,
+ ErrorCode false_ec) const OVERRIDE {
+ return sb->CondMaskedEqual(
+ argno_, is_32bit_, mask_, value_, true_ec, false_ec);
}
private:
virtual ~PrimitiveBoolExprImpl() {}
+
int argno_;
ErrorCode::ArgType is_32bit_;
- ErrorCode::Operation op_;
+ uint64_t mask_;
uint64_t value_;
+
DISALLOW_COPY_AND_ASSIGN(PrimitiveBoolExprImpl);
};
-class NegateBoolExprImpl : public BoolExprImpl {
+class NegateBoolExprImpl : public internal::BoolExprImpl {
public:
- explicit NegateBoolExprImpl(BoolExpr cond) : cond_(cond) {}
+ explicit NegateBoolExprImpl(const BoolExpr& cond) : cond_(cond) {}
+
virtual ErrorCode Compile(SandboxBPF* sb,
ErrorCode true_ec,
ErrorCode false_ec) const OVERRIDE {
@@ -113,13 +199,17 @@
private:
virtual ~NegateBoolExprImpl() {}
+
BoolExpr cond_;
+
DISALLOW_COPY_AND_ASSIGN(NegateBoolExprImpl);
};
-class AndBoolExprImpl : public BoolExprImpl {
+class AndBoolExprImpl : public internal::BoolExprImpl {
public:
- AndBoolExprImpl(BoolExpr lhs, BoolExpr rhs) : lhs_(lhs), rhs_(rhs) {}
+ AndBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
+ : lhs_(lhs), rhs_(rhs) {}
+
virtual ErrorCode Compile(SandboxBPF* sb,
ErrorCode true_ec,
ErrorCode false_ec) const OVERRIDE {
@@ -128,13 +218,18 @@
private:
virtual ~AndBoolExprImpl() {}
- BoolExpr lhs_, rhs_;
+
+ BoolExpr lhs_;
+ BoolExpr rhs_;
+
DISALLOW_COPY_AND_ASSIGN(AndBoolExprImpl);
};
-class OrBoolExprImpl : public BoolExprImpl {
+class OrBoolExprImpl : public internal::BoolExprImpl {
public:
- OrBoolExprImpl(BoolExpr lhs, BoolExpr rhs) : lhs_(lhs), rhs_(rhs) {}
+ OrBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
+ : lhs_(lhs), rhs_(rhs) {}
+
virtual ErrorCode Compile(SandboxBPF* sb,
ErrorCode true_ec,
ErrorCode false_ec) const OVERRIDE {
@@ -143,7 +238,10 @@
private:
virtual ~OrBoolExprImpl() {}
- BoolExpr lhs_, rhs_;
+
+ BoolExpr lhs_;
+ BoolExpr rhs_;
+
DISALLOW_COPY_AND_ASSIGN(OrBoolExprImpl);
};
@@ -151,33 +249,26 @@
namespace internal {
+uint64_t DefaultMask(size_t size) {
+ switch (size) {
+ case 4:
+ return std::numeric_limits<uint32_t>::max();
+ case 8:
+ return std::numeric_limits<uint64_t>::max();
+ default:
+ CHECK(false) << "Unimplemented DefaultMask case";
+ return 0;
+ }
+}
+
BoolExpr ArgEq(int num, size_t size, uint64_t mask, uint64_t val) {
- CHECK(num >= 0 && num < 6);
- CHECK(size >= 1 && size <= 8);
- CHECK_NE(0U, mask) << "zero mask doesn't make sense";
- CHECK_EQ(val, val & mask) << "val contains masked out bits";
+ CHECK(size == 4 || size == 8);
// TODO(mdempsky): Should we just always use TP_64BIT?
const ErrorCode::ArgType arg_type =
- (size <= 4) ? ErrorCode::TP_32BIT : ErrorCode::TP_64BIT;
+ (size == 4) ? ErrorCode::TP_32BIT : ErrorCode::TP_64BIT;
- if (mask == static_cast<uint64_t>(-1)) {
- // Arg == Val
- return BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_EQUAL, val));
- } else if (mask == val) {
- // (Arg & Mask) == Mask
- return BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_HAS_ALL_BITS, mask));
- } else if (val == 0) {
- // (Arg & Mask) == 0, which is semantically equivalent to !((arg & mask) !=
- // 0).
- return !BoolExpr(new const PrimitiveBoolExprImpl(
- num, arg_type, ErrorCode::OP_HAS_ANY_BITS, mask));
- } else {
- CHECK(false) << "Unimplemented ArgEq case";
- return BoolExpr();
- }
+ return BoolExpr(new const PrimitiveBoolExprImpl(num, arg_type, mask, val));
}
} // namespace internal
@@ -190,23 +281,39 @@
return ResultExpr(new const ErrorResultExprImpl(err));
}
-ResultExpr Trap(TrapFnc trap_func, void* aux) {
+ResultExpr Kill(const char* msg) {
+ return ResultExpr(new const KillResultExprImpl(msg));
+}
+
+ResultExpr Trace(uint16_t aux) {
+ return ResultExpr(new const TraceResultExprImpl(aux));
+}
+
+ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux) {
return ResultExpr(new const TrapResultExprImpl(trap_func, aux));
}
-BoolExpr operator!(BoolExpr cond) {
+ResultExpr UnsafeTrap(Trap::TrapFnc trap_func, const void* aux) {
+ return ResultExpr(new const UnsafeTrapResultExprImpl(trap_func, aux));
+}
+
+BoolExpr BoolConst(bool value) {
+ return BoolExpr(new const ConstBoolExprImpl(value));
+}
+
+BoolExpr operator!(const BoolExpr& cond) {
return BoolExpr(new const NegateBoolExprImpl(cond));
}
-BoolExpr operator&&(BoolExpr lhs, BoolExpr rhs) {
+BoolExpr operator&&(const BoolExpr& lhs, const BoolExpr& rhs) {
return BoolExpr(new const AndBoolExprImpl(lhs, rhs));
}
-BoolExpr operator||(BoolExpr lhs, BoolExpr rhs) {
+BoolExpr operator||(const BoolExpr& lhs, const BoolExpr& rhs) {
return BoolExpr(new const OrBoolExprImpl(lhs, rhs));
}
-Elser If(BoolExpr cond, ResultExpr then_result) {
+Elser If(const BoolExpr& cond, const ResultExpr& then_result) {
return Elser(Cons<Elser::Clause>::List()).ElseIf(cond, then_result);
}
@@ -219,12 +326,12 @@
Elser::~Elser() {
}
-Elser Elser::ElseIf(BoolExpr cond, ResultExpr then_result) const {
+Elser Elser::ElseIf(const BoolExpr& cond, const ResultExpr& then_result) const {
return Elser(
Cons<Clause>::Make(std::make_pair(cond, then_result), clause_list_));
}
-ResultExpr Elser::Else(ResultExpr else_result) const {
+ResultExpr Elser::Else(const ResultExpr& else_result) const {
// We finally have the default result expression for this
// if/then/else sequence. Also, we've already accumulated all
// if/then pairs into a list of reverse order (i.e., lower priority
@@ -248,7 +355,7 @@
// and end up with an appropriately chained tree.
ResultExpr expr = else_result;
- for (Cons<Clause>::List it = clause_list_; it; it = it->tail()) {
+ for (Cons<Clause>::List it = clause_list_; it.get(); it = it->tail()) {
Clause clause = it->head();
expr = ResultExpr(
new const IfThenResultExprImpl(clause.first, clause.second, expr));
@@ -269,8 +376,7 @@
return InvalidSyscall()->Compile(sb);
}
-ResultExpr SandboxBPFDSLPolicy::Trap(::sandbox::Trap::TrapFnc trap_func,
- void* aux) {
+ResultExpr SandboxBPFDSLPolicy::Trap(Trap::TrapFnc trap_func, const void* aux) {
return bpf_dsl::Trap(trap_func, aux);
}
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl.h b/sandbox/linux/bpf_dsl/bpf_dsl.h
index d46102a..7bb6913 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl.h
+++ b/sandbox/linux/bpf_dsl/bpf_dsl.h
@@ -8,6 +8,7 @@
#include <stdint.h>
#include <utility>
+#include <vector>
#include "base/macros.h"
#include "base/memory/ref_counted.h"
@@ -42,8 +43,8 @@
// if (sysno == __NR_fcntl) {
// Arg<int> fd(0), cmd(1);
// Arg<unsigned long> flags(2);
-// const unsigned long kBadFlags = ~(O_ACCMODE | O_NONBLOCK);
-// return If(fd == 0 && cmd == F_SETFL && (flags & kBadFlags) == 0,
+// const uint64_t kGoodFlags = O_ACCMODE | O_NONBLOCK;
+// return If(fd == 0 && cmd == F_SETFL && (flags & ~kGoodFlags) == 0,
// Allow())
// .ElseIf(cmd == F_DUPFD || cmd == F_DUPFD_CLOEXEC,
// Error(EMFILE))
@@ -59,10 +60,13 @@
//
// More generally, the DSL currently supports the following grammar:
//
-// result = Allow() | Error(errno) | Trap(trap_func, arg)
+// result = Allow() | Error(errno) | Kill(msg) | Trace(aux)
+// | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux)
// | If(bool, result)[.ElseIf(bool, result)].Else(result)
-// bool = arg == val | (arg & mask) == mask | (arg & mask) == 0
-// | !bool | bool && bool | bool || bool
+// | Switch(arg)[.Case(val, result)].Default(result)
+// bool = BoolConst(boolean) | !bool | bool && bool | bool || bool
+// | arg == val | arg != val
+// arg = Arg<T>(num) | arg & mask
//
// The semantics of each function and operator are intended to be
// intuitive, but are described in more detail below.
@@ -76,6 +80,8 @@
// Forward declarations of classes; see below for proper documentation.
class Elser;
+template <typename T>
+class Caser;
namespace internal {
class ResultExprImpl;
class BoolExprImpl;
@@ -108,7 +114,7 @@
virtual ErrorCode InvalidSyscall(SandboxBPF* sb) const OVERRIDE FINAL;
// Helper method so policies can just write Trap(func, aux).
- static ResultExpr Trap(::sandbox::Trap::TrapFnc trap_func, void* aux);
+ static ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux);
private:
DISALLOW_COPY_AND_ASSIGN(SandboxBPFDSLPolicy);
@@ -124,44 +130,75 @@
// side effects.
SANDBOX_EXPORT ResultExpr Error(int err);
+// Kill specifies a result to kill the program and print an error message.
+SANDBOX_EXPORT ResultExpr Kill(const char* msg);
+
+// Trace specifies a result to notify a tracing process via the
+// PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call.
+// The value of |aux| will be available to the tracer via PTRACE_GETEVENTMSG.
+SANDBOX_EXPORT ResultExpr Trace(uint16_t aux);
+
// Trap specifies a result that the system call should be handled by
// trapping back into userspace and invoking |trap_func|, passing
// |aux| as the second parameter.
-SANDBOX_EXPORT ResultExpr Trap(::sandbox::Trap::TrapFnc trap_func, void* aux);
+SANDBOX_EXPORT ResultExpr Trap(Trap::TrapFnc trap_func, const void* aux);
+
+// UnsafeTrap is like Trap, except the policy is marked as "unsafe"
+// and allowed to use SandboxSyscall to invoke any system call.
+//
+// NOTE: This feature, by definition, disables all security features of
+// the sandbox. It should never be used in production, but it can be
+// very useful to diagnose code that is incompatible with the sandbox.
+// If even a single system call returns "UnsafeTrap", the security of
+// entire sandbox should be considered compromised.
+SANDBOX_EXPORT ResultExpr UnsafeTrap(Trap::TrapFnc trap_func, const void* aux);
+
+// BoolConst converts a bool value into a BoolExpr.
+SANDBOX_EXPORT BoolExpr BoolConst(bool value);
+
+// Various ways to combine boolean expressions into more complex expressions.
+// They follow standard boolean algebra laws.
+SANDBOX_EXPORT BoolExpr operator!(const BoolExpr& cond);
+SANDBOX_EXPORT BoolExpr operator&&(const BoolExpr& lhs, const BoolExpr& rhs);
+SANDBOX_EXPORT BoolExpr operator||(const BoolExpr& lhs, const BoolExpr& rhs);
template <typename T>
class SANDBOX_EXPORT Arg {
public:
// Initializes the Arg to represent the |num|th system call
// argument (indexed from 0), which is of type |T|.
- explicit Arg(int num) : num_(num), mask_(-1) {}
+ explicit Arg(int num);
Arg(const Arg& arg) : num_(arg.num_), mask_(arg.mask_) {}
// Returns an Arg representing the current argument, but after
// bitwise-and'ing it with |rhs|.
- Arg operator&(uint64_t rhs) const { return Arg(num_, mask_ & rhs); }
+ friend Arg operator&(const Arg& lhs, uint64_t rhs) {
+ return Arg(lhs.num_, lhs.mask_ & rhs);
+ }
- // Returns a boolean expression comparing whether the system call
- // argument (after applying any bitmasks, if appropriate) equals |rhs|.
- BoolExpr operator==(T rhs) const;
+ // Returns a boolean expression comparing whether the system call argument
+ // (after applying any bitmasks, if appropriate) equals |rhs|.
+ friend BoolExpr operator==(const Arg& lhs, T rhs) { return lhs.EqualTo(rhs); }
+
+ // Returns a boolean expression comparing whether the system call argument
+ // (after applying any bitmasks, if appropriate) does not equal |rhs|.
+ friend BoolExpr operator!=(const Arg& lhs, T rhs) { return !(lhs == rhs); }
private:
Arg(int num, uint64_t mask) : num_(num), mask_(mask) {}
+
+ BoolExpr EqualTo(T val) const;
+
int num_;
uint64_t mask_;
+
DISALLOW_ASSIGN(Arg);
};
-// Various ways to combine boolean expressions into more complex expressions.
-// They follow standard boolean algebra laws.
-SANDBOX_EXPORT BoolExpr operator!(BoolExpr cond);
-SANDBOX_EXPORT BoolExpr operator&&(BoolExpr lhs, BoolExpr rhs);
-SANDBOX_EXPORT BoolExpr operator||(BoolExpr lhs, BoolExpr rhs);
-
// If begins a conditional result expression predicated on the
// specified boolean expression.
-SANDBOX_EXPORT Elser If(BoolExpr cond, ResultExpr then_result);
+SANDBOX_EXPORT Elser If(const BoolExpr& cond, const ResultExpr& then_result);
class SANDBOX_EXPORT Elser {
public:
@@ -170,20 +207,76 @@
// ElseIf extends the conditional result expression with another
// "if then" clause, predicated on the specified boolean expression.
- Elser ElseIf(BoolExpr cond, ResultExpr then_result) const;
+ Elser ElseIf(const BoolExpr& cond, const ResultExpr& then_result) const;
// Else terminates a conditional result expression using |else_result| as
// the default fallback result expression.
- ResultExpr Else(ResultExpr else_result) const;
+ ResultExpr Else(const ResultExpr& else_result) const;
private:
typedef std::pair<BoolExpr, ResultExpr> Clause;
+
explicit Elser(Cons<Clause>::List clause_list);
+
Cons<Clause>::List clause_list_;
- friend Elser If(BoolExpr, ResultExpr);
+
+ friend Elser If(const BoolExpr&, const ResultExpr&);
+ template <typename T>
+ friend Caser<T> Switch(const Arg<T>&);
DISALLOW_ASSIGN(Elser);
};
+// Switch begins a switch expression dispatched according to the
+// specified argument value.
+template <typename T>
+SANDBOX_EXPORT Caser<T> Switch(const Arg<T>& arg);
+
+template <typename T>
+class SANDBOX_EXPORT Caser {
+ public:
+ Caser(const Caser<T>& caser) : arg_(caser.arg_), elser_(caser.elser_) {}
+ ~Caser() {}
+
+ // Case adds a single-value "case" clause to the switch.
+ Caser<T> Case(T value, ResultExpr result) const;
+
+ // Cases adds a multiple-value "case" clause to the switch.
+ // See also the SANDBOX_BPF_DSL_CASES macro below for a more idiomatic way
+ // of using this function.
+ Caser<T> Cases(const std::vector<T>& values, ResultExpr result) const;
+
+ // Terminate the switch with a "default" clause.
+ ResultExpr Default(ResultExpr result) const;
+
+ private:
+ Caser(const Arg<T>& arg, Elser elser) : arg_(arg), elser_(elser) {}
+
+ Arg<T> arg_;
+ Elser elser_;
+
+ template <typename U>
+ friend Caser<U> Switch(const Arg<U>&);
+ DISALLOW_ASSIGN(Caser);
+};
+
+// Recommended usage is to put
+// #define CASES SANDBOX_BPF_DSL_CASES
+// near the top of the .cc file (e.g., nearby any "using" statements), then
+// use like:
+// Switch(arg).CASES((3, 5, 7), result)...;
+#define SANDBOX_BPF_DSL_CASES(values, result) \
+ Cases(SANDBOX_BPF_DSL_CASES_HELPER values, result)
+
+// Helper macro to construct a std::vector from an initializer list.
+// TODO(mdempsky): Convert to use C++11 initializer lists instead.
+#define SANDBOX_BPF_DSL_CASES_HELPER(value, ...) \
+ ({ \
+ const __typeof__(value) bpf_dsl_cases_values[] = {value, __VA_ARGS__}; \
+ std::vector<__typeof__(value)>( \
+ bpf_dsl_cases_values, \
+ bpf_dsl_cases_values + arraysize(bpf_dsl_cases_values)); \
+ })
+
// =====================================================================
// Official API ends here.
// =====================================================================
@@ -193,6 +286,14 @@
// templates.
namespace internal {
+// Make argument-dependent lookup work. This is necessary because although
+// BoolExpr is defined in bpf_dsl, since it's merely a typedef for
+// scoped_refptr<const internal::BoolExplImpl>, argument-dependent lookup only
+// searches the "internal" nested namespace.
+using bpf_dsl::operator!;
+using bpf_dsl::operator||;
+using bpf_dsl::operator&&;
+
// Returns a boolean expression that represents whether system call
// argument |num| of size |size| is equal to |val|, when masked
// according to |mask|. Users should use the Arg template class below
@@ -200,6 +301,9 @@
SANDBOX_EXPORT BoolExpr
ArgEq(int num, size_t size, uint64_t mask, uint64_t val);
+// Returns the default mask for a system call argument of the specified size.
+SANDBOX_EXPORT uint64_t DefaultMask(size_t size);
+
// Internal interface implemented by BoolExpr implementations.
class SANDBOX_EXPORT BoolExprImpl : public base::RefCounted<BoolExprImpl> {
public:
@@ -232,12 +336,51 @@
} // namespace internal
+template <typename T>
+Arg<T>::Arg(int num)
+ : num_(num), mask_(internal::DefaultMask(sizeof(T))) {
+}
+
// Definition requires ArgEq to have been declared. Moved out-of-line
// to minimize how much internal clutter users have to ignore while
// reading the header documentation.
+//
+// Additionally, we use this helper member function to avoid linker errors
+// caused by defining operator== out-of-line. For a more detailed explanation,
+// see http://www.parashift.com/c++-faq-lite/template-friends.html.
template <typename T>
-BoolExpr Arg<T>::operator==(T rhs) const {
- return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint64_t>(rhs));
+BoolExpr Arg<T>::EqualTo(T val) const {
+ return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint64_t>(val));
+}
+
+template <typename T>
+SANDBOX_EXPORT Caser<T> Switch(const Arg<T>& arg) {
+ return Caser<T>(arg, Elser(Cons<Elser::Clause>::List()));
+}
+
+template <typename T>
+Caser<T> Caser<T>::Case(T value, ResultExpr result) const {
+ return SANDBOX_BPF_DSL_CASES((value), result);
+}
+
+template <typename T>
+Caser<T> Caser<T>::Cases(const std::vector<T>& values,
+ ResultExpr result) const {
+ // Theoretically we could evaluate arg_ just once and emit a more efficient
+ // dispatch table, but for now we simply translate into an equivalent
+ // If/ElseIf/Else chain.
+
+ typedef typename std::vector<T>::const_iterator Iter;
+ BoolExpr test = BoolConst(false);
+ for (Iter i = values.begin(), end = values.end(); i != end; ++i) {
+ test = test || (arg_ == *i);
+ }
+ return Caser<T>(arg_, elser_.ElseIf(test, result));
+}
+
+template <typename T>
+ResultExpr Caser<T>::Default(ResultExpr result) const {
+ return elser_.Else(result);
}
} // namespace bpf_dsl
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
similarity index 73%
rename from sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
rename to sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
index c25d6cf..b7fbe99 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
@@ -2,7 +2,10 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+
#include <errno.h>
+#include <fcntl.h>
#include <pthread.h>
#include <sched.h>
#include <signal.h>
@@ -21,18 +24,20 @@
#endif
#include <linux/futex.h>
-#include <ostream>
-
#include "base/bind.h"
#include "base/logging.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/posix/eintr_wrapper.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/threading/thread.h"
#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
#include "sandbox/linux/seccomp-bpf/trap.h"
-#include "sandbox/linux/seccomp-bpf/verifier.h"
#include "sandbox/linux/services/broker_process.h"
#include "sandbox/linux/services/linux_syscalls.h"
#include "sandbox/linux/tests/scoped_temporary_file.h"
@@ -49,6 +54,7 @@
#endif
namespace sandbox {
+namespace bpf_dsl {
namespace {
@@ -101,21 +107,23 @@
return (*counter)++;
}
-class VerboseAPITestingPolicy : public SandboxBPFPolicy {
+class VerboseAPITestingPolicy : public SandboxBPFDSLPolicy {
public:
- VerboseAPITestingPolicy(int* counter_ptr) : counter_ptr_(counter_ptr) {}
+ explicit VerboseAPITestingPolicy(int* counter_ptr)
+ : counter_ptr_(counter_ptr) {}
+ virtual ~VerboseAPITestingPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
if (sysno == __NR_uname) {
- return sandbox->Trap(IncreaseCounter, counter_ptr_);
+ return Trap(IncreaseCounter, counter_ptr_);
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
private:
int* counter_ptr_;
+
DISALLOW_COPY_AND_ASSIGN(VerboseAPITestingPolicy);
};
@@ -138,44 +146,51 @@
// A simple blacklist test
-class BlacklistNanosleepPolicy : public SandboxBPFPolicy {
+class BlacklistNanosleepPolicy : public SandboxBPFDSLPolicy {
public:
BlacklistNanosleepPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
+ virtual ~BlacklistNanosleepPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
switch (sysno) {
case __NR_nanosleep:
- return ErrorCode(EACCES);
+ return Error(EACCES);
default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
+ static void AssertNanosleepFails() {
+ const struct timespec ts = {0, 0};
+ errno = 0;
+ BPF_ASSERT_EQ(-1, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL)));
+ BPF_ASSERT_EQ(EACCES, errno);
+ }
+
private:
DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepPolicy);
};
BPF_TEST_C(SandboxBPF, ApplyBasicBlacklistPolicy, BlacklistNanosleepPolicy) {
- // nanosleep() should be denied
- const struct timespec ts = {0, 0};
- errno = 0;
- BPF_ASSERT(syscall(__NR_nanosleep, &ts, NULL) == -1);
- BPF_ASSERT(errno == EACCES);
+ BlacklistNanosleepPolicy::AssertNanosleepFails();
}
// Now do a simple whitelist test
-class WhitelistGetpidPolicy : public SandboxBPFPolicy {
+class WhitelistGetpidPolicy : public SandboxBPFDSLPolicy {
public:
WhitelistGetpidPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
+ virtual ~WhitelistGetpidPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
switch (sysno) {
case __NR_getpid:
case __NR_exit_group:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
default:
- return ErrorCode(ENOMEM);
+ return Error(ENOMEM);
}
}
@@ -202,21 +217,30 @@
return -ENOMEM;
}
-ErrorCode BlacklistNanosleepPolicySigsys(SandboxBPF* sandbox,
- int sysno,
- int* aux) {
- DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
- switch (sysno) {
- case __NR_nanosleep:
- return sandbox->Trap(EnomemHandler, aux);
- default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+class BlacklistNanosleepTrapPolicy : public SandboxBPFDSLPolicy {
+ public:
+ explicit BlacklistNanosleepTrapPolicy(int* aux) : aux_(aux) {}
+ virtual ~BlacklistNanosleepTrapPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+ switch (sysno) {
+ case __NR_nanosleep:
+ return Trap(EnomemHandler, aux_);
+ default:
+ return Allow();
+ }
}
-}
+
+ private:
+ int* aux_;
+
+ DISALLOW_COPY_AND_ASSIGN(BlacklistNanosleepTrapPolicy);
+};
BPF_TEST(SandboxBPF,
BasicBlacklistWithSigsys,
- BlacklistNanosleepPolicySigsys,
+ BlacklistNanosleepTrapPolicy,
int /* (*BPF_AUX) */) {
// getpid() should work properly
errno = 0;
@@ -235,39 +259,43 @@
// A simple test that verifies we can return arbitrary errno values.
-class ErrnoTestPolicy : public SandboxBPFPolicy {
+class ErrnoTestPolicy : public SandboxBPFDSLPolicy {
public:
ErrnoTestPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE;
+ virtual ~ErrnoTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(ErrnoTestPolicy);
};
-ErrorCode ErrnoTestPolicy::EvaluateSyscall(SandboxBPF*, int sysno) const {
+ResultExpr ErrnoTestPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
switch (sysno) {
- case __NR_dup3: // dup2 is a wrapper of dup3 in android
+ case __NR_dup3: // dup2 is a wrapper of dup3 in android
+#if defined(__NR_dup2)
case __NR_dup2:
+#endif
// Pretend that dup2() worked, but don't actually do anything.
- return ErrorCode(0);
+ return Error(0);
case __NR_setuid:
#if defined(__NR_setuid32)
case __NR_setuid32:
#endif
// Return errno = 1.
- return ErrorCode(1);
+ return Error(1);
case __NR_setgid:
#if defined(__NR_setgid32)
case __NR_setgid32:
#endif
// Return maximum errno value (typically 4095).
- return ErrorCode(ErrorCode::ERR_MAX_ERRNO);
+ return Error(ErrorCode::ERR_MAX_ERRNO);
case __NR_uname:
// Return errno = 42;
- return ErrorCode(42);
+ return Error(42);
default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
@@ -313,22 +341,20 @@
// Testing the stacking of two sandboxes
-class StackingPolicyPartOne : public SandboxBPFPolicy {
+class StackingPolicyPartOne : public SandboxBPFDSLPolicy {
public:
StackingPolicyPartOne() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ~StackingPolicyPartOne() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
switch (sysno) {
- case __NR_getppid:
- return sandbox->Cond(0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- 0,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- ErrorCode(EPERM));
+ case __NR_getppid: {
+ const Arg<int> arg(0);
+ return If(arg == 0, Allow()).Else(Error(EPERM));
+ }
default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
@@ -336,22 +362,20 @@
DISALLOW_COPY_AND_ASSIGN(StackingPolicyPartOne);
};
-class StackingPolicyPartTwo : public SandboxBPFPolicy {
+class StackingPolicyPartTwo : public SandboxBPFDSLPolicy {
public:
StackingPolicyPartTwo() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ~StackingPolicyPartTwo() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
switch (sysno) {
- case __NR_getppid:
- return sandbox->Cond(0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- 0,
- ErrorCode(EINVAL),
- ErrorCode(ErrorCode::ERR_ALLOWED));
+ case __NR_getppid: {
+ const Arg<int> arg(0);
+ return If(arg == 0, Error(EINVAL)).Else(Allow());
+ }
default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
@@ -396,17 +420,19 @@
return ((sysno & ~3) >> 2) % 29 + 1;
}
-class SyntheticPolicy : public SandboxBPFPolicy {
+class SyntheticPolicy : public SandboxBPFDSLPolicy {
public:
SyntheticPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
+ virtual ~SyntheticPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
if (sysno == __NR_exit_group || sysno == __NR_write) {
// exit_group() is special, we really need it to work.
// write() is needed for BPF_ASSERT() to report a useful error message.
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
- return ErrorCode(SysnoToRandomErrno(sysno));
+ return Error(SysnoToRandomErrno(sysno));
}
private:
@@ -447,18 +473,20 @@
}
}
-class ArmPrivatePolicy : public SandboxBPFPolicy {
+class ArmPrivatePolicy : public SandboxBPFDSLPolicy {
public:
ArmPrivatePolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF*, int sysno) const OVERRIDE {
+ virtual ~ArmPrivatePolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
// Start from |__ARM_NR_set_tls + 1| so as not to mess with actual
// ARM private system calls.
if (sysno >= static_cast<int>(__ARM_NR_set_tls + 1) &&
sysno <= static_cast<int>(MAX_PRIVATE_SYSCALL)) {
- return ErrorCode(ArmPrivateSysnoToErrno(sysno));
+ return Error(ArmPrivateSysnoToErrno(sysno));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
private:
@@ -489,35 +517,34 @@
return SandboxBPF::ForwardSyscall(args);
}
-ErrorCode GreyListedPolicy(SandboxBPF* sandbox, int sysno, int* aux) {
- // Set the global environment for unsafe traps once.
- if (sysno == MIN_SYSCALL) {
+class GreyListedPolicy : public SandboxBPFDSLPolicy {
+ public:
+ explicit GreyListedPolicy(int* aux) : aux_(aux) {
+ // Set the global environment for unsafe traps once.
EnableUnsafeTraps();
}
+ virtual ~GreyListedPolicy() {}
- // Some system calls must always be allowed, if our policy wants to make
- // use of UnsafeTrap()
- if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn
-#if defined(__NR_sigprocmask)
- ||
- sysno == __NR_sigprocmask
-#endif
-#if defined(__NR_sigreturn)
- ||
- sysno == __NR_sigreturn
-#endif
- ) {
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- } else if (sysno == __NR_getpid) {
- // Disallow getpid()
- return ErrorCode(EPERM);
- } else if (SandboxBPF::IsValidSyscallNumber(sysno)) {
- // Allow (and count) all other system calls.
- return sandbox->UnsafeTrap(CountSyscalls, aux);
- } else {
- return ErrorCode(ENOSYS);
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+ // Some system calls must always be allowed, if our policy wants to make
+ // use of UnsafeTrap()
+ if (SandboxBPF::IsRequiredForUnsafeTrap(sysno)) {
+ return Allow();
+ } else if (sysno == __NR_getpid) {
+ // Disallow getpid()
+ return Error(EPERM);
+ } else {
+ // Allow (and count) all other system calls.
+ return UnsafeTrap(CountSyscalls, aux_);
+ }
}
-}
+
+ private:
+ int* aux_;
+
+ DISALLOW_COPY_AND_ASSIGN(GreyListedPolicy);
+};
BPF_TEST(SandboxBPF, GreyListedPolicy, GreyListedPolicy, int /* (*BPF_AUX) */) {
BPF_ASSERT(syscall(__NR_getpid) == -1);
@@ -559,22 +586,23 @@
}
}
-class PrctlPolicy : public SandboxBPFPolicy {
+class PrctlPolicy : public SandboxBPFDSLPolicy {
public:
PrctlPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ~PrctlPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
setenv(kSandboxDebuggingEnv, "t", 0);
Die::SuppressInfoMessages(true);
if (sysno == __NR_prctl) {
// Handle prctl() inside an UnsafeTrap()
- return sandbox->UnsafeTrap(PrctlHandler, NULL);
+ return UnsafeTrap(PrctlHandler, NULL);
}
// Allow all other system calls.
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
private:
@@ -612,37 +640,27 @@
return SandboxBPF::ForwardSyscall(args);
}
-class RedirectAllSyscallsPolicy : public SandboxBPFPolicy {
+class RedirectAllSyscallsPolicy : public SandboxBPFDSLPolicy {
public:
RedirectAllSyscallsPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~RedirectAllSyscallsPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(RedirectAllSyscallsPolicy);
};
-ErrorCode RedirectAllSyscallsPolicy::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr RedirectAllSyscallsPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
setenv(kSandboxDebuggingEnv, "t", 0);
Die::SuppressInfoMessages(true);
// Some system calls must always be allowed, if our policy wants to make
// use of UnsafeTrap()
- if (sysno == __NR_rt_sigprocmask || sysno == __NR_rt_sigreturn
-#if defined(__NR_sigprocmask)
- ||
- sysno == __NR_sigprocmask
-#endif
-#if defined(__NR_sigreturn)
- ||
- sysno == __NR_sigreturn
-#endif
- ) {
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- }
- return sandbox->UnsafeTrap(AllowRedirectedSyscall, NULL);
+ if (SandboxBPF::IsRequiredForUnsafeTrap(sysno))
+ return Allow();
+ return UnsafeTrap(AllowRedirectedSyscall, NULL);
}
int bus_handler_fd_ = -1;
@@ -726,7 +744,9 @@
BPF_ASSERT(errno == 0);
}
-bool NoOpCallback() { return true; }
+bool NoOpCallback() {
+ return true;
+}
// Test a trap handler that makes use of a broker process to open().
@@ -758,16 +778,20 @@
BPF_ASSERT(aux);
BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux);
switch (args.nr) {
- case __NR_faccessat: // access is a wrapper of faccessat in android
+ case __NR_faccessat: // access is a wrapper of faccessat in android
BPF_ASSERT(static_cast<int>(args.args[0]) == AT_FDCWD);
return broker_process->Access(reinterpret_cast<const char*>(args.args[1]),
static_cast<int>(args.args[2]));
+#if defined(__NR_access)
case __NR_access:
return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
static_cast<int>(args.args[1]));
+#endif
+#if defined(__NR_open)
case __NR_open:
return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
static_cast<int>(args.args[1]));
+#endif
case __NR_openat:
// We only call open() so if we arrive here, it's because glibc uses
// the openat() system call.
@@ -780,26 +804,36 @@
}
}
-ErrorCode DenyOpenPolicy(SandboxBPF* sandbox,
- int sysno,
- InitializedOpenBroker* iob) {
- if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
- return ErrorCode(ENOSYS);
+class DenyOpenPolicy : public SandboxBPFDSLPolicy {
+ public:
+ explicit DenyOpenPolicy(InitializedOpenBroker* iob) : iob_(iob) {}
+ virtual ~DenyOpenPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+
+ switch (sysno) {
+ case __NR_faccessat:
+#if defined(__NR_access)
+ case __NR_access:
+#endif
+#if defined(__NR_open)
+ case __NR_open:
+#endif
+ case __NR_openat:
+ // We get a InitializedOpenBroker class, but our trap handler wants
+ // the BrokerProcess object.
+ return Trap(BrokerOpenTrapHandler, iob_->broker_process());
+ default:
+ return Allow();
+ }
}
- switch (sysno) {
- case __NR_faccessat:
- case __NR_access:
- case __NR_open:
- case __NR_openat:
- // We get a InitializedOpenBroker class, but our trap handler wants
- // the BrokerProcess object.
- return ErrorCode(
- sandbox->Trap(BrokerOpenTrapHandler, iob->broker_process()));
- default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- }
-}
+ private:
+ InitializedOpenBroker* iob_;
+
+ DISALLOW_COPY_AND_ASSIGN(DenyOpenPolicy);
+};
// We use a InitializedOpenBroker class, so that we can run unsandboxed
// code in its constructor, which is the only way to do so in a BPF_TEST.
@@ -850,18 +884,18 @@
// Simple test demonstrating how to use SandboxBPF::Cond()
-class SimpleCondTestPolicy : public SandboxBPFPolicy {
+class SimpleCondTestPolicy : public SandboxBPFDSLPolicy {
public:
SimpleCondTestPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~SimpleCondTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(SimpleCondTestPolicy);
};
-ErrorCode SimpleCondTestPolicy::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr SimpleCondTestPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
// We deliberately return unusual errno values upon failure, so that we
@@ -869,37 +903,28 @@
// to return more traditional values.
int flags_argument_position = -1;
switch (sysno) {
+#if defined(__NR_open)
case __NR_open:
- case __NR_openat: // open can be a wrapper for openat(2).
- if (sysno == __NR_open) {
- flags_argument_position = 1;
- } else if (sysno == __NR_openat) {
+ flags_argument_position = 1;
+#endif
+ case __NR_openat: { // open can be a wrapper for openat(2).
+ if (sysno == __NR_openat)
flags_argument_position = 2;
- }
+
// Allow opening files for reading, but don't allow writing.
COMPILE_ASSERT(O_RDONLY == 0, O_RDONLY_must_be_all_zero_bits);
- return sandbox->Cond(flags_argument_position,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_HAS_ANY_BITS,
- O_ACCMODE /* 0x3 */,
- ErrorCode(EROFS),
- ErrorCode(ErrorCode::ERR_ALLOWED));
- case __NR_prctl:
+ const Arg<int> flags(flags_argument_position);
+ return If((flags & O_ACCMODE) != 0, Error(EROFS)).Else(Allow());
+ }
+ case __NR_prctl: {
// Allow prctl(PR_SET_DUMPABLE) and prctl(PR_GET_DUMPABLE), but
// disallow everything else.
- return sandbox->Cond(0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- PR_SET_DUMPABLE,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Cond(0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- PR_GET_DUMPABLE,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- ErrorCode(ENOMEM)));
+ const Arg<int> option(0);
+ return If(option == PR_SET_DUMPABLE || option == PR_GET_DUMPABLE, Allow())
+ .Else(Error(ENOMEM));
+ }
default:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
}
@@ -957,20 +982,18 @@
}
}
- ErrorCode Policy(SandboxBPF* sandbox, int sysno) {
- if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
- // FIXME: we should really not have to do that in a trivial policy
- return ErrorCode(ENOSYS);
- } else if (sysno < 0 || sysno >= (int)arg_values_.size() ||
- IsReservedSyscall(sysno)) {
+ ResultExpr Policy(int sysno) {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+ if (sysno < 0 || sysno >= (int)arg_values_.size() ||
+ IsReservedSyscall(sysno)) {
// We only return ErrorCode values for the system calls that
// are part of our test data. Every other system call remains
// allowed.
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
} else {
// ToErrorCode() turns an ArgValue object into an ErrorCode that is
// suitable for use by a sandbox policy.
- return ToErrorCode(sandbox, arg_values_[sysno]);
+ return ToErrorCode(arg_values_[sysno]);
}
}
@@ -1117,42 +1140,38 @@
}
}
- ErrorCode ToErrorCode(SandboxBPF* sandbox, ArgValue* arg_value) {
- // Compute the ErrorCode that should be returned, if none of our
+ ResultExpr ToErrorCode(ArgValue* arg_value) {
+ // Compute the ResultExpr that should be returned, if none of our
// tests succeed (i.e. the system call parameter doesn't match any
// of the values in arg_value->tests[].k_value).
- ErrorCode err;
+ ResultExpr err;
if (arg_value->err) {
// If this was a leaf node, return the errno value that we expect to
// return from the BPF filter program.
- err = ErrorCode(arg_value->err);
+ err = Error(arg_value->err);
} else {
// If this wasn't a leaf node yet, recursively descend into the rest
// of the tree. This will end up adding a few more SandboxBPF::Cond()
// tests to our ErrorCode.
- err = ToErrorCode(sandbox, arg_value->arg_value);
+ err = ToErrorCode(arg_value->arg_value);
}
// Now, iterate over all the test cases that we want to compare against.
// This builds a chain of SandboxBPF::Cond() tests
// (aka "if ... elif ... elif ... elif ... fi")
for (int n = arg_value->size; n-- > 0;) {
- ErrorCode matched;
+ ResultExpr matched;
// Again, we distinguish between leaf nodes and subtrees.
if (arg_value->tests[n].err) {
- matched = ErrorCode(arg_value->tests[n].err);
+ matched = Error(arg_value->tests[n].err);
} else {
- matched = ToErrorCode(sandbox, arg_value->tests[n].arg_value);
+ matched = ToErrorCode(arg_value->tests[n].arg_value);
}
// For now, all of our tests are limited to 32bit.
// We have separate tests that check the behavior of 32bit vs. 64bit
// conditional expressions.
- err = sandbox->Cond(arg_value->argno,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- arg_value->tests[n].k_value,
- matched,
- err);
+ const Arg<uint32_t> arg(arg_value->argno);
+ err = If(arg == arg_value->tests[n].k_value, matched).Else(err);
}
return err;
}
@@ -1213,17 +1232,29 @@
// Don't increase these values. We are pushing the limits of the maximum
// BPF program that the kernel will allow us to load. If the values are
// increased too much, the test will start failing.
+#if defined(__aarch64__)
+ static const int kNumTestCases = 30;
+#else
static const int kNumTestCases = 40;
+#endif
static const int kMaxFanOut = 3;
static const int kMaxArgs = 6;
};
-ErrorCode EqualityStressTestPolicy(SandboxBPF* sandbox,
- int sysno,
- EqualityStressTest* aux) {
- DCHECK(aux);
- return aux->Policy(sandbox, sysno);
-}
+class EqualityStressTestPolicy : public SandboxBPFDSLPolicy {
+ public:
+ explicit EqualityStressTestPolicy(EqualityStressTest* aux) : aux_(aux) {}
+ virtual ~EqualityStressTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ return aux_->Policy(sysno);
+ }
+
+ private:
+ EqualityStressTest* aux_;
+
+ DISALLOW_COPY_AND_ASSIGN(EqualityStressTestPolicy);
+};
BPF_TEST(SandboxBPF,
EqualityTests,
@@ -1232,47 +1263,31 @@
BPF_AUX->VerifyFilter();
}
-class EqualityArgumentWidthPolicy : public SandboxBPFPolicy {
+class EqualityArgumentWidthPolicy : public SandboxBPFDSLPolicy {
public:
EqualityArgumentWidthPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~EqualityArgumentWidthPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(EqualityArgumentWidthPolicy);
};
-ErrorCode EqualityArgumentWidthPolicy::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr EqualityArgumentWidthPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
if (sysno == __NR_uname) {
- return sandbox->Cond(
- 0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- 0,
- sandbox->Cond(1,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- 0x55555555,
- ErrorCode(1),
- ErrorCode(2)),
- // The BPF compiler and the BPF interpreter in the kernel are
- // (mostly) agnostic of the host platform's word size. The compiler
- // will happily generate code that tests a 64bit value, and the
- // interpreter will happily perform this test.
- // But unless there is a kernel bug, there is no way for us to pass
- // in a 64bit quantity on a 32bit platform. The upper 32bits should
- // always be zero. So, this test should always evaluate as false on
- // 32bit systems.
- sandbox->Cond(1,
- ErrorCode::TP_64BIT,
- ErrorCode::OP_EQUAL,
- 0x55555555AAAAAAAAULL,
- ErrorCode(1),
- ErrorCode(2)));
+ const Arg<int> option(0);
+ const Arg<uint32_t> arg32(1);
+ const Arg<uint64_t> arg64(1);
+ return Switch(option)
+ .Case(0, If(arg32 == 0x55555555, Error(1)).Else(Error(2)))
+#if __SIZEOF_POINTER__ > 4
+ .Case(1, If(arg64 == 0x55555555AAAAAAAAULL, Error(1)).Else(Error(2)))
+#endif
+ .Default(Error(3));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
BPF_TEST_C(SandboxBPF, EqualityArgumentWidth, EqualityArgumentWidthPolicy) {
@@ -1286,8 +1301,6 @@
BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x5555555500000000ULL) == -2);
BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x5555555511111111ULL) == -2);
BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x11111111AAAAAAAAULL) == -2);
-#else
- BPF_ASSERT(Syscall::Call(__NR_uname, 1, 0x55555555) == -2);
#endif
}
@@ -1303,21 +1316,21 @@
}
#endif
-class EqualityWithNegativeArgumentsPolicy : public SandboxBPFPolicy {
+class EqualityWithNegativeArgumentsPolicy : public SandboxBPFDSLPolicy {
public:
EqualityWithNegativeArgumentsPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE {
+ virtual ~EqualityWithNegativeArgumentsPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
if (sysno == __NR_uname) {
- return sandbox->Cond(0,
- ErrorCode::TP_32BIT,
- ErrorCode::OP_EQUAL,
- 0xFFFFFFFF,
- ErrorCode(1),
- ErrorCode(2));
+ // TODO(mdempsky): This currently can't be Arg<int> because then
+ // 0xFFFFFFFF will be treated as a (signed) int, and then when
+ // Arg::EqualTo casts it to uint64_t, it will be sign extended.
+ const Arg<unsigned> arg(0);
+ return If(arg == 0xFFFFFFFF, Error(1)).Else(Error(2));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
private:
@@ -1343,83 +1356,64 @@
BPF_ASSERT(Syscall::Call(__NR_uname, 0xFFFFFFFF00000000LL) == -1);
}
#endif
-class AllBitTestPolicy : public SandboxBPFPolicy {
+
+class AllBitTestPolicy : public SandboxBPFDSLPolicy {
public:
AllBitTestPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~AllBitTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
+ static ResultExpr HasAllBits32(uint32_t bits);
+ static ResultExpr HasAllBits64(uint64_t bits);
+
DISALLOW_COPY_AND_ASSIGN(AllBitTestPolicy);
};
-ErrorCode AllBitTestPolicy::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr AllBitTestPolicy::HasAllBits32(uint32_t bits) {
+ if (bits == 0) {
+ return Error(1);
+ }
+ const Arg<uint32_t> arg(1);
+ return If((arg & bits) == bits, Error(1)).Else(Error(0));
+}
+
+ResultExpr AllBitTestPolicy::HasAllBits64(uint64_t bits) {
+ if (bits == 0) {
+ return Error(1);
+ }
+ const Arg<uint64_t> arg(1);
+ return If((arg & bits) == bits, Error(1)).Else(Error(0));
+}
+
+ResultExpr AllBitTestPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
- // Test the OP_HAS_ALL_BITS conditional test operator with a couple of
- // different bitmasks. We try to find bitmasks that could conceivably
+ // Test masked-equality cases that should trigger the "has all bits"
+ // peephole optimizations. We try to find bitmasks that could conceivably
// touch corner cases.
// For all of these tests, we override the uname(). We can make use with
// a single system call number, as we use the first system call argument to
// select the different bit masks that we want to test against.
if (sysno == __NR_uname) {
- return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 0,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x0,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 1,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x1,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 2,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x3,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 3,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x80000000,
- ErrorCode(1), ErrorCode(0)),
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 4,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x0,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 5,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x1,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 6,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x3,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 7,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x80000000,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 8,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x100000000ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 9,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x300000000ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 10,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ALL_BITS,
- 0x100000001ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Kill("Invalid test case number"))))))))))));
+ const Arg<int> option(0);
+ return Switch(option)
+ .Case(0, HasAllBits32(0x0))
+ .Case(1, HasAllBits32(0x1))
+ .Case(2, HasAllBits32(0x3))
+ .Case(3, HasAllBits32(0x80000000))
+#if __SIZEOF_POINTER__ > 4
+ .Case(4, HasAllBits64(0x0))
+ .Case(5, HasAllBits64(0x1))
+ .Case(6, HasAllBits64(0x3))
+ .Case(7, HasAllBits64(0x80000000))
+ .Case(8, HasAllBits64(0x100000000ULL))
+ .Case(9, HasAllBits64(0x300000000ULL))
+ .Case(10, HasAllBits64(0x100000001ULL))
+#endif
+ .Default(Kill("Invalid test case number"));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
// Define a macro that performs tests using our test policy.
@@ -1472,6 +1466,7 @@
BITMASK_TEST( 3, 0xC0000000U, ALLBITS32, 0x80000000, EXPECT_SUCCESS);
BITMASK_TEST( 3, -0x80000000LL, ALLBITS32, 0x80000000, EXPECT_SUCCESS);
+#if __SIZEOF_POINTER__ > 4
// 64bit test: all of 0x0 (should always be true)
BITMASK_TEST( 4, 0, ALLBITS64, 0, EXPECT_SUCCESS);
BITMASK_TEST( 4, 1, ALLBITS64, 0, EXPECT_SUCCESS);
@@ -1545,88 +1540,66 @@
BITMASK_TEST(10, 0x100000001LL, ALLBITS64,0x100000001, EXPT64_SUCCESS);
BITMASK_TEST(10, 0xFFFFFFFFU, ALLBITS64,0x100000001, EXPECT_FAILURE);
BITMASK_TEST(10, -1L, ALLBITS64,0x100000001, EXPT64_SUCCESS);
+#endif
}
-class AnyBitTestPolicy : public SandboxBPFPolicy {
+class AnyBitTestPolicy : public SandboxBPFDSLPolicy {
public:
AnyBitTestPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~AnyBitTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
+ static ResultExpr HasAnyBits32(uint32_t);
+ static ResultExpr HasAnyBits64(uint64_t);
+
DISALLOW_COPY_AND_ASSIGN(AnyBitTestPolicy);
};
-ErrorCode AnyBitTestPolicy::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr AnyBitTestPolicy::HasAnyBits32(uint32_t bits) {
+ if (bits == 0) {
+ return Error(0);
+ }
+ const Arg<uint32_t> arg(1);
+ return If((arg & bits) != 0, Error(1)).Else(Error(0));
+}
+
+ResultExpr AnyBitTestPolicy::HasAnyBits64(uint64_t bits) {
+ if (bits == 0) {
+ return Error(0);
+ }
+ const Arg<uint64_t> arg(1);
+ return If((arg & bits) != 0, Error(1)).Else(Error(0));
+}
+
+ResultExpr AnyBitTestPolicy::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
- // Test the OP_HAS_ANY_BITS conditional test operator with a couple of
- // different bitmasks. We try to find bitmasks that could conceivably
+ // Test masked-equality cases that should trigger the "has any bits"
+ // peephole optimizations. We try to find bitmasks that could conceivably
// touch corner cases.
// For all of these tests, we override the uname(). We can make use with
// a single system call number, as we use the first system call argument to
// select the different bit masks that we want to test against.
if (sysno == __NR_uname) {
- return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 0,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x0,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 1,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x1,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 2,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x3,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 3,
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x80000000,
- ErrorCode(1), ErrorCode(0)),
-
- // All the following tests don't really make much sense on 32bit
- // systems. They will always evaluate as false.
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 4,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x0,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 5,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x1,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 6,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x3,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 7,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x80000000,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 8,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x100000000ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 9,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x300000000ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 10,
- sandbox->Cond(1, ErrorCode::TP_64BIT, ErrorCode::OP_HAS_ANY_BITS,
- 0x100000001ULL,
- ErrorCode(1), ErrorCode(0)),
-
- sandbox->Kill("Invalid test case number"))))))))))));
+ const Arg<int> option(0);
+ return Switch(option)
+ .Case(0, HasAnyBits32(0x0))
+ .Case(1, HasAnyBits32(0x1))
+ .Case(2, HasAnyBits32(0x3))
+ .Case(3, HasAnyBits32(0x80000000))
+#if __SIZEOF_POINTER__ > 4
+ .Case(4, HasAnyBits64(0x0))
+ .Case(5, HasAnyBits64(0x1))
+ .Case(6, HasAnyBits64(0x3))
+ .Case(7, HasAnyBits64(0x80000000))
+ .Case(8, HasAnyBits64(0x100000000ULL))
+ .Case(9, HasAnyBits64(0x300000000ULL))
+ .Case(10, HasAnyBits64(0x100000001ULL))
+#endif
+ .Default(Kill("Invalid test case number"));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
BPF_TEST_C(SandboxBPF, AnyBitTests, AnyBitTestPolicy) {
@@ -1657,6 +1630,7 @@
BITMASK_TEST( 3, 0xC0000000U, ANYBITS32, 0x80000000, EXPECT_SUCCESS);
BITMASK_TEST( 3, -0x80000000LL, ANYBITS32, 0x80000000, EXPECT_SUCCESS);
+#if __SIZEOF_POINTER__ > 4
// 64bit test: any of 0x0 (should always be false)
BITMASK_TEST( 4, 0, ANYBITS64, 0x0, EXPECT_FAILURE);
BITMASK_TEST( 4, 1, ANYBITS64, 0x0, EXPECT_FAILURE);
@@ -1730,6 +1704,106 @@
BITMASK_TEST( 10, 0x100000001LL, ANYBITS64,0x100000001, EXPECT_SUCCESS);
BITMASK_TEST( 10, 0xFFFFFFFFU, ANYBITS64,0x100000001, EXPECT_SUCCESS);
BITMASK_TEST( 10, -1L, ANYBITS64,0x100000001, EXPECT_SUCCESS);
+#endif
+}
+
+class MaskedEqualTestPolicy : public SandboxBPFDSLPolicy {
+ public:
+ MaskedEqualTestPolicy() {}
+ virtual ~MaskedEqualTestPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
+
+ private:
+ static ResultExpr MaskedEqual32(uint32_t mask, uint32_t value);
+ static ResultExpr MaskedEqual64(uint64_t mask, uint64_t value);
+
+ DISALLOW_COPY_AND_ASSIGN(MaskedEqualTestPolicy);
+};
+
+ResultExpr MaskedEqualTestPolicy::MaskedEqual32(uint32_t mask, uint32_t value) {
+ const Arg<uint32_t> arg(1);
+ return If((arg & mask) == value, Error(1)).Else(Error(0));
+}
+
+ResultExpr MaskedEqualTestPolicy::MaskedEqual64(uint64_t mask, uint64_t value) {
+ const Arg<uint64_t> arg(1);
+ return If((arg & mask) == value, Error(1)).Else(Error(0));
+}
+
+ResultExpr MaskedEqualTestPolicy::EvaluateSyscall(int sysno) const {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+
+ if (sysno == __NR_uname) {
+ const Arg<int> option(0);
+ return Switch(option)
+ .Case(0, MaskedEqual32(0x00ff00ff, 0x005500aa))
+#if __SIZEOF_POINTER__ > 4
+ .Case(1, MaskedEqual64(0x00ff00ff00000000, 0x005500aa00000000))
+ .Case(2, MaskedEqual64(0x00ff00ff00ff00ff, 0x005500aa005500aa))
+#endif
+ .Default(Kill("Invalid test case number"));
+ }
+
+ return Allow();
+}
+
+#define MASKEQ_TEST(rulenum, arg, expected_result) \
+ BPF_ASSERT(Syscall::Call(__NR_uname, (rulenum), (arg)) == (expected_result))
+
+BPF_TEST_C(SandboxBPF, MaskedEqualTests, MaskedEqualTestPolicy) {
+ // Allowed: 0x__55__aa
+ MASKEQ_TEST(0, 0x00000000, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x00000001, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x00000003, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x00000100, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x00000300, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x005500aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(0, 0x005500ab, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x005600aa, EXPECT_FAILURE);
+ MASKEQ_TEST(0, 0x005501aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(0, 0x005503aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(0, 0x555500aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(0, 0xaa5500aa, EXPECT_SUCCESS);
+
+#if __SIZEOF_POINTER__ > 4
+ // Allowed: 0x__55__aa________
+ MASKEQ_TEST(1, 0x0000000000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000000000000010, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000000000000050, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000000100000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000000300000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000010000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x0000030000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x005500aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0x005500ab00000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x005600aa00000000, EXPECT_FAILURE);
+ MASKEQ_TEST(1, 0x005501aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0x005503aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0x555500aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0xaa5500aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0xaa5500aa00000000, EXPECT_SUCCESS);
+ MASKEQ_TEST(1, 0xaa5500aa0000cafe, EXPECT_SUCCESS);
+
+ // Allowed: 0x__55__aa__55__aa
+ MASKEQ_TEST(2, 0x0000000000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000000000000010, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000000000000050, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000000100000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000000300000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000010000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x0000030000000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x00000000005500aa, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x005500aa00000000, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x005500aa005500aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(2, 0x005500aa005700aa, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x005700aa005500aa, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x005500aa004500aa, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x004500aa005500aa, EXPECT_FAILURE);
+ MASKEQ_TEST(2, 0x005512aa005500aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(2, 0x005500aa005534aa, EXPECT_SUCCESS);
+ MASKEQ_TEST(2, 0xff5500aa0055ffaa, EXPECT_SUCCESS);
+#endif
}
intptr_t PthreadTrapHandler(const struct arch_seccomp_data& args, void* aux) {
@@ -1760,18 +1834,18 @@
return -EPERM;
}
-class PthreadPolicyEquality : public SandboxBPFPolicy {
+class PthreadPolicyEquality : public SandboxBPFDSLPolicy {
public:
PthreadPolicyEquality() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~PthreadPolicyEquality() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
DISALLOW_COPY_AND_ASSIGN(PthreadPolicyEquality);
};
-ErrorCode PthreadPolicyEquality::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+ResultExpr PthreadPolicyEquality::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
// This policy allows creating threads with pthread_create(). But it
// doesn't allow any other uses of clone(). Most notably, it does not
@@ -1787,39 +1861,48 @@
// The following policy is very strict. It only allows the exact masks
// that we have seen in known implementations. It is probably somewhat
// stricter than what we would want to do.
- const uint64_t kGlibcCloneMask =
- CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
- CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS |
- CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
- const uint64_t kBaseAndroidCloneMask =
- CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
- CLONE_THREAD | CLONE_SYSVSEM;
- return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
- kGlibcCloneMask,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
- kBaseAndroidCloneMask | CLONE_DETACHED,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
- kBaseAndroidCloneMask,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Trap(PthreadTrapHandler, "Unknown mask"))));
+ const uint64_t kGlibcCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
+ CLONE_SIGHAND | CLONE_THREAD |
+ CLONE_SYSVSEM | CLONE_SETTLS |
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
+ const uint64_t kBaseAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
+ CLONE_SIGHAND | CLONE_THREAD |
+ CLONE_SYSVSEM;
+ const Arg<unsigned long> flags(0);
+ return If(flags == kGlibcCloneMask ||
+ flags == (kBaseAndroidCloneMask | CLONE_DETACHED) ||
+ flags == kBaseAndroidCloneMask,
+ Allow()).Else(Trap(PthreadTrapHandler, "Unknown mask"));
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+
+ return Allow();
}
-class PthreadPolicyBitMask : public SandboxBPFPolicy {
+class PthreadPolicyBitMask : public SandboxBPFDSLPolicy {
public:
PthreadPolicyBitMask() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
+ virtual ~PthreadPolicyBitMask() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE;
private:
+ static BoolExpr HasAnyBits(const Arg<unsigned long>& arg, unsigned long bits);
+ static BoolExpr HasAllBits(const Arg<unsigned long>& arg, unsigned long bits);
+
DISALLOW_COPY_AND_ASSIGN(PthreadPolicyBitMask);
};
-ErrorCode PthreadPolicyBitMask::EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const {
+BoolExpr PthreadPolicyBitMask::HasAnyBits(const Arg<unsigned long>& arg,
+ unsigned long bits) {
+ return (arg & bits) != 0;
+}
+
+BoolExpr PthreadPolicyBitMask::HasAllBits(const Arg<unsigned long>& arg,
+ unsigned long bits) {
+ return (arg & bits) == bits;
+}
+
+ResultExpr PthreadPolicyBitMask::EvaluateSyscall(int sysno) const {
DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
// This policy allows creating threads with pthread_create(). But it
// doesn't allow any other uses of clone(). Most notably, it does not
@@ -1835,30 +1918,31 @@
// err on the side of rather safe than sorry.
// Very noticeably though, we disallow fork() (which is often just a
// wrapper around clone()).
- return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- ~uint32(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|
- CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|
- CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|
- CLONE_DETACHED),
- sandbox->Trap(PthreadTrapHandler,
- "Unexpected CLONE_XXX flag found"),
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|
- CLONE_THREAD|CLONE_SYSVSEM,
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ALL_BITS,
- CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_HAS_ANY_BITS,
- CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,
- sandbox->Trap(PthreadTrapHandler,
- "Must set either all or none of the TLS"
- " and futex bits in call to clone()"),
- ErrorCode(ErrorCode::ERR_ALLOWED))),
- sandbox->Trap(PthreadTrapHandler,
- "Missing mandatory CLONE_XXX flags "
- "when creating new thread")));
+ const unsigned long kMandatoryFlags = CLONE_VM | CLONE_FS | CLONE_FILES |
+ CLONE_SIGHAND | CLONE_THREAD |
+ CLONE_SYSVSEM;
+ const unsigned long kFutexFlags =
+ CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
+ const unsigned long kNoopFlags = CLONE_DETACHED;
+ const unsigned long kKnownFlags =
+ kMandatoryFlags | kFutexFlags | kNoopFlags;
+
+ const Arg<unsigned long> flags(0);
+ return If(HasAnyBits(flags, ~kKnownFlags),
+ Trap(PthreadTrapHandler, "Unexpected CLONE_XXX flag found"))
+ .ElseIf(!HasAllBits(flags, kMandatoryFlags),
+ Trap(PthreadTrapHandler,
+ "Missing mandatory CLONE_XXX flags "
+ "when creating new thread"))
+ .ElseIf(
+ !HasAllBits(flags, kFutexFlags) && HasAnyBits(flags, kFutexFlags),
+ Trap(PthreadTrapHandler,
+ "Must set either all or none of the TLS and futex bits in "
+ "call to clone()"))
+ .Else(Allow());
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+
+ return Allow();
}
static void* ThreadFnc(void* arg) {
@@ -1930,6 +2014,18 @@
#endif
#endif
+#if defined(__aarch64__)
+#ifndef PTRACE_GETREGS
+#define PTRACE_GETREGS 12
+#endif
+#endif
+
+#if defined(__aarch64__)
+#ifndef PTRACE_SETREGS
+#define PTRACE_SETREGS 13
+#endif
+#endif
+
// Changes the syscall to run for a child being sandboxed using seccomp-bpf with
// PTRACE_O_TRACESECCOMP. Should only be called when the child is stopped on
// PTRACE_EVENT_SECCOMP.
@@ -1953,14 +2049,13 @@
const uint16_t kTraceData = 0xcc;
-class TraceAllPolicy : public SandboxBPFPolicy {
+class TraceAllPolicy : public SandboxBPFDSLPolicy {
public:
TraceAllPolicy() {}
virtual ~TraceAllPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
- int system_call_number) const OVERRIDE {
- return ErrorCode(ErrorCode::ERR_TRACE + kTraceData);
+ virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE {
+ return Trace(kTraceData);
}
private:
@@ -1973,8 +2068,10 @@
return;
}
-#if defined(__arm__)
- printf("This test is currently disabled on ARM due to a kernel bug.");
+// This test is disabled on arm due to a kernel bug.
+// See https://code.google.com/p/chromium/issues/detail?id=383977
+#if defined(__arm__) || defined(__aarch64__)
+ printf("This test is currently disabled on ARM32/64 due to a kernel bug.");
return;
#endif
@@ -2013,8 +2110,11 @@
BPF_ASSERT(HANDLE_EINTR(waitpid(pid, &status, WUNTRACED)) != -1);
BPF_ASSERT(WIFSTOPPED(status));
- BPF_ASSERT_NE(-1, ptrace(PTRACE_SETOPTIONS, pid, NULL,
- reinterpret_cast<void*>(PTRACE_O_TRACESECCOMP)));
+ BPF_ASSERT_NE(-1,
+ ptrace(PTRACE_SETOPTIONS,
+ pid,
+ NULL,
+ reinterpret_cast<void*>(PTRACE_O_TRACESECCOMP)));
BPF_ASSERT_NE(-1, ptrace(PTRACE_CONT, pid, NULL, NULL));
while (true) {
BPF_ASSERT(HANDLE_EINTR(waitpid(pid, &status, 0)) != -1);
@@ -2095,22 +2195,21 @@
bool pread_64_was_forwarded = false;
-class TrapPread64Policy : public SandboxBPFPolicy {
+class TrapPread64Policy : public SandboxBPFDSLPolicy {
public:
TrapPread64Policy() {}
virtual ~TrapPread64Policy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
- int system_call_number) const OVERRIDE {
+ virtual ResultExpr EvaluateSyscall(int system_call_number) const OVERRIDE {
// Set the global environment for unsafe traps once.
if (system_call_number == MIN_SYSCALL) {
EnableUnsafeTraps();
}
if (system_call_number == __NR_pread64) {
- return sandbox_compiler->UnsafeTrap(ForwardPreadHandler, NULL);
+ return UnsafeTrap(ForwardPreadHandler, NULL);
}
- return ErrorCode(ErrorCode::ERR_ALLOWED);
+ return Allow();
}
private:
@@ -2121,6 +2220,7 @@
return SandboxBPF::ForwardSyscall(args);
}
+
DISALLOW_COPY_AND_ASSIGN(TrapPread64Policy);
};
@@ -2145,6 +2245,155 @@
#endif // !defined(OS_ANDROID)
+void* TsyncApplyToTwoThreadsFunc(void* cond_ptr) {
+ base::WaitableEvent* event = static_cast<base::WaitableEvent*>(cond_ptr);
+
+ // Wait for the main thread to signal that the filter has been applied.
+ if (!event->IsSignaled()) {
+ event->Wait();
+ }
+
+ BPF_ASSERT(event->IsSignaled());
+
+ BlacklistNanosleepPolicy::AssertNanosleepFails();
+
+ return NULL;
+}
+
+SANDBOX_TEST(SandboxBPF, Tsync) {
+ if (SandboxBPF::SupportsSeccompThreadFilterSynchronization() !=
+ SandboxBPF::STATUS_AVAILABLE) {
+ return;
+ }
+
+ base::WaitableEvent event(true, false);
+
+ // Create a thread on which to invoke the blocked syscall.
+ pthread_t thread;
+ BPF_ASSERT_EQ(
+ 0, pthread_create(&thread, NULL, &TsyncApplyToTwoThreadsFunc, &event));
+
+ // Test that nanoseelp success.
+ const struct timespec ts = {0, 0};
+ BPF_ASSERT_EQ(0, HANDLE_EINTR(syscall(__NR_nanosleep, &ts, NULL)));
+
+ // Engage the sandbox.
+ SandboxBPF sandbox;
+ sandbox.SetSandboxPolicy(new BlacklistNanosleepPolicy());
+ BPF_ASSERT(sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
+
+ // This thread should have the filter applied as well.
+ BlacklistNanosleepPolicy::AssertNanosleepFails();
+
+ // Signal the condition to invoke the system call.
+ event.Signal();
+
+ // Wait for the thread to finish.
+ BPF_ASSERT_EQ(0, pthread_join(thread, NULL));
+}
+
+class AllowAllPolicy : public SandboxBPFDSLPolicy {
+ public:
+ AllowAllPolicy() {}
+ virtual ~AllowAllPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ return Allow();
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(AllowAllPolicy);
+};
+
+SANDBOX_DEATH_TEST(
+ SandboxBPF,
+ StartMultiThreadedAsSingleThreaded,
+ DEATH_MESSAGE("Cannot start sandbox; process is already multi-threaded")) {
+ base::Thread thread("sandbox.linux.StartMultiThreadedAsSingleThreaded");
+ BPF_ASSERT(thread.Start());
+
+ SandboxBPF sandbox;
+ sandbox.SetSandboxPolicy(new AllowAllPolicy());
+ BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED));
+}
+
+// http://crbug.com/407357
+#if !defined(THREAD_SANITIZER)
+SANDBOX_DEATH_TEST(
+ SandboxBPF,
+ StartSingleThreadedAsMultiThreaded,
+ DEATH_MESSAGE(
+ "Cannot start sandbox; process may be single-threaded when "
+ "reported as not")) {
+ SandboxBPF sandbox;
+ sandbox.SetSandboxPolicy(new AllowAllPolicy());
+ BPF_ASSERT(!sandbox.StartSandbox(SandboxBPF::PROCESS_MULTI_THREADED));
+}
+#endif // !defined(THREAD_SANITIZER)
+
+// A stub handler for the UnsafeTrap. Never called.
+intptr_t NoOpHandler(const struct arch_seccomp_data& args, void*) {
+ return -1;
+}
+
+class UnsafeTrapWithCondPolicy : public SandboxBPFDSLPolicy {
+ public:
+ UnsafeTrapWithCondPolicy() {}
+ virtual ~UnsafeTrapWithCondPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+ setenv(kSandboxDebuggingEnv, "t", 0);
+ Die::SuppressInfoMessages(true);
+
+ if (SandboxBPF::IsRequiredForUnsafeTrap(sysno))
+ return Allow();
+
+ switch (sysno) {
+ case __NR_uname: {
+ const Arg<uint32_t> arg(0);
+ return If(arg == 0, Allow()).Else(Error(EPERM));
+ }
+ case __NR_setgid: {
+ const Arg<uint32_t> arg(0);
+ return Switch(arg)
+ .Case(100, Error(ENOMEM))
+ .Case(200, Error(ENOSYS))
+ .Default(Error(EPERM));
+ }
+ case __NR_close:
+ case __NR_exit_group:
+ case __NR_write:
+ return Allow();
+ case __NR_getppid:
+ return UnsafeTrap(NoOpHandler, NULL);
+ default:
+ return Error(EPERM);
+ }
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(UnsafeTrapWithCondPolicy);
+};
+
+BPF_TEST_C(SandboxBPF, UnsafeTrapWithCond, UnsafeTrapWithCondPolicy) {
+ BPF_ASSERT_EQ(-1, syscall(__NR_uname, 0));
+ BPF_ASSERT_EQ(EFAULT, errno);
+
+ BPF_ASSERT_EQ(-1, syscall(__NR_uname, 1));
+ BPF_ASSERT_EQ(EPERM, errno);
+
+ BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 100));
+ BPF_ASSERT_EQ(ENOMEM, errno);
+
+ BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 200));
+ BPF_ASSERT_EQ(ENOSYS, errno);
+
+ BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300));
+ BPF_ASSERT_EQ(EPERM, errno);
+}
+
} // namespace
+} // namespace bpf_dsl
} // namespace sandbox
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
index 560d94c..aab3478 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc
@@ -5,18 +5,21 @@
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
#include <errno.h>
+#include <fcntl.h>
#include <netinet/in.h>
#include <sys/socket.h>
+#include <sys/syscall.h>
#include <sys/utsname.h>
+#include <unistd.h>
+#include "base/files/scoped_file.h"
#include "base/macros.h"
#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
-using namespace sandbox::bpf_dsl;
+#define CASES SANDBOX_BPF_DSL_CASES
// Helper macro to assert that invoking system call |sys| directly via
// Syscall::Call with arguments |...| returns |res|.
@@ -25,6 +28,7 @@
BPF_ASSERT_EQ(res, Stubs::sys(__VA_ARGS__))
namespace sandbox {
+namespace bpf_dsl {
namespace {
// Type safe stubs for tested system calls.
@@ -33,6 +37,13 @@
static int getpgid(pid_t pid) { return Syscall::Call(__NR_getpgid, pid); }
static int setuid(uid_t uid) { return Syscall::Call(__NR_setuid, uid); }
static int setgid(gid_t gid) { return Syscall::Call(__NR_setgid, gid); }
+ static int setpgid(pid_t pid, pid_t pgid) {
+ return Syscall::Call(__NR_setpgid, pid, pgid);
+ }
+
+ static int fcntl(int fd, int cmd, unsigned long arg = 0) {
+ return Syscall::Call(__NR_fcntl, fd, cmd, arg);
+ }
static int uname(struct utsname* buf) {
return Syscall::Call(__NR_uname, buf);
@@ -58,6 +69,10 @@
const Arg<pid_t> pid(0);
return If(pid == 0, Error(EPERM)).Else(Error(EINVAL));
}
+ if (sysno == __NR_setuid) {
+ const Arg<uid_t> uid(0);
+ return If(uid != 42, Error(ESRCH)).Else(Error(ENOMEM));
+ }
return Allow();
}
@@ -68,6 +83,9 @@
BPF_TEST_C(BPFDSL, Basic, BasicPolicy) {
ASSERT_SYSCALL_RESULT(-EPERM, getpgid, 0);
ASSERT_SYSCALL_RESULT(-EINVAL, getpgid, 1);
+
+ ASSERT_SYSCALL_RESULT(-ENOMEM, setuid, 42);
+ ASSERT_SYSCALL_RESULT(-ESRCH, setuid, 43);
}
/* On IA-32, socketpair() is implemented via socketcall(). :-( */
@@ -213,6 +231,10 @@
const Arg<gid_t> gid(0);
return If((gid & 0xf0) == 0xf0, Error(EINVAL)).Else(Error(EACCES));
}
+ if (sysno == __NR_setpgid) {
+ const Arg<pid_t> pid(0);
+ return If((pid & 0xa5) == 0xa0, Error(EINVAL)).Else(Error(EACCES));
+ }
return Allow();
}
@@ -230,6 +252,11 @@
const int expect_errno = (gid & 0xf0) == 0xf0 ? EINVAL : EACCES;
ASSERT_SYSCALL_RESULT(-expect_errno, setgid, gid);
}
+
+ for (pid_t pid = 0; pid < 0x100; ++pid) {
+ const int expect_errno = (pid & 0xa5) == 0xa0 ? EINVAL : EACCES;
+ ASSERT_SYSCALL_RESULT(-expect_errno, setpgid, pid, 0);
+ }
}
class ElseIfPolicy : public SandboxBPFDSLPolicy {
@@ -264,5 +291,42 @@
ASSERT_SYSCALL_RESULT(-EACCES, setuid, 0x0222);
}
+class SwitchPolicy : public SandboxBPFDSLPolicy {
+ public:
+ SwitchPolicy() {}
+ virtual ~SwitchPolicy() {}
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ if (sysno == __NR_fcntl) {
+ const Arg<int> cmd(1);
+ const Arg<unsigned long> long_arg(2);
+ return Switch(cmd)
+ .CASES((F_GETFL, F_GETFD), Error(ENOENT))
+ .Case(F_SETFD, If(long_arg == O_CLOEXEC, Allow()).Else(Error(EINVAL)))
+ .Case(F_SETFL, Error(EPERM))
+ .Default(Error(EACCES));
+ }
+ return Allow();
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(SwitchPolicy);
+};
+
+BPF_TEST_C(BPFDSL, SwitchTest, SwitchPolicy) {
+ base::ScopedFD sock_fd(socket(AF_UNIX, SOCK_STREAM, 0));
+ BPF_ASSERT(sock_fd.is_valid());
+
+ ASSERT_SYSCALL_RESULT(-ENOENT, fcntl, sock_fd.get(), F_GETFD);
+ ASSERT_SYSCALL_RESULT(-ENOENT, fcntl, sock_fd.get(), F_GETFL);
+
+ ASSERT_SYSCALL_RESULT(0, fcntl, sock_fd.get(), F_SETFD, O_CLOEXEC);
+ ASSERT_SYSCALL_RESULT(-EINVAL, fcntl, sock_fd.get(), F_SETFD, 0);
+
+ ASSERT_SYSCALL_RESULT(-EPERM, fcntl, sock_fd.get(), F_SETFL, O_RDONLY);
+
+ ASSERT_SYSCALL_RESULT(-EACCES, fcntl, sock_fd.get(), F_DUPFD, 0);
+}
+
} // namespace
+} // namespace bpf_dsl
} // namespace sandbox
diff --git a/sandbox/linux/bpf_dsl/cons_unittest.cc b/sandbox/linux/bpf_dsl/cons_unittest.cc
index 790cae0..571e767 100644
--- a/sandbox/linux/bpf_dsl/cons_unittest.cc
+++ b/sandbox/linux/bpf_dsl/cons_unittest.cc
@@ -13,7 +13,7 @@
std::string Join(Cons<char>::List char_list) {
std::string res;
- for (Cons<char>::List it = char_list; it; it = it->tail()) {
+ for (Cons<char>::List it = char_list; it.get(); it = it->tail()) {
res.push_back(it->head());
}
return res;
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index 99499d9..adcfd3f 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -133,7 +133,6 @@
'seccomp-bpf/linux_seccomp.h',
'seccomp-bpf/sandbox_bpf.cc',
'seccomp-bpf/sandbox_bpf.h',
- 'seccomp-bpf/sandbox_bpf_compatibility_policy.h',
'seccomp-bpf/sandbox_bpf_policy.cc',
'seccomp-bpf/sandbox_bpf_policy.h',
'seccomp-bpf/syscall.cc',
@@ -181,34 +180,12 @@
],
},
{
- # A demonstration program for the seccomp-bpf sandbox.
- 'target_name': 'seccomp_bpf_demo',
- 'conditions': [
- ['compile_seccomp_bpf_demo==1', {
- 'type': 'executable',
- 'sources': [
- 'seccomp-bpf/demo.cc',
- ],
- 'dependencies': [
- 'seccomp_bpf',
- ],
- }, {
- 'type': 'none',
- }],
- ],
- 'include_dirs': [
- '../../',
- ],
- },
- {
# The setuid sandbox, for Linux
'target_name': 'chrome_sandbox',
'type': 'executable',
'sources': [
'suid/common/sandbox.h',
'suid/common/suid_unsafe_environment_variables.h',
- 'suid/linux_util.c',
- 'suid/linux_util.h',
'suid/process_util.h',
'suid/process_util_linux.c',
'suid/sandbox.c',
@@ -268,11 +245,13 @@
'type': 'none',
'sources': [
'services/android_arm_ucontext.h',
+ 'services/android_arm64_ucontext.h',
'services/android_futex.h',
'services/android_ucontext.h',
'services/android_i386_ucontext.h',
'services/android_mips_ucontext.h',
'services/arm_linux_syscalls.h',
+ 'services/arm64_linux_syscalls.h',
'services/mips_linux_syscalls.h',
'services/linux_syscalls.h',
'services/x86_32_linux_syscalls.h',
diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi
index c2f365b..3bab067 100644
--- a/sandbox/linux/sandbox_linux_test_sources.gypi
+++ b/sandbox/linux/sandbox_linux_test_sources.gypi
@@ -34,13 +34,14 @@
}],
[ 'use_seccomp_bpf==1', {
'sources': [
+ 'bpf_dsl/bpf_dsl_more_unittest.cc',
'bpf_dsl/bpf_dsl_unittest.cc',
'bpf_dsl/cons_unittest.cc',
'seccomp-bpf-helpers/baseline_policy_unittest.cc',
+ 'seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc',
'seccomp-bpf/bpf_tests_unittest.cc',
'seccomp-bpf/codegen_unittest.cc',
'seccomp-bpf/errorcode_unittest.cc',
- 'seccomp-bpf/sandbox_bpf_unittest.cc',
'seccomp-bpf/syscall_iterator_unittest.cc',
'seccomp-bpf/syscall_unittest.cc',
],
diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
index d4b2611..01e1fe2 100644
--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
+++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
@@ -2,4 +2,5 @@
"+sandbox/linux/bpf_dsl",
"+sandbox/linux/services",
"+sandbox/linux/seccomp-bpf",
+ "+third_party/lss/linux_syscall_support.h",
]
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 1a6bec5..aa347de 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -120,6 +120,16 @@
return Allow();
}
+#if defined(OS_ANDROID)
+ // Needed for thread creation.
+ if (sysno == __NR_sigaltstack)
+ return Allow();
+#endif
+
+ if (sysno == __NR_clock_gettime) {
+ return RestrictClockID();
+ }
+
if (sysno == __NR_clone) {
return RestrictCloneToThreadsAndEPERMFork();
}
@@ -132,22 +142,31 @@
return RestrictFcntlCommands();
#endif
+#if !defined(__aarch64__)
// fork() is never used as a system call (clone() is used instead), but we
// have seen it in fallback code on Android.
if (sysno == __NR_fork) {
return Error(EPERM);
}
+#endif
if (sysno == __NR_futex)
return RestrictFutex();
+ if (sysno == __NR_set_robust_list)
+ return Error(EPERM);
+
+ if (sysno == __NR_getpriority || sysno ==__NR_setpriority)
+ return RestrictGetSetpriority(current_pid);
+
if (sysno == __NR_madvise) {
// Only allow MADV_DONTNEED (aka MADV_FREE).
const Arg<int> advice(2);
return If(advice == MADV_DONTNEED, Allow()).Else(Error(EPERM));
}
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
if (sysno == __NR_mmap)
return RestrictMmapFlags();
#endif
@@ -161,9 +180,10 @@
return RestrictMprotectFlags();
if (sysno == __NR_prctl)
- return sandbox::RestrictPrctl();
+ return RestrictPrctl();
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
if (sysno == __NR_socketpair) {
// Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
COMPILE_ASSERT(AF_UNIX == PF_UNIX, af_unix_pf_unix_different);
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
index d1899c3..a71975b 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
@@ -5,17 +5,20 @@
#include "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
#include <errno.h>
+#include <fcntl.h>
#include <linux/futex.h>
#include <sched.h>
#include <signal.h>
#include <string.h>
#include <sys/prctl.h>
+#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <time.h>
#include <unistd.h>
#include "base/files/scoped_file.h"
@@ -27,6 +30,7 @@
#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
+#include "sandbox/linux/services/android_futex.h"
#include "sandbox/linux/services/linux_syscalls.h"
#include "sandbox/linux/services/thread_helpers.h"
#include "sandbox/linux/tests/unit_tests.h"
@@ -176,7 +180,7 @@
}
// Not all architectures can restrict the domain for socketpair().
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
BPF_DEATH_TEST_C(BaselinePolicy,
SocketpairWrongDomain,
DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
@@ -185,7 +189,7 @@
ignore_result(socketpair(AF_INET, SOCK_STREAM, 0, sv));
_exit(1);
}
-#endif // defined(__x86_64__) || defined(__arm__)
+#endif // defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
BPF_TEST_C(BaselinePolicy, EPERM_open, BaselinePolicy) {
errno = 0;
@@ -231,31 +235,33 @@
_exit(1); \
}
-TEST_BASELINE_SIGSYS(__NR_syslog);
-TEST_BASELINE_SIGSYS(__NR_sched_setaffinity);
-TEST_BASELINE_SIGSYS(__NR_timer_create);
-TEST_BASELINE_SIGSYS(__NR_io_cancel);
-TEST_BASELINE_SIGSYS(__NR_ptrace);
-TEST_BASELINE_SIGSYS(__NR_eventfd);
-TEST_BASELINE_SIGSYS(__NR_fgetxattr);
-TEST_BASELINE_SIGSYS(__NR_fanotify_init);
-TEST_BASELINE_SIGSYS(__NR_swapon);
-TEST_BASELINE_SIGSYS(__NR_chroot);
TEST_BASELINE_SIGSYS(__NR_acct);
-TEST_BASELINE_SIGSYS(__NR_sysinfo);
-TEST_BASELINE_SIGSYS(__NR_inotify_init);
+TEST_BASELINE_SIGSYS(__NR_chroot);
+TEST_BASELINE_SIGSYS(__NR_fanotify_init);
+TEST_BASELINE_SIGSYS(__NR_fgetxattr);
+TEST_BASELINE_SIGSYS(__NR_getcpu);
+TEST_BASELINE_SIGSYS(__NR_getitimer);
TEST_BASELINE_SIGSYS(__NR_init_module);
+TEST_BASELINE_SIGSYS(__NR_io_cancel);
TEST_BASELINE_SIGSYS(__NR_keyctl);
TEST_BASELINE_SIGSYS(__NR_mq_open);
-TEST_BASELINE_SIGSYS(__NR_vserver);
-TEST_BASELINE_SIGSYS(__NR_getcpu);
+TEST_BASELINE_SIGSYS(__NR_ptrace);
+TEST_BASELINE_SIGSYS(__NR_sched_setaffinity);
TEST_BASELINE_SIGSYS(__NR_setpgid);
-TEST_BASELINE_SIGSYS(__NR_getitimer);
+TEST_BASELINE_SIGSYS(__NR_swapon);
+TEST_BASELINE_SIGSYS(__NR_sysinfo);
+TEST_BASELINE_SIGSYS(__NR_syslog);
+TEST_BASELINE_SIGSYS(__NR_timer_create);
-#if !defined(OS_ANDROID)
+#if !defined(__aarch64__)
+TEST_BASELINE_SIGSYS(__NR_eventfd);
+TEST_BASELINE_SIGSYS(__NR_inotify_init);
+TEST_BASELINE_SIGSYS(__NR_vserver);
+#endif
+
BPF_DEATH_TEST_C(BaselinePolicy,
FutexWithRequeuePriorityInheritence,
- DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),
+ DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()),
BaselinePolicy) {
syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI, 0, NULL, NULL, 0);
_exit(1);
@@ -263,12 +269,19 @@
BPF_DEATH_TEST_C(BaselinePolicy,
FutexWithRequeuePriorityInheritencePrivate,
- DEATH_MESSAGE(GetFutexErrorMessageContentForTests()),
+ DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()),
BaselinePolicy) {
syscall(__NR_futex, NULL, FUTEX_CMP_REQUEUE_PI_PRIVATE, 0, NULL, NULL, 0);
_exit(1);
}
-#endif // !defined(OS_ANDROID)
+
+BPF_DEATH_TEST_C(BaselinePolicy,
+ FutexWithUnlockPIPrivate,
+ DEATH_SEGV_MESSAGE(GetFutexErrorMessageContentForTests()),
+ BaselinePolicy) {
+ syscall(__NR_futex, NULL, FUTEX_UNLOCK_PI_PRIVATE, 0, NULL, NULL, 0);
+ _exit(1);
+}
BPF_TEST_C(BaselinePolicy, PrctlDumpable, BaselinePolicy) {
const int is_dumpable = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);
@@ -290,6 +303,49 @@
_exit(1);
}
+BPF_TEST_C(BaselinePolicy, GetOrSetPriority, BaselinePolicy) {
+ errno = 0;
+ const int original_prio = getpriority(PRIO_PROCESS, 0);
+ // Check errno instead of the return value since this system call can return
+ // -1 as a valid value.
+ BPF_ASSERT_EQ(0, errno);
+
+ errno = 0;
+ int rc = getpriority(PRIO_PROCESS, getpid());
+ BPF_ASSERT_EQ(0, errno);
+
+ rc = getpriority(PRIO_PROCESS, getpid() + 1);
+ BPF_ASSERT_EQ(-1, rc);
+ BPF_ASSERT_EQ(EPERM, errno);
+
+ rc = setpriority(PRIO_PROCESS, 0, original_prio);
+ BPF_ASSERT_EQ(0, rc);
+
+ rc = setpriority(PRIO_PROCESS, getpid(), original_prio);
+ BPF_ASSERT_EQ(0, rc);
+
+ errno = 0;
+ rc = setpriority(PRIO_PROCESS, getpid() + 1, original_prio);
+ BPF_ASSERT_EQ(-1, rc);
+ BPF_ASSERT_EQ(EPERM, errno);
+}
+
+BPF_DEATH_TEST_C(BaselinePolicy,
+ GetPrioritySigsys,
+ DEATH_SEGV_MESSAGE(GetErrorMessageContentForTests()),
+ BaselinePolicy) {
+ getpriority(PRIO_USER, 0);
+ _exit(1);
+}
+
+BPF_DEATH_TEST_C(BaselinePolicy,
+ ClockGettimeWithDisallowedClockCrashes,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ BaselinePolicy) {
+ struct timespec ts;
+ clock_gettime(CLOCK_MONOTONIC_RAW, &ts);
+}
+
} // namespace
} // namespace sandbox
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
index 85d3f70..26a1563 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -6,12 +6,21 @@
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+#include <sys/syscall.h>
#include <unistd.h>
#include "base/basictypes.h"
+#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/syscall.h"
+#include "sandbox/linux/services/linux_syscalls.h"
+
+#if defined(__mips__)
+// __NR_Linux, is defined in <asm/unistd.h>.
+#include <asm/unistd.h>
+#endif
#define SECCOMP_MESSAGE_COMMON_CONTENT "seccomp-bpf failure"
#define SECCOMP_MESSAGE_CLONE_CONTENT "clone() failure"
@@ -201,6 +210,40 @@
_exit(1);
}
+intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
+ void* aux) {
+ switch (args.nr) {
+ case __NR_sched_getaffinity:
+ case __NR_sched_getattr:
+ case __NR_sched_getparam:
+ case __NR_sched_getscheduler:
+ case __NR_sched_rr_get_interval:
+ case __NR_sched_setaffinity:
+ case __NR_sched_setattr:
+ case __NR_sched_setparam:
+ case __NR_sched_setscheduler:
+ const pid_t tid = syscall(__NR_gettid);
+ // The first argument is the pid. If is our thread id, then replace it
+ // with 0, which is equivalent and allowed by the policy.
+ if (args.args[0] == static_cast<uint64_t>(tid)) {
+ return Syscall::Call(args.nr,
+ 0,
+ static_cast<intptr_t>(args.args[1]),
+ static_cast<intptr_t>(args.args[2]),
+ static_cast<intptr_t>(args.args[3]),
+ static_cast<intptr_t>(args.args[4]),
+ static_cast<intptr_t>(args.args[5]));
+ }
+ break;
+ }
+
+ CrashSIGSYS_Handler(args, aux);
+
+ // Should never be reached.
+ RAW_CHECK(false);
+ return -ENOSYS;
+}
+
bpf_dsl::ResultExpr CrashSIGSYS() {
return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
}
@@ -225,6 +268,10 @@
return bpf_dsl::Trap(SIGSYSFutexFailure, NULL);
}
+bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+}
+
const char* GetErrorMessageContentForTests() {
return SECCOMP_MESSAGE_COMMON_CONTENT;
}
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
index 4e855c5..31f3020 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
@@ -47,6 +47,16 @@
// argument.
SANDBOX_EXPORT intptr_t
SIGSYSFutexFailure(const struct arch_seccomp_data& args, void* aux);
+// If the syscall is not being called on the current tid, crashes in the same
+// way as CrashSIGSYS_Handler. Otherwise, returns the result of calling the
+// syscall with the pid argument set to 0 (which for these calls means the
+// current thread). The following syscalls are supported:
+//
+// sched_getaffinity(), sched_getattr(), sched_getparam(), sched_getscheduler(),
+// sched_rr_get_interval(), sched_setaffinity(), sched_setattr(),
+// sched_setparam(), sched_setscheduler()
+SANDBOX_EXPORT intptr_t
+ SIGSYSSchedHandler(const struct arch_seccomp_data& args, void* aux);
// Variants of the above functions for use with bpf_dsl.
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
@@ -55,6 +65,7 @@
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSIoctl();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
// Following four functions return substrings of error messages used
// in the above four functions. They are useful in death tests.
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 2f75785..de59dd8 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -14,24 +14,32 @@
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/prctl.h>
+#include <sys/resource.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <sys/types.h>
+#include <time.h>
#include <unistd.h>
#include "base/basictypes.h"
#include "base/logging.h"
#include "base/macros.h"
+#include "base/time/time.h"
#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/services/android_futex.h"
+#include "sandbox/linux/services/linux_syscalls.h"
#if defined(OS_ANDROID)
+
+#include "sandbox/linux/services/android_futex.h"
+
#if !defined(F_DUPFD_CLOEXEC)
#define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6)
#endif
-#endif
+
+#endif // defined(OS_ANDROID)
#if defined(__arm__) && !defined(MAP_STACK)
#define MAP_STACK 0x20000 // Daisy build environment has old headers.
@@ -76,6 +84,8 @@
} // namespace.
+#define CASES SANDBOX_BPF_DSL_CASES
+
using sandbox::bpf_dsl::Allow;
using sandbox::bpf_dsl::Arg;
using sandbox::bpf_dsl::BoolExpr;
@@ -83,11 +93,6 @@
using sandbox::bpf_dsl::If;
using sandbox::bpf_dsl::ResultExpr;
-// TODO(mdempsky): Make BoolExpr a standalone class so these operators can
-// be resolved via argument-dependent lookup.
-using sandbox::bpf_dsl::operator||;
-using sandbox::bpf_dsl::operator&&;
-
namespace sandbox {
// Allow Glibc's and Android pthread creation flags, crash on any other
@@ -120,15 +125,16 @@
// Will need to add seccomp compositing in the future. PR_SET_PTRACER is
// used by breakpad but not needed anymore.
const Arg<int> option(0);
- return If(option == PR_GET_NAME || option == PR_SET_NAME ||
- option == PR_GET_DUMPABLE || option == PR_SET_DUMPABLE,
- Allow()).Else(CrashSIGSYSPrctl());
+ return Switch(option)
+ .CASES((PR_GET_NAME, PR_SET_NAME, PR_GET_DUMPABLE, PR_SET_DUMPABLE),
+ Allow())
+ .Default(CrashSIGSYSPrctl());
}
ResultExpr RestrictIoctl() {
const Arg<int> request(1);
- return If(request == TCGETS || request == FIONREAD, Allow())
- .Else(CrashSIGSYSIoctl());
+ return Switch(request).CASES((TCGETS, FIONREAD), Allow()).Default(
+ CrashSIGSYSIoctl());
}
ResultExpr RestrictMmapFlags() {
@@ -137,11 +143,11 @@
// Significantly, we don't permit MAP_HUGETLB, or the newer flags such as
// MAP_POPULATE.
// TODO(davidung), remove MAP_DENYWRITE with updated Tegra libraries.
- const uint32_t denied_mask =
- ~(MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK | MAP_NORESERVE |
- MAP_FIXED | MAP_DENYWRITE);
+ const uint64_t kAllowedMask = MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS |
+ MAP_STACK | MAP_NORESERVE | MAP_FIXED |
+ MAP_DENYWRITE;
const Arg<int> flags(3);
- return If((flags & denied_mask) == 0, Allow()).Else(CrashSIGSYS());
+ return If((flags & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS());
}
ResultExpr RestrictMprotectFlags() {
@@ -149,9 +155,9 @@
// "denied" mask because of the negation operator.
// Significantly, we don't permit weird undocumented flags such as
// PROT_GROWSDOWN.
- const uint32_t denied_mask = ~(PROT_READ | PROT_WRITE | PROT_EXEC);
+ const uint64_t kAllowedMask = PROT_READ | PROT_WRITE | PROT_EXEC;
const Arg<int> prot(2);
- return If((prot & denied_mask) == 0, Allow()).Else(CrashSIGSYS());
+ return If((prot & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS());
}
ResultExpr RestrictFcntlCommands() {
@@ -160,20 +166,28 @@
// allowed ones, and the variable is a "denied" mask because of the negation
// operator.
// Glibc overrides the kernel's O_LARGEFILE value. Account for this.
- int kOLargeFileFlag = O_LARGEFILE;
+ uint64_t kOLargeFileFlag = O_LARGEFILE;
if (IsArchitectureX86_64() || IsArchitectureI386() || IsArchitectureMips())
kOLargeFileFlag = 0100000;
const Arg<int> cmd(1);
const Arg<long> long_arg(2);
- unsigned long denied_mask = ~(O_ACCMODE | O_APPEND | O_NONBLOCK | O_SYNC |
- kOLargeFileFlag | O_CLOEXEC | O_NOATIME);
- return If(cmd == F_GETFL || cmd == F_GETFD || cmd == F_SETFD ||
- cmd == F_SETLK || cmd == F_SETLKW || cmd == F_GETLK ||
- cmd == F_DUPFD || cmd == F_DUPFD_CLOEXEC ||
- (cmd == F_SETFL && (long_arg & denied_mask) == 0),
- Allow()).Else(CrashSIGSYS());
+ const uint64_t kAllowedMask = O_ACCMODE | O_APPEND | O_NONBLOCK | O_SYNC |
+ kOLargeFileFlag | O_CLOEXEC | O_NOATIME;
+ return Switch(cmd)
+ .CASES((F_GETFL,
+ F_GETFD,
+ F_SETFD,
+ F_SETLK,
+ F_SETLKW,
+ F_GETLK,
+ F_DUPFD,
+ F_DUPFD_CLOEXEC),
+ Allow())
+ .Case(F_SETFL,
+ If((long_arg & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS()))
+ .Default(CrashSIGSYS());
}
#if defined(__i386__) || defined(__mips__)
@@ -183,11 +197,17 @@
// few protocols actually support socketpair(2). The scary call that we're
// worried about, socket(2), remains blocked.
const Arg<int> call(0);
- return If(call == SYS_SOCKETPAIR || call == SYS_SHUTDOWN ||
- call == SYS_RECV || call == SYS_SEND ||
- call == SYS_RECVFROM || call == SYS_SENDTO ||
- call == SYS_RECVMSG || call == SYS_SENDMSG,
- Allow()).Else(Error(EPERM));
+ return Switch(call)
+ .CASES((SYS_SOCKETPAIR,
+ SYS_SHUTDOWN,
+ SYS_RECV,
+ SYS_SEND,
+ SYS_RECVFROM,
+ SYS_SENDTO,
+ SYS_RECVMSG,
+ SYS_SENDMSG),
+ Allow())
+ .Default(Error(EPERM));
}
#endif
@@ -207,19 +227,63 @@
}
ResultExpr RestrictFutex() {
- // In futex.c, the kernel does "int cmd = op & FUTEX_CMD_MASK;". We need to
- // make sure that the combination below will cover every way to get
- // FUTEX_CMP_REQUEUE_PI.
- const int kBannedFutexBits =
- ~(FUTEX_CMD_MASK | FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME);
- COMPILE_ASSERT(0 == kBannedFutexBits,
- need_to_explicitly_blacklist_more_bits);
-
+ const uint64_t kAllowedFutexFlags = FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME;
const Arg<int> op(1);
- return If(op == FUTEX_CMP_REQUEUE_PI || op == FUTEX_CMP_REQUEUE_PI_PRIVATE ||
- op == (FUTEX_CMP_REQUEUE_PI | FUTEX_CLOCK_REALTIME) ||
- op == (FUTEX_CMP_REQUEUE_PI_PRIVATE | FUTEX_CLOCK_REALTIME),
- CrashSIGSYSFutex()).Else(Allow());
+ return Switch(op & ~kAllowedFutexFlags)
+ .CASES((FUTEX_WAIT,
+ FUTEX_WAKE,
+ FUTEX_REQUEUE,
+ FUTEX_CMP_REQUEUE,
+ FUTEX_WAKE_OP,
+ FUTEX_WAIT_BITSET,
+ FUTEX_WAKE_BITSET),
+ Allow())
+ .Default(CrashSIGSYSFutex());
}
+ResultExpr RestrictGetSetpriority(pid_t target_pid) {
+ const Arg<int> which(0);
+ const Arg<int> who(1);
+ return If(which == PRIO_PROCESS,
+ If(who == 0 || who == target_pid, Allow()).Else(Error(EPERM)))
+ .Else(CrashSIGSYS());
+}
+
+ResultExpr RestrictClockID() {
+ COMPILE_ASSERT(4 == sizeof(clockid_t), clockid_is_not_32bit);
+ const Arg<clockid_t> clockid(0);
+ return If(
+#if defined(OS_CHROMEOS)
+ // Allow the special clock for Chrome OS used by Chrome tracing.
+ clockid == base::TimeTicks::kClockSystemTrace ||
+#endif
+ clockid == CLOCK_MONOTONIC ||
+ clockid == CLOCK_PROCESS_CPUTIME_ID ||
+ clockid == CLOCK_REALTIME ||
+ clockid == CLOCK_THREAD_CPUTIME_ID,
+ Allow()).Else(CrashSIGSYS());
+}
+
+ResultExpr RestrictSchedTarget(pid_t target_pid, int sysno) {
+ switch (sysno) {
+ case __NR_sched_getaffinity:
+ case __NR_sched_getattr:
+ case __NR_sched_getparam:
+ case __NR_sched_getscheduler:
+ case __NR_sched_rr_get_interval:
+ case __NR_sched_setaffinity:
+ case __NR_sched_setattr:
+ case __NR_sched_setparam:
+ case __NR_sched_setscheduler: {
+ const Arg<pid_t> pid(0);
+ return If(pid == 0 || pid == target_pid, Allow())
+ .Else(RewriteSchedSIGSYS());
+ }
+ default:
+ NOTREACHED();
+ return CrashSIGSYS();
+ }
+}
+
+
} // namespace sandbox.
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
index 5bcdde1..a71e611 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h
@@ -62,6 +62,30 @@
// Crash if FUTEX_CMP_REQUEUE_PI is used in the second argument of futex(2).
bpf_dsl::ResultExpr RestrictFutex();
+// Crash if |which| is not PRIO_PROCESS. EPERM if |who| is not 0, neither
+// |target_pid| while calling setpriority(2) / getpriority(2).
+bpf_dsl::ResultExpr RestrictGetSetpriority(pid_t target_pid);
+
+// Restrict |clk_id| for clock_getres(), clock_gettime() and clock_settime().
+// We allow accessing only CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID,
+// CLOCK_REALTIME, and CLOCK_THREAD_CPUTIME_ID. In particular, this disallows
+// access to arbitrary per-{process,thread} CPU-time clock IDs (such as those
+// returned by {clock,pthread}_getcpuclockid), which can leak information
+// about the state of the host OS.
+// On Chrome OS, base::TimeTicks::kClockSystemTrace is also allowed.
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictClockID();
+
+// Restricts |pid| for sched_* syscalls which take a pid as the first argument.
+// We only allow calling these syscalls if the pid argument is equal to the pid
+// of the sandboxed process or 0 (indicating the current thread). The following
+// syscalls are supported:
+//
+// sched_getaffinity(), sched_getattr(), sched_getparam(), sched_getscheduler(),
+// sched_rr_get_interval(), sched_setaffinity(), sched_setattr(),
+// sched_setparam(), sched_setscheduler()
+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictSchedTarget(pid_t target_pid,
+ int sysno);
+
} // namespace sandbox.
#endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_SYSCALL_PARAMETERS_RESTRICTIONS_H_
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
new file mode 100644
index 0000000..be90eb5
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -0,0 +1,214 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
+
+#include <errno.h>
+#include <sched.h>
+#include <sys/syscall.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "base/bind.h"
+#include "base/synchronization/waitable_event.h"
+#include "base/sys_info.h"
+#include "base/threading/thread.h"
+#include "base/time/time.h"
+#include "build/build_config.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+#include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+#include "sandbox/linux/seccomp-bpf/syscall.h"
+#include "sandbox/linux/services/linux_syscalls.h"
+#include "sandbox/linux/tests/unit_tests.h"
+
+#if !defined(OS_ANDROID)
+#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+#endif
+
+namespace sandbox {
+
+namespace {
+
+// NOTE: most of the parameter restrictions are tested in
+// baseline_policy_unittest.cc as a more end-to-end test.
+
+using sandbox::bpf_dsl::Allow;
+using sandbox::bpf_dsl::ResultExpr;
+using sandbox::bpf_dsl::SandboxBPFDSLPolicy;
+
+class RestrictClockIdPolicy : public SandboxBPFDSLPolicy {
+ public:
+ RestrictClockIdPolicy() {}
+ virtual ~RestrictClockIdPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ switch (sysno) {
+ case __NR_clock_gettime:
+ case __NR_clock_getres:
+ return RestrictClockID();
+ default:
+ return Allow();
+ }
+ }
+};
+
+void CheckClock(clockid_t clockid) {
+ struct timespec ts;
+ ts.tv_sec = ts.tv_nsec = -1;
+ BPF_ASSERT_EQ(0, clock_gettime(clockid, &ts));
+ BPF_ASSERT_LE(0, ts.tv_sec);
+ BPF_ASSERT_LE(0, ts.tv_nsec);
+}
+
+BPF_TEST_C(ParameterRestrictions,
+ clock_gettime_allowed,
+ RestrictClockIdPolicy) {
+ CheckClock(CLOCK_MONOTONIC);
+ CheckClock(CLOCK_PROCESS_CPUTIME_ID);
+ CheckClock(CLOCK_REALTIME);
+ CheckClock(CLOCK_THREAD_CPUTIME_ID);
+}
+
+BPF_DEATH_TEST_C(ParameterRestrictions,
+ clock_gettime_crash_monotonic_raw,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ RestrictClockIdPolicy) {
+ struct timespec ts;
+ clock_gettime(CLOCK_MONOTONIC_RAW, &ts);
+}
+
+#if defined(OS_CHROMEOS)
+
+// A custom BPF tester delegate to run IsRunningOnChromeOS() before
+// the sandbox is enabled because we cannot run it with non-SFI BPF
+// sandbox enabled.
+class ClockSystemTesterDelegate : public sandbox::BPFTesterDelegate {
+ public:
+ ClockSystemTesterDelegate()
+ : is_running_on_chromeos_(base::SysInfo::IsRunningOnChromeOS()) {}
+ virtual ~ClockSystemTesterDelegate() {}
+
+ virtual scoped_ptr<sandbox::SandboxBPFPolicy> GetSandboxBPFPolicy() OVERRIDE {
+ return scoped_ptr<sandbox::SandboxBPFPolicy>(
+ new RestrictClockIdPolicy());
+ }
+ virtual void RunTestFunction() OVERRIDE {
+ if (is_running_on_chromeos_) {
+ CheckClock(base::TimeTicks::kClockSystemTrace);
+ } else {
+ struct timespec ts;
+ // kClockSystemTrace is 11, which is CLOCK_THREAD_CPUTIME_ID of
+ // the init process (pid=1). If kernel supports this feature,
+ // this may succeed even if this is not running on Chrome OS. We
+ // just check this clock_gettime call does not crash.
+ clock_gettime(base::TimeTicks::kClockSystemTrace, &ts);
+ }
+ }
+
+ private:
+ const bool is_running_on_chromeos_;
+ DISALLOW_COPY_AND_ASSIGN(ClockSystemTesterDelegate);
+};
+
+BPF_TEST_D(BPFTest, BPFTestWithDelegateClass, ClockSystemTesterDelegate);
+
+#elif defined(OS_LINUX)
+
+BPF_DEATH_TEST_C(ParameterRestrictions,
+ clock_gettime_crash_system_trace,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ RestrictClockIdPolicy) {
+ struct timespec ts;
+ clock_gettime(base::TimeTicks::kClockSystemTrace, &ts);
+}
+
+#endif // defined(OS_CHROMEOS)
+
+#if !defined(OS_ANDROID)
+BPF_DEATH_TEST_C(ParameterRestrictions,
+ clock_gettime_crash_cpu_clock,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ RestrictClockIdPolicy) {
+ // We can't use clock_getcpuclockid() because it's not implemented in newlib,
+ // and it might not work inside the sandbox anyway.
+ const pid_t kInitPID = 1;
+ const clockid_t kInitCPUClockID =
+ MAKE_PROCESS_CPUCLOCK(kInitPID, CPUCLOCK_SCHED);
+
+ struct timespec ts;
+ clock_gettime(kInitCPUClockID, &ts);
+}
+#endif // !defined(OS_ANDROID)
+
+class RestrictSchedPolicy : public SandboxBPFDSLPolicy {
+ public:
+ RestrictSchedPolicy() {}
+ virtual ~RestrictSchedPolicy() {}
+
+ virtual ResultExpr EvaluateSyscall(int sysno) const OVERRIDE {
+ switch (sysno) {
+ case __NR_sched_getparam:
+ return RestrictSchedTarget(getpid(), sysno);
+ default:
+ return Allow();
+ }
+ }
+};
+
+void CheckSchedGetParam(pid_t pid, struct sched_param* param) {
+ BPF_ASSERT_EQ(0, sched_getparam(pid, param));
+}
+
+void SchedGetParamThread(base::WaitableEvent* thread_run) {
+ const pid_t pid = getpid();
+ const pid_t tid = syscall(__NR_gettid);
+ BPF_ASSERT_NE(pid, tid);
+
+ struct sched_param current_pid_param;
+ CheckSchedGetParam(pid, ¤t_pid_param);
+
+ struct sched_param zero_param;
+ CheckSchedGetParam(0, &zero_param);
+
+ struct sched_param tid_param;
+ CheckSchedGetParam(tid, &tid_param);
+
+ BPF_ASSERT_EQ(zero_param.sched_priority, tid_param.sched_priority);
+
+ // Verify that the SIGSYS handler sets errno properly.
+ errno = 0;
+ BPF_ASSERT_EQ(-1, sched_getparam(tid, NULL));
+ BPF_ASSERT_EQ(EINVAL, errno);
+
+ thread_run->Signal();
+}
+
+BPF_TEST_C(ParameterRestrictions,
+ sched_getparam_allowed,
+ RestrictSchedPolicy) {
+ base::WaitableEvent thread_run(true, false);
+ // Run the actual test in a new thread so that the current pid and tid are
+ // different.
+ base::Thread getparam_thread("sched_getparam_thread");
+ BPF_ASSERT(getparam_thread.Start());
+ getparam_thread.message_loop()->PostTask(
+ FROM_HERE, base::Bind(&SchedGetParamThread, &thread_run));
+ BPF_ASSERT(thread_run.TimedWait(base::TimeDelta::FromMilliseconds(5000)));
+ getparam_thread.Stop();
+}
+
+BPF_DEATH_TEST_C(ParameterRestrictions,
+ sched_getparam_crash_non_zero,
+ DEATH_SEGV_MESSAGE(sandbox::GetErrorMessageContentForTests()),
+ RestrictSchedPolicy) {
+ const pid_t kInitPID = 1;
+ struct sched_param param;
+ sched_getparam(kInitPID, ¶m);
+}
+
+} // namespace
+
+} // namespace sandbox
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index 1adc465..640be69 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -27,7 +27,6 @@
bool SyscallSets::IsAllowedGettime(int sysno) {
switch (sysno) {
- case __NR_clock_gettime:
case __NR_gettimeofday:
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
case __NR_time:
@@ -36,6 +35,7 @@
case __NR_adjtimex: // Privileged.
case __NR_clock_adjtime: // Privileged.
case __NR_clock_getres: // Could be allowed.
+ case __NR_clock_gettime:
case __NR_clock_nanosleep: // Could be allowed.
case __NR_clock_settime: // Privileged.
#if defined(__i386__) || defined(__mips__)
@@ -76,6 +76,7 @@
// Both EPERM and ENOENT are valid errno unless otherwise noted in comment.
bool SyscallSets::IsFileSystem(int sysno) {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR_access: // EPERM not a valid errno.
case __NR_chmod:
case __NR_chown:
@@ -83,49 +84,55 @@
case __NR_chown32:
#endif
case __NR_creat:
+ case __NR_futimesat: // Should be called utimesat ?
+ case __NR_lchown:
+ case __NR_link:
+ case __NR_lstat: // EPERM not a valid errno.
+ case __NR_mkdir:
+ case __NR_mknod:
+ case __NR_open:
+ case __NR_readlink: // EPERM not a valid errno.
+ case __NR_rename:
+ case __NR_rmdir:
+ case __NR_stat: // EPERM not a valid errno.
+ case __NR_symlink:
+ case __NR_unlink:
+ case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
+ case __NR_ustat: // Same as above. Deprecated.
+ case __NR_utimes:
+#endif // !defined(__aarch64__)
+
case __NR_execve:
case __NR_faccessat: // EPERM not a valid errno.
case __NR_fchmodat:
case __NR_fchownat: // Should be called chownat ?
-#if defined(__x86_64__)
+#if defined(__x86_64__) || defined(__aarch64__)
case __NR_newfstatat: // fstatat(). EPERM not a valid errno.
#elif defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_fstatat64:
#endif
- case __NR_futimesat: // Should be called utimesat ?
- case __NR_lchown:
#if defined(__i386__) || defined(__arm__)
case __NR_lchown32:
#endif
- case __NR_link:
case __NR_linkat:
case __NR_lookup_dcookie: // ENOENT not a valid errno.
- case __NR_lstat: // EPERM not a valid errno.
-#if defined(__i386__)
- case __NR_oldlstat:
-#endif
+
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_lstat64:
#endif
-#if !defined(__mips__)
+#if defined(__i386__) || defined(__arm__) || defined(__x86_64__)
case __NR_memfd_create:
#endif
- case __NR_mkdir:
case __NR_mkdirat:
- case __NR_mknod:
case __NR_mknodat:
- case __NR_open:
- case __NR_openat:
- case __NR_readlink: // EPERM not a valid errno.
- case __NR_readlinkat:
- case __NR_rename:
- case __NR_renameat:
- case __NR_renameat2:
- case __NR_rmdir:
- case __NR_stat: // EPERM not a valid errno.
#if defined(__i386__)
+ case __NR_oldlstat:
case __NR_oldstat:
#endif
+ case __NR_openat:
+ case __NR_readlinkat:
+ case __NR_renameat:
+ case __NR_renameat2:
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_stat64:
#endif
@@ -133,21 +140,16 @@
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_statfs64:
#endif
- case __NR_symlink:
case __NR_symlinkat:
case __NR_truncate:
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_truncate64:
#endif
- case __NR_unlink:
case __NR_unlinkat:
- case __NR_uselib: // Neither EPERM, nor ENOENT are valid errno.
- case __NR_ustat: // Same as above. Deprecated.
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
case __NR_utime:
#endif
case __NR_utimensat: // New.
- case __NR_utimes:
return true;
default:
return false;
@@ -181,7 +183,8 @@
#if defined(__i386__)
case __NR_oldfstat:
#endif
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_sync_file_range: // EPERM not a valid errno.
#elif defined(__arm__)
case __NR_arm_sync_file_range: // EPERM not a valid errno.
@@ -204,7 +207,9 @@
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_ftruncate64:
#endif
+#if !defined(__aarch64__)
case __NR_getdents: // EPERM not a valid errno.
+#endif
case __NR_getdents64: // EPERM not a valid errno.
#if defined(__i386__) || defined(__mips__)
case __NR_readdir:
@@ -280,7 +285,9 @@
bool SyscallSets::IsProcessGroupOrSession(int sysno) {
switch (sysno) {
case __NR_setpgid:
+#if !defined(__aarch64__)
case __NR_getpgrp:
+#endif
case __NR_setsid:
case __NR_getpgid:
return true;
@@ -306,7 +313,9 @@
case __NR_rt_sigtimedwait:
case __NR_rt_tgsigqueueinfo:
case __NR_sigaltstack:
+#if !defined(__aarch64__)
case __NR_signalfd:
+#endif
case __NR_signalfd4:
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_sigpending:
@@ -326,9 +335,12 @@
switch (sysno) {
case __NR_close:
case __NR_dup:
+#if !defined(__aarch64__)
case __NR_dup2:
+#endif
case __NR_dup3:
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_shutdown:
#endif
return true;
@@ -366,7 +378,9 @@
return true;
case __NR_clone: // Should be parameter-restricted.
case __NR_setns: // Privileged.
+#if !defined(__aarch64__)
case __NR_fork:
+#endif
#if defined(__i386__) || defined(__x86_64__)
case __NR_get_thread_area:
#endif
@@ -375,7 +389,7 @@
#endif
case __NR_set_tid_address:
case __NR_unshare:
-#if !defined(__mips__)
+#if !defined(__mips__) && !defined(__aarch64__)
case __NR_vfork:
#endif
default:
@@ -388,7 +402,6 @@
switch (sysno) {
case __NR_get_robust_list:
case __NR_set_robust_list:
- return true;
case __NR_futex:
default:
return false;
@@ -397,10 +410,12 @@
bool SyscallSets::IsAllowedEpoll(int sysno) {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR_epoll_create:
+ case __NR_epoll_wait:
+#endif
case __NR_epoll_create1:
case __NR_epoll_ctl:
- case __NR_epoll_wait:
return true;
default:
#if defined(__x86_64__)
@@ -416,11 +431,14 @@
bool SyscallSets::IsAllowedGetOrModifySocket(int sysno) {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR_pipe:
+#endif
case __NR_pipe2:
return true;
default:
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_socketpair: // We will want to inspect its argument.
#endif
return false;
@@ -429,7 +447,8 @@
bool SyscallSets::IsDeniedGetOrModifySocket(int sysno) {
switch (sysno) {
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_accept:
case __NR_accept4:
case __NR_bind:
@@ -479,7 +498,8 @@
case __NR_madvise:
case __NR_mincore:
case __NR_mlockall:
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_mmap:
#endif
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
@@ -509,7 +529,9 @@
#if defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR__llseek:
#endif
+#if !defined(__aarch64__)
case __NR_poll:
+#endif
case __NR_ppoll:
case __NR_pselect6:
case __NR_read:
@@ -517,7 +539,8 @@
#if defined(__arm__) || defined(__mips__)
case __NR_recv:
#endif
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_recvfrom: // Could specify source.
case __NR_recvmsg: // Could specify source.
#endif
@@ -530,7 +553,8 @@
#if defined(__arm__)
case __NR_send:
#endif
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_sendmsg: // Could specify destination.
case __NR_sendto: // Could specify destination.
#endif
@@ -580,7 +604,9 @@
bool SyscallSets::IsAllowedBasicScheduler(int sysno) {
switch (sysno) {
case __NR_sched_yield:
+#if !defined(__aarch64__)
case __NR_pause:
+#endif
case __NR_nanosleep:
return true;
case __NR_getpriority:
@@ -658,7 +684,8 @@
case __NR_get_mempolicy:
case __NR_getcpu:
case __NR_mbind:
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_migrate_pages:
#endif
case __NR_move_pages:
@@ -686,7 +713,8 @@
bool SyscallSets::IsGlobalProcessEnvironment(int sysno) {
switch (sysno) {
case __NR_acct: // Privileged.
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
case __NR_getrlimit:
#endif
#if defined(__i386__) || defined(__arm__)
@@ -720,8 +748,10 @@
bool SyscallSets::IsGlobalSystemStatus(int sysno) {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR__sysctl:
case __NR_sysfs:
+#endif
case __NR_sysinfo:
case __NR_uname:
#if defined(__i386__)
@@ -736,7 +766,9 @@
bool SyscallSets::IsEventFd(int sysno) {
switch (sysno) {
+#if !defined(__aarch64__)
case __NR_eventfd:
+#endif
case __NR_eventfd2:
return true;
default:
@@ -769,7 +801,7 @@
}
}
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
bool SyscallSets::IsSystemVSemaphores(int sysno) {
switch (sysno) {
case __NR_semctl:
@@ -783,7 +815,7 @@
}
#endif
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
// These give a lot of ambient authority and bypass the setuid sandbox.
bool SyscallSets::IsSystemVSharedMemory(int sysno) {
switch (sysno) {
@@ -798,7 +830,7 @@
}
#endif
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
bool SyscallSets::IsSystemVMessageQueue(int sysno) {
switch (sysno) {
case __NR_msgctl:
@@ -825,7 +857,7 @@
#endif
bool SyscallSets::IsAnySystemV(int sysno) {
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
return IsSystemVMessageQueue(sysno) || IsSystemVSemaphores(sysno) ||
IsSystemVSharedMemory(sysno);
#elif defined(__i386__) || defined(__mips__)
@@ -857,7 +889,9 @@
bool SyscallSets::IsInotify(int sysno) {
switch (sysno) {
case __NR_inotify_add_watch:
+#if !defined(__aarch64__)
case __NR_inotify_init:
+#endif
case __NR_inotify_init1:
case __NR_inotify_rm_watch:
return true;
@@ -967,7 +1001,9 @@
#if defined(__x86_64__)
case __NR_tuxcall:
#endif
+#if !defined(__aarch64__)
case __NR_vserver:
+#endif
return true;
default:
return false;
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
index bda1d72..1dbd949 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.h
@@ -47,7 +47,8 @@
static bool IsSocketCall(int sysno);
#endif
-#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
+ defined(__aarch64__)
static bool IsNetworkSocketInformation(int sysno);
#endif
@@ -69,15 +70,15 @@
// Asynchronous I/O API.
static bool IsAsyncIo(int sysno);
static bool IsKeyManagement(int sysno);
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
static bool IsSystemVSemaphores(int sysno);
#endif
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
// These give a lot of ambient authority and bypass the setuid sandbox.
static bool IsSystemVSharedMemory(int sysno);
#endif
-#if defined(__x86_64__) || defined(__arm__)
+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
static bool IsSystemVMessageQueue(int sysno);
#endif
diff --git a/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h b/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
index 8890f79..93e5f3c 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
@@ -5,15 +5,8 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTER_COMPATIBILITY_DELEGATE_H_
#define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTER_COMPATIBILITY_DELEGATE_H_
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
#include "base/memory/scoped_ptr.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
-#include "sandbox/linux/tests/sandbox_test_runner.h"
-#include "sandbox/linux/tests/unit_tests.h"
namespace sandbox {
@@ -24,16 +17,13 @@
// This allows both the policy and the test function to take a pointer to an
// object of type "Aux" as a parameter. This is used to implement the BPF_TEST
// macro and should generally not be used directly.
-template <class Aux>
+template <class Policy, class Aux>
class BPFTesterCompatibilityDelegate : public BPFTesterDelegate {
public:
- typedef Aux AuxType;
- BPFTesterCompatibilityDelegate(
- void (*test_function)(AuxType*),
- typename CompatibilityPolicy<AuxType>::SyscallEvaluator policy_function)
- : aux_(),
- test_function_(test_function),
- policy_function_(policy_function) {}
+ typedef void (*TestFunction)(Aux*);
+
+ explicit BPFTesterCompatibilityDelegate(TestFunction test_function)
+ : aux_(), test_function_(test_function) {}
virtual ~BPFTesterCompatibilityDelegate() {}
@@ -42,8 +32,7 @@
// running the test. In this process, the current object is guaranteed
// to live forever. So it's ok to pass aux_pointer_for_policy_ to
// the policy, which could in turn pass it to the kernel via Trap().
- return scoped_ptr<SandboxBPFPolicy>(
- new CompatibilityPolicy<AuxType>(policy_function_, &aux_));
+ return scoped_ptr<SandboxBPFPolicy>(new Policy(&aux_));
}
virtual void RunTestFunction() OVERRIDE {
@@ -54,9 +43,9 @@
}
private:
- AuxType aux_;
- void (*test_function_)(AuxType*);
- typename CompatibilityPolicy<AuxType>::SyscallEvaluator policy_function_;
+ Aux aux_;
+ TestFunction test_function_;
+
DISALLOW_COPY_AND_ASSIGN(BPFTesterCompatibilityDelegate);
};
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h
index da92de8..2a2139e 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.h
@@ -5,7 +5,8 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
#define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
-#include "base/basictypes.h"
+#include "base/logging.h"
+#include "base/macros.h"
#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h"
#include "sandbox/linux/tests/unit_tests.h"
@@ -66,34 +67,31 @@
// This form of BPF_TEST is now discouraged (but still allowed) in favor of
// BPF_TEST_D and BPF_TEST_C.
-// The |policy| parameter should be a SyscallEvaluator function pointer
-// (which is now a deprecated way of expressing policies).
-// BPF_TEST() takes a C++ data type as an optional fourth parameter. If
-// present, this sets up a variable that can be accessed as "BPF_AUX". This
-// variable will be passed as an argument to the "policy" function. Policies
-// would typically use it as an argument to SandboxBPF::Trap(), if they want to
-// communicate data between the BPF_TEST() and a Trap() function. The life-time
-// of this object is the same as the life-time of the process running under the
-// seccomp-bpf policy.
-// The type specified in |aux| and the last parameter of the policy function
-// must be compatible. |aux| must not be void.
+// The |policy| parameter should be a SandboxBPFPolicy subclass.
+// BPF_TEST() takes a C++ data type as an fourth parameter. A variable
+// of this type will be allocated and a pointer to it will be
+// available within the test function as "BPF_AUX". The pointer will
+// also be passed as an argument to the policy's constructor. Policies
+// would typically use it as an argument to SandboxBPF::Trap(), if
+// they want to communicate data between the BPF_TEST() and a Trap()
+// function. The life-time of this object is the same as the life-time
+// of the process running under the seccomp-bpf policy.
+// |aux| must not be void.
#define BPF_TEST(test_case_name, test_name, policy, aux) \
BPF_DEATH_TEST(test_case_name, test_name, DEATH_SUCCESS(), policy, aux)
// A BPF_DEATH_TEST is just the same as a BPF_TEST, but it assumes that the
// test will fail with a particular known error condition. Use the DEATH_XXX()
// macros from unit_tests.h to specify the expected error condition.
-#define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux) \
- void BPF_TEST_##test_name( \
- sandbox::BPFTesterCompatibilityDelegate<aux>::AuxType* BPF_AUX); \
- TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \
- sandbox::SandboxBPFTestRunner bpf_test_runner( \
- new sandbox::BPFTesterCompatibilityDelegate<aux>(BPF_TEST_##test_name, \
- policy)); \
- sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \
- } \
- void BPF_TEST_##test_name( \
- sandbox::BPFTesterCompatibilityDelegate<aux>::AuxType* BPF_AUX)
+#define BPF_DEATH_TEST(test_case_name, test_name, death, policy, aux) \
+ void BPF_TEST_##test_name(aux* BPF_AUX); \
+ TEST(test_case_name, DISABLE_ON_TSAN(test_name)) { \
+ sandbox::SandboxBPFTestRunner bpf_test_runner( \
+ new sandbox::BPFTesterCompatibilityDelegate<policy, aux>( \
+ BPF_TEST_##test_name)); \
+ sandbox::UnitTests::RunTestInProcess(&bpf_test_runner, death); \
+ } \
+ void BPF_TEST_##test_name(aux* BPF_AUX)
// This class takes a simple function pointer as a constructor parameter and a
// class name as a template parameter to implement the BPFTesterDelegate
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
index eaa9ff3..6a4cea3 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
@@ -33,22 +33,24 @@
DISALLOW_COPY_AND_ASSIGN(FourtyTwo);
};
-ErrorCode EmptyPolicyTakesClass(SandboxBPF* sandbox,
- int sysno,
- FourtyTwo* fourty_two) {
- // |aux| should point to an instance of FourtyTwo.
- BPF_ASSERT(fourty_two);
- BPF_ASSERT(FourtyTwo::kMagicValue == fourty_two->value());
- if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
- return ErrorCode(ENOSYS);
- } else {
+class EmptyClassTakingPolicy : public SandboxBPFPolicy {
+ public:
+ explicit EmptyClassTakingPolicy(FourtyTwo* fourty_two) {
+ BPF_ASSERT(fourty_two);
+ BPF_ASSERT(FourtyTwo::kMagicValue == fourty_two->value());
+ }
+ virtual ~EmptyClassTakingPolicy() {}
+
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
+ int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
return ErrorCode(ErrorCode::ERR_ALLOWED);
}
-}
+};
BPF_TEST(BPFTest,
BPFAUXPointsToClass,
- EmptyPolicyTakesClass,
+ EmptyClassTakingPolicy,
FourtyTwo /* *BPF_AUX */) {
// BPF_AUX should point to an instance of FourtyTwo.
BPF_ASSERT(BPF_AUX);
@@ -62,14 +64,14 @@
// Don't do anything, simply gives dynamic tools an opportunity to detect
// leaks.
{
- BPFTesterCompatibilityDelegate<FourtyTwo> simple_delegate(
- DummyTestFunction, EmptyPolicyTakesClass);
+ BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>
+ simple_delegate(DummyTestFunction);
}
{
// Test polymorphism.
scoped_ptr<BPFTesterDelegate> simple_delegate(
- new BPFTesterCompatibilityDelegate<FourtyTwo>(DummyTestFunction,
- EmptyPolicyTakesClass));
+ new BPFTesterCompatibilityDelegate<EmptyClassTakingPolicy, FourtyTwo>(
+ DummyTestFunction));
}
}
diff --git a/sandbox/linux/seccomp-bpf/codegen.cc b/sandbox/linux/seccomp-bpf/codegen.cc
index c90bffc..2273caf 100644
--- a/sandbox/linux/seccomp-bpf/codegen.cc
+++ b/sandbox/linux/seccomp-bpf/codegen.cc
@@ -2,10 +2,17 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "sandbox/linux/seccomp-bpf/codegen.h"
+
#include <stdio.h>
+#include <set>
+
#include "base/logging.h"
-#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/basicblock.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
namespace {
@@ -165,17 +172,6 @@
}
}
-Instruction* CodeGen::MakeInstruction(uint16_t code, const ErrorCode& err) {
- if (BPF_CLASS(code) != BPF_RET) {
- SANDBOX_DIE("ErrorCodes can only be used in return expressions");
- }
- if (err.error_type_ != ErrorCode::ET_SIMPLE &&
- err.error_type_ != ErrorCode::ET_TRAP) {
- SANDBOX_DIE("ErrorCode is not suitable for returning from a BPF program");
- }
- return MakeInstruction(code, err.err_);
-}
-
Instruction* CodeGen::MakeInstruction(uint16_t code,
uint32_t k,
Instruction* jt,
@@ -185,9 +181,7 @@
if (BPF_CLASS(code) != BPF_JMP || BPF_OP(code) == BPF_JA) {
SANDBOX_DIE("Expected a BPF_JMP instruction");
}
- if (!jt && !jf) {
- // We allow callers to defer specifying exactly one of the branch
- // targets. It must then be set later by calling "JoinInstructions".
+ if (!jt || !jf) {
SANDBOX_DIE("Branches must jump to a valid instruction");
}
Instruction* insn = new Instruction(code, k, jt, jf);
@@ -195,35 +189,6 @@
return insn;
}
-void CodeGen::JoinInstructions(Instruction* head, Instruction* tail) {
- // Merge two instructions, or set the branch target for an "always" jump.
- // This function should be called, if the caller didn't initially provide
- // a value for "next" when creating the instruction.
- if (BPF_CLASS(head->code) == BPF_JMP) {
- if (BPF_OP(head->code) == BPF_JA) {
- if (head->jt_ptr) {
- SANDBOX_DIE("Cannot append instructions in the middle of a sequence");
- }
- head->jt_ptr = tail;
- } else {
- if (!head->jt_ptr && head->jf_ptr) {
- head->jt_ptr = tail;
- } else if (!head->jf_ptr && head->jt_ptr) {
- head->jf_ptr = tail;
- } else {
- SANDBOX_DIE("Cannot append instructions after a jump");
- }
- }
- } else if (BPF_CLASS(head->code) == BPF_RET) {
- SANDBOX_DIE("Cannot append instructions after a return statement");
- } else if (head->next) {
- SANDBOX_DIE("Cannot append instructions in the middle of a sequence");
- } else {
- head->next = tail;
- }
- return;
-}
-
void CodeGen::Traverse(Instruction* instruction,
void (*fnc)(Instruction*, void*),
void* aux) {
diff --git a/sandbox/linux/seccomp-bpf/codegen.h b/sandbox/linux/seccomp-bpf/codegen.h
index 1c4cd46..078cf3c 100644
--- a/sandbox/linux/seccomp-bpf/codegen.h
+++ b/sandbox/linux/seccomp-bpf/codegen.h
@@ -6,15 +6,14 @@
#define SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__
#include <map>
-#include <set>
#include <vector>
-#include "sandbox/linux/seccomp-bpf/basicblock.h"
-#include "sandbox/linux/seccomp-bpf/instruction.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
+struct BasicBlock;
+struct Instruction;
typedef std::vector<Instruction*> Instructions;
typedef std::vector<BasicBlock*> BasicBlocks;
@@ -31,19 +30,18 @@
// build a DAG of Instructions. They'll eventually call Compile() to convert
// this DAG to a SandboxBPF::Program.
//
-// Instructions can be chained at the time when they are created, or they
-// can be joined later by calling JoinInstructions().
-//
// CodeGen gen;
-// Instruction *dag, *branch;
-// dag =
-// gen.MakeInstruction(BPF_LD+BPF_W+BPF_ABS,
-// offsetof(struct arch_seccomp_data, nr),
+// Instruction *allow, *branch, *dag;
+//
+// allow =
+// gen.MakeInstruction(BPF_RET+BPF_K,
+// ErrorCode(ErrorCode::ERR_ALLOWED).err()));
// branch =
// gen.MakeInstruction(BPF_JMP+BPF_EQ+BPF_K, __NR_getpid,
-// Trap(GetPidHandler, NULL), NULL);
-// gen.JoinInstructions(branch,
-// gen.MakeInstruction(BPF_RET+BPF_K, ErrorCode(ErrorCode::ERR_ALLOWED)));
+// Trap(GetPidHandler, NULL), allow);
+// dag =
+// gen.MakeInstruction(BPF_LD+BPF_W+BPF_ABS,
+// offsetof(struct arch_seccomp_data, nr), branch);
//
// // Simplified code follows; in practice, it is important to avoid calling
// // any C++ destructors after starting the sandbox.
@@ -69,17 +67,11 @@
Instruction* MakeInstruction(uint16_t code,
uint32_t k,
Instruction* next = NULL);
- Instruction* MakeInstruction(uint16_t code, const ErrorCode& err);
Instruction* MakeInstruction(uint16_t code,
uint32_t k,
Instruction* jt,
Instruction* jf);
- // Join two (sequences of) instructions. This is useful, if the "next"
- // parameter had not originally been given in the call to MakeInstruction(),
- // or if a (conditional) jump still has an unsatisfied target.
- void JoinInstructions(Instruction* head, Instruction* tail);
-
// Traverse the graph of instructions and visit each instruction once.
// Traversal order is implementation-defined. It is acceptable to make
// changes to the graph from within the callback function. These changes
diff --git a/sandbox/linux/seccomp-bpf/codegen_unittest.cc b/sandbox/linux/seccomp-bpf/codegen_unittest.cc
index 52fc24c..5c1db24 100644
--- a/sandbox/linux/seccomp-bpf/codegen_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/codegen_unittest.cc
@@ -2,13 +2,18 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include <errno.h>
+#include "sandbox/linux/seccomp-bpf/codegen.h"
-#include <algorithm>
+#include <errno.h>
+#include <linux/filter.h>
+
#include <set>
+#include <string>
#include <vector>
-#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/basicblock.h"
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/tests/unit_tests.h"
@@ -41,30 +46,28 @@
Instruction* SampleProgramOneInstruction(CodeGen* codegen, int* flags) {
// Create the most basic valid BPF program:
- // RET ERR_ALLOWED
+ // RET 0
*flags = NO_FLAGS;
- return codegen->MakeInstruction(BPF_RET + BPF_K,
- ErrorCode(ErrorCode::ERR_ALLOWED));
+ return codegen->MakeInstruction(BPF_RET + BPF_K, 0);
}
Instruction* SampleProgramSimpleBranch(CodeGen* codegen, int* flags) {
// Create a program with a single branch:
// JUMP if eq 42 then $0 else $1
- // 0: RET EPERM
- // 1: RET ERR_ALLOWED
+ // 0: RET 1
+ // 1: RET 0
*flags = NO_FLAGS;
return codegen->MakeInstruction(
BPF_JMP + BPF_JEQ + BPF_K,
42,
- codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(EPERM)),
- codegen->MakeInstruction(BPF_RET + BPF_K,
- ErrorCode(ErrorCode::ERR_ALLOWED)));
+ codegen->MakeInstruction(BPF_RET + BPF_K, 1),
+ codegen->MakeInstruction(BPF_RET + BPF_K, 0));
}
Instruction* SampleProgramAtypicalBranch(CodeGen* codegen, int* flags) {
// Create a program with a single branch:
// JUMP if eq 42 then $0 else $0
- // 0: RET ERR_ALLOWED
+ // 0: RET 0
// N.B.: As the instructions in both sides of the branch are already
// the same object, we do not actually have any "mergeable" branches.
@@ -72,7 +75,7 @@
*flags = NO_FLAGS;
Instruction* ret = codegen->MakeInstruction(
- BPF_RET + BPF_K, ErrorCode(ErrorCode::ERR_ALLOWED));
+ BPF_RET + BPF_K, 0);
return codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 42, ret, ret);
}
@@ -81,47 +84,45 @@
// JUMP if eq 42 the $0 else $1 (insn6)
// 0: LD 23 (insn5)
// 1: JUMP if eq 42 then $2 else $4 (insn4)
- // 2: JUMP to $3 (insn1)
- // 3: LD 42 (insn0)
- // RET ErrorCode(42) (insn2)
+ // 2: JUMP to $3 (insn2)
+ // 3: LD 42 (insn1)
+ // RET 42 (insn0)
// 4: LD 42 (insn3)
- // RET ErrorCode(42) (insn3+)
+ // RET 42 (insn3+)
*flags = HAS_MERGEABLE_TAILS;
- Instruction* insn0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 42);
+ Instruction* insn0 = codegen->MakeInstruction(BPF_RET + BPF_K, 42);
SANDBOX_ASSERT(insn0);
- SANDBOX_ASSERT(insn0->code == BPF_LD + BPF_W + BPF_ABS);
- SANDBOX_ASSERT(insn0->k == 42);
+ SANDBOX_ASSERT(insn0->code == BPF_RET + BPF_K);
SANDBOX_ASSERT(insn0->next == NULL);
- Instruction* insn1 = codegen->MakeInstruction(BPF_JMP + BPF_JA, 0, insn0);
+ Instruction* insn1 =
+ codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 42, insn0);
SANDBOX_ASSERT(insn1);
- SANDBOX_ASSERT(insn1->code == BPF_JMP + BPF_JA);
- SANDBOX_ASSERT(insn1->jt_ptr == insn0);
+ SANDBOX_ASSERT(insn1->code == BPF_LD + BPF_W + BPF_ABS);
+ SANDBOX_ASSERT(insn1->k == 42);
+ SANDBOX_ASSERT(insn1->next == insn0);
- Instruction* insn2 = codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(42));
+ Instruction* insn2 = codegen->MakeInstruction(BPF_JMP + BPF_JA, 0, insn1);
SANDBOX_ASSERT(insn2);
- SANDBOX_ASSERT(insn2->code == BPF_RET + BPF_K);
- SANDBOX_ASSERT(insn2->next == NULL);
+ SANDBOX_ASSERT(insn2->code == BPF_JMP + BPF_JA);
+ SANDBOX_ASSERT(insn2->jt_ptr == insn1);
// We explicitly duplicate instructions so that MergeTails() can coalesce
// them later.
Instruction* insn3 = codegen->MakeInstruction(
BPF_LD + BPF_W + BPF_ABS,
42,
- codegen->MakeInstruction(BPF_RET + BPF_K, ErrorCode(42)));
+ codegen->MakeInstruction(BPF_RET + BPF_K, 42));
Instruction* insn4 =
- codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 42, insn1, insn3);
+ codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 42, insn2, insn3);
SANDBOX_ASSERT(insn4);
SANDBOX_ASSERT(insn4->code == BPF_JMP + BPF_JEQ + BPF_K);
SANDBOX_ASSERT(insn4->k == 42);
- SANDBOX_ASSERT(insn4->jt_ptr == insn1);
+ SANDBOX_ASSERT(insn4->jt_ptr == insn2);
SANDBOX_ASSERT(insn4->jf_ptr == insn3);
- codegen->JoinInstructions(insn0, insn2);
- SANDBOX_ASSERT(insn0->next == insn2);
-
Instruction* insn5 =
codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 23, insn4);
SANDBOX_ASSERT(insn5);
@@ -157,12 +158,12 @@
// 3) if A == 0x2; then JMP 4 else JMP 5
// 4) LOAD 0 // System call number
// 5) if A == 0x1; then JMP 6 else JMP 7
- // 6) RET 0x50000 // errno = 0
- // 7) RET 0x50001 // errno = 1
+ // 6) RET 0
+ // 7) RET 1
*flags = NO_FLAGS;
- Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
- Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0));
+ Instruction* i7 = codegen->MakeInstruction(BPF_RET + BPF_K, 1);
+ Instruction* i6 = codegen->MakeInstruction(BPF_RET + BPF_K, 0);
Instruction* i5 =
codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7);
Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5);
@@ -186,10 +187,10 @@
// 2) LOAD 0 // System call number
// 3) if A == 0x2; then JMP 4 else JMP 5
// 4) LOAD 0 // System call number
- // 5) RET 0x50001 // errno = 1
+ // 5) RET 1
*flags = NO_FLAGS;
- Instruction* i5 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
+ Instruction* i5 = codegen->MakeInstruction(BPF_RET + BPF_K, 1);
Instruction* i4 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 0, i5);
Instruction* i3 =
codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5);
@@ -211,22 +212,22 @@
//
// 0) LOAD 1 // ???
// 1) if A == 0x1; then JMP 2 else JMP 3
- // 2) RET 0x5002a // errno = 42
+ // 2) RET 42
// 3) if A == 0x2; then JMP 4 else JMP 5
- // 4) RET 0x5002a // errno = 42
+ // 4) RET 42
// 5) if A == 0x1; then JMP 6 else JMP 7
- // 6) RET 0x50000 // errno = 0
- // 7) RET 0x50001 // errno = 1
+ // 6) RET 0
+ // 7) RET 1
*flags = HAS_MERGEABLE_TAILS;
- Instruction* i7 = codegen->MakeInstruction(BPF_RET, ErrorCode(1));
- Instruction* i6 = codegen->MakeInstruction(BPF_RET, ErrorCode(0));
+ Instruction* i7 = codegen->MakeInstruction(BPF_RET + BPF_K, 1);
+ Instruction* i6 = codegen->MakeInstruction(BPF_RET + BPF_K, 0);
Instruction* i5 =
codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i6, i7);
- Instruction* i4 = codegen->MakeInstruction(BPF_RET, ErrorCode(42));
+ Instruction* i4 = codegen->MakeInstruction(BPF_RET + BPF_K, 42);
Instruction* i3 =
codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 2, i4, i5);
- Instruction* i2 = codegen->MakeInstruction(BPF_RET, ErrorCode(42));
+ Instruction* i2 = codegen->MakeInstruction(BPF_RET + BPF_K, 42);
Instruction* i1 =
codegen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, 1, i2, i3);
Instruction* i0 = codegen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, 1, i1);
diff --git a/sandbox/linux/seccomp-bpf/demo.cc b/sandbox/linux/seccomp-bpf/demo.cc
deleted file mode 100644
index d9fd342..0000000
--- a/sandbox/linux/seccomp-bpf/demo.cc
+++ /dev/null
@@ -1,542 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/unistd.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <pthread.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <sys/ipc.h>
-#include <sys/mman.h>
-#include <sys/prctl.h>
-#include <sys/resource.h>
-#include <sys/shm.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "base/macros.h"
-#include "base/posix/eintr_wrapper.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
-#include "sandbox/linux/services/linux_syscalls.h"
-
-using sandbox::ErrorCode;
-using sandbox::SandboxBPF;
-using sandbox::SandboxBPFPolicy;
-using sandbox::arch_seccomp_data;
-
-#define ERR EPERM
-
-// We don't expect our sandbox to do anything useful yet. So, we will fail
-// almost immediately. For now, force the code to continue running. The
-// following line should be removed as soon as the sandbox is starting to
-// actually enforce restrictions in a meaningful way:
-#define _exit(x) do { } while (0)
-
-namespace {
-
-bool SendFds(int transport, const void *buf, size_t len, ...) {
- int count = 0;
- va_list ap;
- va_start(ap, len);
- while (va_arg(ap, int) >= 0) {
- ++count;
- }
- va_end(ap);
- if (!count) {
- return false;
- }
- char cmsg_buf[CMSG_SPACE(count*sizeof(int))];
- memset(cmsg_buf, 0, sizeof(cmsg_buf));
- struct iovec iov[2] = { { 0 } };
- struct msghdr msg = { 0 };
- int dummy = 0;
- iov[0].iov_base = &dummy;
- iov[0].iov_len = sizeof(dummy);
- if (buf && len > 0) {
- iov[1].iov_base = const_cast<void *>(buf);
- iov[1].iov_len = len;
- }
- msg.msg_iov = iov;
- msg.msg_iovlen = (buf && len > 0) ? 2 : 1;
- msg.msg_control = cmsg_buf;
- msg.msg_controllen = CMSG_LEN(count*sizeof(int));
- struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_RIGHTS;
- cmsg->cmsg_len = CMSG_LEN(count*sizeof(int));
- va_start(ap, len);
- for (int i = 0, fd; (fd = va_arg(ap, int)) >= 0; ++i) {
- (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i] = fd;
- }
- return sendmsg(transport, &msg, 0) ==
- static_cast<ssize_t>(sizeof(dummy) + ((buf && len > 0) ? len : 0));
-}
-
-bool GetFds(int transport, void *buf, size_t *len, ...) {
- int count = 0;
- va_list ap;
- va_start(ap, len);
- for (int *fd; (fd = va_arg(ap, int *)) != NULL; ++count) {
- *fd = -1;
- }
- va_end(ap);
- if (!count) {
- return false;
- }
- char cmsg_buf[CMSG_SPACE(count*sizeof(int))];
- memset(cmsg_buf, 0, sizeof(cmsg_buf));
- struct iovec iov[2] = { { 0 } };
- struct msghdr msg = { 0 };
- int err;
- iov[0].iov_base = &err;
- iov[0].iov_len = sizeof(int);
- if (buf && len && *len > 0) {
- iov[1].iov_base = buf;
- iov[1].iov_len = *len;
- }
- msg.msg_iov = iov;
- msg.msg_iovlen = (buf && len && *len > 0) ? 2 : 1;
- msg.msg_control = cmsg_buf;
- msg.msg_controllen = CMSG_LEN(count*sizeof(int));
- ssize_t bytes = recvmsg(transport, &msg, 0);
- if (len) {
- *len = bytes > static_cast<int>(sizeof(int)) ? bytes - sizeof(int) : 0;
- }
- if (bytes != static_cast<ssize_t>(sizeof(int) + iov[1].iov_len)) {
- if (bytes >= 0) {
- errno = 0;
- }
- return false;
- }
- if (err) {
- // "err" is the first four bytes of the payload. If these are non-zero,
- // the sender on the other side of the socketpair sent us an errno value.
- // We don't expect to get any file handles in this case.
- errno = err;
- return false;
- }
- struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
- if ((msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) ||
- !cmsg ||
- cmsg->cmsg_level != SOL_SOCKET ||
- cmsg->cmsg_type != SCM_RIGHTS ||
- cmsg->cmsg_len != CMSG_LEN(count*sizeof(int))) {
- errno = EBADF;
- return false;
- }
- va_start(ap, len);
- for (int *fd, i = 0; (fd = va_arg(ap, int *)) != NULL; ++i) {
- *fd = (reinterpret_cast<int *>(CMSG_DATA(cmsg)))[i];
- }
- va_end(ap);
- return true;
-}
-
-
-// POSIX doesn't define any async-signal safe function for converting
-// an integer to ASCII. We'll have to define our own version.
-// itoa_r() converts a (signed) integer to ASCII. It returns "buf", if the
-// conversion was successful or NULL otherwise. It never writes more than "sz"
-// bytes. Output will be truncated as needed, and a NUL character is always
-// appended.
-char *itoa_r(int i, char *buf, size_t sz) {
- // Make sure we can write at least one NUL byte.
- size_t n = 1;
- if (n > sz) {
- return NULL;
- }
-
- // Handle negative numbers.
- char *start = buf;
- int minint = 0;
- if (i < 0) {
- // Make sure we can write the '-' character.
- if (++n > sz) {
- *start = '\000';
- return NULL;
- }
- *start++ = '-';
-
- // Turn our number positive.
- if (i == -i) {
- // The lowest-most negative integer needs special treatment.
- minint = 1;
- i = -(i + 1);
- } else {
- // "Normal" negative numbers are easy.
- i = -i;
- }
- }
-
- // Loop until we have converted the entire number. Output at least one
- // character (i.e. '0').
- char *ptr = start;
- do {
- // Make sure there is still enough space left in our output buffer.
- if (++n > sz) {
- buf = NULL;
- goto truncate;
- }
-
- // Output the next digit and (if necessary) compensate for the lowest-most
- // negative integer needing special treatment. This works because, no
- // matter the bit width of the integer, the lowest-most integer always ends
- // in 2, 4, 6, or 8.
- *ptr++ = i%10 + '0' + minint;
- minint = 0;
- i /= 10;
- } while (i);
- truncate: // Terminate the output with a NUL character.
- *ptr = '\000';
-
- // Conversion to ASCII actually resulted in the digits being in reverse
- // order. We can't easily generate them in forward order, as we can't tell
- // the number of characters needed until we are done converting.
- // So, now, we reverse the string (except for the possible "-" sign).
- while (--ptr > start) {
- char ch = *ptr;
- *ptr = *start;
- *start++ = ch;
- }
- return buf;
-}
-
-// This handler gets called, whenever we encounter a system call that we
-// don't recognize explicitly. For the purposes of this program, we just
-// log the system call and then deny it. More elaborate sandbox policies
-// might try to evaluate the system call in user-space, instead.
-// The only notable complication is that this function must be async-signal
-// safe. This restricts the libary functions that we can call.
-intptr_t DefaultHandler(const struct arch_seccomp_data& data, void *) {
- static const char msg0[] = "Disallowed system call #";
- static const char msg1[] = "\n";
- char buf[sizeof(msg0) - 1 + 25 + sizeof(msg1)];
-
- *buf = '\000';
- strncat(buf, msg0, sizeof(buf) - 1);
-
- char *ptr = strrchr(buf, '\000');
- itoa_r(data.nr, ptr, sizeof(buf) - (ptr - buf));
-
- ptr = strrchr(ptr, '\000');
- strncat(ptr, msg1, sizeof(buf) - (ptr - buf));
-
- ptr = strrchr(ptr, '\000');
- if (HANDLE_EINTR(write(2, buf, ptr - buf))) { }
-
- return -ERR;
-}
-
-class DemoPolicy : public SandboxBPFPolicy {
- public:
- DemoPolicy() {}
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
- int sysno) const OVERRIDE;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(DemoPolicy);
-};
-
-ErrorCode DemoPolicy::EvaluateSyscall(SandboxBPF* sandbox, int sysno) const {
- switch (sysno) {
-#if defined(__NR_accept)
- case __NR_accept: case __NR_accept4:
-#endif
- case __NR_alarm:
- case __NR_brk:
- case __NR_clock_gettime:
- case __NR_close:
- case __NR_dup: case __NR_dup2:
- case __NR_epoll_create: case __NR_epoll_ctl: case __NR_epoll_wait:
- case __NR_exit: case __NR_exit_group:
- case __NR_fcntl:
-#if defined(__NR_fcntl64)
- case __NR_fcntl64:
-#endif
- case __NR_fdatasync:
- case __NR_fstat:
-#if defined(__NR_fstat64)
- case __NR_fstat64:
-#endif
- case __NR_ftruncate:
- case __NR_futex:
- case __NR_getdents: case __NR_getdents64:
- case __NR_getegid:
-#if defined(__NR_getegid32)
- case __NR_getegid32:
-#endif
- case __NR_geteuid:
-#if defined(__NR_geteuid32)
- case __NR_geteuid32:
-#endif
- case __NR_getgid:
-#if defined(__NR_getgid32)
- case __NR_getgid32:
-#endif
- case __NR_getitimer: case __NR_setitimer:
-#if defined(__NR_getpeername)
- case __NR_getpeername:
-#endif
- case __NR_getpid: case __NR_gettid:
-#if defined(__NR_getsockname)
- case __NR_getsockname:
-#endif
- case __NR_gettimeofday:
- case __NR_getuid:
-#if defined(__NR_getuid32)
- case __NR_getuid32:
-#endif
-#if defined(__NR__llseek)
- case __NR__llseek:
-#endif
- case __NR_lseek:
- case __NR_nanosleep:
- case __NR_pipe: case __NR_pipe2:
- case __NR_poll:
- case __NR_pread64: case __NR_preadv:
- case __NR_pwrite64: case __NR_pwritev:
- case __NR_read: case __NR_readv:
- case __NR_restart_syscall:
- case __NR_set_robust_list:
- case __NR_rt_sigaction:
-#if defined(__NR_sigaction)
- case __NR_sigaction:
-#endif
-#if defined(__NR_signal)
- case __NR_signal:
-#endif
- case __NR_rt_sigprocmask:
-#if defined(__NR_sigprocmask)
- case __NR_sigprocmask:
-#endif
-#if defined(__NR_shutdown)
- case __NR_shutdown:
-#endif
- case __NR_rt_sigreturn:
-#if defined(__NR_sigreturn)
- case __NR_sigreturn:
-#endif
-#if defined(__NR_socketpair)
- case __NR_socketpair:
-#endif
- case __NR_time:
- case __NR_uname:
- case __NR_write: case __NR_writev:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
-
- case __NR_prctl:
- // Allow PR_SET_DUMPABLE and PR_GET_DUMPABLE. Do not allow anything else.
- return sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
- PR_SET_DUMPABLE,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Cond(1, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
- PR_GET_DUMPABLE,
- ErrorCode(ErrorCode::ERR_ALLOWED),
- sandbox->Trap(DefaultHandler, NULL)));
-
- // The following system calls are temporarily permitted. This must be
- // tightened later. But we currently don't implement enough of the sandboxing
- // API to do so.
- // As is, this sandbox isn't exactly safe :-/
-#if defined(__NR_sendmsg)
- case __NR_sendmsg: case __NR_sendto:
- case __NR_recvmsg: case __NR_recvfrom:
- case __NR_getsockopt: case __NR_setsockopt:
-#elif defined(__NR_socketcall)
- case __NR_socketcall:
-#endif
-#if defined(__NR_shmat)
- case __NR_shmat: case __NR_shmctl: case __NR_shmdt: case __NR_shmget:
-#elif defined(__NR_ipc)
- case __NR_ipc:
-#endif
-#if defined(__NR_mmap2)
- case __NR_mmap2:
-#else
- case __NR_mmap:
-#endif
-#if defined(__NR_ugetrlimit)
- case __NR_ugetrlimit:
-#endif
- case __NR_getrlimit:
- case __NR_ioctl:
- case __NR_clone:
- case __NR_munmap: case __NR_mprotect: case __NR_madvise:
- case __NR_remap_file_pages:
- return ErrorCode(ErrorCode::ERR_ALLOWED);
-
- // Everything that isn't explicitly allowed is denied.
- default:
- return sandbox->Trap(DefaultHandler, NULL);
- }
-}
-
-void *ThreadFnc(void *arg) {
- return arg;
-}
-
-void *SendmsgStressThreadFnc(void *arg) {
- if (arg) { }
- static const int repetitions = 100;
- static const int kNumFds = 3;
- for (int rep = 0; rep < repetitions; ++rep) {
- int fds[2 + kNumFds];
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) {
- perror("socketpair()");
- _exit(1);
- }
- size_t len = 4;
- char buf[4];
- if (!SendFds(fds[0], "test", 4, fds[1], fds[1], fds[1], -1) ||
- !GetFds(fds[1], buf, &len, fds+2, fds+3, fds+4, NULL) ||
- len != 4 ||
- memcmp(buf, "test", len) ||
- write(fds[2], "demo", 4) != 4 ||
- read(fds[0], buf, 4) != 4 ||
- memcmp(buf, "demo", 4)) {
- perror("sending/receiving of fds");
- _exit(1);
- }
- for (int i = 0; i < 2+kNumFds; ++i) {
- if (close(fds[i])) {
- perror("close");
- _exit(1);
- }
- }
- }
- return NULL;
-}
-
-} // namespace
-
-int main(int argc, char *argv[]) {
- if (argc) { }
- if (argv) { }
- int proc_fd = open("/proc", O_RDONLY|O_DIRECTORY);
- if (SandboxBPF::SupportsSeccompSandbox(proc_fd) !=
- SandboxBPF::STATUS_AVAILABLE) {
- perror("sandbox");
- _exit(1);
- }
- SandboxBPF sandbox;
- sandbox.set_proc_fd(proc_fd);
- sandbox.SetSandboxPolicy(new DemoPolicy());
- if (!sandbox.StartSandbox(SandboxBPF::PROCESS_SINGLE_THREADED)) {
- fprintf(stderr, "StartSandbox() failed");
- _exit(1);
- }
-
- // Check that we can create threads
- pthread_t thr;
- if (!pthread_create(&thr, NULL, ThreadFnc,
- reinterpret_cast<void *>(0x1234))) {
- void *ret;
- pthread_join(thr, &ret);
- if (ret != reinterpret_cast<void *>(0x1234)) {
- perror("clone() failed");
- _exit(1);
- }
- } else {
- perror("clone() failed");
- _exit(1);
- }
-
- // Check that we handle restart_syscall() without dieing. This is a little
- // tricky to trigger. And I can't think of a good way to verify whether it
- // actually executed.
- signal(SIGALRM, SIG_IGN);
- const struct itimerval tv = { { 0, 0 }, { 0, 5*1000 } };
- const struct timespec tmo = { 0, 100*1000*1000 };
- setitimer(ITIMER_REAL, &tv, NULL);
- nanosleep(&tmo, NULL);
-
- // Check that we can query the size of the stack, but that all other
- // calls to getrlimit() fail.
- if (((errno = 0), !getrlimit(RLIMIT_STACK, NULL)) || errno != EFAULT ||
- ((errno = 0), !getrlimit(RLIMIT_CORE, NULL)) || errno != ERR) {
- perror("getrlimit()");
- _exit(1);
- }
-
- // Check that we can query TCGETS and TIOCGWINSZ, but no other ioctls().
- if (((errno = 0), !ioctl(2, TCGETS, NULL)) || errno != EFAULT ||
- ((errno = 0), !ioctl(2, TIOCGWINSZ, NULL)) || errno != EFAULT ||
- ((errno = 0), !ioctl(2, TCSETS, NULL)) || errno != ERR) {
- perror("ioctl()");
- _exit(1);
- }
-
- // Check that prctl() can manipulate the dumpable flag, but nothing else.
- if (((errno = 0), !prctl(PR_GET_DUMPABLE)) || errno ||
- ((errno = 0), prctl(PR_SET_DUMPABLE, 1)) || errno ||
- ((errno = 0), !prctl(PR_SET_SECCOMP, 0)) || errno != ERR) {
- perror("prctl()");
- _exit(1);
- }
-
- // Check that we can send and receive file handles.
- int fds[3];
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) {
- perror("socketpair()");
- _exit(1);
- }
- size_t len = 4;
- char buf[4];
- if (!SendFds(fds[0], "test", 4, fds[1], -1) ||
- !GetFds(fds[1], buf, &len, fds+2, NULL) ||
- len != 4 ||
- memcmp(buf, "test", len) ||
- write(fds[2], "demo", 4) != 4 ||
- read(fds[0], buf, 4) != 4 ||
- memcmp(buf, "demo", 4) ||
- close(fds[0]) ||
- close(fds[1]) ||
- close(fds[2])) {
- perror("sending/receiving of fds");
- _exit(1);
- }
-
- // Check whether SysV IPC works.
- int shmid;
- void *addr;
- if ((shmid = shmget(IPC_PRIVATE, 4096, IPC_CREAT|0600)) < 0 ||
- (addr = shmat(shmid, NULL, 0)) == reinterpret_cast<void *>(-1) ||
- shmdt(addr) ||
- shmctl(shmid, IPC_RMID, NULL)) {
- perror("sysv IPC");
- _exit(1);
- }
-
- // Print a message so that the user can see the sandbox is activated.
- time_t tm = time(NULL);
- printf("Sandbox has been started at %s", ctime(&tm));
-
- // Stress-test the sendmsg() code
- static const int kSendmsgStressNumThreads = 10;
- pthread_t sendmsgStressThreads[kSendmsgStressNumThreads];
- for (int i = 0; i < kSendmsgStressNumThreads; ++i) {
- if (pthread_create(sendmsgStressThreads + i, NULL,
- SendmsgStressThreadFnc, NULL)) {
- perror("pthread_create");
- _exit(1);
- }
- }
- for (int i = 0; i < kSendmsgStressNumThreads; ++i) {
- pthread_join(sendmsgStressThreads[i], NULL);
- }
-
- return 0;
-}
diff --git a/sandbox/linux/seccomp-bpf/die.cc b/sandbox/linux/seccomp-bpf/die.cc
index e5bc7c9..777c9d1 100644
--- a/sandbox/linux/seccomp-bpf/die.cc
+++ b/sandbox/linux/seccomp-bpf/die.cc
@@ -2,16 +2,19 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "sandbox/linux/seccomp-bpf/die.h"
+
#include <errno.h>
-#include <linux/unistd.h>
+#include <signal.h>
#include <stdio.h>
#include <sys/prctl.h>
+#include <sys/syscall.h>
+#include <unistd.h>
#include <string>
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/die.h b/sandbox/linux/seccomp-bpf/die.h
index 3ac31cc..b3f3f72 100644
--- a/sandbox/linux/seccomp-bpf/die.h
+++ b/sandbox/linux/seccomp-bpf/die.h
@@ -5,7 +5,7 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
#define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
-#include "base/basictypes.h"
+#include "base/macros.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/errorcode.cc b/sandbox/linux/seccomp-bpf/errorcode.cc
index 5a45e4c..8154f93 100644
--- a/sandbox/linux/seccomp-bpf/errorcode.cc
+++ b/sandbox/linux/seccomp-bpf/errorcode.cc
@@ -2,11 +2,16 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+
namespace sandbox {
+ErrorCode::ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {
+}
+
ErrorCode::ErrorCode(int err) {
switch (err) {
case ERR_ALLOWED:
@@ -27,30 +32,28 @@
}
}
-ErrorCode::ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id)
+ErrorCode::ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe)
: error_type_(ET_TRAP),
fnc_(fnc),
aux_(const_cast<void*>(aux)),
safe_(safe),
- err_(SECCOMP_RET_TRAP + id) {}
+ err_(SECCOMP_RET_TRAP + Trap::MakeTrap(fnc, aux, safe)) {
+}
ErrorCode::ErrorCode(int argno,
ArgType width,
- Operation op,
+ uint64_t mask,
uint64_t value,
const ErrorCode* passed,
const ErrorCode* failed)
: error_type_(ET_COND),
+ mask_(mask),
value_(value),
argno_(argno),
width_(width),
- op_(op),
passed_(passed),
failed_(failed),
err_(SECCOMP_RET_INVALID) {
- if (op < 0 || op >= OP_NUM_OPS) {
- SANDBOX_DIE("Invalid opcode in BPF sandbox rules");
- }
}
bool ErrorCode::Equals(const ErrorCode& err) const {
@@ -63,9 +66,9 @@
if (error_type_ == ET_SIMPLE || error_type_ == ET_TRAP) {
return err_ == err.err_;
} else if (error_type_ == ET_COND) {
- return value_ == err.value_ && argno_ == err.argno_ &&
- width_ == err.width_ && op_ == err.op_ &&
- passed_->Equals(*err.passed_) && failed_->Equals(*err.failed_);
+ return mask_ == err.mask_ && value_ == err.value_ && argno_ == err.argno_ &&
+ width_ == err.width_ && passed_->Equals(*err.passed_) &&
+ failed_->Equals(*err.failed_);
} else {
SANDBOX_DIE("Corrupted ErrorCode");
}
@@ -85,14 +88,14 @@
if (error_type_ == ET_SIMPLE || error_type_ == ET_TRAP) {
return err_ < err.err_;
} else if (error_type_ == ET_COND) {
- if (value_ != err.value_) {
+ if (mask_ != err.mask_) {
+ return mask_ < err.mask_;
+ } else if (value_ != err.value_) {
return value_ < err.value_;
} else if (argno_ != err.argno_) {
return argno_ < err.argno_;
} else if (width_ != err.width_) {
return width_ < err.width_;
- } else if (op_ != err.op_) {
- return op_ < err.op_;
} else if (!passed_->Equals(*err.passed_)) {
return passed_->LessThan(*err.passed_);
} else if (!failed_->Equals(*err.failed_)) {
diff --git a/sandbox/linux/seccomp-bpf/errorcode.h b/sandbox/linux/seccomp-bpf/errorcode.h
index 2cc001c..a322411 100644
--- a/sandbox/linux/seccomp-bpf/errorcode.h
+++ b/sandbox/linux/seccomp-bpf/errorcode.h
@@ -5,14 +5,11 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
#define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
-#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/trap.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
-struct arch_seccomp_data;
-
// This class holds all the possible values that can be returned by a sandbox
// policy.
// We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an
@@ -87,19 +84,11 @@
TP_64BIT,
};
+ // Deprecated.
enum Operation {
// Test whether the system call argument is equal to the operand.
OP_EQUAL,
- // Test whether the system call argument is greater (or equal) to the
- // operand. Please note that all tests always operate on unsigned
- // values. You can generally emulate signed tests, if that's what you
- // need.
- // TODO(markus): Check whether we should automatically emulate signed
- // operations.
- OP_GREATER_UNSIGNED,
- OP_GREATER_EQUAL_UNSIGNED,
-
// Tests a system call argument against a bit mask.
// The "ALL_BITS" variant performs this test: "arg & mask == mask"
// This implies that a mask of zero always results in a passing test.
@@ -107,9 +96,6 @@
// This implies that a mask of zero always results in a failing test.
OP_HAS_ALL_BITS,
OP_HAS_ANY_BITS,
-
- // Total number of operations.
- OP_NUM_OPS,
};
enum ErrorType {
@@ -124,7 +110,7 @@
// when compiling a BPF filter, we deliberately generate an invalid
// program that will get flagged both by our Verifier class and by
// the Linux kernel.
- ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {}
+ ErrorCode();
explicit ErrorCode(int err);
// For all practical purposes, ErrorCodes are treated as if they were
@@ -145,10 +131,10 @@
bool safe() const { return safe_; }
+ uint64_t mask() const { return mask_; }
uint64_t value() const { return value_; }
int argno() const { return argno_; }
ArgType width() const { return width_; }
- Operation op() const { return op_; }
const ErrorCode* passed() const { return passed_; }
const ErrorCode* failed() const { return failed_; }
@@ -166,13 +152,13 @@
// If we are wrapping a callback, we must assign a unique id. This id is
// how the kernel tells us which one of our different SECCOMP_RET_TRAP
// cases has been triggered.
- ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe, uint16_t id);
+ ErrorCode(Trap::TrapFnc fnc, const void* aux, bool safe);
// Some system calls require inspection of arguments. This constructor
// allows us to specify additional constraints.
ErrorCode(int argno,
ArgType width,
- Operation op,
+ uint64_t mask,
uint64_t value,
const ErrorCode* passed,
const ErrorCode* failed);
@@ -189,10 +175,10 @@
// Fields needed when inspecting additional arguments.
struct {
+ uint64_t mask_; // Mask that we are comparing under.
uint64_t value_; // Value that we are comparing with.
int argno_; // Syscall arg number that we are inspecting.
ArgType width_; // Whether we are looking at a 32/64bit value.
- Operation op_; // Comparison operation.
const ErrorCode* passed_; // Value to be returned if comparison passed,
const ErrorCode* failed_; // or if it failed.
};
diff --git a/sandbox/linux/seccomp-bpf/errorcode_unittest.cc b/sandbox/linux/seccomp-bpf/errorcode_unittest.cc
index f3b7748..5a39373 100644
--- a/sandbox/linux/seccomp-bpf/errorcode_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/errorcode_unittest.cc
@@ -2,8 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+
#include <errno.h>
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/tests/unit_tests.h"
diff --git a/sandbox/linux/seccomp-bpf/linux_seccomp.h b/sandbox/linux/seccomp-bpf/linux_seccomp.h
index 1716655..c13ef20 100644
--- a/sandbox/linux/seccomp-bpf/linux_seccomp.h
+++ b/sandbox/linux/seccomp-bpf/linux_seccomp.h
@@ -42,6 +42,9 @@
#ifndef EM_MIPS
#define EM_MIPS 8
#endif
+#ifndef EM_AARCH64
+#define EM_AARCH64 183
+#endif
#ifndef __AUDIT_ARCH_64BIT
#define __AUDIT_ARCH_64BIT 0x80000000
@@ -61,6 +64,9 @@
#ifndef AUDIT_ARCH_MIPSEL
#define AUDIT_ARCH_MIPSEL (EM_MIPS|__AUDIT_ARCH_LE)
#endif
+#ifndef AUDIT_ARCH_AARCH64
+#define AUDIT_ARCH_AARCH64 (EM_AARCH64 | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE)
+#endif
// For prctl.h
#ifndef PR_SET_SECCOMP
@@ -91,6 +97,16 @@
#define SECCOMP_MODE_FILTER 2 // User user-supplied filter
#endif
+#ifndef SECCOMP_SET_MODE_STRICT
+#define SECCOMP_SET_MODE_STRICT 0
+#endif
+#ifndef SECCOMP_SET_MODE_FILTER
+#define SECCOMP_SET_MODE_FILTER 1
+#endif
+#ifndef SECCOMP_FILTER_FLAG_TSYNC
+#define SECCOMP_FILTER_FLAG_TSYNC 1
+#endif
+
#ifndef SECCOMP_RET_KILL
// Return values supported for BPF filter programs. Please note that the
// "illegal" SECCOMP_RET_INVALID is not supported by the kernel, should only
@@ -354,6 +370,51 @@
#define SECCOMP_PT_PARM3(_regs) (_regs).REG_a2
#define SECCOMP_PT_PARM4(_regs) (_regs).REG_a3
+#elif defined(__aarch64__)
+struct regs_struct {
+ unsigned long long regs[31];
+ unsigned long long sp;
+ unsigned long long pc;
+ unsigned long long pstate;
+};
+
+#define MIN_SYSCALL 0u
+#define MAX_PUBLIC_SYSCALL 279u
+#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
+#define SECCOMP_ARCH AUDIT_ARCH_AARCH64
+
+#define SECCOMP_REG(_ctx, _reg) ((_ctx)->uc_mcontext.regs[_reg])
+
+#define SECCOMP_RESULT(_ctx) SECCOMP_REG(_ctx, 0)
+#define SECCOMP_SYSCALL(_ctx) SECCOMP_REG(_ctx, 8)
+#define SECCOMP_IP(_ctx) (_ctx)->uc_mcontext.pc
+#define SECCOMP_PARM1(_ctx) SECCOMP_REG(_ctx, 0)
+#define SECCOMP_PARM2(_ctx) SECCOMP_REG(_ctx, 1)
+#define SECCOMP_PARM3(_ctx) SECCOMP_REG(_ctx, 2)
+#define SECCOMP_PARM4(_ctx) SECCOMP_REG(_ctx, 3)
+#define SECCOMP_PARM5(_ctx) SECCOMP_REG(_ctx, 4)
+#define SECCOMP_PARM6(_ctx) SECCOMP_REG(_ctx, 5)
+
+#define SECCOMP_NR_IDX (offsetof(struct arch_seccomp_data, nr))
+#define SECCOMP_ARCH_IDX (offsetof(struct arch_seccomp_data, arch))
+#define SECCOMP_IP_MSB_IDX \
+ (offsetof(struct arch_seccomp_data, instruction_pointer) + 4)
+#define SECCOMP_IP_LSB_IDX \
+ (offsetof(struct arch_seccomp_data, instruction_pointer) + 0)
+#define SECCOMP_ARG_MSB_IDX(nr) \
+ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 4)
+#define SECCOMP_ARG_LSB_IDX(nr) \
+ (offsetof(struct arch_seccomp_data, args) + 8 * (nr) + 0)
+
+#define SECCOMP_PT_RESULT(_regs) (_regs).regs[0]
+#define SECCOMP_PT_SYSCALL(_regs) (_regs).regs[8]
+#define SECCOMP_PT_IP(_regs) (_regs).pc
+#define SECCOMP_PT_PARM1(_regs) (_regs).regs[0]
+#define SECCOMP_PT_PARM2(_regs) (_regs).regs[1]
+#define SECCOMP_PT_PARM3(_regs) (_regs).regs[2]
+#define SECCOMP_PT_PARM4(_regs) (_regs).regs[3]
+#define SECCOMP_PT_PARM5(_regs) (_regs).regs[4]
+#define SECCOMP_PT_PARM6(_regs) (_regs).regs[5]
#else
#error Unsupported target platform
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
index 6ecbca9..886ee84 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
@@ -12,24 +12,35 @@
#include <errno.h>
#include <fcntl.h>
+#include <linux/filter.h>
+#include <signal.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
+#include <limits>
+
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/posix/eintr_wrapper.h"
#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
#include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
+#include "sandbox/linux/seccomp-bpf/trap.h"
#include "sandbox/linux/seccomp-bpf/verifier.h"
+#include "sandbox/linux/services/linux_syscalls.h"
namespace sandbox {
@@ -37,8 +48,31 @@
const int kExpectedExitCode = 100;
-int popcount(uint32_t x) {
- return __builtin_popcount(x);
+#if defined(__i386__) || defined(__x86_64__)
+const bool kIsIntel = true;
+#else
+const bool kIsIntel = false;
+#endif
+#if defined(__x86_64__) && defined(__ILP32__)
+const bool kIsX32 = true;
+#else
+const bool kIsX32 = false;
+#endif
+
+const int kSyscallsRequiredForUnsafeTraps[] = {
+ __NR_rt_sigprocmask,
+ __NR_rt_sigreturn,
+#if defined(__NR_sigprocmask)
+ __NR_sigprocmask,
+#endif
+#if defined(__NR_sigreturn)
+ __NR_sigreturn,
+#endif
+};
+
+bool HasExactlyOneBit(uint64_t x) {
+ // Common trick; e.g., see http://stackoverflow.com/a/108329.
+ return x != 0 && (x & (x - 1)) == 0;
}
#if !defined(NDEBUG)
@@ -140,9 +174,7 @@
if (!*is_unsafe) {
if (BPF_CLASS(insn->code) == BPF_RET && insn->k > SECCOMP_RET_TRAP &&
insn->k - SECCOMP_RET_TRAP <= SECCOMP_RET_DATA) {
- const ErrorCode& err =
- Trap::ErrorCodeFromTrapId(insn->k & SECCOMP_RET_DATA);
- if (err.error_type() != ErrorCode::ET_INVALID && !err.safe()) {
+ if (!Trap::IsSafeTrapId(insn->k & SECCOMP_RET_DATA)) {
*is_unsafe = true;
}
}
@@ -198,9 +230,7 @@
int system_call_number) const OVERRIDE {
ErrorCode err =
wrapped_policy_->EvaluateSyscall(sandbox_compiler, system_call_number);
- if ((err.err() & SECCOMP_RET_ACTION) == SECCOMP_RET_ERRNO) {
- return ReturnErrnoViaTrap(sandbox_compiler, err.err() & SECCOMP_RET_DATA);
- }
+ ChangeErrnoToTraps(&err, sandbox_compiler);
return err;
}
@@ -214,6 +244,29 @@
return sandbox_compiler->Trap(ReturnErrno, reinterpret_cast<void*>(err));
}
+ // ChangeErrnoToTraps recursivly iterates through the ErrorCode
+ // converting any ERRNO to a userspace trap
+ void ChangeErrnoToTraps(ErrorCode* err, SandboxBPF* sandbox_compiler) const {
+ if (err->error_type() == ErrorCode::ET_SIMPLE &&
+ (err->err() & SECCOMP_RET_ACTION) == SECCOMP_RET_ERRNO) {
+ // Have an errno, need to change this to a trap
+ *err =
+ ReturnErrnoViaTrap(sandbox_compiler, err->err() & SECCOMP_RET_DATA);
+ return;
+ } else if (err->error_type() == ErrorCode::ET_COND) {
+ // Need to explore both paths
+ ChangeErrnoToTraps((ErrorCode*)err->passed(), sandbox_compiler);
+ ChangeErrnoToTraps((ErrorCode*)err->failed(), sandbox_compiler);
+ return;
+ } else if (err->error_type() == ErrorCode::ET_TRAP) {
+ return;
+ } else if (err->error_type() == ErrorCode::ET_SIMPLE &&
+ (err->err() & SECCOMP_RET_ACTION) == SECCOMP_RET_ALLOW) {
+ return;
+ }
+ NOTREACHED();
+ }
+
const SandboxBPFPolicy* wrapped_policy_;
DISALLOW_COPY_AND_ASSIGN(RedirectToUserSpacePolicyWrapper);
};
@@ -378,6 +431,7 @@
scoped_ptr<SandboxBPFPolicy>(new AllowAllPolicy()));
}
+// static
SandboxBPF::SandboxStatus SandboxBPF::SupportsSeccompSandbox(int proc_fd) {
// It the sandbox is currently active, we clearly must have support for
// sandboxing.
@@ -433,6 +487,24 @@
return status_;
}
+// static
+SandboxBPF::SandboxStatus
+SandboxBPF::SupportsSeccompThreadFilterSynchronization() {
+ // Applying NO_NEW_PRIVS, a BPF filter, and synchronizing the filter across
+ // the thread group are all handled atomically by this syscall.
+ const int rv = syscall(
+ __NR_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, NULL);
+
+ if (rv == -1 && errno == EFAULT) {
+ return STATUS_AVAILABLE;
+ } else {
+ // TODO(jln): turn these into DCHECK after 417888 is considered fixed.
+ CHECK_EQ(-1, rv);
+ CHECK(ENOSYS == errno || EINVAL == errno);
+ return STATUS_UNSUPPORTED;
+ }
+}
+
void SandboxBPF::set_proc_fd(int proc_fd) { proc_fd_ = proc_fd; }
bool SandboxBPF::StartSandbox(SandboxThreadState thread_state) {
@@ -458,9 +530,25 @@
// In the future, we might want to tighten this requirement.
}
- if (thread_state == PROCESS_SINGLE_THREADED && !IsSingleThreaded(proc_fd_)) {
- SANDBOX_DIE("Cannot start sandbox, if process is already multi-threaded");
- return false;
+ bool supports_tsync =
+ SupportsSeccompThreadFilterSynchronization() == STATUS_AVAILABLE;
+
+ if (thread_state == PROCESS_SINGLE_THREADED) {
+ if (!IsSingleThreaded(proc_fd_)) {
+ SANDBOX_DIE("Cannot start sandbox; process is already multi-threaded");
+ return false;
+ }
+ } else if (thread_state == PROCESS_MULTI_THREADED) {
+ if (IsSingleThreaded(proc_fd_)) {
+ SANDBOX_DIE("Cannot start sandbox; "
+ "process may be single-threaded when reported as not");
+ return false;
+ }
+ if (!supports_tsync) {
+ SANDBOX_DIE("Cannot start sandbox; kernel does not support synchronizing "
+ "filters for a threadgroup");
+ return false;
+ }
}
// We no longer need access to any files in /proc. We want to do this
@@ -475,7 +563,7 @@
}
// Install the filters.
- InstallFilter(thread_state);
+ InstallFilter(supports_tsync || thread_state == PROCESS_MULTI_THREADED);
// We are now inside the sandbox.
status_ = STATUS_ENABLED;
@@ -500,7 +588,7 @@
policy_.reset(policy);
}
-void SandboxBPF::InstallFilter(SandboxThreadState thread_state) {
+void SandboxBPF::InstallFilter(bool must_sync_threads) {
// We want to be very careful in not imposing any requirements on the
// policies that are set with SetSandboxPolicy(). This means, as soon as
// the sandbox is active, we shouldn't be relying on libraries that could
@@ -527,31 +615,26 @@
conds_ = NULL;
policy_.reset();
- // Install BPF filter program
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
SANDBOX_DIE(quiet_ ? NULL : "Kernel refuses to enable no-new-privs");
+ }
+
+ // Install BPF filter program. If the thread state indicates multi-threading
+ // support, then the kernel hass the seccomp system call. Otherwise, fall
+ // back on prctl, which requires the process to be single-threaded.
+ if (must_sync_threads) {
+ int rv = syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER,
+ SECCOMP_FILTER_FLAG_TSYNC, reinterpret_cast<const char*>(&prog));
+ if (rv) {
+ SANDBOX_DIE(quiet_ ? NULL :
+ "Kernel refuses to turn on and synchronize threads for BPF filters");
+ }
} else {
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
SANDBOX_DIE(quiet_ ? NULL : "Kernel refuses to turn on BPF filters");
}
}
- // TODO(rsesek): Always try to engage the sandbox with the
- // PROCESS_MULTI_THREADED path first, and if that fails, assert that the
- // process IsSingleThreaded() or SANDBOX_DIE.
-
- if (thread_state == PROCESS_MULTI_THREADED) {
- // TODO(rsesek): Move these to a more reasonable place once the kernel
- // patch has landed upstream and these values are formalized.
- #define PR_SECCOMP_EXT 41
- #define SECCOMP_EXT_ACT 1
- #define SECCOMP_EXT_ACT_TSYNC 1
- if (prctl(PR_SECCOMP_EXT, SECCOMP_EXT_ACT, SECCOMP_EXT_ACT_TSYNC, 0, 0)) {
- SANDBOX_DIE(quiet_ ? NULL : "Kernel refuses to synchronize threadgroup "
- "BPF filters.");
- }
- }
-
sandbox_has_started_ = true;
}
@@ -569,145 +652,8 @@
SANDBOX_DIE("Out of memory");
}
- // If the architecture doesn't match SECCOMP_ARCH, disallow the
- // system call.
- Instruction* tail;
- Instruction* head = gen->MakeInstruction(
- BPF_LD + BPF_W + BPF_ABS,
- SECCOMP_ARCH_IDX,
- tail = gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K,
- SECCOMP_ARCH,
- NULL,
- gen->MakeInstruction(
- BPF_RET + BPF_K,
- Kill("Invalid audit architecture in BPF filter"))));
-
- bool has_unsafe_traps = false;
- {
- // Evaluate all possible system calls and group their ErrorCodes into
- // ranges of identical codes.
- Ranges ranges;
- FindRanges(&ranges);
-
- // Compile the system call ranges to an optimized BPF jumptable
- Instruction* jumptable =
- AssembleJumpTable(gen, ranges.begin(), ranges.end());
-
- // If there is at least one UnsafeTrap() in our program, the entire sandbox
- // is unsafe. We need to modify the program so that all non-
- // SECCOMP_RET_ALLOW ErrorCodes are handled in user-space. This will then
- // allow us to temporarily disable sandboxing rules inside of callbacks to
- // UnsafeTrap().
- gen->Traverse(jumptable, CheckForUnsafeErrorCodes, &has_unsafe_traps);
-
- // Grab the system call number, so that we can implement jump tables.
- Instruction* load_nr =
- gen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS, SECCOMP_NR_IDX);
-
- // If our BPF program has unsafe jumps, enable support for them. This
- // test happens very early in the BPF filter program. Even before we
- // consider looking at system call numbers.
- // As support for unsafe jumps essentially defeats all the security
- // measures that the sandbox provides, we print a big warning message --
- // and of course, we make sure to only ever enable this feature if it
- // is actually requested by the sandbox policy.
- if (has_unsafe_traps) {
- if (Syscall::Call(-1) == -1 && errno == ENOSYS) {
- SANDBOX_DIE(
- "Support for UnsafeTrap() has not yet been ported to this "
- "architecture");
- }
-
- if (!policy_->EvaluateSyscall(this, __NR_rt_sigprocmask)
- .Equals(ErrorCode(ErrorCode::ERR_ALLOWED)) ||
- !policy_->EvaluateSyscall(this, __NR_rt_sigreturn)
- .Equals(ErrorCode(ErrorCode::ERR_ALLOWED))
-#if defined(__NR_sigprocmask)
- ||
- !policy_->EvaluateSyscall(this, __NR_sigprocmask)
- .Equals(ErrorCode(ErrorCode::ERR_ALLOWED))
-#endif
-#if defined(__NR_sigreturn)
- ||
- !policy_->EvaluateSyscall(this, __NR_sigreturn)
- .Equals(ErrorCode(ErrorCode::ERR_ALLOWED))
-#endif
- ) {
- SANDBOX_DIE(
- "Invalid seccomp policy; if using UnsafeTrap(), you must "
- "unconditionally allow sigreturn() and sigprocmask()");
- }
-
- if (!Trap::EnableUnsafeTrapsInSigSysHandler()) {
- // We should never be able to get here, as UnsafeTrap() should never
- // actually return a valid ErrorCode object unless the user set the
- // CHROME_SANDBOX_DEBUGGING environment variable; and therefore,
- // "has_unsafe_traps" would always be false. But better double-check
- // than enabling dangerous code.
- SANDBOX_DIE("We'd rather die than enable unsafe traps");
- }
- gen->Traverse(jumptable, RedirectToUserspace, this);
-
- // Allow system calls, if they originate from our magic return address
- // (which we can query by calling Syscall::Call(-1)).
- uintptr_t syscall_entry_point = static_cast<uintptr_t>(Syscall::Call(-1));
- uint32_t low = static_cast<uint32_t>(syscall_entry_point);
-#if __SIZEOF_POINTER__ > 4
- uint32_t hi = static_cast<uint32_t>(syscall_entry_point >> 32);
-#endif
-
- // BPF cannot do native 64bit comparisons. On 64bit architectures, we
- // have to compare both 32bit halves of the instruction pointer. If they
- // match what we expect, we return ERR_ALLOWED. If either or both don't
- // match, we continue evalutating the rest of the sandbox policy.
- Instruction* escape_hatch = gen->MakeInstruction(
- BPF_LD + BPF_W + BPF_ABS,
- SECCOMP_IP_LSB_IDX,
- gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K,
- low,
-#if __SIZEOF_POINTER__ > 4
- gen->MakeInstruction(
- BPF_LD + BPF_W + BPF_ABS,
- SECCOMP_IP_MSB_IDX,
- gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K,
- hi,
-#endif
- gen->MakeInstruction(BPF_RET + BPF_K,
- ErrorCode(ErrorCode::ERR_ALLOWED)),
-#if __SIZEOF_POINTER__ > 4
- load_nr)),
-#endif
- load_nr));
- gen->JoinInstructions(tail, escape_hatch);
- } else {
- gen->JoinInstructions(tail, load_nr);
- }
- tail = load_nr;
-
-// On Intel architectures, verify that system call numbers are in the
-// expected number range. The older i386 and x86-64 APIs clear bit 30
-// on all system calls. The newer x32 API always sets bit 30.
-#if defined(__i386__) || defined(__x86_64__)
- Instruction* invalidX32 = gen->MakeInstruction(
- BPF_RET + BPF_K, Kill("Illegal mixing of system call ABIs").err_);
- Instruction* checkX32 =
-#if defined(__x86_64__) && defined(__ILP32__)
- gen->MakeInstruction(
- BPF_JMP + BPF_JSET + BPF_K, 0x40000000, 0, invalidX32);
-#else
- gen->MakeInstruction(
- BPF_JMP + BPF_JSET + BPF_K, 0x40000000, invalidX32, 0);
-#endif
- gen->JoinInstructions(tail, checkX32);
- tail = checkX32;
-#endif
-
- // Append jump table to our pre-amble
- gen->JoinInstructions(tail, jumptable);
- }
+ bool has_unsafe_traps;
+ Instruction* head = CompilePolicy(gen, &has_unsafe_traps);
// Turn the DAG into a vector of instructions.
Program* program = new Program();
@@ -727,6 +673,146 @@
return program;
}
+Instruction* SandboxBPF::CompilePolicy(CodeGen* gen, bool* has_unsafe_traps) {
+ // A compiled policy consists of three logical parts:
+ // 1. Check that the "arch" field matches the expected architecture.
+ // 2. If the policy involves unsafe traps, check if the syscall was
+ // invoked by Syscall::Call, and then allow it unconditionally.
+ // 3. Check the system call number and jump to the appropriate compiled
+ // system call policy number.
+ return CheckArch(
+ gen, MaybeAddEscapeHatch(gen, has_unsafe_traps, DispatchSyscall(gen)));
+}
+
+Instruction* SandboxBPF::CheckArch(CodeGen* gen, Instruction* passed) {
+ // If the architecture doesn't match SECCOMP_ARCH, disallow the
+ // system call.
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ SECCOMP_ARCH_IDX,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K,
+ SECCOMP_ARCH,
+ passed,
+ RetExpression(gen,
+ Kill("Invalid audit architecture in BPF filter"))));
+}
+
+Instruction* SandboxBPF::MaybeAddEscapeHatch(CodeGen* gen,
+ bool* has_unsafe_traps,
+ Instruction* rest) {
+ // If there is at least one UnsafeTrap() in our program, the entire sandbox
+ // is unsafe. We need to modify the program so that all non-
+ // SECCOMP_RET_ALLOW ErrorCodes are handled in user-space. This will then
+ // allow us to temporarily disable sandboxing rules inside of callbacks to
+ // UnsafeTrap().
+ *has_unsafe_traps = false;
+ gen->Traverse(rest, CheckForUnsafeErrorCodes, has_unsafe_traps);
+ if (!*has_unsafe_traps) {
+ // If no unsafe traps, then simply return |rest|.
+ return rest;
+ }
+
+ // If our BPF program has unsafe jumps, enable support for them. This
+ // test happens very early in the BPF filter program. Even before we
+ // consider looking at system call numbers.
+ // As support for unsafe jumps essentially defeats all the security
+ // measures that the sandbox provides, we print a big warning message --
+ // and of course, we make sure to only ever enable this feature if it
+ // is actually requested by the sandbox policy.
+ if (Syscall::Call(-1) == -1 && errno == ENOSYS) {
+ SANDBOX_DIE(
+ "Support for UnsafeTrap() has not yet been ported to this "
+ "architecture");
+ }
+
+ for (size_t i = 0; i < arraysize(kSyscallsRequiredForUnsafeTraps); ++i) {
+ if (!policy_->EvaluateSyscall(this, kSyscallsRequiredForUnsafeTraps[i])
+ .Equals(ErrorCode(ErrorCode::ERR_ALLOWED))) {
+ SANDBOX_DIE(
+ "Policies that use UnsafeTrap() must unconditionally allow all "
+ "required system calls");
+ }
+ }
+
+ if (!Trap::EnableUnsafeTrapsInSigSysHandler()) {
+ // We should never be able to get here, as UnsafeTrap() should never
+ // actually return a valid ErrorCode object unless the user set the
+ // CHROME_SANDBOX_DEBUGGING environment variable; and therefore,
+ // "has_unsafe_traps" would always be false. But better double-check
+ // than enabling dangerous code.
+ SANDBOX_DIE("We'd rather die than enable unsafe traps");
+ }
+ gen->Traverse(rest, RedirectToUserspace, this);
+
+ // Allow system calls, if they originate from our magic return address
+ // (which we can query by calling Syscall::Call(-1)).
+ uint64_t syscall_entry_point =
+ static_cast<uint64_t>(static_cast<uintptr_t>(Syscall::Call(-1)));
+ uint32_t low = static_cast<uint32_t>(syscall_entry_point);
+ uint32_t hi = static_cast<uint32_t>(syscall_entry_point >> 32);
+
+ // BPF cannot do native 64-bit comparisons, so we have to compare
+ // both 32-bit halves of the instruction pointer. If they match what
+ // we expect, we return ERR_ALLOWED. If either or both don't match,
+ // we continue evalutating the rest of the sandbox policy.
+ //
+ // For simplicity, we check the full 64-bit instruction pointer even
+ // on 32-bit architectures.
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ SECCOMP_IP_LSB_IDX,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K,
+ low,
+ gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ SECCOMP_IP_MSB_IDX,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K,
+ hi,
+ RetExpression(gen, ErrorCode(ErrorCode::ERR_ALLOWED)),
+ rest)),
+ rest));
+}
+
+Instruction* SandboxBPF::DispatchSyscall(CodeGen* gen) {
+ // Evaluate all possible system calls and group their ErrorCodes into
+ // ranges of identical codes.
+ Ranges ranges;
+ FindRanges(&ranges);
+
+ // Compile the system call ranges to an optimized BPF jumptable
+ Instruction* jumptable = AssembleJumpTable(gen, ranges.begin(), ranges.end());
+
+ // Grab the system call number, so that we can check it and then
+ // execute the jump table.
+ return gen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS,
+ SECCOMP_NR_IDX,
+ CheckSyscallNumber(gen, jumptable));
+}
+
+Instruction* SandboxBPF::CheckSyscallNumber(CodeGen* gen, Instruction* passed) {
+ if (kIsIntel) {
+ // On Intel architectures, verify that system call numbers are in the
+ // expected number range.
+ Instruction* invalidX32 =
+ RetExpression(gen, Kill("Illegal mixing of system call ABIs"));
+ if (kIsX32) {
+ // The newer x32 API always sets bit 30.
+ return gen->MakeInstruction(
+ BPF_JMP + BPF_JSET + BPF_K, 0x40000000, passed, invalidX32);
+ } else {
+ // The older i386 and x86-64 APIs clear bit 30 on all system calls.
+ return gen->MakeInstruction(
+ BPF_JMP + BPF_JSET + BPF_K, 0x40000000, invalidX32, passed);
+ }
+ }
+
+ // TODO(mdempsky): Similar validation for other architectures?
+ return passed;
+}
+
void SandboxBPF::VerifyProgram(const Program& program, bool has_unsafe_traps) {
// If we previously rewrote the BPF program so that it calls user-space
// whenever we return an "errno" value from the filter, then we have to
@@ -799,194 +885,166 @@
}
Instruction* SandboxBPF::RetExpression(CodeGen* gen, const ErrorCode& err) {
- if (err.error_type_ == ErrorCode::ET_COND) {
- return CondExpression(gen, err);
- } else {
- return gen->MakeInstruction(BPF_RET + BPF_K, err);
+ switch (err.error_type()) {
+ case ErrorCode::ET_COND:
+ return CondExpression(gen, err);
+ case ErrorCode::ET_SIMPLE:
+ case ErrorCode::ET_TRAP:
+ return gen->MakeInstruction(BPF_RET + BPF_K, err.err());
+ default:
+ SANDBOX_DIE("ErrorCode is not suitable for returning from a BPF program");
}
}
Instruction* SandboxBPF::CondExpression(CodeGen* gen, const ErrorCode& cond) {
- // We can only inspect the six system call arguments that are passed in
- // CPU registers.
+ // Sanity check that |cond| makes sense.
if (cond.argno_ < 0 || cond.argno_ >= 6) {
- SANDBOX_DIE(
- "Internal compiler error; invalid argument number "
- "encountered");
+ SANDBOX_DIE("sandbox_bpf: invalid argument number");
}
-
- // BPF programs operate on 32bit entities. Load both halfs of the 64bit
- // system call argument and then generate suitable conditional statements.
- Instruction* msb_head = gen->MakeInstruction(
- BPF_LD + BPF_W + BPF_ABS, SECCOMP_ARG_MSB_IDX(cond.argno_));
- Instruction* msb_tail = msb_head;
- Instruction* lsb_head = gen->MakeInstruction(
- BPF_LD + BPF_W + BPF_ABS, SECCOMP_ARG_LSB_IDX(cond.argno_));
- Instruction* lsb_tail = lsb_head;
-
- // Emit a suitable comparison statement.
- switch (cond.op_) {
- case ErrorCode::OP_EQUAL:
- // Compare the least significant bits for equality
- lsb_tail = gen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K,
- static_cast<uint32_t>(cond.value_),
- RetExpression(gen, *cond.passed_),
- RetExpression(gen, *cond.failed_));
- gen->JoinInstructions(lsb_head, lsb_tail);
-
- // If we are looking at a 64bit argument, we need to also compare the
- // most significant bits.
- if (cond.width_ == ErrorCode::TP_64BIT) {
- msb_tail =
- gen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K,
- static_cast<uint32_t>(cond.value_ >> 32),
- lsb_head,
- RetExpression(gen, *cond.failed_));
- gen->JoinInstructions(msb_head, msb_tail);
- }
- break;
- case ErrorCode::OP_HAS_ALL_BITS:
- // Check the bits in the LSB half of the system call argument. Our
- // OP_HAS_ALL_BITS operator passes, iff all of the bits are set. This is
- // different from the kernel's BPF_JSET operation which passes, if any of
- // the bits are set.
- // Of course, if there is only a single set bit (or none at all), then
- // things get easier.
- {
- uint32_t lsb_bits = static_cast<uint32_t>(cond.value_);
- int lsb_bit_count = popcount(lsb_bits);
- if (lsb_bit_count == 0) {
- // No bits are set in the LSB half. The test will always pass.
- lsb_head = RetExpression(gen, *cond.passed_);
- lsb_tail = NULL;
- } else if (lsb_bit_count == 1) {
- // Exactly one bit is set in the LSB half. We can use the BPF_JSET
- // operator.
- lsb_tail = gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K,
- lsb_bits,
- RetExpression(gen, *cond.passed_),
- RetExpression(gen, *cond.failed_));
- gen->JoinInstructions(lsb_head, lsb_tail);
- } else {
- // More than one bit is set in the LSB half. We need to combine
- // BPF_AND and BPF_JEQ to test whether all of these bits are in fact
- // set in the system call argument.
- gen->JoinInstructions(
- lsb_head,
- gen->MakeInstruction(BPF_ALU + BPF_AND + BPF_K,
- lsb_bits,
- lsb_tail = gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K,
- lsb_bits,
- RetExpression(gen, *cond.passed_),
- RetExpression(gen, *cond.failed_))));
- }
- }
-
- // If we are looking at a 64bit argument, we need to also check the bits
- // in the MSB half of the system call argument.
- if (cond.width_ == ErrorCode::TP_64BIT) {
- uint32_t msb_bits = static_cast<uint32_t>(cond.value_ >> 32);
- int msb_bit_count = popcount(msb_bits);
- if (msb_bit_count == 0) {
- // No bits are set in the MSB half. The test will always pass.
- msb_head = lsb_head;
- } else if (msb_bit_count == 1) {
- // Exactly one bit is set in the MSB half. We can use the BPF_JSET
- // operator.
- msb_tail = gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K,
- msb_bits,
- lsb_head,
- RetExpression(gen, *cond.failed_));
- gen->JoinInstructions(msb_head, msb_tail);
- } else {
- // More than one bit is set in the MSB half. We need to combine
- // BPF_AND and BPF_JEQ to test whether all of these bits are in fact
- // set in the system call argument.
- gen->JoinInstructions(
- msb_head,
- gen->MakeInstruction(
- BPF_ALU + BPF_AND + BPF_K,
- msb_bits,
- gen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K,
- msb_bits,
- lsb_head,
- RetExpression(gen, *cond.failed_))));
- }
- }
- break;
- case ErrorCode::OP_HAS_ANY_BITS:
- // Check the bits in the LSB half of the system call argument. Our
- // OP_HAS_ANY_BITS operator passes, iff any of the bits are set. This maps
- // nicely to the kernel's BPF_JSET operation.
- {
- uint32_t lsb_bits = static_cast<uint32_t>(cond.value_);
- if (!lsb_bits) {
- // No bits are set in the LSB half. The test will always fail.
- lsb_head = RetExpression(gen, *cond.failed_);
- lsb_tail = NULL;
- } else {
- lsb_tail = gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K,
- lsb_bits,
- RetExpression(gen, *cond.passed_),
- RetExpression(gen, *cond.failed_));
- gen->JoinInstructions(lsb_head, lsb_tail);
- }
- }
-
- // If we are looking at a 64bit argument, we need to also check the bits
- // in the MSB half of the system call argument.
- if (cond.width_ == ErrorCode::TP_64BIT) {
- uint32_t msb_bits = static_cast<uint32_t>(cond.value_ >> 32);
- if (!msb_bits) {
- // No bits are set in the MSB half. The test will always fail.
- msb_head = lsb_head;
- } else {
- msb_tail = gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K,
- msb_bits,
- RetExpression(gen, *cond.passed_),
- lsb_head);
- gen->JoinInstructions(msb_head, msb_tail);
- }
- }
- break;
- default:
- // TODO(markus): Need to add support for OP_GREATER
- SANDBOX_DIE("Not implemented");
- break;
+ if (cond.width_ != ErrorCode::TP_32BIT &&
+ cond.width_ != ErrorCode::TP_64BIT) {
+ SANDBOX_DIE("sandbox_bpf: invalid argument width");
}
+ if (cond.mask_ == 0) {
+ SANDBOX_DIE("sandbox_bpf: zero mask is invalid");
+ }
+ if ((cond.value_ & cond.mask_) != cond.value_) {
+ SANDBOX_DIE("sandbox_bpf: value contains masked out bits");
+ }
+ if (cond.width_ == ErrorCode::TP_32BIT &&
+ ((cond.mask_ >> 32) != 0 || (cond.value_ >> 32) != 0)) {
+ SANDBOX_DIE("sandbox_bpf: test exceeds argument size");
+ }
+ // TODO(mdempsky): Reject TP_64BIT on 32-bit platforms. For now we allow it
+ // because some SandboxBPF unit tests exercise it.
- // Ensure that we never pass a 64bit value, when we only expect a 32bit
- // value. This is somewhat complicated by the fact that on 64bit systems,
- // callers could legitimately pass in a non-zero value in the MSB, iff the
- // LSB has been sign-extended into the MSB.
- if (cond.width_ == ErrorCode::TP_32BIT) {
- if (cond.value_ >> 32) {
- SANDBOX_DIE(
- "Invalid comparison of a 32bit system call argument "
- "against a 64bit constant; this test is always false.");
+ Instruction* passed = RetExpression(gen, *cond.passed_);
+ Instruction* failed = RetExpression(gen, *cond.failed_);
+
+ // We want to emit code to check "(arg & mask) == value" where arg, mask, and
+ // value are 64-bit values, but the BPF machine is only 32-bit. We implement
+ // this by independently testing the upper and lower 32-bits and continuing to
+ // |passed| if both evaluate true, or to |failed| if either evaluate false.
+ return CondExpressionHalf(
+ gen,
+ cond,
+ UpperHalf,
+ CondExpressionHalf(gen, cond, LowerHalf, passed, failed),
+ failed);
+}
+
+Instruction* SandboxBPF::CondExpressionHalf(CodeGen* gen,
+ const ErrorCode& cond,
+ ArgHalf half,
+ Instruction* passed,
+ Instruction* failed) {
+ if (cond.width_ == ErrorCode::TP_32BIT && half == UpperHalf) {
+ // Special logic for sanity checking the upper 32-bits of 32-bit system
+ // call arguments.
+
+ // TODO(mdempsky): Compile Unexpected64bitArgument() just per program.
+ Instruction* invalid_64bit = RetExpression(gen, Unexpected64bitArgument());
+
+ const uint32_t upper = SECCOMP_ARG_MSB_IDX(cond.argno_);
+ const uint32_t lower = SECCOMP_ARG_LSB_IDX(cond.argno_);
+
+ if (sizeof(void*) == 4) {
+ // On 32-bit platforms, the upper 32-bits should always be 0:
+ // LDW [upper]
+ // JEQ 0, passed, invalid
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ upper,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K, 0, passed, invalid_64bit));
}
- Instruction* invalid_64bit = RetExpression(gen, Unexpected64bitArgument());
-#if __SIZEOF_POINTER__ > 4
- invalid_64bit = gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K,
- 0xFFFFFFFF,
- gen->MakeInstruction(BPF_LD + BPF_W + BPF_ABS,
- SECCOMP_ARG_LSB_IDX(cond.argno_),
- gen->MakeInstruction(BPF_JMP + BPF_JGE + BPF_K,
- 0x80000000,
- lsb_head,
- invalid_64bit)),
- invalid_64bit);
-#endif
- gen->JoinInstructions(
- msb_tail,
+ // On 64-bit platforms, the upper 32-bits may be 0 or ~0; but we only allow
+ // ~0 if the sign bit of the lower 32-bits is set too:
+ // LDW [upper]
+ // JEQ 0, passed, (next)
+ // JEQ ~0, (next), invalid
+ // LDW [lower]
+ // JSET (1<<31), passed, invalid
+ //
+ // TODO(mdempsky): The JSET instruction could perhaps jump to passed->next
+ // instead, as the first instruction of passed should be "LDW [lower]".
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ upper,
gen->MakeInstruction(
- BPF_JMP + BPF_JEQ + BPF_K, 0, lsb_head, invalid_64bit));
+ BPF_JMP + BPF_JEQ + BPF_K,
+ 0,
+ passed,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K,
+ std::numeric_limits<uint32_t>::max(),
+ gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ lower,
+ gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K,
+ 1U << 31,
+ passed,
+ invalid_64bit)),
+ invalid_64bit)));
}
- return msb_head;
+ const uint32_t idx = (half == UpperHalf) ? SECCOMP_ARG_MSB_IDX(cond.argno_)
+ : SECCOMP_ARG_LSB_IDX(cond.argno_);
+ const uint32_t mask = (half == UpperHalf) ? cond.mask_ >> 32 : cond.mask_;
+ const uint32_t value = (half == UpperHalf) ? cond.value_ >> 32 : cond.value_;
+
+ // Emit a suitable instruction sequence for (arg & mask) == value.
+
+ // For (arg & 0) == 0, just return passed.
+ if (mask == 0) {
+ CHECK_EQ(0U, value);
+ return passed;
+ }
+
+ // For (arg & ~0) == value, emit:
+ // LDW [idx]
+ // JEQ value, passed, failed
+ if (mask == std::numeric_limits<uint32_t>::max()) {
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ idx,
+ gen->MakeInstruction(BPF_JMP + BPF_JEQ + BPF_K, value, passed, failed));
+ }
+
+ // For (arg & mask) == 0, emit:
+ // LDW [idx]
+ // JSET mask, failed, passed
+ // (Note: failed and passed are intentionally swapped.)
+ if (value == 0) {
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ idx,
+ gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K, mask, failed, passed));
+ }
+
+ // For (arg & x) == x where x is a single-bit value, emit:
+ // LDW [idx]
+ // JSET mask, passed, failed
+ if (mask == value && HasExactlyOneBit(mask)) {
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ idx,
+ gen->MakeInstruction(BPF_JMP + BPF_JSET + BPF_K, mask, passed, failed));
+ }
+
+ // Generic fallback:
+ // LDW [idx]
+ // AND mask
+ // JEQ value, passed, failed
+ return gen->MakeInstruction(
+ BPF_LD + BPF_W + BPF_ABS,
+ idx,
+ gen->MakeInstruction(
+ BPF_ALU + BPF_AND + BPF_K,
+ mask,
+ gen->MakeInstruction(
+ BPF_JMP + BPF_JEQ + BPF_K, value, passed, failed)));
}
ErrorCode SandboxBPF::Unexpected64bitArgument() {
@@ -994,11 +1052,20 @@
}
ErrorCode SandboxBPF::Trap(Trap::TrapFnc fnc, const void* aux) {
- return Trap::MakeTrap(fnc, aux, true /* Safe Trap */);
+ return ErrorCode(fnc, aux, true /* Safe Trap */);
}
ErrorCode SandboxBPF::UnsafeTrap(Trap::TrapFnc fnc, const void* aux) {
- return Trap::MakeTrap(fnc, aux, false /* Unsafe Trap */);
+ return ErrorCode(fnc, aux, false /* Unsafe Trap */);
+}
+
+bool SandboxBPF::IsRequiredForUnsafeTrap(int sysno) {
+ for (size_t i = 0; i < arraysize(kSyscallsRequiredForUnsafeTraps); ++i) {
+ if (sysno == kSyscallsRequiredForUnsafeTraps[i]) {
+ return true;
+ }
+ }
+ return false;
}
intptr_t SandboxBPF::ForwardSyscall(const struct arch_seccomp_data& args) {
@@ -1011,18 +1078,59 @@
static_cast<intptr_t>(args.args[5]));
}
+ErrorCode SandboxBPF::CondMaskedEqual(int argno,
+ ErrorCode::ArgType width,
+ uint64_t mask,
+ uint64_t value,
+ const ErrorCode& passed,
+ const ErrorCode& failed) {
+ return ErrorCode(argno,
+ width,
+ mask,
+ value,
+ &*conds_->insert(passed).first,
+ &*conds_->insert(failed).first);
+}
+
ErrorCode SandboxBPF::Cond(int argno,
ErrorCode::ArgType width,
ErrorCode::Operation op,
uint64_t value,
const ErrorCode& passed,
const ErrorCode& failed) {
- return ErrorCode(argno,
- width,
- op,
- value,
- &*conds_->insert(passed).first,
- &*conds_->insert(failed).first);
+ // CondExpression() currently rejects mask==0 as invalid, but there are
+ // SandboxBPF unit tests that (questionably) expect OP_HAS_{ANY,ALL}_BITS to
+ // work with value==0. To keep those tests working for now, we specially
+ // convert value==0 here.
+
+ switch (op) {
+ case ErrorCode::OP_EQUAL: {
+ // Convert to "(arg & ~0) == value".
+ const uint64_t mask = (width == ErrorCode::TP_64BIT)
+ ? std::numeric_limits<uint64_t>::max()
+ : std::numeric_limits<uint32_t>::max();
+ return CondMaskedEqual(argno, width, mask, value, passed, failed);
+ }
+
+ case ErrorCode::OP_HAS_ALL_BITS:
+ if (value == 0) {
+ // Always passes.
+ return passed;
+ }
+ // Convert to "(arg & value) == value".
+ return CondMaskedEqual(argno, width, value, value, passed, failed);
+
+ case ErrorCode::OP_HAS_ANY_BITS:
+ if (value == 0) {
+ // Always fails.
+ return failed;
+ }
+ // Convert to "(arg & value) == 0", but swap passed and failed.
+ return CondMaskedEqual(argno, width, value, 0, failed, passed);
+
+ default:
+ SANDBOX_DIE("Not implemented");
+ }
}
ErrorCode SandboxBPF::Kill(const char* msg) {
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 32fe2a7..d7fb1ff 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -5,40 +5,21 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
-#include <stddef.h>
-#include <sys/types.h>
-#include <sys/wait.h>
+#include <stdint.h>
-#include <algorithm>
-#include <limits>
#include <map>
#include <set>
-#include <utility>
#include <vector>
#include "base/compiler_specific.h"
#include "base/memory/scoped_ptr.h"
-#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/errorcode.h"
-#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+#include "sandbox/linux/seccomp-bpf/trap.h"
#include "sandbox/sandbox_export.h"
+struct sock_filter;
+
namespace sandbox {
-
-// This must match the kernel's seccomp_data structure.
-struct arch_seccomp_data {
- int nr;
- uint32_t arch;
- uint64_t instruction_pointer;
- uint64_t args[6];
-};
-
-struct arch_sigsys {
- void* ip;
- int nr;
- unsigned int arch;
-};
-
class CodeGen;
class SandboxBPFPolicy;
class SandboxUnittestHelper;
@@ -95,6 +76,10 @@
// provided by the caller.
static SandboxStatus SupportsSeccompSandbox(int proc_fd);
+ // Determines if the kernel has support for the seccomp() system call to
+ // synchronize BPF filters across a thread group.
+ static SandboxStatus SupportsSeccompThreadFilterSynchronization();
+
// The sandbox needs to be able to access files in "/proc/self". If this
// directory is not accessible when "startSandbox()" gets called, the caller
// can provide an already opened file descriptor by calling "set_proc_fd()".
@@ -112,7 +97,7 @@
// The "aux" field can carry a pointer to arbitrary data. See EvaluateSyscall
// for a description of how to pass data from SetSandboxPolicy() to a Trap()
// handler.
- ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
+ static ErrorCode Trap(Trap::TrapFnc fnc, const void* aux);
// Calls a user-space trap handler and disables all sandboxing for system
// calls made from this trap handler.
@@ -124,7 +109,11 @@
// very useful to diagnose code that is incompatible with the sandbox.
// If even a single system call returns "UnsafeTrap", the security of
// entire sandbox should be considered compromised.
- ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
+ static ErrorCode UnsafeTrap(Trap::TrapFnc fnc, const void* aux);
+
+ // UnsafeTraps require some syscalls to always be allowed.
+ // This helper function returns true for these calls.
+ static bool IsRequiredForUnsafeTrap(int sysno);
// From within an UnsafeTrap() it is often useful to be able to execute
// the system call that triggered the trap. The ForwardSyscall() method
@@ -139,13 +128,21 @@
// We can also use ErrorCode to request evaluation of a conditional
// statement based on inspection of system call parameters.
// This method wrap an ErrorCode object around the conditional statement.
- // Argument "argno" (1..6) will be compared to "value" using comparator
- // "op". If the condition is true "passed" will be returned, otherwise
- // "failed".
+ // Argument "argno" (1..6) will be bitwise-AND'd with "mask" and compared
+ // to "value"; if equal, then "passed" will be returned, otherwise "failed".
// If "is32bit" is set, the argument must in the range of 0x0..(1u << 32 - 1)
// If it is outside this range, the sandbox treats the system call just
// the same as any other ABI violation (i.e. it aborts with an error
// message).
+ ErrorCode CondMaskedEqual(int argno,
+ ErrorCode::ArgType is_32bit,
+ uint64_t mask,
+ uint64_t value,
+ const ErrorCode& passed,
+ const ErrorCode& failed);
+
+ // Legacy variant of CondMaskedEqual that supports a few comparison
+ // operations, which get converted into masked-equality comparisons.
ErrorCode Cond(int argno,
ErrorCode::ArgType is_32bit,
ErrorCode::Operation op,
@@ -154,7 +151,7 @@
const ErrorCode& failed);
// Kill the program and print an error message.
- ErrorCode Kill(const char* msg);
+ static ErrorCode Kill(const char* msg);
// This is the main public entry point. It finds all system calls that
// need rewriting, sets up the resources needed by the sandbox, and
@@ -184,7 +181,7 @@
// Returns the fatal ErrorCode that is used to indicate that somebody
// attempted to pass a 64bit value in a 32bit system call argument.
// This method is primarily needed for testing purposes.
- ErrorCode Unexpected64bitArgument();
+ static ErrorCode Unexpected64bitArgument();
private:
friend class CodeGen;
@@ -201,6 +198,13 @@
typedef std::map<uint32_t, ErrorCode> ErrMap;
typedef std::set<ErrorCode, struct ErrorCode::LessThan> Conds;
+ // Used by CondExpressionHalf to track which half of the argument it's
+ // emitting instructions for.
+ enum ArgHalf {
+ LowerHalf,
+ UpperHalf,
+ };
+
// Get a file descriptor pointing to "/proc", if currently available.
int proc_fd() { return proc_fd_; }
@@ -221,7 +225,38 @@
// Assembles and installs a filter based on the policy that has previously
// been configured with SetSandboxPolicy().
- void InstallFilter(SandboxThreadState thread_state);
+ void InstallFilter(bool must_sync_threads);
+
+ // Compile the configured policy into a complete instruction sequence.
+ // (See MaybeAddEscapeHatch for |has_unsafe_traps|.)
+ Instruction* CompilePolicy(CodeGen* gen, bool* has_unsafe_traps);
+
+ // Return an instruction sequence that checks the
+ // arch_seccomp_data's "arch" field is valid, and then passes
+ // control to |passed| if so.
+ Instruction* CheckArch(CodeGen* gen, Instruction* passed);
+
+ // If the |rest| instruction sequence contains any unsafe traps,
+ // then sets |*has_unsafe_traps| to true and returns an instruction
+ // sequence that allows all system calls from Syscall::Call(), and
+ // otherwise passes control to |rest|.
+ //
+ // If |rest| contains no unsafe traps, then |rest| is returned
+ // directly and |*has_unsafe_traps| is set to false.
+ Instruction* MaybeAddEscapeHatch(CodeGen* gen,
+ bool* has_unsafe_traps,
+ Instruction* rest);
+
+ // Return an instruction sequence that loads and checks the system
+ // call number, performs a binary search, and then dispatches to an
+ // appropriate instruction sequence compiled from the current
+ // policy.
+ Instruction* DispatchSyscall(CodeGen* gen);
+
+ // Return an instruction sequence that checks the system call number
+ // (expected to be loaded in register A) and if valid, passes
+ // control to |passed| (with register A still valid).
+ Instruction* CheckSyscallNumber(CodeGen* gen, Instruction* passed);
// Verify the correctness of a compiled program by comparing it against the
// current policy. This function should only ever be called by unit tests and
@@ -253,6 +288,14 @@
// called from RetExpression().
Instruction* CondExpression(CodeGen* gen, const ErrorCode& cond);
+ // Returns a BPF program that evaluates half of a conditional expression;
+ // it should only ever be called from CondExpression().
+ Instruction* CondExpressionHalf(CodeGen* gen,
+ const ErrorCode& cond,
+ ArgHalf half,
+ Instruction* passed,
+ Instruction* failed);
+
static SandboxStatus status_;
bool quiet_;
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h
deleted file mode 100644
index d4b8ab8..0000000
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_
-#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_
-
-#include "base/basictypes.h"
-#include "base/logging.h"
-#include "base/macros.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
-
-namespace sandbox {
-
-// This class allows compatibility with the old, deprecated
-// policies that were designed for SetSandboxPolicyDeprecated().
-template <class AuxType>
-class CompatibilityPolicy : public SandboxBPFPolicy {
- public:
- typedef ErrorCode (*SyscallEvaluator)(SandboxBPF* sandbox_compiler,
- int system_call_number,
- AuxType* aux);
- CompatibilityPolicy(SyscallEvaluator syscall_evaluator, AuxType* aux)
- : syscall_evaluator_(syscall_evaluator), aux_(aux) {}
-
- virtual ~CompatibilityPolicy() {}
-
- virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
- int system_call_number) const OVERRIDE {
- DCHECK(SandboxBPF::IsValidSyscallNumber(system_call_number));
- return syscall_evaluator_(sandbox_compiler, system_call_number, aux_);
- }
-
- private:
- SyscallEvaluator syscall_evaluator_;
- AuxType* aux_;
- DISALLOW_COPY_AND_ASSIGN(CompatibilityPolicy);
-};
-
-} // namespace sandbox
-
-#endif // SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
index fc6fdf6..5a26f2b 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h
@@ -5,7 +5,7 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
-#include "base/basictypes.h"
+#include "base/macros.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
index ff659ab..b964cbc 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -5,12 +5,11 @@
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/types.h>
+#include <linux/filter.h>
-#include "base/basictypes.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/tests/unit_tests.h"
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
index 7721033..3d220c8 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
@@ -5,7 +5,7 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
#define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
-#include "base/basictypes.h"
+#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
#include "sandbox/linux/tests/sandbox_test_runner.h"
diff --git a/sandbox/linux/seccomp-bpf/syscall.cc b/sandbox/linux/seccomp-bpf/syscall.cc
index b0a41b0..4028a63 100644
--- a/sandbox/linux/seccomp-bpf/syscall.cc
+++ b/sandbox/linux/seccomp-bpf/syscall.cc
@@ -225,6 +225,28 @@
".set pop\n"
".end SyscallAsm\n"
".size SyscallAsm,.-SyscallAsm\n"
+#elif defined(__aarch64__)
+ ".text\n"
+ ".align 2\n"
+ ".type SyscallAsm, %function\n"
+ "SyscallAsm:\n"
+ ".cfi_startproc\n"
+ "cmp x0, #0\n"
+ "b.ge 1f\n"
+ "adr x0,2f\n"
+ "b 2f\n"
+ "1:ldr x5, [x6, #40]\n"
+ "ldr x4, [x6, #32]\n"
+ "ldr x3, [x6, #24]\n"
+ "ldr x2, [x6, #16]\n"
+ "ldr x1, [x6, #8]\n"
+ "mov x8, x0\n"
+ "ldr x0, [x6, #0]\n"
+ // Enter the kernel
+ "svc 0\n"
+ "2:ret\n"
+ ".cfi_endproc\n"
+ ".size SyscallAsm, .-SyscallAsm\n"
#endif
); // asm
@@ -341,6 +363,18 @@
// more like it would on other architectures.
ret = -ret;
}
+#elif defined(__aarch64__)
+ intptr_t ret;
+ {
+ register intptr_t inout __asm__("x0") = nr;
+ register const intptr_t* data __asm__("x6") = args;
+ asm volatile("bl SyscallAsm\n"
+ : "=r"(inout)
+ : "0"(inout), "r"(data)
+ : "memory", "x1", "x2", "x3", "x4", "x5", "x8", "x30");
+ ret = inout;
+ }
+
#else
#error "Unimplemented architecture"
#endif
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/seccomp-bpf/syscall_iterator.h
index 7842b2a..04eab59 100644
--- a/sandbox/linux/seccomp-bpf/syscall_iterator.h
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.h
@@ -7,7 +7,7 @@
#include <stdint.h>
-#include "base/basictypes.h"
+#include "base/macros.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc b/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc
index 6d553c8..f229770 100644
--- a/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc
@@ -2,8 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
+
+#include <stdint.h>
+
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/tests/unit_tests.h"
namespace sandbox {
diff --git a/sandbox/linux/seccomp-bpf/syscall_unittest.cc b/sandbox/linux/seccomp-bpf/syscall_unittest.cc
index 38f31e0..40c68d7 100644
--- a/sandbox/linux/seccomp-bpf/syscall_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/syscall_unittest.cc
@@ -41,7 +41,7 @@
// Test that Syscall::Call(-1) is handled specially. Don't do this on ARM,
// where syscall(-1) crashes with SIGILL. Not running the test is fine, as we
// are still testing ARM code in the next set of tests.
-#if !defined(__arm__)
+#if !defined(__arm__) && !defined(__aarch64__)
EXPECT_NE(Syscall::Call(-1), syscall(-1));
#endif
@@ -61,6 +61,8 @@
#elif defined(__mips__)
// Opcode for MIPS sycall is in the lower 16-bits
EXPECT_EQ(0x0cu, (((uint32_t*)Syscall::Call(-1))[-1]) & 0x0000FFFF);
+#elif defined(__aarch64__)
+ EXPECT_EQ(0xD4000001u, ((uint32_t*)Syscall::Call(-1))[-1]); // SVC 0
#else
#warning Incomplete test case; need port for target platform
#endif
@@ -97,18 +99,26 @@
return -ENOMEM;
}
-ErrorCode CopyAllArgsOnUnamePolicy(SandboxBPF* sandbox,
- int sysno,
- std::vector<uint64_t>* aux) {
- if (!SandboxBPF::IsValidSyscallNumber(sysno)) {
- return ErrorCode(ENOSYS);
+class CopyAllArgsOnUnamePolicy : public SandboxBPFPolicy {
+ public:
+ explicit CopyAllArgsOnUnamePolicy(std::vector<uint64_t>* aux) : aux_(aux) {}
+ virtual ~CopyAllArgsOnUnamePolicy() {}
+
+ virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox,
+ int sysno) const OVERRIDE {
+ DCHECK(SandboxBPF::IsValidSyscallNumber(sysno));
+ if (sysno == __NR_uname) {
+ return sandbox->Trap(CopySyscallArgsToAux, aux_);
+ } else {
+ return ErrorCode(ErrorCode::ERR_ALLOWED);
+ }
}
- if (sysno == __NR_uname) {
- return sandbox->Trap(CopySyscallArgsToAux, aux);
- } else {
- return ErrorCode(ErrorCode::ERR_ALLOWED);
- }
-}
+
+ private:
+ std::vector<uint64_t>* aux_;
+
+ DISALLOW_COPY_AND_ASSIGN(CopyAllArgsOnUnamePolicy);
+};
// We are testing Syscall::Call() by making use of a BPF filter that
// allows us
@@ -153,7 +163,8 @@
TEST(Syscall, ComplexSyscallSixArgs) {
int fd;
- ASSERT_LE(0, fd = Syscall::Call(__NR_open, "/dev/null", O_RDWR, 0L));
+ ASSERT_LE(0,
+ fd = Syscall::Call(__NR_openat, AT_FDCWD, "/dev/null", O_RDWR, 0L));
// Use mmap() to allocate some read-only memory
char* addr0;
@@ -186,7 +197,9 @@
// Check that the offset argument (i.e. the sixth argument) is processed
// correctly.
- ASSERT_GE(fd = Syscall::Call(__NR_open, "/proc/self/exe", O_RDONLY, 0L), 0);
+ ASSERT_GE(
+ fd = Syscall::Call(__NR_openat, AT_FDCWD, "/proc/self/exe", O_RDONLY, 0L),
+ 0);
char* addr2, *addr3;
ASSERT_NE((char*)NULL,
addr2 = reinterpret_cast<char*>(Syscall::Call(
diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc
index ce906fc..8860ac1 100644
--- a/sandbox/linux/seccomp-bpf/trap.cc
+++ b/sandbox/linux/seccomp-bpf/trap.cc
@@ -7,14 +7,15 @@
#include <errno.h>
#include <signal.h>
#include <string.h>
-#include <sys/prctl.h>
#include <sys/syscall.h>
+#include <algorithm>
#include <limits>
#include "base/logging.h"
-#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "build/build_config.h"
#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/syscall.h"
// Android's signal.h doesn't define ucontext etc.
@@ -24,6 +25,12 @@
namespace {
+struct arch_sigsys {
+ void* ip;
+ int nr;
+ unsigned int arch;
+};
+
const int kCapacityIncrement = 20;
// Unsafe traps can only be turned on, if the user explicitly allowed them
@@ -200,8 +207,8 @@
SECCOMP_PARM6(ctx));
#endif // defined(__mips__)
} else {
- const ErrorCode& err = trap_array_[info->si_errno - 1];
- if (!err.safe_) {
+ const TrapKey& trap = trap_array_[info->si_errno - 1];
+ if (!trap.safe) {
SetIsInSigHandler();
}
@@ -221,7 +228,7 @@
// Now call the TrapFnc callback associated with this particular instance
// of SECCOMP_RET_TRAP.
- rc = err.fnc_(data, err.aux_);
+ rc = trap.fnc(data, const_cast<void*>(trap.aux));
}
// Update the CPU register that stores the return code of the system call
@@ -243,11 +250,11 @@
}
}
-ErrorCode Trap::MakeTrap(TrapFnc fnc, const void* aux, bool safe) {
+uint16_t Trap::MakeTrap(TrapFnc fnc, const void* aux, bool safe) {
return GetInstance()->MakeTrapImpl(fnc, aux, safe);
}
-ErrorCode Trap::MakeTrapImpl(TrapFnc fnc, const void* aux, bool safe) {
+uint16_t Trap::MakeTrapImpl(TrapFnc fnc, const void* aux, bool safe) {
if (!safe && !SandboxDebuggingAllowedByUser()) {
// Unless the user set the CHROME_SANDBOX_DEBUGGING environment variable,
// we never return an ErrorCode that is marked as "unsafe". This also
@@ -257,20 +264,19 @@
// This SANDBOX_DIE() can optionally be removed. It won't break security,
// but it might make error messages from the BPF compiler a little harder
- // to understand. Removing the SANDBOX_DIE() allows callers to easyly check
+ // to understand. Removing the SANDBOX_DIE() allows callers to easily check
// whether unsafe traps are supported (by checking whether the returned
// ErrorCode is ET_INVALID).
SANDBOX_DIE(
"Cannot use unsafe traps unless CHROME_SANDBOX_DEBUGGING "
"is enabled");
- return ErrorCode();
+ return 0;
}
// Each unique pair of TrapFnc and auxiliary data make up a distinct instance
// of a SECCOMP_RET_TRAP.
TrapKey key(fnc, aux, safe);
- TrapIds::const_iterator iter = trap_ids_.find(key);
// We return unique identifiers together with SECCOMP_RET_TRAP. This allows
// us to associate trap with the appropriate handler. The kernel allows us
@@ -280,66 +286,70 @@
// trivially look them up from our signal handler without making any system
// calls that might be async-signal-unsafe.
// In order to do so, we store all of our traps in a C-style trap_array_.
- uint16_t id;
+
+ TrapIds::const_iterator iter = trap_ids_.find(key);
if (iter != trap_ids_.end()) {
// We have seen this pair before. Return the same id that we assigned
// earlier.
- id = iter->second;
- } else {
- // This is a new pair. Remember it and assign a new id.
- if (trap_array_size_ >= SECCOMP_RET_DATA /* 0xFFFF */ ||
- trap_array_size_ >= std::numeric_limits<typeof(id)>::max()) {
- // In practice, this is pretty much impossible to trigger, as there
- // are other kernel limitations that restrict overall BPF program sizes.
- SANDBOX_DIE("Too many SECCOMP_RET_TRAP callback instances");
- }
- id = trap_array_size_ + 1;
-
- // Our callers ensure that there are no other threads accessing trap_array_
- // concurrently (typically this is done by ensuring that we are single-
- // threaded while the sandbox is being set up). But we nonetheless are
- // modifying a life data structure that could be accessed any time a
- // system call is made; as system calls could be triggering SIGSYS.
- // So, we have to be extra careful that we update trap_array_ atomically.
- // In particular, this means we shouldn't be using realloc() to resize it.
- // Instead, we allocate a new array, copy the values, and then switch the
- // pointer. We only really care about the pointer being updated atomically
- // and the data that is pointed to being valid, as these are the only
- // values accessed from the signal handler. It is OK if trap_array_size_
- // is inconsistent with the pointer, as it is monotonously increasing.
- // Also, we only care about compiler barriers, as the signal handler is
- // triggered synchronously from a system call. We don't have to protect
- // against issues with the memory model or with completely asynchronous
- // events.
- if (trap_array_size_ >= trap_array_capacity_) {
- trap_array_capacity_ += kCapacityIncrement;
- ErrorCode* old_trap_array = trap_array_;
- ErrorCode* new_trap_array = new ErrorCode[trap_array_capacity_];
-
- // Language specs are unclear on whether the compiler is allowed to move
- // the "delete[]" above our preceding assignments and/or memory moves,
- // iff the compiler believes that "delete[]" doesn't have any other
- // global side-effects.
- // We insert optimization barriers to prevent this from happening.
- // The first barrier is probably not needed, but better be explicit in
- // what we want to tell the compiler.
- // The clang developer mailing list couldn't answer whether this is a
- // legitimate worry; but they at least thought that the barrier is
- // sufficient to prevent the (so far hypothetical) problem of re-ordering
- // of instructions by the compiler.
- memcpy(new_trap_array, trap_array_, trap_array_size_ * sizeof(ErrorCode));
- asm volatile("" : "=r"(new_trap_array) : "0"(new_trap_array) : "memory");
- trap_array_ = new_trap_array;
- asm volatile("" : "=r"(trap_array_) : "0"(trap_array_) : "memory");
-
- delete[] old_trap_array;
- }
- trap_ids_[key] = id;
- trap_array_[trap_array_size_] = ErrorCode(fnc, aux, safe, id);
- return trap_array_[trap_array_size_++];
+ return iter->second;
}
- return ErrorCode(fnc, aux, safe, id);
+ // This is a new pair. Remember it and assign a new id.
+ if (trap_array_size_ >= SECCOMP_RET_DATA /* 0xFFFF */ ||
+ trap_array_size_ >= std::numeric_limits<uint16_t>::max()) {
+ // In practice, this is pretty much impossible to trigger, as there
+ // are other kernel limitations that restrict overall BPF program sizes.
+ SANDBOX_DIE("Too many SECCOMP_RET_TRAP callback instances");
+ }
+
+ // Our callers ensure that there are no other threads accessing trap_array_
+ // concurrently (typically this is done by ensuring that we are single-
+ // threaded while the sandbox is being set up). But we nonetheless are
+ // modifying a live data structure that could be accessed any time a
+ // system call is made; as system calls could be triggering SIGSYS.
+ // So, we have to be extra careful that we update trap_array_ atomically.
+ // In particular, this means we shouldn't be using realloc() to resize it.
+ // Instead, we allocate a new array, copy the values, and then switch the
+ // pointer. We only really care about the pointer being updated atomically
+ // and the data that is pointed to being valid, as these are the only
+ // values accessed from the signal handler. It is OK if trap_array_size_
+ // is inconsistent with the pointer, as it is monotonously increasing.
+ // Also, we only care about compiler barriers, as the signal handler is
+ // triggered synchronously from a system call. We don't have to protect
+ // against issues with the memory model or with completely asynchronous
+ // events.
+ if (trap_array_size_ >= trap_array_capacity_) {
+ trap_array_capacity_ += kCapacityIncrement;
+ TrapKey* old_trap_array = trap_array_;
+ TrapKey* new_trap_array = new TrapKey[trap_array_capacity_];
+ std::copy_n(old_trap_array, trap_array_size_, new_trap_array);
+
+ // Language specs are unclear on whether the compiler is allowed to move
+ // the "delete[]" above our preceding assignments and/or memory moves,
+ // iff the compiler believes that "delete[]" doesn't have any other
+ // global side-effects.
+ // We insert optimization barriers to prevent this from happening.
+ // The first barrier is probably not needed, but better be explicit in
+ // what we want to tell the compiler.
+ // The clang developer mailing list couldn't answer whether this is a
+ // legitimate worry; but they at least thought that the barrier is
+ // sufficient to prevent the (so far hypothetical) problem of re-ordering
+ // of instructions by the compiler.
+ //
+ // TODO(mdempsky): Try to clean this up using base/atomicops or C++11
+ // atomics; see crbug.com/414363.
+ asm volatile("" : "=r"(new_trap_array) : "0"(new_trap_array) : "memory");
+ trap_array_ = new_trap_array;
+ asm volatile("" : "=r"(trap_array_) : "0"(trap_array_) : "memory");
+
+ delete[] old_trap_array;
+ }
+
+ uint16_t id = trap_array_size_ + 1;
+ trap_ids_[key] = id;
+ trap_array_[trap_array_size_] = key;
+ trap_array_size_++;
+ return id;
}
bool Trap::SandboxDebuggingAllowedByUser() const {
@@ -370,12 +380,11 @@
return trap->has_unsafe_traps_;
}
-ErrorCode Trap::ErrorCodeFromTrapId(uint16_t id) {
+bool Trap::IsSafeTrapId(uint16_t id) {
if (global_trap_ && id > 0 && id <= global_trap_->trap_array_size_) {
- return global_trap_->trap_array_[id - 1];
- } else {
- return ErrorCode();
+ return global_trap_->trap_array_[id - 1].safe;
}
+ return false;
}
Trap* Trap::global_trap_;
diff --git a/sandbox/linux/seccomp-bpf/trap.h b/sandbox/linux/seccomp-bpf/trap.h
index adc6d7f..236c126 100644
--- a/sandbox/linux/seccomp-bpf/trap.h
+++ b/sandbox/linux/seccomp-bpf/trap.h
@@ -9,14 +9,19 @@
#include <stdint.h>
#include <map>
-#include <vector>
-#include "base/basictypes.h"
+#include "base/macros.h"
#include "sandbox/sandbox_export.h"
namespace sandbox {
-class ErrorCode;
+// This must match the kernel's seccomp_data structure.
+struct arch_seccomp_data {
+ int nr;
+ uint32_t arch;
+ uint64_t instruction_pointer;
+ uint64_t args[6];
+};
// The Trap class allows a BPF filter program to branch out to user space by
// raising a SIGSYS signal.
@@ -47,7 +52,7 @@
// as needed.
// N.B.: This makes a permanent state change. Traps cannot be unregistered,
// as that would break existing BPF filters that are still active.
- static ErrorCode MakeTrap(TrapFnc fnc, const void* aux, bool safe);
+ static uint16_t MakeTrap(TrapFnc fnc, const void* aux, bool safe);
// Enables support for unsafe traps in the SIGSYS signal handler. This is a
// one-way fuse. It works in conjunction with the BPF compiler emitting code
@@ -59,11 +64,13 @@
// Returns "true", if unsafe traps were turned on.
static bool EnableUnsafeTrapsInSigSysHandler();
- // Returns the ErrorCode associate with a particular trap id.
- static ErrorCode ErrorCodeFromTrapId(uint16_t id);
+ // Returns true if a safe trap handler is associated with a
+ // particular trap ID.
+ static bool IsSafeTrapId(uint16_t id);
private:
struct TrapKey {
+ TrapKey() : fnc(NULL), aux(NULL), safe(false) {}
TrapKey(TrapFnc f, const void* a, bool s) : fnc(f), aux(a), safe(s) {}
TrapFnc fnc;
const void* aux;
@@ -94,7 +101,7 @@
// dumps.
void SigSys(int nr, siginfo_t* info, void* void_context)
__attribute__((noinline));
- ErrorCode MakeTrapImpl(TrapFnc fnc, const void* aux, bool safe);
+ uint16_t MakeTrapImpl(TrapFnc fnc, const void* aux, bool safe);
bool SandboxDebuggingAllowedByUser() const;
// We have a global singleton that handles all of our SIGSYS traps. This
@@ -104,7 +111,7 @@
static Trap* global_trap_;
TrapIds trap_ids_; // Maps from TrapKeys to numeric ids
- ErrorCode* trap_array_; // Array of ErrorCodes indexed by ids
+ TrapKey* trap_array_; // Array of TrapKeys indexed by ids
size_t trap_array_size_; // Currently used size of array
size_t trap_array_capacity_; // Currently allocated capacity of array
bool has_unsafe_traps_; // Whether unsafe traps have been enabled
diff --git a/sandbox/linux/seccomp-bpf/verifier.cc b/sandbox/linux/seccomp-bpf/verifier.cc
index 0863556..bf4e974 100644
--- a/sandbox/linux/seccomp-bpf/verifier.cc
+++ b/sandbox/linux/seccomp-bpf/verifier.cc
@@ -2,18 +2,25 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "sandbox/linux/seccomp-bpf/verifier.h"
+
#include <string.h>
+#include <limits>
+
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
#include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
-#include "sandbox/linux/seccomp-bpf/verifier.h"
-
namespace sandbox {
namespace {
+const uint64_t kLower32Bits = std::numeric_limits<uint32_t>::max();
+const uint64_t kUpper32Bits = static_cast<uint64_t>(kLower32Bits) << 32;
+const uint64_t kFull64Bits = std::numeric_limits<uint64_t>::max();
+
struct State {
State(const std::vector<struct sock_filter>& p,
const struct arch_seccomp_data& d)
@@ -41,36 +48,9 @@
0xFFFFFFFF80000000ull) {
return sandbox->Unexpected64bitArgument().err();
}
- switch (code.op()) {
- case ErrorCode::OP_EQUAL:
- return EvaluateErrorCode(sandbox,
- (code.width() == ErrorCode::TP_32BIT
- ? uint32_t(data.args[code.argno()])
- : data.args[code.argno()]) == code.value()
- ? *code.passed()
- : *code.failed(),
- data);
- case ErrorCode::OP_HAS_ALL_BITS:
- return EvaluateErrorCode(sandbox,
- ((code.width() == ErrorCode::TP_32BIT
- ? uint32_t(data.args[code.argno()])
- : data.args[code.argno()]) &
- code.value()) == code.value()
- ? *code.passed()
- : *code.failed(),
- data);
- case ErrorCode::OP_HAS_ANY_BITS:
- return EvaluateErrorCode(sandbox,
- (code.width() == ErrorCode::TP_32BIT
- ? uint32_t(data.args[code.argno()])
- : data.args[code.argno()]) &
- code.value()
- ? *code.passed()
- : *code.failed(),
- data);
- default:
- return SECCOMP_RET_INVALID;
- }
+ bool equal = (data.args[code.argno()] & code.mask()) == code.value();
+ return EvaluateErrorCode(
+ sandbox, equal ? *code.passed() : *code.failed(), data);
} else {
return SECCOMP_RET_INVALID;
}
@@ -103,114 +83,83 @@
*err = "Invalid argument number in error code";
return false;
}
- switch (code.op()) {
- case ErrorCode::OP_EQUAL:
- // Verify that we can check a 32bit value (or the LSB of a 64bit value)
- // for equality.
- data->args[code.argno()] = code.value();
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, *code.passed(), err)) {
- return false;
- }
- // Change the value to no longer match and verify that this is detected
- // as an inequality.
- data->args[code.argno()] = code.value() ^ 0x55AA55AA;
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, *code.failed(), err)) {
- return false;
- }
+ // TODO(mdempsky): The test values generated here try to provide good
+ // coverage for generated BPF instructions while avoiding combinatorial
+ // explosion on large policies. Ideally we would instead take a fuzzing-like
+ // approach and generate a bounded number of test cases regardless of policy
+ // size.
- // BPF programs can only ever operate on 32bit values. So, we have
- // generated additional BPF instructions that inspect the MSB. Verify
- // that they behave as intended.
- if (code.width() == ErrorCode::TP_32BIT) {
- if (code.value() >> 32) {
- SANDBOX_DIE(
- "Invalid comparison of a 32bit system call argument "
- "against a 64bit constant; this test is always false.");
- }
+ // Verify that we can check a value for simple equality.
+ data->args[code.argno()] = code.value();
+ if (!VerifyErrorCode(
+ sandbox, program, data, root_code, *code.passed(), err)) {
+ return false;
+ }
- // If the system call argument was intended to be a 32bit parameter,
- // verify that it is a fatal error if a 64bit value is ever passed
- // here.
- data->args[code.argno()] = 0x100000000ull;
- if (!VerifyErrorCode(sandbox,
- program,
- data,
- root_code,
- sandbox->Unexpected64bitArgument(),
- err)) {
- return false;
- }
- } else {
- // If the system call argument was intended to be a 64bit parameter,
- // verify that we can handle (in-)equality for the MSB. This is
- // essentially the same test that we did earlier for the LSB.
- // We only need to verify the behavior of the inequality test. We
- // know that the equality test already passed, as unlike the kernel
- // the Verifier does operate on 64bit quantities.
- data->args[code.argno()] = code.value() ^ 0x55AA55AA00000000ull;
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, *code.failed(), err)) {
- return false;
- }
- }
- break;
- case ErrorCode::OP_HAS_ALL_BITS:
- case ErrorCode::OP_HAS_ANY_BITS:
- // A comprehensive test of bit values is difficult and potentially
- // rather
- // time-expensive. We avoid doing so at run-time and instead rely on the
- // unittest for full testing. The test that we have here covers just the
- // common cases. We test against the bitmask itself, all zeros and all
- // ones.
- {
- // Testing "any" bits against a zero mask is always false. So, there
- // are some cases, where we expect tests to take the "failed()" branch
- // even though this is a test that normally should take "passed()".
- const ErrorCode& passed =
- (!code.value() && code.op() == ErrorCode::OP_HAS_ANY_BITS) ||
-
- // On a 32bit system, it is impossible to pass a 64bit
- // value as a
- // system call argument. So, some additional tests always
- // evaluate
- // as false.
- ((code.value() & ~uint64_t(uintptr_t(-1))) &&
- code.op() == ErrorCode::OP_HAS_ALL_BITS) ||
- (code.value() && !(code.value() & uintptr_t(-1)) &&
- code.op() == ErrorCode::OP_HAS_ANY_BITS)
- ? *code.failed()
- : *code.passed();
-
- // Similary, testing for "all" bits in a zero mask is always true. So,
- // some cases pass despite them normally failing.
- const ErrorCode& failed =
- !code.value() && code.op() == ErrorCode::OP_HAS_ALL_BITS
- ? *code.passed()
- : *code.failed();
-
- data->args[code.argno()] = code.value() & uintptr_t(-1);
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, passed, err)) {
- return false;
- }
- data->args[code.argno()] = uintptr_t(-1);
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, passed, err)) {
- return false;
- }
- data->args[code.argno()] = 0;
- if (!VerifyErrorCode(
- sandbox, program, data, root_code, failed, err)) {
- return false;
- }
- }
- break;
- default: // TODO(markus): Need to add support for OP_GREATER
- *err = "Unsupported operation in conditional error code";
+ // If mask ignores any bits, verify that setting those bits is still
+ // detected as equality.
+ uint64_t ignored_bits = ~code.mask();
+ if (code.width() == ErrorCode::TP_32BIT) {
+ ignored_bits = static_cast<uint32_t>(ignored_bits);
+ }
+ if ((ignored_bits & kLower32Bits) != 0) {
+ data->args[code.argno()] = code.value() | (ignored_bits & kLower32Bits);
+ if (!VerifyErrorCode(
+ sandbox, program, data, root_code, *code.passed(), err)) {
return false;
+ }
+ }
+ if ((ignored_bits & kUpper32Bits) != 0) {
+ data->args[code.argno()] = code.value() | (ignored_bits & kUpper32Bits);
+ if (!VerifyErrorCode(
+ sandbox, program, data, root_code, *code.passed(), err)) {
+ return false;
+ }
+ }
+
+ // Verify that changing bits included in the mask is detected as inequality.
+ if ((code.mask() & kLower32Bits) != 0) {
+ data->args[code.argno()] = code.value() ^ (code.mask() & kLower32Bits);
+ if (!VerifyErrorCode(
+ sandbox, program, data, root_code, *code.failed(), err)) {
+ return false;
+ }
+ }
+ if ((code.mask() & kUpper32Bits) != 0) {
+ data->args[code.argno()] = code.value() ^ (code.mask() & kUpper32Bits);
+ if (!VerifyErrorCode(
+ sandbox, program, data, root_code, *code.failed(), err)) {
+ return false;
+ }
+ }
+
+ if (code.width() == ErrorCode::TP_32BIT) {
+ // For 32-bit system call arguments, we emit additional instructions to
+ // validate the upper 32-bits. Here we test that validation.
+
+ // Arbitrary 64-bit values should be rejected.
+ data->args[code.argno()] = 1ULL << 32;
+ if (!VerifyErrorCode(sandbox,
+ program,
+ data,
+ root_code,
+ sandbox->Unexpected64bitArgument(),
+ err)) {
+ return false;
+ }
+
+ // Upper 32-bits set without the MSB of the lower 32-bits set should be
+ // rejected too.
+ data->args[code.argno()] = kUpper32Bits;
+ if (!VerifyErrorCode(sandbox,
+ program,
+ data,
+ root_code,
+ sandbox->Unexpected64bitArgument(),
+ err)) {
+ return false;
+ }
}
} else {
*err = "Attempting to return invalid error code from BPF program";
diff --git a/sandbox/linux/seccomp-bpf/verifier.h b/sandbox/linux/seccomp-bpf/verifier.h
index 4e80dd9..25a53ce 100644
--- a/sandbox/linux/seccomp-bpf/verifier.h
+++ b/sandbox/linux/seccomp-bpf/verifier.h
@@ -5,13 +5,17 @@
#ifndef SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__
#define SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__
-#include <linux/filter.h>
+#include <stdint.h>
-#include <utility>
#include <vector>
-namespace sandbox {
+#include "base/macros.h"
+struct sock_filter;
+
+namespace sandbox {
+struct arch_seccomp_data;
+class SandboxBPF;
class SandboxBPFPolicy;
class Verifier {
diff --git a/sandbox/linux/services/android_arm64_ucontext.h b/sandbox/linux/services/android_arm64_ucontext.h
new file mode 100644
index 0000000..3df0399
--- /dev/null
+++ b/sandbox/linux/services/android_arm64_ucontext.h
@@ -0,0 +1,29 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_
+#define SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_
+
+#if !defined(__BIONIC_HAVE_UCONTEXT_T)
+#include <asm/sigcontext.h>
+#include <signal.h>
+// We also need greg_t for the sandbox, include it in this header as well.
+typedef uint64_t greg_t;
+
+struct ucontext_t {
+ unsigned long uc_flags;
+ struct ucontext* uc_link;
+ stack_t uc_stack;
+ sigset_t uc_sigmask;
+ /* glibc uses a 1024-bit sigset_t */
+ uint8_t unused[1024 / 8 - sizeof(sigset_t)];
+ /* last for future expansion */
+ struct sigcontext uc_mcontext;
+};
+
+#else
+#include <sys/ucontext.h>
+#endif // __BIONIC_HAVE_UCONTEXT_T
+
+#endif // SANDBOX_LINUX_SERVICES_ANDROID_ARM64_UCONTEXT_H_
diff --git a/sandbox/linux/services/android_futex.h b/sandbox/linux/services/android_futex.h
index 032b024..571f5d2 100644
--- a/sandbox/linux/services/android_futex.h
+++ b/sandbox/linux/services/android_futex.h
@@ -5,24 +5,76 @@
#ifndef SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_
#define SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_
-#if !defined(FUTEX_PRIVATE_FLAG)
-#define FUTEX_PRIVATE_FLAG 128
+#if !defined(FUTEX_WAIT)
+#define FUTEX_WAIT 0
#endif
-#if !defined(FUTEX_CLOCK_REALTIME)
-#define FUTEX_CLOCK_REALTIME 256
+#if !defined(FUTEX_WAKE)
+#define FUTEX_WAKE 1
+#endif
+
+#if !defined(FUTEX_FD)
+#define FUTEX_FD 2
+#endif
+
+#if !defined(FUTEX_REQUEUE)
+#define FUTEX_REQUEUE 3
+#endif
+
+#if !defined(FUTEX_CMP_REQUEUE)
+#define FUTEX_CMP_REQUEUE 4
+#endif
+
+#if !defined(FUTEX_WAKE_OP)
+#define FUTEX_WAKE_OP 5
+#endif
+
+#if !defined(FUTEX_LOCK_PI)
+#define FUTEX_LOCK_PI 6
+#endif
+
+#if !defined(FUTEX_UNLOCK_PI)
+#define FUTEX_UNLOCK_PI 7
+#endif
+
+#if !defined(FUTEX_TRYLOCK_PI)
+#define FUTEX_TRYLOCK_PI 8
+#endif
+
+#if !defined(FUTEX_WAIT_BITSET)
+#define FUTEX_WAIT_BITSET 9
+#endif
+
+#if !defined(FUTEX_WAKE_BITSET)
+#define FUTEX_WAKE_BITSET 10
+#endif
+
+#if !defined(FUTEX_WAIT_REQUEUE_PI)
+#define FUTEX_WAIT_REQUEUE_PI 11
#endif
#if !defined(FUTEX_CMP_REQUEUE_PI)
#define FUTEX_CMP_REQUEUE_PI 12
#endif
-#if !defined(FUTEX_CMP_REQUEUE_PI_PRIVATE)
-#define FUTEX_CMP_REQUEUE_PI_PRIVATE (FUTEX_CMP_REQUEUE_PI | FUTEX_PRIVATE_FLAG)
+#if !defined(FUTEX_PRIVATE_FLAG)
+#define FUTEX_PRIVATE_FLAG 128
+#endif
+
+#if !defined FUTEX_CLOCK_REALTIME
+#define FUTEX_CLOCK_REALTIME 256
#endif
#if !defined(FUTEX_CMD_MASK)
#define FUTEX_CMD_MASK ~(FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME)
#endif
+#if !defined(FUTEX_CMP_REQUEUE_PI_PRIVATE)
+#define FUTEX_CMP_REQUEUE_PI_PRIVATE (FUTEX_CMP_REQUEUE_PI | FUTEX_PRIVATE_FLAG)
+#endif
+
+#if !defined(FUTEX_UNLOCK_PI_PRIVATE)
+#define FUTEX_UNLOCK_PI_PRIVATE (FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG)
+#endif
+
#endif // SANDBOX_LINUX_SERVICES_ANDROID_FUTEX_H_
diff --git a/sandbox/linux/services/android_ucontext.h b/sandbox/linux/services/android_ucontext.h
index a2df75c..2814710 100644
--- a/sandbox/linux/services/android_ucontext.h
+++ b/sandbox/linux/services/android_ucontext.h
@@ -15,6 +15,8 @@
#include "sandbox/linux/services/android_x86_64_ucontext.h"
#elif defined(__mips__)
#include "sandbox/linux/services/android_mips_ucontext.h"
+#elif defined(__aarch64__)
+#include "sandbox/linux/services/android_arm64_ucontext.h"
#else
#error "No support for your architecture in Android header"
#endif
diff --git a/sandbox/linux/services/arm64_linux_syscalls.h b/sandbox/linux/services/arm64_linux_syscalls.h
new file mode 100644
index 0000000..4443059
--- /dev/null
+++ b/sandbox/linux/services/arm64_linux_syscalls.h
@@ -0,0 +1,1062 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_
+#define SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_
+
+#include <asm-generic/unistd.h>
+
+#if !defined(__NR_io_setup)
+#define __NR_io_setup 0
+#endif
+
+#if !defined(__NR_io_destroy)
+#define __NR_io_destroy 1
+#endif
+
+#if !defined(__NR_io_submit)
+#define __NR_io_submit 2
+#endif
+
+#if !defined(__NR_io_cancel)
+#define __NR_io_cancel 3
+#endif
+
+#if !defined(__NR_io_getevents)
+#define __NR_io_getevents 4
+#endif
+
+#if !defined(__NR_setxattr)
+#define __NR_setxattr 5
+#endif
+
+#if !defined(__NR_lsetxattr)
+#define __NR_lsetxattr 6
+#endif
+
+#if !defined(__NR_fsetxattr)
+#define __NR_fsetxattr 7
+#endif
+
+#if !defined(__NR_getxattr)
+#define __NR_getxattr 8
+#endif
+
+#if !defined(__NR_lgetxattr)
+#define __NR_lgetxattr 9
+#endif
+
+#if !defined(__NR_fgetxattr)
+#define __NR_fgetxattr 10
+#endif
+
+#if !defined(__NR_listxattr)
+#define __NR_listxattr 11
+#endif
+
+#if !defined(__NR_llistxattr)
+#define __NR_llistxattr 12
+#endif
+
+#if !defined(__NR_flistxattr)
+#define __NR_flistxattr 13
+#endif
+
+#if !defined(__NR_removexattr)
+#define __NR_removexattr 14
+#endif
+
+#if !defined(__NR_lremovexattr)
+#define __NR_lremovexattr 15
+#endif
+
+#if !defined(__NR_fremovexattr)
+#define __NR_fremovexattr 16
+#endif
+
+#if !defined(__NR_getcwd)
+#define __NR_getcwd 17
+#endif
+
+#if !defined(__NR_lookup_dcookie)
+#define __NR_lookup_dcookie 18
+#endif
+
+#if !defined(__NR_eventfd2)
+#define __NR_eventfd2 19
+#endif
+
+#if !defined(__NR_epoll_create1)
+#define __NR_epoll_create1 20
+#endif
+
+#if !defined(__NR_epoll_ctl)
+#define __NR_epoll_ctl 21
+#endif
+
+#if !defined(__NR_epoll_pwait)
+#define __NR_epoll_pwait 22
+#endif
+
+#if !defined(__NR_dup)
+#define __NR_dup 23
+#endif
+
+#if !defined(__NR_dup3)
+#define __NR_dup3 24
+#endif
+
+#if !defined(__NR_fcntl)
+#define __NR_fcntl 25
+#endif
+
+#if !defined(__NR_inotify_init1)
+#define __NR_inotify_init1 26
+#endif
+
+#if !defined(__NR_inotify_add_watch)
+#define __NR_inotify_add_watch 27
+#endif
+
+#if !defined(__NR_inotify_rm_watch)
+#define __NR_inotify_rm_watch 28
+#endif
+
+#if !defined(__NR_ioctl)
+#define __NR_ioctl 29
+#endif
+
+#if !defined(__NR_ioprio_set)
+#define __NR_ioprio_set 30
+#endif
+
+#if !defined(__NR_ioprio_get)
+#define __NR_ioprio_get 31
+#endif
+
+#if !defined(__NR_flock)
+#define __NR_flock 32
+#endif
+
+#if !defined(__NR_mknodat)
+#define __NR_mknodat 33
+#endif
+
+#if !defined(__NR_mkdirat)
+#define __NR_mkdirat 34
+#endif
+
+#if !defined(__NR_unlinkat)
+#define __NR_unlinkat 35
+#endif
+
+#if !defined(__NR_symlinkat)
+#define __NR_symlinkat 36
+#endif
+
+#if !defined(__NR_linkat)
+#define __NR_linkat 37
+#endif
+
+#if !defined(__NR_renameat)
+#define __NR_renameat 38
+#endif
+
+#if !defined(__NR_umount2)
+#define __NR_umount2 39
+#endif
+
+#if !defined(__NR_mount)
+#define __NR_mount 40
+#endif
+
+#if !defined(__NR_pivot_root)
+#define __NR_pivot_root 41
+#endif
+
+#if !defined(__NR_nfsservctl)
+#define __NR_nfsservctl 42
+#endif
+
+#if !defined(__NR_statfs)
+#define __NR_statfs 43
+#endif
+
+#if !defined(__NR_fstatfs)
+#define __NR_fstatfs 44
+#endif
+
+#if !defined(__NR_truncate)
+#define __NR_truncate 45
+#endif
+
+#if !defined(__NR_ftruncate)
+#define __NR_ftruncate 46
+#endif
+
+#if !defined(__NR_fallocate)
+#define __NR_fallocate 47
+#endif
+
+#if !defined(__NR_faccessat)
+#define __NR_faccessat 48
+#endif
+
+#if !defined(__NR_chdir)
+#define __NR_chdir 49
+#endif
+
+#if !defined(__NR_fchdir)
+#define __NR_fchdir 50
+#endif
+
+#if !defined(__NR_chroot)
+#define __NR_chroot 51
+#endif
+
+#if !defined(__NR_fchmod)
+#define __NR_fchmod 52
+#endif
+
+#if !defined(__NR_fchmodat)
+#define __NR_fchmodat 53
+#endif
+
+#if !defined(__NR_fchownat)
+#define __NR_fchownat 54
+#endif
+
+#if !defined(__NR_fchown)
+#define __NR_fchown 55
+#endif
+
+#if !defined(__NR_openat)
+#define __NR_openat 56
+#endif
+
+#if !defined(__NR_close)
+#define __NR_close 57
+#endif
+
+#if !defined(__NR_vhangup)
+#define __NR_vhangup 58
+#endif
+
+#if !defined(__NR_pipe2)
+#define __NR_pipe2 59
+#endif
+
+#if !defined(__NR_quotactl)
+#define __NR_quotactl 60
+#endif
+
+#if !defined(__NR_getdents64)
+#define __NR_getdents64 61
+#endif
+
+#if !defined(__NR_lseek)
+#define __NR_lseek 62
+#endif
+
+#if !defined(__NR_read)
+#define __NR_read 63
+#endif
+
+#if !defined(__NR_write)
+#define __NR_write 64
+#endif
+
+#if !defined(__NR_readv)
+#define __NR_readv 65
+#endif
+
+#if !defined(__NR_writev)
+#define __NR_writev 66
+#endif
+
+#if !defined(__NR_pread64)
+#define __NR_pread64 67
+#endif
+
+#if !defined(__NR_pwrite64)
+#define __NR_pwrite64 68
+#endif
+
+#if !defined(__NR_preadv)
+#define __NR_preadv 69
+#endif
+
+#if !defined(__NR_pwritev)
+#define __NR_pwritev 70
+#endif
+
+#if !defined(__NR_sendfile)
+#define __NR_sendfile 71
+#endif
+
+#if !defined(__NR_pselect6)
+#define __NR_pselect6 72
+#endif
+
+#if !defined(__NR_ppoll)
+#define __NR_ppoll 73
+#endif
+
+#if !defined(__NR_signalfd4)
+#define __NR_signalfd4 74
+#endif
+
+#if !defined(__NR_vmsplice)
+#define __NR_vmsplice 75
+#endif
+
+#if !defined(__NR_splice)
+#define __NR_splice 76
+#endif
+
+#if !defined(__NR_tee)
+#define __NR_tee 77
+#endif
+
+#if !defined(__NR_readlinkat)
+#define __NR_readlinkat 78
+#endif
+
+#if !defined(__NR_newfstatat)
+#define __NR_newfstatat 79
+#endif
+
+#if !defined(__NR_fstat)
+#define __NR_fstat 80
+#endif
+
+#if !defined(__NR_sync)
+#define __NR_sync 81
+#endif
+
+#if !defined(__NR_fsync)
+#define __NR_fsync 82
+#endif
+
+#if !defined(__NR_fdatasync)
+#define __NR_fdatasync 83
+#endif
+
+#if !defined(__NR_sync_file_range)
+#define __NR_sync_file_range 84
+#endif
+
+#if !defined(__NR_timerfd_create)
+#define __NR_timerfd_create 85
+#endif
+
+#if !defined(__NR_timerfd_settime)
+#define __NR_timerfd_settime 86
+#endif
+
+#if !defined(__NR_timerfd_gettime)
+#define __NR_timerfd_gettime 87
+#endif
+
+#if !defined(__NR_utimensat)
+#define __NR_utimensat 88
+#endif
+
+#if !defined(__NR_acct)
+#define __NR_acct 89
+#endif
+
+#if !defined(__NR_capget)
+#define __NR_capget 90
+#endif
+
+#if !defined(__NR_capset)
+#define __NR_capset 91
+#endif
+
+#if !defined(__NR_personality)
+#define __NR_personality 92
+#endif
+
+#if !defined(__NR_exit)
+#define __NR_exit 93
+#endif
+
+#if !defined(__NR_exit_group)
+#define __NR_exit_group 94
+#endif
+
+#if !defined(__NR_waitid)
+#define __NR_waitid 95
+#endif
+
+#if !defined(__NR_set_tid_address)
+#define __NR_set_tid_address 96
+#endif
+
+#if !defined(__NR_unshare)
+#define __NR_unshare 97
+#endif
+
+#if !defined(__NR_futex)
+#define __NR_futex 98
+#endif
+
+#if !defined(__NR_set_robust_list)
+#define __NR_set_robust_list 99
+#endif
+
+#if !defined(__NR_get_robust_list)
+#define __NR_get_robust_list 100
+#endif
+
+#if !defined(__NR_nanosleep)
+#define __NR_nanosleep 101
+#endif
+
+#if !defined(__NR_getitimer)
+#define __NR_getitimer 102
+#endif
+
+#if !defined(__NR_setitimer)
+#define __NR_setitimer 103
+#endif
+
+#if !defined(__NR_kexec_load)
+#define __NR_kexec_load 104
+#endif
+
+#if !defined(__NR_init_module)
+#define __NR_init_module 105
+#endif
+
+#if !defined(__NR_delete_module)
+#define __NR_delete_module 106
+#endif
+
+#if !defined(__NR_timer_create)
+#define __NR_timer_create 107
+#endif
+
+#if !defined(__NR_timer_gettime)
+#define __NR_timer_gettime 108
+#endif
+
+#if !defined(__NR_timer_getoverrun)
+#define __NR_timer_getoverrun 109
+#endif
+
+#if !defined(__NR_timer_settime)
+#define __NR_timer_settime 110
+#endif
+
+#if !defined(__NR_timer_delete)
+#define __NR_timer_delete 111
+#endif
+
+#if !defined(__NR_clock_settime)
+#define __NR_clock_settime 112
+#endif
+
+#if !defined(__NR_clock_gettime)
+#define __NR_clock_gettime 113
+#endif
+
+#if !defined(__NR_clock_getres)
+#define __NR_clock_getres 114
+#endif
+
+#if !defined(__NR_clock_nanosleep)
+#define __NR_clock_nanosleep 115
+#endif
+
+#if !defined(__NR_syslog)
+#define __NR_syslog 116
+#endif
+
+#if !defined(__NR_ptrace)
+#define __NR_ptrace 117
+#endif
+
+#if !defined(__NR_sched_setparam)
+#define __NR_sched_setparam 118
+#endif
+
+#if !defined(__NR_sched_setscheduler)
+#define __NR_sched_setscheduler 119
+#endif
+
+#if !defined(__NR_sched_getscheduler)
+#define __NR_sched_getscheduler 120
+#endif
+
+#if !defined(__NR_sched_getparam)
+#define __NR_sched_getparam 121
+#endif
+
+#if !defined(__NR_sched_setaffinity)
+#define __NR_sched_setaffinity 122
+#endif
+
+#if !defined(__NR_sched_getaffinity)
+#define __NR_sched_getaffinity 123
+#endif
+
+#if !defined(__NR_sched_yield)
+#define __NR_sched_yield 124
+#endif
+
+#if !defined(__NR_sched_get_priority_max)
+#define __NR_sched_get_priority_max 125
+#endif
+
+#if !defined(__NR_sched_get_priority_min)
+#define __NR_sched_get_priority_min 126
+#endif
+
+#if !defined(__NR_sched_rr_get_interval)
+#define __NR_sched_rr_get_interval 127
+#endif
+
+#if !defined(__NR_restart_syscall)
+#define __NR_restart_syscall 128
+#endif
+
+#if !defined(__NR_kill)
+#define __NR_kill 129
+#endif
+
+#if !defined(__NR_tkill)
+#define __NR_tkill 130
+#endif
+
+#if !defined(__NR_tgkill)
+#define __NR_tgkill 131
+#endif
+
+#if !defined(__NR_sigaltstack)
+#define __NR_sigaltstack 132
+#endif
+
+#if !defined(__NR_rt_sigsuspend)
+#define __NR_rt_sigsuspend 133
+#endif
+
+#if !defined(__NR_rt_sigaction)
+#define __NR_rt_sigaction 134
+#endif
+
+#if !defined(__NR_rt_sigprocmask)
+#define __NR_rt_sigprocmask 135
+#endif
+
+#if !defined(__NR_rt_sigpending)
+#define __NR_rt_sigpending 136
+#endif
+
+#if !defined(__NR_rt_sigtimedwait)
+#define __NR_rt_sigtimedwait 137
+#endif
+
+#if !defined(__NR_rt_sigqueueinfo)
+#define __NR_rt_sigqueueinfo 138
+#endif
+
+#if !defined(__NR_rt_sigreturn)
+#define __NR_rt_sigreturn 139
+#endif
+
+#if !defined(__NR_setpriority)
+#define __NR_setpriority 140
+#endif
+
+#if !defined(__NR_getpriority)
+#define __NR_getpriority 141
+#endif
+
+#if !defined(__NR_reboot)
+#define __NR_reboot 142
+#endif
+
+#if !defined(__NR_setregid)
+#define __NR_setregid 143
+#endif
+
+#if !defined(__NR_setgid)
+#define __NR_setgid 144
+#endif
+
+#if !defined(__NR_setreuid)
+#define __NR_setreuid 145
+#endif
+
+#if !defined(__NR_setuid)
+#define __NR_setuid 146
+#endif
+
+#if !defined(__NR_setresuid)
+#define __NR_setresuid 147
+#endif
+
+#if !defined(__NR_getresuid)
+#define __NR_getresuid 148
+#endif
+
+#if !defined(__NR_setresgid)
+#define __NR_setresgid 149
+#endif
+
+#if !defined(__NR_getresgid)
+#define __NR_getresgid 150
+#endif
+
+#if !defined(__NR_setfsuid)
+#define __NR_setfsuid 151
+#endif
+
+#if !defined(__NR_setfsgid)
+#define __NR_setfsgid 152
+#endif
+
+#if !defined(__NR_times)
+#define __NR_times 153
+#endif
+
+#if !defined(__NR_setpgid)
+#define __NR_setpgid 154
+#endif
+
+#if !defined(__NR_getpgid)
+#define __NR_getpgid 155
+#endif
+
+#if !defined(__NR_getsid)
+#define __NR_getsid 156
+#endif
+
+#if !defined(__NR_setsid)
+#define __NR_setsid 157
+#endif
+
+#if !defined(__NR_getgroups)
+#define __NR_getgroups 158
+#endif
+
+#if !defined(__NR_setgroups)
+#define __NR_setgroups 159
+#endif
+
+#if !defined(__NR_uname)
+#define __NR_uname 160
+#endif
+
+#if !defined(__NR_sethostname)
+#define __NR_sethostname 161
+#endif
+
+#if !defined(__NR_setdomainname)
+#define __NR_setdomainname 162
+#endif
+
+#if !defined(__NR_getrlimit)
+#define __NR_getrlimit 163
+#endif
+
+#if !defined(__NR_setrlimit)
+#define __NR_setrlimit 164
+#endif
+
+#if !defined(__NR_getrusage)
+#define __NR_getrusage 165
+#endif
+
+#if !defined(__NR_umask)
+#define __NR_umask 166
+#endif
+
+#if !defined(__NR_prctl)
+#define __NR_prctl 167
+#endif
+
+#if !defined(__NR_getcpu)
+#define __NR_getcpu 168
+#endif
+
+#if !defined(__NR_gettimeofday)
+#define __NR_gettimeofday 169
+#endif
+
+#if !defined(__NR_settimeofday)
+#define __NR_settimeofday 170
+#endif
+
+#if !defined(__NR_adjtimex)
+#define __NR_adjtimex 171
+#endif
+
+#if !defined(__NR_getpid)
+#define __NR_getpid 172
+#endif
+
+#if !defined(__NR_getppid)
+#define __NR_getppid 173
+#endif
+
+#if !defined(__NR_getuid)
+#define __NR_getuid 174
+#endif
+
+#if !defined(__NR_geteuid)
+#define __NR_geteuid 175
+#endif
+
+#if !defined(__NR_getgid)
+#define __NR_getgid 176
+#endif
+
+#if !defined(__NR_getegid)
+#define __NR_getegid 177
+#endif
+
+#if !defined(__NR_gettid)
+#define __NR_gettid 178
+#endif
+
+#if !defined(__NR_sysinfo)
+#define __NR_sysinfo 179
+#endif
+
+#if !defined(__NR_mq_open)
+#define __NR_mq_open 180
+#endif
+
+#if !defined(__NR_mq_unlink)
+#define __NR_mq_unlink 181
+#endif
+
+#if !defined(__NR_mq_timedsend)
+#define __NR_mq_timedsend 182
+#endif
+
+#if !defined(__NR_mq_timedreceive)
+#define __NR_mq_timedreceive 183
+#endif
+
+#if !defined(__NR_mq_notify)
+#define __NR_mq_notify 184
+#endif
+
+#if !defined(__NR_mq_getsetattr)
+#define __NR_mq_getsetattr 185
+#endif
+
+#if !defined(__NR_msgget)
+#define __NR_msgget 186
+#endif
+
+#if !defined(__NR_msgctl)
+#define __NR_msgctl 187
+#endif
+
+#if !defined(__NR_msgrcv)
+#define __NR_msgrcv 188
+#endif
+
+#if !defined(__NR_msgsnd)
+#define __NR_msgsnd 189
+#endif
+
+#if !defined(__NR_semget)
+#define __NR_semget 190
+#endif
+
+#if !defined(__NR_semctl)
+#define __NR_semctl 191
+#endif
+
+#if !defined(__NR_semtimedop)
+#define __NR_semtimedop 192
+#endif
+
+#if !defined(__NR_semop)
+#define __NR_semop 193
+#endif
+
+#if !defined(__NR_shmget)
+#define __NR_shmget 194
+#endif
+
+#if !defined(__NR_shmctl)
+#define __NR_shmctl 195
+#endif
+
+#if !defined(__NR_shmat)
+#define __NR_shmat 196
+#endif
+
+#if !defined(__NR_shmdt)
+#define __NR_shmdt 197
+#endif
+
+#if !defined(__NR_socket)
+#define __NR_socket 198
+#endif
+
+#if !defined(__NR_socketpair)
+#define __NR_socketpair 199
+#endif
+
+#if !defined(__NR_bind)
+#define __NR_bind 200
+#endif
+
+#if !defined(__NR_listen)
+#define __NR_listen 201
+#endif
+
+#if !defined(__NR_accept)
+#define __NR_accept 202
+#endif
+
+#if !defined(__NR_connect)
+#define __NR_connect 203
+#endif
+
+#if !defined(__NR_getsockname)
+#define __NR_getsockname 204
+#endif
+
+#if !defined(__NR_getpeername)
+#define __NR_getpeername 205
+#endif
+
+#if !defined(__NR_sendto)
+#define __NR_sendto 206
+#endif
+
+#if !defined(__NR_recvfrom)
+#define __NR_recvfrom 207
+#endif
+
+#if !defined(__NR_setsockopt)
+#define __NR_setsockopt 208
+#endif
+
+#if !defined(__NR_getsockopt)
+#define __NR_getsockopt 209
+#endif
+
+#if !defined(__NR_shutdown)
+#define __NR_shutdown 210
+#endif
+
+#if !defined(__NR_sendmsg)
+#define __NR_sendmsg 211
+#endif
+
+#if !defined(__NR_recvmsg)
+#define __NR_recvmsg 212
+#endif
+
+#if !defined(__NR_readahead)
+#define __NR_readahead 213
+#endif
+
+#if !defined(__NR_brk)
+#define __NR_brk 214
+#endif
+
+#if !defined(__NR_munmap)
+#define __NR_munmap 215
+#endif
+
+#if !defined(__NR_mremap)
+#define __NR_mremap 216
+#endif
+
+#if !defined(__NR_add_key)
+#define __NR_add_key 217
+#endif
+
+#if !defined(__NR_request_key)
+#define __NR_request_key 218
+#endif
+
+#if !defined(__NR_keyctl)
+#define __NR_keyctl 219
+#endif
+
+#if !defined(__NR_clone)
+#define __NR_clone 220
+#endif
+
+#if !defined(__NR_execve)
+#define __NR_execve 221
+#endif
+
+#if !defined(__NR_mmap)
+#define __NR_mmap 222
+#endif
+
+#if !defined(__NR_fadvise64)
+#define __NR_fadvise64 223
+#endif
+
+#if !defined(__NR_swapon)
+#define __NR_swapon 224
+#endif
+
+#if !defined(__NR_swapoff)
+#define __NR_swapoff 225
+#endif
+
+#if !defined(__NR_mprotect)
+#define __NR_mprotect 226
+#endif
+
+#if !defined(__NR_msync)
+#define __NR_msync 227
+#endif
+
+#if !defined(__NR_mlock)
+#define __NR_mlock 228
+#endif
+
+#if !defined(__NR_munlock)
+#define __NR_munlock 229
+#endif
+
+#if !defined(__NR_mlockall)
+#define __NR_mlockall 230
+#endif
+
+#if !defined(__NR_munlockall)
+#define __NR_munlockall 231
+#endif
+
+#if !defined(__NR_mincore)
+#define __NR_mincore 232
+#endif
+
+#if !defined(__NR_madvise)
+#define __NR_madvise 233
+#endif
+
+#if !defined(__NR_remap_file_pages)
+#define __NR_remap_file_pages 234
+#endif
+
+#if !defined(__NR_mbind)
+#define __NR_mbind 235
+#endif
+
+#if !defined(__NR_get_mempolicy)
+#define __NR_get_mempolicy 236
+#endif
+
+#if !defined(__NR_set_mempolicy)
+#define __NR_set_mempolicy 237
+#endif
+
+#if !defined(__NR_migrate_pages)
+#define __NR_migrate_pages 238
+#endif
+
+#if !defined(__NR_move_pages)
+#define __NR_move_pages 239
+#endif
+
+#if !defined(__NR_rt_tgsigqueueinfo)
+#define __NR_rt_tgsigqueueinfo 240
+#endif
+
+#if !defined(__NR_perf_event_open)
+#define __NR_perf_event_open 241
+#endif
+
+#if !defined(__NR_accept4)
+#define __NR_accept4 242
+#endif
+
+#if !defined(__NR_recvmmsg)
+#define __NR_recvmmsg 243
+#endif
+
+#if !defined(__NR_wait4)
+#define __NR_wait4 260
+#endif
+
+#if !defined(__NR_prlimit64)
+#define __NR_prlimit64 261
+#endif
+
+#if !defined(__NR_fanotify_init)
+#define __NR_fanotify_init 262
+#endif
+
+#if !defined(__NR_fanotify_mark)
+#define __NR_fanotify_mark 263
+#endif
+
+#if !defined(__NR_name_to_handle_at)
+#define __NR_name_to_handle_at 264
+#endif
+
+#if !defined(__NR_open_by_handle_at)
+#define __NR_open_by_handle_at 265
+#endif
+
+#if !defined(__NR_clock_adjtime)
+#define __NR_clock_adjtime 266
+#endif
+
+#if !defined(__NR_syncfs)
+#define __NR_syncfs 267
+#endif
+
+#if !defined(__NR_setns)
+#define __NR_setns 268
+#endif
+
+#if !defined(__NR_sendmmsg)
+#define __NR_sendmmsg 269
+#endif
+
+#if !defined(__NR_process_vm_readv)
+#define __NR_process_vm_readv 270
+#endif
+
+#if !defined(__NR_process_vm_writev)
+#define __NR_process_vm_writev 271
+#endif
+
+#if !defined(__NR_kcmp)
+#define __NR_kcmp 272
+#endif
+
+#if !defined(__NR_finit_module)
+#define __NR_finit_module 273
+#endif
+
+#if !defined(__NR_sched_setattr)
+#define __NR_sched_setattr 274
+#endif
+
+#if !defined(__NR_sched_getattr)
+#define __NR_sched_getattr 275
+#endif
+
+#if !defined(__NR_renameat2)
+#define __NR_renameat2 276
+#endif
+
+#if !defined(__NR_seccomp)
+#define __NR_seccomp 277
+#endif
+
+#if !defined(__NR_getrandom)
+#define __NR_getrandom 278
+#endif
+
+#endif // SANDBOX_LINUX_SERVICES_ARM64_LINUX_SYSCALLS_H_
diff --git a/sandbox/linux/services/broker_process_unittest.cc b/sandbox/linux/services/broker_process_unittest.cc
index 515dccc..87a7a31 100644
--- a/sandbox/linux/services/broker_process_unittest.cc
+++ b/sandbox/linux/services/broker_process_unittest.cc
@@ -18,7 +18,7 @@
#include "base/basictypes.h"
#include "base/bind.h"
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
index 12ef320..28199fb 100644
--- a/sandbox/linux/services/credentials_unittest.cc
+++ b/sandbox/linux/services/credentials_unittest.cc
@@ -11,7 +11,7 @@
#include <sys/types.h>
#include <unistd.h>
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"
diff --git a/sandbox/linux/services/linux_syscalls.h b/sandbox/linux/services/linux_syscalls.h
index 0709ea5..b6a40c6 100644
--- a/sandbox/linux/services/linux_syscalls.h
+++ b/sandbox/linux/services/linux_syscalls.h
@@ -25,5 +25,9 @@
#include "sandbox/linux/services/mips_linux_syscalls.h"
#endif
+#if defined(__aarch64__)
+#include "sandbox/linux/services/arm64_linux_syscalls.h"
+#endif
+
#endif // SANDBOX_LINUX_SERVICES_LINUX_SYSCALLS_H_
diff --git a/sandbox/linux/services/scoped_process_unittest.cc b/sandbox/linux/services/scoped_process_unittest.cc
index 382c7fb..82b85b9 100644
--- a/sandbox/linux/services/scoped_process_unittest.cc
+++ b/sandbox/linux/services/scoped_process_unittest.cc
@@ -12,7 +12,7 @@
#include "base/basictypes.h"
#include "base/bind.h"
#include "base/callback.h"
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
diff --git a/sandbox/linux/services/yama.cc b/sandbox/linux/services/yama.cc
index 49e1b36..6658160 100644
--- a/sandbox/linux/services/yama.cc
+++ b/sandbox/linux/services/yama.cc
@@ -11,7 +11,7 @@
#include <unistd.h>
#include "base/basictypes.h"
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/posix/eintr_wrapper.h"
diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc
index fc03cdd..f0b5cef 100644
--- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
+++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc
@@ -14,8 +14,8 @@
#include "base/command_line.h"
#include "base/environment.h"
-#include "base/file_util.h"
#include "base/files/file_path.h"
+#include "base/files/file_util.h"
#include "base/files/scoped_file.h"
#include "base/logging.h"
#include "base/macros.h"
diff --git a/sandbox/linux/suid/common/sandbox.h b/sandbox/linux/suid/common/sandbox.h
index 9345287..99eb7b5 100644
--- a/sandbox/linux/suid/common/sandbox.h
+++ b/sandbox/linux/suid/common/sandbox.h
@@ -11,6 +11,7 @@
// These are command line switches that may be used by other programs
// (e.g. Chrome) to construct a command line for the sandbox.
+static const char kSuidSandboxGetApiSwitch[] = "--get-api";
static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score";
static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
diff --git a/sandbox/linux/suid/linux_util.c b/sandbox/linux/suid/linux_util.c
deleted file mode 100644
index 9febe6d..0000000
--- a/sandbox/linux/suid/linux_util.c
+++ /dev/null
@@ -1,140 +0,0 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// The following is duplicated from base/linux_utils.cc.
-// We shouldn't link against C++ code in a setuid binary.
-
-// Needed for O_DIRECTORY, must be defined before fcntl.h is included
-// (and it can be included earlier than the explicit #include below
-// in some versions of glibc).
-#define _GNU_SOURCE
-
-#include "sandbox/linux/suid/linux_util.h"
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-// expected prefix of the target of the /proc/self/fd/%d link for a socket
-static const char kSocketLinkPrefix[] = "socket:[";
-
-// Parse a symlink in /proc/pid/fd/$x and return the inode number of the
-// socket.
-// inode_out: (output) set to the inode number on success
-// path: e.g. /proc/1234/fd/5 (must be a UNIX domain socket descriptor)
-static bool ProcPathGetInodeAt(ino_t* inode_out,
- int base_dir_fd,
- const char* path) {
- // We also check that the path is relative.
- if (!inode_out || !path || *path == '/')
- return false;
- char buf[256];
- const ssize_t n = readlinkat(base_dir_fd, path, buf, sizeof(buf) - 1);
- if (n < 0)
- return false;
- buf[n] = 0;
-
- if (memcmp(kSocketLinkPrefix, buf, sizeof(kSocketLinkPrefix) - 1))
- return false;
-
- char* endptr = NULL;
- errno = 0;
- const unsigned long long int inode_ull =
- strtoull(buf + sizeof(kSocketLinkPrefix) - 1, &endptr, 10);
- if (inode_ull == ULLONG_MAX || !endptr || *endptr != ']' || errno != 0)
- return false;
-
- *inode_out = inode_ull;
- return true;
-}
-
-static DIR* opendirat(int base_dir_fd, const char* name) {
- // Also check that |name| is relative.
- if (base_dir_fd < 0 || !name || *name == '/')
- return NULL;
- int new_dir_fd = openat(base_dir_fd, name, O_RDONLY | O_DIRECTORY);
- if (new_dir_fd < 0)
- return NULL;
-
- return fdopendir(new_dir_fd);
-}
-
-bool FindProcessHoldingSocket(pid_t* pid_out, ino_t socket_inode) {
- bool already_found = false;
-
- DIR* proc = opendir("/proc");
- if (!proc)
- return false;
-
- const uid_t uid = getuid();
- struct dirent* dent;
- while ((dent = readdir(proc))) {
- char* endptr = NULL;
- errno = 0;
- const unsigned long int pid_ul = strtoul(dent->d_name, &endptr, 10);
- if (pid_ul == ULONG_MAX || !endptr || *endptr || errno != 0)
- continue;
-
- // We have this setuid code here because the zygote and its children have
- // /proc/$pid/fd owned by root. While scanning through /proc, we add this
- // extra check so users cannot accidentally gain information about other
- // users' processes. To determine process ownership, we use the property
- // that if user foo owns process N, then /proc/N is owned by foo.
- int proc_pid_fd = -1;
- {
- char buf[256];
- struct stat statbuf;
- snprintf(buf, sizeof(buf), "/proc/%lu", pid_ul);
- proc_pid_fd = open(buf, O_RDONLY | O_DIRECTORY);
- if (proc_pid_fd < 0)
- continue;
- if (fstat(proc_pid_fd, &statbuf) < 0 || uid != statbuf.st_uid) {
- close(proc_pid_fd);
- continue;
- }
- }
-
- DIR* fd = opendirat(proc_pid_fd, "fd");
- if (!fd) {
- close(proc_pid_fd);
- continue;
- }
-
- while ((dent = readdir(fd))) {
- char buf[256];
- int printed = snprintf(buf, sizeof(buf), "fd/%s", dent->d_name);
- if (printed < 0 || printed >= (int)(sizeof(buf) - 1)) {
- continue;
- }
-
- ino_t fd_inode;
- if (ProcPathGetInodeAt(&fd_inode, proc_pid_fd, buf)) {
- if (fd_inode == socket_inode) {
- if (already_found) {
- closedir(fd);
- close(proc_pid_fd);
- closedir(proc);
- return false;
- }
-
- already_found = true;
- *pid_out = pid_ul;
- break;
- }
- }
- }
- closedir(fd);
- close(proc_pid_fd);
- }
- closedir(proc);
-
- return already_found;
-}
diff --git a/sandbox/linux/suid/linux_util.h b/sandbox/linux/suid/linux_util.h
deleted file mode 100644
index d064252..0000000
--- a/sandbox/linux/suid/linux_util.h
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// The following is duplicated from base/linux_utils.h.
-// We shouldn't link against C++ code in a setuid binary.
-
-#ifndef SANDBOX_LINUX_SUID_LINUX_UTIL_H_
-#define SANDBOX_LINUX_SUID_LINUX_UTIL_H_
-
-#include <stdbool.h>
-#include <sys/types.h>
-
-static const char kFindInodeSwitch[] = "--find-inode";
-static const char kSuidSandboxGetApiSwitch[] = "--get-api";
-
-// Find the process which holds the given socket, named by inode number. If
-// multiple processes hold the socket, this function returns false.
-bool FindProcessHoldingSocket(pid_t* pid_out, ino_t socket_inode);
-
-#endif // SANDBOX_LINUX_SUID_LINUX_UTIL_H_
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index 7410b71..3049ae5 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -30,7 +30,6 @@
#include <unistd.h>
#include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
-#include "sandbox/linux/suid/linux_util.h"
#include "sandbox/linux/suid/process_util.h"
#if !defined(CLONE_NEWPID)
@@ -433,34 +432,8 @@
return 0;
}
- // In the SUID sandbox, if we succeed in calling MoveToNewNamespaces()
- // below, then the zygote and all the renderers are in an alternate PID
- // namespace and do not know their real PIDs. As such, they report the wrong
- // PIDs to the task manager.
- //
- // To fix this, when the zygote spawns a new renderer, it gives the renderer
- // a dummy socket, which has a unique inode number. Then it asks the sandbox
- // host to find the PID of the process holding that fd by searching /proc.
- //
- // Since the zygote and renderers are all spawned by this setuid executable,
- // their entries in /proc are owned by root and only readable by root. In
- // order to search /proc for the fd we want, this setuid executable has to
- // double as a helper and perform the search. The code block below does this
- // when you call it with --find-inode INODE_NUMBER.
- if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
- pid_t pid;
- char* endptr = NULL;
- errno = 0;
- ino_t inode = strtoull(argv[2], &endptr, 10);
- if (inode == ULLONG_MAX || !endptr || *endptr || errno != 0)
- return 1;
- if (!FindProcessHoldingSocket(&pid, inode))
- return 1;
- printf("%d\n", pid);
- return 0;
- }
- // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
- // because those files are owned by root. So we need another helper here.
+ // We cannot adjust /proc/pid/oom_adj for sandboxed renderers
+ // because those files are owned by root. So we need a helper here.
if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
char* endptr = NULL;
long score;
diff --git a/sandbox/linux/tests/unit_tests.cc b/sandbox/linux/tests/unit_tests.cc
index 25b6dc6..b7c3af6 100644
--- a/sandbox/linux/tests/unit_tests.cc
+++ b/sandbox/linux/tests/unit_tests.cc
@@ -12,7 +12,7 @@
#include <unistd.h>
#include "base/debug/leak_annotations.h"
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/posix/eintr_wrapper.h"
#include "base/third_party/valgrind/valgrind.h"
#include "build/build_config.h"
diff --git a/sandbox/sandbox.target.darwin-arm.mk b/sandbox/sandbox.target.darwin-arm.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.darwin-arm.mk
+++ b/sandbox/sandbox.target.darwin-arm.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.darwin-arm64.mk b/sandbox/sandbox.target.darwin-arm64.mk
index 9f8d415..c23fde0 100644
--- a/sandbox/sandbox.target.darwin-arm64.mk
+++ b/sandbox/sandbox.target.darwin-arm64.mk
@@ -6,14 +6,15 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
# Make sure our deps are built first.
GYP_TARGET_DEPENDENCIES := \
- $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp,,,$(GYP_VAR_PREFIX))/sandbox_sandbox_services_gyp.a
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp,,,$(GYP_VAR_PREFIX))/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp,,,$(GYP_VAR_PREFIX))/sandbox_seccomp_bpf_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_helpers_gyp,,,$(GYP_VAR_PREFIX))/sandbox_seccomp_bpf_helpers_gyp.a
GYP_GENERATED_OUTPUTS :=
diff --git a/sandbox/sandbox.target.darwin-mips.mk b/sandbox/sandbox.target.darwin-mips.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.darwin-mips.mk
+++ b/sandbox/sandbox.target.darwin-mips.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.darwin-x86.mk b/sandbox/sandbox.target.darwin-x86.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.darwin-x86.mk
+++ b/sandbox/sandbox.target.darwin-x86.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.darwin-x86_64.mk b/sandbox/sandbox.target.darwin-x86_64.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.darwin-x86_64.mk
+++ b/sandbox/sandbox.target.darwin-x86_64.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.linux-arm.mk b/sandbox/sandbox.target.linux-arm.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.linux-arm.mk
+++ b/sandbox/sandbox.target.linux-arm.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.linux-arm64.mk b/sandbox/sandbox.target.linux-arm64.mk
index 9f8d415..c23fde0 100644
--- a/sandbox/sandbox.target.linux-arm64.mk
+++ b/sandbox/sandbox.target.linux-arm64.mk
@@ -6,14 +6,15 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
# Make sure our deps are built first.
GYP_TARGET_DEPENDENCIES := \
- $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp,,,$(GYP_VAR_PREFIX))/sandbox_sandbox_services_gyp.a
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp,,,$(GYP_VAR_PREFIX))/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp,,,$(GYP_VAR_PREFIX))/sandbox_seccomp_bpf_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_helpers_gyp,,,$(GYP_VAR_PREFIX))/sandbox_seccomp_bpf_helpers_gyp.a
GYP_GENERATED_OUTPUTS :=
diff --git a/sandbox/sandbox.target.linux-mips.mk b/sandbox/sandbox.target.linux-mips.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.linux-mips.mk
+++ b/sandbox/sandbox.target.linux-mips.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.linux-x86.mk b/sandbox/sandbox.target.linux-x86.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.linux-x86.mk
+++ b/sandbox/sandbox.target.linux-x86.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox.target.linux-x86_64.mk b/sandbox/sandbox.target.linux-x86_64.mk
index ef01a58..c23fde0 100644
--- a/sandbox/sandbox.target.linux-x86_64.mk
+++ b/sandbox/sandbox.target.linux-x86_64.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_gyp
LOCAL_MODULE_STEM := sandbox
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
diff --git a/sandbox/sandbox_services.target.darwin-arm.mk b/sandbox/sandbox_services.target.darwin-arm.mk
index de07f30..82472e4 100644
--- a/sandbox/sandbox_services.target.darwin-arm.mk
+++ b/sandbox/sandbox_services.target.darwin-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -46,13 +44,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -67,6 +65,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -90,11 +89,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -112,7 +113,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -123,6 +123,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -140,7 +141,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -150,13 +150,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -194,11 +194,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -217,7 +219,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -228,6 +229,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -246,50 +248,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.darwin-arm64.mk b/sandbox/sandbox_services.target.darwin-arm64.mk
index eb9f242..2b10c57 100644
--- a/sandbox/sandbox_services.target.darwin-arm64.mk
+++ b/sandbox/sandbox_services.target.darwin-arm64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -57,6 +55,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-funwind-tables
@@ -79,11 +78,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -101,7 +102,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -112,6 +112,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -127,7 +128,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -171,11 +171,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -194,7 +196,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -205,6 +206,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -222,42 +224,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.darwin-mips.mk b/sandbox/sandbox_services.target.darwin-mips.mk
index a9542cf..5ac8a60 100644
--- a/sandbox/sandbox_services.target.darwin-mips.mk
+++ b/sandbox/sandbox_services.target.darwin-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -45,8 +43,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -61,6 +57,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +81,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +105,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -117,6 +115,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -134,7 +133,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -143,8 +141,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -182,11 +178,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -205,7 +203,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -216,6 +213,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -234,46 +232,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.darwin-x86.mk b/sandbox/sandbox_services.target.darwin-x86.mk
index 8ed4296..2ba5594 100644
--- a/sandbox/sandbox_services.target.darwin-x86.mk
+++ b/sandbox/sandbox_services.target.darwin-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -62,6 +60,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -85,11 +84,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -107,7 +108,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -118,6 +118,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -133,7 +134,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -183,11 +183,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -206,7 +208,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -217,6 +218,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -234,46 +236,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.darwin-x86_64.mk b/sandbox/sandbox_services.target.darwin-x86_64.mk
index 33e98b9..47c1cb3 100644
--- a/sandbox/sandbox_services.target.darwin-x86_64.mk
+++ b/sandbox/sandbox_services.target.darwin-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -61,6 +59,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +83,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +107,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -117,6 +117,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -133,7 +134,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -181,11 +181,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -204,7 +206,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -215,6 +216,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -232,46 +234,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.linux-arm.mk b/sandbox/sandbox_services.target.linux-arm.mk
index de07f30..82472e4 100644
--- a/sandbox/sandbox_services.target.linux-arm.mk
+++ b/sandbox/sandbox_services.target.linux-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -46,13 +44,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -67,6 +65,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -90,11 +89,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -112,7 +113,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -123,6 +123,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -140,7 +141,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -150,13 +150,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -194,11 +194,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -217,7 +219,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -228,6 +229,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -246,50 +248,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.linux-arm64.mk b/sandbox/sandbox_services.target.linux-arm64.mk
index eb9f242..2b10c57 100644
--- a/sandbox/sandbox_services.target.linux-arm64.mk
+++ b/sandbox/sandbox_services.target.linux-arm64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -57,6 +55,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-funwind-tables
@@ -79,11 +78,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -101,7 +102,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -112,6 +112,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -127,7 +128,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -171,11 +171,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -194,7 +196,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -205,6 +206,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -222,42 +224,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.linux-mips.mk b/sandbox/sandbox_services.target.linux-mips.mk
index a9542cf..5ac8a60 100644
--- a/sandbox/sandbox_services.target.linux-mips.mk
+++ b/sandbox/sandbox_services.target.linux-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -45,8 +43,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -61,6 +57,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +81,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +105,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -117,6 +115,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -134,7 +133,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -143,8 +141,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -182,11 +178,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -205,7 +203,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -216,6 +213,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -234,46 +232,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.linux-x86.mk b/sandbox/sandbox_services.target.linux-x86.mk
index 8ed4296..2ba5594 100644
--- a/sandbox/sandbox_services.target.linux-x86.mk
+++ b/sandbox/sandbox_services.target.linux-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -62,6 +60,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -85,11 +84,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -107,7 +108,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -118,6 +118,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -133,7 +134,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -183,11 +183,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -206,7 +208,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -217,6 +218,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -234,46 +236,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services.target.linux-x86_64.mk b/sandbox/sandbox_services.target.linux-x86_64.mk
index 33e98b9..47c1cb3 100644
--- a/sandbox/sandbox_services.target.linux-x86_64.mk
+++ b/sandbox/sandbox_services.target.linux-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_sandbox_services_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -36,7 +35,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -61,6 +59,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +83,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +107,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -117,6 +117,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -133,7 +134,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -181,11 +181,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -204,7 +206,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH)/sandbox \
$(LOCAL_PATH) \
@@ -215,6 +216,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -232,46 +234,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/sandbox_services_headers.target.darwin-arm.mk b/sandbox/sandbox_services_headers.target.darwin-arm.mk
index 149f9f7..55676b2 100644
--- a/sandbox/sandbox_services_headers.target.darwin-arm.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-arm.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -41,13 +39,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -62,6 +60,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -85,11 +84,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -115,6 +116,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -132,7 +134,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -142,13 +143,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -186,11 +187,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -217,6 +220,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.darwin-arm64.mk b/sandbox/sandbox_services_headers.target.darwin-arm64.mk
new file mode 100644
index 0000000..a9f6598
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.darwin-arm64.mk
@@ -0,0 +1,236 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+LOCAL_2ND_ARCH_VAR_PREFIX := $(GYP_VAR_PREFIX)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
+
+LOCAL_2ND_ARCH_VAR_PREFIX :=
diff --git a/sandbox/sandbox_services_headers.target.darwin-mips.mk b/sandbox/sandbox_services_headers.target.darwin-mips.mk
index 3ff343b..6e03e2d 100644
--- a/sandbox/sandbox_services_headers.target.darwin-mips.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-mips.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -40,8 +38,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -56,6 +52,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -79,11 +76,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -109,6 +108,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -126,7 +126,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -135,8 +134,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -174,11 +171,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -205,6 +204,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.darwin-x86.mk b/sandbox/sandbox_services_headers.target.darwin-x86.mk
index 7eb0108..4019100 100644
--- a/sandbox/sandbox_services_headers.target.darwin-x86.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-x86.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -30,7 +29,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -57,6 +55,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -80,11 +79,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -110,6 +111,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -125,7 +127,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -175,11 +176,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -206,6 +209,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.darwin-x86_64.mk b/sandbox/sandbox_services_headers.target.darwin-x86_64.mk
index bd03ce6..39d33b8 100644
--- a/sandbox/sandbox_services_headers.target.darwin-x86_64.mk
+++ b/sandbox/sandbox_services_headers.target.darwin-x86_64.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -56,6 +54,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -79,11 +78,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -109,6 +110,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -125,7 +127,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -173,11 +174,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -204,6 +207,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.linux-arm.mk b/sandbox/sandbox_services_headers.target.linux-arm.mk
index 149f9f7..55676b2 100644
--- a/sandbox/sandbox_services_headers.target.linux-arm.mk
+++ b/sandbox/sandbox_services_headers.target.linux-arm.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -41,13 +39,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -62,6 +60,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -85,11 +84,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -115,6 +116,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -132,7 +134,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -142,13 +143,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -186,11 +187,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -217,6 +220,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.linux-arm64.mk b/sandbox/sandbox_services_headers.target.linux-arm64.mk
new file mode 100644
index 0000000..a9f6598
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.linux-arm64.mk
@@ -0,0 +1,236 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH)/sandbox \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+LOCAL_2ND_ARCH_VAR_PREFIX := $(GYP_VAR_PREFIX)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
+
+LOCAL_2ND_ARCH_VAR_PREFIX :=
diff --git a/sandbox/sandbox_services_headers.target.linux-mips.mk b/sandbox/sandbox_services_headers.target.linux-mips.mk
index 3ff343b..6e03e2d 100644
--- a/sandbox/sandbox_services_headers.target.linux-mips.mk
+++ b/sandbox/sandbox_services_headers.target.linux-mips.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -40,8 +38,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -56,6 +52,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -79,11 +76,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -109,6 +108,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -126,7 +126,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -135,8 +134,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -174,11 +171,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -205,6 +204,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.linux-x86.mk b/sandbox/sandbox_services_headers.target.linux-x86.mk
index 7eb0108..4019100 100644
--- a/sandbox/sandbox_services_headers.target.linux-x86.mk
+++ b/sandbox/sandbox_services_headers.target.linux-x86.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -30,7 +29,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -57,6 +55,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -80,11 +79,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -110,6 +111,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -125,7 +127,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -175,11 +176,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -206,6 +209,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/sandbox_services_headers.target.linux-x86_64.mk b/sandbox/sandbox_services_headers.target.linux-x86_64.mk
index bd03ce6..39d33b8 100644
--- a/sandbox/sandbox_services_headers.target.linux-x86_64.mk
+++ b/sandbox/sandbox_services_headers.target.linux-x86_64.mk
@@ -6,7 +6,6 @@
LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
LOCAL_MODULE_STEM := sandbox_services_headers
LOCAL_MODULE_SUFFIX := .stamp
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -31,7 +30,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -56,6 +54,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -79,11 +78,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -109,6 +110,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -125,7 +127,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -173,11 +174,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
'-D__STDC_CONSTANT_MACROS' \
@@ -204,6 +207,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
diff --git a/sandbox/seccomp_bpf.target.darwin-arm.mk b/sandbox/seccomp_bpf.target.darwin-arm.mk
index 6a49248..14baf0c 100644
--- a/sandbox/seccomp_bpf.target.darwin-arm.mk
+++ b/sandbox/seccomp_bpf.target.darwin-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -53,13 +51,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -74,6 +72,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -97,11 +96,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -119,7 +120,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -129,6 +129,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -146,7 +147,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -156,13 +156,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -200,11 +200,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -223,7 +225,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -233,6 +234,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -251,50 +253,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.darwin-arm64.mk b/sandbox/seccomp_bpf.target.darwin-arm64.mk
new file mode 100644
index 0000000..beda21a
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.darwin-arm64.mk
@@ -0,0 +1,244 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp,,,$(GYP_VAR_PREFIX))/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/bpf_dsl/bpf_dsl.cc \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf.target.darwin-mips.mk b/sandbox/seccomp_bpf.target.darwin-mips.mk
index 6ac2c11..abfd74b 100644
--- a/sandbox/seccomp_bpf.target.darwin-mips.mk
+++ b/sandbox/seccomp_bpf.target.darwin-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -52,8 +50,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -68,6 +64,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -91,11 +88,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -113,7 +112,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -123,6 +121,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -140,7 +139,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -149,8 +147,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -188,11 +184,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -211,7 +209,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -221,6 +218,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -239,46 +237,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.darwin-x86.mk b/sandbox/seccomp_bpf.target.darwin-x86.mk
index 1f890ee..05c2774 100644
--- a/sandbox/seccomp_bpf.target.darwin-x86.mk
+++ b/sandbox/seccomp_bpf.target.darwin-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -42,7 +41,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -69,6 +67,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -92,11 +91,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -114,7 +115,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -124,6 +124,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -139,7 +140,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -189,11 +189,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -212,7 +214,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -222,6 +223,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -239,46 +241,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.darwin-x86_64.mk b/sandbox/seccomp_bpf.target.darwin-x86_64.mk
index 6fc87c9..67f5a03 100644
--- a/sandbox/seccomp_bpf.target.darwin-x86_64.mk
+++ b/sandbox/seccomp_bpf.target.darwin-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -68,6 +66,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -91,11 +90,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -113,7 +114,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -123,6 +123,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -139,7 +140,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -187,11 +187,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -210,7 +212,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -220,6 +221,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -237,46 +239,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.linux-arm.mk b/sandbox/seccomp_bpf.target.linux-arm.mk
index 6a49248..14baf0c 100644
--- a/sandbox/seccomp_bpf.target.linux-arm.mk
+++ b/sandbox/seccomp_bpf.target.linux-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -53,13 +51,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -74,6 +72,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -97,11 +96,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -119,7 +120,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -129,6 +129,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -146,7 +147,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -156,13 +156,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -200,11 +200,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -223,7 +225,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -233,6 +234,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -251,50 +253,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.linux-arm64.mk b/sandbox/seccomp_bpf.target.linux-arm64.mk
new file mode 100644
index 0000000..beda21a
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.linux-arm64.mk
@@ -0,0 +1,244 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp,,,$(GYP_VAR_PREFIX))/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/bpf_dsl/bpf_dsl.cc \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf_policy.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf.target.linux-mips.mk b/sandbox/seccomp_bpf.target.linux-mips.mk
index 6ac2c11..abfd74b 100644
--- a/sandbox/seccomp_bpf.target.linux-mips.mk
+++ b/sandbox/seccomp_bpf.target.linux-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -52,8 +50,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -68,6 +64,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -91,11 +88,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -113,7 +112,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -123,6 +121,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -140,7 +139,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -149,8 +147,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -188,11 +184,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -211,7 +209,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -221,6 +218,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -239,46 +237,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.linux-x86.mk b/sandbox/seccomp_bpf.target.linux-x86.mk
index 1f890ee..05c2774 100644
--- a/sandbox/seccomp_bpf.target.linux-x86.mk
+++ b/sandbox/seccomp_bpf.target.linux-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -42,7 +41,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -69,6 +67,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -92,11 +91,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -114,7 +115,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -124,6 +124,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -139,7 +140,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -189,11 +189,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -212,7 +214,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -222,6 +223,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -239,46 +241,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf.target.linux-x86_64.mk b/sandbox/seccomp_bpf.target.linux-x86_64.mk
index 6fc87c9..67f5a03 100644
--- a/sandbox/seccomp_bpf.target.linux-x86_64.mk
+++ b/sandbox/seccomp_bpf.target.linux-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -43,7 +42,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -68,6 +66,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -91,11 +90,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -113,7 +114,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -123,6 +123,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -139,7 +140,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -187,11 +187,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -210,7 +212,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -220,6 +221,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -237,46 +239,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk b/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
index 641f8cb..c764b6b 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -45,13 +43,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -66,6 +64,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -89,11 +88,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -111,7 +112,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -121,6 +121,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -138,7 +139,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -148,13 +148,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -192,11 +192,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -215,7 +217,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -225,6 +226,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -243,50 +245,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-arm64.mk b/sandbox/seccomp_bpf_helpers.target.darwin-arm64.mk
new file mode 100644
index 0000000..360ede8
--- /dev/null
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-arm64.mk
@@ -0,0 +1,236 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc \
+ sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_helpers_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf_helpers
+seccomp_bpf_helpers: sandbox_seccomp_bpf_helpers_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-mips.mk b/sandbox/seccomp_bpf_helpers.target.darwin-mips.mk
index 413aa46..90d3c46 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-mips.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -44,8 +42,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -60,6 +56,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -83,11 +80,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -105,7 +104,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -115,6 +113,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -132,7 +131,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -141,8 +139,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -180,11 +176,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -203,7 +201,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -213,6 +210,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -231,46 +229,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk b/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
index f871ab7..2df61da 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -34,7 +33,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -61,6 +59,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +83,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +107,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -116,6 +116,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -131,7 +132,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -181,11 +181,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -204,7 +206,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -214,6 +215,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -231,46 +233,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk b/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk
index 0cecde7..6385d75 100644
--- a/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk
+++ b/sandbox/seccomp_bpf_helpers.target.darwin-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -60,6 +58,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -83,11 +82,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -105,7 +106,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -115,6 +115,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -131,7 +132,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -179,11 +179,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -202,7 +204,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -212,6 +213,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -229,46 +231,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-arm.mk b/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
index 641f8cb..c764b6b 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-arm.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -45,13 +43,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -66,6 +64,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -89,11 +88,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -111,7 +112,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -121,6 +121,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -138,7 +139,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -148,13 +148,13 @@
-fPIC \
-Wno-unused-local-typedefs \
-fno-tree-sra \
+ -fno-caller-saves \
+ -Wno-psabi \
-fno-partial-inlining \
-fno-early-inlining \
-fno-tree-copy-prop \
-fno-tree-loop-optimize \
-fno-move-loop-invariants \
- -fno-caller-saves \
- -Wno-psabi \
-ffunction-sections \
-funwind-tables \
-g \
@@ -192,11 +192,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -215,7 +217,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -225,6 +226,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -243,50 +245,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -Wl,-z,relro \
- -Wl,-z,now \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--icf=safe \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-arm64.mk b/sandbox/seccomp_bpf_helpers.target.linux-arm64.mk
new file mode 100644
index 0000000..360ede8
--- /dev/null
+++ b/sandbox/seccomp_bpf_helpers.target.linux-arm64.mk
@@ -0,0 +1,236 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
+gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc \
+ sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc \
+ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Debug := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -g \
+ -gdwarf-4 \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Debug := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Debug := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS_Release := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -Wno-unused-local-typedefs \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Wno-unused-but-set-variable \
+ -Os \
+ -fno-ident \
+ -fdata-sections \
+ -ffunction-sections \
+ -funwind-tables
+
+MY_DEFS_Release := \
+ '-DV8_DEPRECATION_WARNINGS' \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DENABLE_WEBRTC=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_BROWSER_CDMS' \
+ '-DENABLE_CONFIGURATION_POLICY' \
+ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \
+ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DCLD_VERSION=1' \
+ '-DENABLE_PRINTING=1' \
+ '-DENABLE_MANAGED_USERS=1' \
+ '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
+ '-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
+ '-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
+ '-DSANDBOX_IMPLEMENTATION' \
+ '-DUSE_OPENSSL=1' \
+ '-DUSE_OPENSSL_CERTS=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DNDEBUG' \
+ '-DNVALGRIND' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=0' \
+ '-D_FORTIFY_SOURCE=2'
+
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES_Release := \
+ $(gyp_shared_intermediate_dir) \
+ $(LOCAL_PATH) \
+ $(PWD)/frameworks/wilhelm/include \
+ $(PWD)/bionic \
+ $(PWD)/external/stlport/stlport
+
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -std=gnu++11 \
+ -Wno-narrowing \
+ -Wno-literal-suffix \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+
+LOCAL_CFLAGS := $(MY_CFLAGS_$(GYP_CONFIGURATION)) $(MY_DEFS_$(GYP_CONFIGURATION))
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES_$(GYP_CONFIGURATION))
+LOCAL_CPPFLAGS := $(LOCAL_CPPFLAGS_$(GYP_CONFIGURATION))
+LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
+### Rules for final target.
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_helpers_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf_helpers
+seccomp_bpf_helpers: sandbox_seccomp_bpf_helpers_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-mips.mk b/sandbox/seccomp_bpf_helpers.target.linux-mips.mk
index 413aa46..90d3c46 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-mips.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-mips.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -44,8 +42,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -60,6 +56,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -83,11 +80,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -105,7 +104,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -115,6 +113,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -132,7 +131,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
\
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -141,8 +139,6 @@
-pipe \
-fPIC \
-Wno-unused-local-typedefs \
- -EL \
- -mhard-float \
-ffunction-sections \
-funwind-tables \
-g \
@@ -180,11 +176,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -203,7 +201,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -213,6 +210,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -231,46 +229,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -EL \
- -Wl,--no-keep-memory \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-x86.mk b/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
index f871ab7..2df61da 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-x86.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -34,7 +33,6 @@
MY_CFLAGS_Debug := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -61,6 +59,7 @@
-fno-stack-protector \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -84,11 +83,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -106,7 +107,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -116,6 +116,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -131,7 +132,6 @@
MY_CFLAGS_Release := \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -181,11 +181,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -204,7 +206,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -214,6 +215,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -231,46 +233,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m32 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk b/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk
index 0cecde7..6385d75 100644
--- a/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk
+++ b/sandbox/seccomp_bpf_helpers.target.linux-x86_64.mk
@@ -5,7 +5,6 @@
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
LOCAL_MODULE := sandbox_seccomp_bpf_helpers_gyp
LOCAL_MODULE_SUFFIX := .a
-LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_TARGET_ARCH := $(TARGET_$(GYP_VAR_PREFIX)ARCH)
gyp_intermediate_dir := $(call local-intermediates-dir,,$(GYP_VAR_PREFIX))
gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared,,,$(GYP_VAR_PREFIX))
@@ -35,7 +34,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -60,6 +58,7 @@
-Wno-unused-but-set-variable \
-Os \
-g \
+ -gdwarf-4 \
-fdata-sections \
-ffunction-sections \
-fomit-frame-pointer \
@@ -83,11 +82,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -105,7 +106,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Debug := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -115,6 +115,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Debug := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -131,7 +132,6 @@
-fstack-protector \
--param=ssp-buffer-size=4 \
-Werror \
- -fno-exceptions \
-fno-strict-aliasing \
-Wall \
-Wno-unused-parameter \
@@ -179,11 +179,13 @@
'-DENABLE_PRINTING=1' \
'-DENABLE_MANAGED_USERS=1' \
'-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \
- '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \
+ '-DDATA_REDUCTION_DEV_HOST="https://proxy-dev.googlezip.net:443/"' \
+ '-DDATA_REDUCTION_DEV_FALLBACK_HOST="http://proxy-dev.googlezip.net:80/"' \
'-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \
'-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \
'-DDATA_REDUCTION_PROXY_WARMUP_URL="http://www.gstatic.com/generate_204"' \
'-DVIDEO_HOLE=1' \
+ '-DENABLE_LOAD_COMPLETION_HACKS=1' \
'-DSANDBOX_IMPLEMENTATION' \
'-DUSE_OPENSSL=1' \
'-DUSE_OPENSSL_CERTS=1' \
@@ -202,7 +204,6 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES_Release := \
- $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(gyp_shared_intermediate_dir) \
$(LOCAL_PATH) \
$(PWD)/frameworks/wilhelm/include \
@@ -212,6 +213,7 @@
# Flags passed to only C++ (and not C) files.
LOCAL_CPPFLAGS_Release := \
+ -fno-exceptions \
-fno-rtti \
-fno-threadsafe-statics \
-fvisibility-inlines-hidden \
@@ -229,46 +231,6 @@
LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
### Rules for final target.
-LOCAL_LDFLAGS_Debug := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,--warn-shared-textrel \
- -Wl,-O1 \
- -Wl,--as-needed
-
-
-LOCAL_LDFLAGS_Release := \
- -Wl,-z,now \
- -Wl,-z,relro \
- -Wl,--fatal-warnings \
- -Wl,-z,noexecstack \
- -fPIC \
- -m64 \
- -fuse-ld=gold \
- -nostdlib \
- -Wl,--no-undefined \
- -Wl,--exclude-libs=ALL \
- -Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections \
- -Wl,--warn-shared-textrel
-
-
-LOCAL_LDFLAGS := $(LOCAL_LDFLAGS_$(GYP_CONFIGURATION))
-
-LOCAL_STATIC_LIBRARIES :=
-
-# Enable grouping to fix circular references
-LOCAL_GROUP_STATIC_LIBRARIES := true
-
LOCAL_SHARED_LIBRARIES := \
libstlport \
libdl
diff --git a/sandbox/win/sandbox_poc/pocdll/fs.cc b/sandbox/win/sandbox_poc/pocdll/fs.cc
index 9a5b2bc..40596af 100644
--- a/sandbox/win/sandbox_poc/pocdll/fs.cc
+++ b/sandbox/win/sandbox_poc/pocdll/fs.cc
@@ -10,11 +10,11 @@
// Tries to open a file and outputs the result.
// "path" can contain environment variables.
// "output" is the stream for the logging.
-void TryOpenFile(wchar_t *path, FILE *output) {
+void TryOpenFile(const wchar_t *path, FILE *output) {
wchar_t path_expanded[MAX_PATH] = {0};
DWORD size = ::ExpandEnvironmentStrings(path, path_expanded, MAX_PATH - 1);
if (!size) {
- fprintf(output, "[ERROR] Cannot expand \"%S\". Error %d.\r\n", path,
+ fprintf(output, "[ERROR] Cannot expand \"%S\". Error %ld.\r\n", path,
::GetLastError());
}
@@ -32,7 +32,7 @@
file);
::CloseHandle(file);
} else {
- fprintf(output, "[BLOCKED] Opening file \"%S\". Error %d.\r\n", path,
+ fprintf(output, "[BLOCKED] Opening file \"%S\". Error %ld.\r\n", path,
::GetLastError());
}
}
diff --git a/sandbox/win/sandbox_poc/pocdll/handles.cc b/sandbox/win/sandbox_poc/pocdll/handles.cc
index 0568484..a12d433 100644
--- a/sandbox/win/sandbox_poc/pocdll/handles.cc
+++ b/sandbox/win/sandbox_poc/pocdll/handles.cc
@@ -20,7 +20,7 @@
// Initialize the NTAPI functions we need
HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll");
if (!ntdll_handle) {
- fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %d\r\n",
+ fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %ld\r\n",
::GetLastError());
return;
}
@@ -33,7 +33,7 @@
GetProcAddress(ntdll_handle, "NtQuerySystemInformation"));
if (!NtQueryObject || !NtQueryInformationFile || !NtQuerySystemInformation) {
- fprintf(output, "[ERROR] Cannot load all NT functions. Error %d\r\n",
+ fprintf(output, "[ERROR] Cannot load all NT functions. Error %ld\r\n",
::GetLastError());
return;
}
@@ -45,7 +45,7 @@
SystemHandleInformation, &temp_info, sizeof(temp_info),
&buffer_size);
if (!buffer_size) {
- fprintf(output, "[ERROR] Get the number of handles. Error 0x%X\r\n",
+ fprintf(output, "[ERROR] Get the number of handles. Error 0x%lX\r\n",
status);
return;
}
@@ -56,7 +56,7 @@
status = NtQuerySystemInformation(SystemHandleInformation, system_handles,
buffer_size, &buffer_size);
if (STATUS_SUCCESS != status) {
- fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%X\r\n",
+ fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%lX\r\n",
status);
delete [] system_handles;
return;
@@ -152,15 +152,15 @@
file_name_string.Buffer = file_name->FileName;
file_name_string.Length = (USHORT)file_name->FileNameLength;
file_name_string.MaximumLength = (USHORT)file_name->FileNameLength;
- fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8X "
- "Type: %-13.13wZ Path: %wZ\r\n",
+ fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8lX "
+ "Type: %-13wZ Path: %wZ\r\n",
h,
system_handles->Information[i].GrantedAccess,
type ? &type->TypeName : NULL,
&file_name_string);
} else {
- fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8X "
- "Type: %-13.13wZ Path: %wZ\r\n",
+ fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8lX "
+ "Type: %-13wZ Path: %wZ\r\n",
h,
system_handles->Information[i].GrantedAccess,
type ? &type->TypeName : NULL,
diff --git a/sandbox/win/sandbox_poc/pocdll/invasive.cc b/sandbox/win/sandbox_poc/pocdll/invasive.cc
index df36612..9ee13b0 100644
--- a/sandbox/win/sandbox_poc/pocdll/invasive.cc
+++ b/sandbox/win/sandbox_poc/pocdll/invasive.cc
@@ -35,11 +35,11 @@
0, // No creation flags
&tid);
if (thread) {
- fprintf(output, "[GRANTED] Creating thread with tid 0x%X\r\n", tid);
+ fprintf(output, "[GRANTED] Creating thread with tid 0x%lX\r\n", tid);
::CloseHandle(thread);
number_errors = 0;
} else {
- fprintf(output, "[BLOCKED] Creating thread. Error %d\r\n",
+ fprintf(output, "[BLOCKED] Creating thread. Error %ld\r\n",
::GetLastError());
number_errors++;
}
@@ -90,10 +90,10 @@
::SetThreadAffinityMask(thread, affinity_mask);
if (::SetThreadPriority(thread, REALTIME_PRIORITY_CLASS)) {
- fprintf(output, "[GRANTED] Set thread(%d) priority to Realtime\r\n",
+ fprintf(output, "[GRANTED] Set thread(%ld) priority to Realtime\r\n",
tid);
} else {
- fprintf(output, "[BLOCKED] Set thread(%d) priority to Realtime\r\n",
+ fprintf(output, "[BLOCKED] Set thread(%ld) priority to Realtime\r\n",
tid);
}
@@ -103,7 +103,7 @@
system_mask = system_mask >> 1;
}
} else {
- fprintf(output, "[ERROR] Cannot get affinity mask. Error %d\r\n",
+ fprintf(output, "[ERROR] Cannot get affinity mask. Error %ld\r\n",
::GetLastError());
}
}
diff --git a/sandbox/win/sandbox_poc/pocdll/processes_and_threads.cc b/sandbox/win/sandbox_poc/pocdll/processes_and_threads.cc
index 0a7503c..03e12ba 100644
--- a/sandbox/win/sandbox_poc/pocdll/processes_and_threads.cc
+++ b/sandbox/win/sandbox_poc/pocdll/processes_and_threads.cc
@@ -17,7 +17,7 @@
HANDLE snapshot = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (INVALID_HANDLE_VALUE == snapshot) {
fprintf(output, "[BLOCKED] Cannot list all processes on the system. "
- "Error %d\r\n", ::GetLastError());
+ "Error %ld\r\n", ::GetLastError());
return;
}
@@ -31,13 +31,13 @@
FALSE, // Do not inherit handle.
process_entry.th32ProcessID);
if (NULL == process) {
- fprintf(output, "[BLOCKED] Found process %S:%d but cannot open it. "
- "Error %d\r\n",
+ fprintf(output, "[BLOCKED] Found process %S:%ld but cannot open it. "
+ "Error %ld\r\n",
process_entry.szExeFile,
process_entry.th32ProcessID,
::GetLastError());
} else {
- fprintf(output, "[GRANTED] Found process %S:%d and open succeeded.\r\n",
+ fprintf(output, "[GRANTED] Found process %S:%ld and open succeeded.\r\n",
process_entry.szExeFile, process_entry.th32ProcessID);
::CloseHandle(process);
}
@@ -47,7 +47,7 @@
DWORD err_code = ::GetLastError();
if (ERROR_NO_MORE_FILES != err_code) {
- fprintf(output, "[ERROR] Error %d while looking at the processes on "
+ fprintf(output, "[ERROR] Error %ld while looking at the processes on "
"the system\r\n", err_code);
}
@@ -61,7 +61,7 @@
HANDLE snapshot = ::CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, NULL);
if (INVALID_HANDLE_VALUE == snapshot) {
fprintf(output, "[BLOCKED] Cannot list all threads on the system. "
- "Error %d\r\n", ::GetLastError());
+ "Error %ld\r\n", ::GetLastError());
return;
}
@@ -80,7 +80,7 @@
nb_failure++;
} else {
nb_success++;
- fprintf(output, "[GRANTED] Found thread %d:%d and able to open it.\r\n",
+ fprintf(output, "[GRANTED] Found thread %ld:%ld and able to open it.\r\n",
thread_entry.th32OwnerProcessID,
thread_entry.th32ThreadID);
::CloseHandle(thread);
@@ -91,7 +91,7 @@
DWORD err_code = ::GetLastError();
if (ERROR_NO_MORE_FILES != err_code) {
- fprintf(output, "[ERROR] Error %d while looking at the processes on "
+ fprintf(output, "[ERROR] Error %ld while looking at the processes on "
"the system\r\n", err_code);
}
diff --git a/sandbox/win/sandbox_poc/pocdll/registry.cc b/sandbox/win/sandbox_poc/pocdll/registry.cc
index 7394ec4..5784db6 100644
--- a/sandbox/win/sandbox_poc/pocdll/registry.cc
+++ b/sandbox/win/sandbox_poc/pocdll/registry.cc
@@ -7,29 +7,12 @@
// This file contains the tests used to verify the security of the registry.
-// Converts an HKEY to a string. This is using the lazy way and works only
-// for the main hives.
-// "key" is the hive to convert to string.
-// The return value is the string corresponding to the hive or "unknown"
-const wchar_t *HKEYToString(const HKEY key) {
- switch (reinterpret_cast<LONG_PTR>(key)) {
- case HKEY_CLASSES_ROOT:
- return L"HKEY_CLASSES_ROOT";
- case HKEY_CURRENT_CONFIG:
- return L"HKEY_CURRENT_CONFIG";
- case HKEY_CURRENT_USER:
- return L"HKEY_CURRENT_USER";
- case HKEY_LOCAL_MACHINE:
- return L"HKEY_LOCAL_MACHINE";
- case HKEY_USERS:
- return L"HKEY_USERS";
- }
- return L"unknown";
-}
-
// Tries to open the key hive\path and outputs the result.
// "output" is the stream used for logging.
-void TryOpenKey(const HKEY hive, const wchar_t *path, FILE *output) {
+void TryOpenKey(const HKEY hive,
+ const wchar_t* hive_name,
+ const wchar_t* path,
+ FILE* output) {
HKEY key;
LONG err_code = ::RegOpenKeyEx(hive,
path,
@@ -37,14 +20,16 @@
MAXIMUM_ALLOWED,
&key);
if (ERROR_SUCCESS == err_code) {
- fprintf(output, "[GRANTED] Opening key \"%S\\%S\". Handle 0x%p\r\n",
- HKEYToString(hive),
+ fprintf(output,
+ "[GRANTED] Opening key \"%S\\%S\". Handle 0x%p\r\n",
+ hive_name,
path,
key);
::RegCloseKey(key);
} else {
- fprintf(output, "[BLOCKED] Opening key \"%S\\%S\". Error %d\r\n",
- HKEYToString(hive),
+ fprintf(output,
+ "[BLOCKED] Opening key \"%S\\%S\". Error %ld\r\n",
+ hive_name,
path,
err_code);
}
@@ -54,10 +39,11 @@
HandleToFile handle2file;
FILE *output = handle2file.Translate(log, "w");
- TryOpenKey(HKEY_LOCAL_MACHINE, NULL, output);
- TryOpenKey(HKEY_CURRENT_USER, NULL, output);
- TryOpenKey(HKEY_USERS, NULL, output);
+ TryOpenKey(HKEY_LOCAL_MACHINE, L"HKEY_LOCAL_MACHINE", NULL, output);
+ TryOpenKey(HKEY_CURRENT_USER, L"HKEY_CURRENT_USER", NULL, output);
+ TryOpenKey(HKEY_USERS, L"HKEY_USERS", NULL, output);
TryOpenKey(HKEY_LOCAL_MACHINE,
+ L"HKEY_LOCAL_MACHINE",
L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon",
output);
}
diff --git a/sandbox/win/sandbox_poc/pocdll/spyware.cc b/sandbox/win/sandbox_poc/pocdll/spyware.cc
index cd75d4f..cf0bd41 100644
--- a/sandbox/win/sandbox_poc/pocdll/spyware.cc
+++ b/sandbox/win/sandbox_poc/pocdll/spyware.cc
@@ -19,7 +19,7 @@
fprintf(output, "[GRANTED] successfully registered hotkey\r\n");
UnregisterHotKey(NULL, 1);
} else {
- fprintf(output, "[BLOCKED] Failed to register hotkey. Error = %d\r\n",
+ fprintf(output, "[BLOCKED] Failed to register hotkey. Error = %ld\r\n",
::GetLastError());
}
@@ -63,6 +63,6 @@
}
}
- fprintf(output, "[BLOCKED] Read pixel on screen. Error = %d\r\n",
+ fprintf(output, "[BLOCKED] Read pixel on screen. Error = %ld\r\n",
::GetLastError());
}
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc
index 895d535..b55fd22 100644
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -457,7 +457,7 @@
base::win::ScopedProcessInformation process_info;
TargetProcess* target = new TargetProcess(initial_token.Take(),
lockdown_token.Take(),
- job,
+ job.Get(),
thread_pool_);
DWORD win_result = target->Create(exe_path, command_line, inherit_handles,
@@ -534,8 +534,8 @@
return SBOX_ERROR_BAD_PARAMS;
if (!::RegisterWaitForSingleObject(
- &peer->wait_object, peer->process, RemovePeer, peer.get(), INFINITE,
- WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD)) {
+ &peer->wait_object, peer->process.Get(), RemovePeer, peer.get(),
+ INFINITE, WT_EXECUTEONLYONCE | WT_EXECUTEINWAITTHREAD)) {
peer_map_.erase(peer->id);
return SBOX_ERROR_GENERIC;
}
diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc
index 33688f0..2d9d36d 100644
--- a/sandbox/win/src/filesystem_interception.cc
+++ b/sandbox/win/src/filesystem_interception.cc
@@ -35,6 +35,7 @@
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
+ wchar_t* name = NULL;
do {
if (!ValidParameter(file, sizeof(HANDLE), WRITE))
break;
@@ -45,7 +46,6 @@
if (NULL == memory)
break;
- wchar_t* name;
uint32 attributes = 0;
NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
NULL);
@@ -69,9 +69,6 @@
ResultCode code = CrossCall(ipc, IPC_NTCREATEFILE_TAG, name, attributes,
desired_access, file_attributes, sharing,
disposition, options, &answer);
-
- operator delete(name, NT_ALLOC);
-
if (SBOX_ALL_OK != code)
break;
@@ -88,6 +85,9 @@
}
} while (false);
+ if (name)
+ operator delete(name, NT_ALLOC);
+
return status;
}
@@ -106,6 +106,7 @@
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
+ wchar_t* name = NULL;
do {
if (!ValidParameter(file, sizeof(HANDLE), WRITE))
break;
@@ -116,7 +117,6 @@
if (NULL == memory)
break;
- wchar_t* name;
uint32 attributes;
NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
NULL);
@@ -137,9 +137,6 @@
CrossCallReturn answer = {0};
ResultCode code = CrossCall(ipc, IPC_NTOPENFILE_TAG, name, attributes,
desired_access, sharing, options, &answer);
-
- operator delete(name, NT_ALLOC);
-
if (SBOX_ALL_OK != code)
break;
@@ -156,6 +153,9 @@
}
} while (false);
+ if (name)
+ operator delete(name, NT_ALLOC);
+
return status;
}
@@ -172,6 +172,7 @@
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
+ wchar_t* name = NULL;
do {
if (!ValidParameter(file_attributes, sizeof(FILE_BASIC_INFORMATION), WRITE))
break;
@@ -180,7 +181,6 @@
if (NULL == memory)
break;
- wchar_t* name = NULL;
uint32 attributes = 0;
NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
NULL);
@@ -212,6 +212,9 @@
} while (false);
+ if (name)
+ operator delete(name, NT_ALLOC);
+
return status;
}
@@ -229,6 +232,7 @@
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
+ wchar_t* name = NULL;
do {
if (!ValidParameter(file_attributes, sizeof(FILE_NETWORK_OPEN_INFORMATION),
WRITE))
@@ -238,7 +242,6 @@
if (NULL == memory)
break;
- wchar_t* name = NULL;
uint32 attributes = 0;
NTSTATUS ret = AllocAndCopyName(object_attributes, &name, &attributes,
NULL);
@@ -269,6 +272,9 @@
return answer.nt_status;
} while (false);
+ if (name)
+ operator delete(name, NT_ALLOC);
+
return status;
}
@@ -286,6 +292,7 @@
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
+ wchar_t* name = NULL;
do {
void* memory = GetGlobalIPCMemory();
if (NULL == memory)
@@ -315,7 +322,6 @@
break;
}
- wchar_t* name;
NTSTATUS ret = AllocAndCopyName(&object_attributes, &name, NULL, NULL);
if (!NT_SUCCESS(ret) || !name)
break;
@@ -345,6 +351,9 @@
status = answer.nt_status;
} while (false);
+ if (name)
+ operator delete(name, NT_ALLOC);
+
return status;
}
diff --git a/sandbox/win/src/handle_closer_test.cc b/sandbox/win/src/handle_closer_test.cc
index 2082baa..2f5890d 100644
--- a/sandbox/win/src/handle_closer_test.cc
+++ b/sandbox/win/src/handle_closer_test.cc
@@ -29,9 +29,9 @@
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL));
CHECK(module.IsValid());
FILETIME timestamp;
- CHECK(::GetFileTime(module, ×tamp, NULL, NULL));
+ CHECK(::GetFileTime(module.Get(), ×tamp, NULL, NULL));
marker_path += base::StringPrintf(L"%08x%08x%08x",
- ::GetFileSize(module, NULL),
+ ::GetFileSize(module.Get(), NULL),
timestamp.dwLowDateTime,
timestamp.dwHighDateTime);
marker_path += extension;
@@ -115,7 +115,7 @@
base::string16 handle_name;
base::win::ScopedHandle marker(GetMarkerFile(kFileExtensions[i]));
CHECK(marker.IsValid());
- CHECK(sandbox::GetHandleName(marker, &handle_name));
+ CHECK(sandbox::GetHandleName(marker.Get(), &handle_name));
command += (L" ");
command += handle_name;
}
@@ -135,7 +135,7 @@
base::string16 handle_name;
base::win::ScopedHandle marker(GetMarkerFile(kFileExtensions[i]));
CHECK(marker.IsValid());
- CHECK(sandbox::GetHandleName(marker, &handle_name));
+ CHECK(sandbox::GetHandleName(marker.Get(), &handle_name));
CHECK_EQ(policy->AddKernelObjectToClose(L"File", handle_name.c_str()),
SBOX_ALL_OK);
command += (L" ");
diff --git a/sandbox/win/src/handle_dispatcher.cc b/sandbox/win/src/handle_dispatcher.cc
index fda7aac..02d0034 100644
--- a/sandbox/win/src/handle_dispatcher.cc
+++ b/sandbox/win/src/handle_dispatcher.cc
@@ -65,7 +65,7 @@
reinterpret_cast<OBJECT_TYPE_INFORMATION*>(buffer);
ULONG size = sizeof(buffer) - sizeof(wchar_t);
NTSTATUS error =
- QueryObject(handle, ObjectTypeInformation, type_info, size, &size);
+ QueryObject(handle.Get(), ObjectTypeInformation, type_info, size, &size);
if (!NT_SUCCESS(error)) {
ipc->return_info.nt_status = error;
return false;
@@ -79,7 +79,7 @@
EvalResult eval = policy_base_->EvalPolicy(IPC_DUPLICATEHANDLEPROXY_TAG,
params.GetBase());
ipc->return_info.win32_result =
- HandlePolicy::DuplicateHandleProxyAction(eval, handle,
+ HandlePolicy::DuplicateHandleProxyAction(eval, handle.Get(),
target_process_id,
&ipc->return_info.handle,
desired_access, options);
diff --git a/sandbox/win/src/handle_inheritance_test.cc b/sandbox/win/src/handle_inheritance_test.cc
index 6dceee6..8074c41 100644
--- a/sandbox/win/src/handle_inheritance_test.cc
+++ b/sandbox/win/src/handle_inheritance_test.cc
@@ -4,7 +4,7 @@
#include <stdio.h>
-#include "base/file_util.h"
+#include "base/files/file_util.h"
#include "base/win/windows_version.h"
#include "sandbox/win/tests/common/controller.h"
#include "testing/gtest/include/gtest/gtest.h"
diff --git a/sandbox/win/src/handle_policy_test.cc b/sandbox/win/src/handle_policy_test.cc
index 99b1717..11382da 100644
--- a/sandbox/win/src/handle_policy_test.cc
+++ b/sandbox/win/src/handle_policy_test.cc
@@ -39,7 +39,7 @@
HANDLE handle = NULL;
ResultCode result = SandboxFactory::GetTargetServices()->DuplicateHandle(
- test_event, target_process_id, &handle, 0, DUPLICATE_SAME_ACCESS);
+ test_event.Get(), target_process_id, &handle, 0, DUPLICATE_SAME_ACCESS);
return (result == SBOX_ALL_OK) ? SBOX_TEST_SUCCEEDED : SBOX_TEST_DENIED;
}
diff --git a/sandbox/win/src/process_thread_policy.cc b/sandbox/win/src/process_thread_policy.cc
index f2029ba..0653591 100644
--- a/sandbox/win/src/process_thread_policy.cc
+++ b/sandbox/win/src/process_thread_policy.cc
@@ -124,7 +124,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
}
@@ -156,7 +155,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
}
@@ -182,7 +180,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
}
@@ -208,7 +205,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
}
diff --git a/sandbox/win/src/resolver_32.cc b/sandbox/win/src/resolver_32.cc
index e5d7be3..a591a8b 100644
--- a/sandbox/win/src/resolver_32.cc
+++ b/sandbox/win/src/resolver_32.cc
@@ -4,6 +4,10 @@
#include "sandbox/win/src/resolver.h"
+// For placement new. This file must not depend on the CRT at runtime, but
+// placement operator new is inline.
+#include <new>
+
#include "sandbox/win/src/sandbox_nt_util.h"
namespace {
@@ -62,7 +66,7 @@
if (storage_bytes < sizeof(InternalThunk))
return false;
- InternalThunk* thunk = new(storage, NT_PLACE) InternalThunk;
+ InternalThunk* thunk = new(storage) InternalThunk;
#pragma warning(push)
#pragma warning(disable: 4311)
diff --git a/sandbox/win/src/resolver_64.cc b/sandbox/win/src/resolver_64.cc
index ca58b20..8b2cc53 100644
--- a/sandbox/win/src/resolver_64.cc
+++ b/sandbox/win/src/resolver_64.cc
@@ -4,6 +4,10 @@
#include "sandbox/win/src/resolver.h"
+// For placement new. This file must not depend on the CRT at runtime, but
+// placement operator new is inline.
+#include <new>
+
#include "sandbox/win/src/sandbox_nt_util.h"
namespace {
@@ -53,7 +57,7 @@
if (storage_bytes < sizeof(InternalThunk))
return false;
- InternalThunk* thunk = new(storage, NT_PLACE) InternalThunk;
+ InternalThunk* thunk = new(storage) InternalThunk;
thunk->interceptor_function = reinterpret_cast<ULONG_PTR>(interceptor);
return true;
diff --git a/sandbox/win/src/sandbox_nt_types.h b/sandbox/win/src/sandbox_nt_types.h
index 46820cf..a4a88bb 100644
--- a/sandbox/win/src/sandbox_nt_types.h
+++ b/sandbox/win/src/sandbox_nt_types.h
@@ -37,7 +37,6 @@
// This is the value used for the ntdll level allocator.
enum AllocationType {
NT_ALLOC,
- NT_PLACE,
NT_PAGE
};
diff --git a/sandbox/win/src/sandbox_nt_util.cc b/sandbox/win/src/sandbox_nt_util.cc
index ed1d908..28ddd47 100644
--- a/sandbox/win/src/sandbox_nt_util.cc
+++ b/sandbox/win/src/sandbox_nt_util.cc
@@ -547,17 +547,23 @@
void* near_to) {
using namespace sandbox;
+ void* result = NULL;
if (NT_ALLOC == type) {
- if (!InitHeap())
- return NULL;
-
- // Use default flags for the allocation.
- return g_nt.RtlAllocateHeap(sandbox::g_heap, 0, size);
+ if (InitHeap()) {
+ // Use default flags for the allocation.
+ result = g_nt.RtlAllocateHeap(sandbox::g_heap, 0, size);
+ }
} else if (NT_PAGE == type) {
- return AllocateNearTo(near_to, size);
+ result = AllocateNearTo(near_to, size);
+ } else {
+ NOTREACHED_NT();
}
- NOTREACHED_NT();
- return NULL;
+
+ // TODO: Returning NULL from operator new has undefined behavior, but
+ // the Allocate() functions called above can return NULL. Consider checking
+ // for NULL here and crashing or throwing.
+
+ return result;
}
void operator delete(void* memory, sandbox::AllocationType type) {
diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index 7b9262b..4604bfd 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -373,85 +373,16 @@
return SBOX_ALL_OK;
}
-ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics,
+ResultCode PolicyBase::AddRule(SubSystem subsystem,
+ Semantics semantics,
const wchar_t* pattern) {
- if (NULL == policy_) {
- policy_ = MakeBrokerPolicyMemory();
- DCHECK(policy_);
- policy_maker_ = new LowLevelPolicy(policy_);
- DCHECK(policy_maker_);
- }
-
- switch (subsystem) {
- case SUBSYS_FILES: {
- if (!file_system_init_) {
- if (!FileSystemPolicy::SetInitialRules(policy_maker_))
- return SBOX_ERROR_BAD_PARAMS;
- file_system_init_ = true;
- }
- if (!FileSystemPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
- case SUBSYS_SYNC: {
- if (!SyncPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
- case SUBSYS_PROCESS: {
- if (lockdown_level_ < USER_INTERACTIVE &&
- TargetPolicy::PROCESS_ALL_EXEC == semantics) {
- // This is unsupported. This is a huge security risk to give full access
- // to a process handle.
- return SBOX_ERROR_UNSUPPORTED;
- }
- if (!ProcessPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
- case SUBSYS_NAMED_PIPES: {
- if (!NamedPipePolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
- case SUBSYS_REGISTRY: {
- if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
- case SUBSYS_HANDLES: {
- if (!HandlePolicy::GenerateRules(pattern, semantics, policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
-
- case SUBSYS_WIN32K_LOCKDOWN: {
- if (!ProcessMitigationsWin32KLockdownPolicy::GenerateRules(
- pattern, semantics,policy_maker_)) {
- NOTREACHED();
- return SBOX_ERROR_BAD_PARAMS;
- }
- break;
- }
-
- default: {
- return SBOX_ERROR_UNSUPPORTED;
- }
- }
-
- return SBOX_ALL_OK;
+ ResultCode result = AddRuleInternal(subsystem, semantics, pattern);
+ LOG_IF(ERROR, result != SBOX_ALL_OK) << "Failed to add sandbox rule."
+ << " error = " << result
+ << ", subsystem = " << subsystem
+ << ", semantics = " << semantics
+ << ", pattern = '" << pattern << "'";
+ return result;
}
ResultCode PolicyBase::AddDllToUnload(const wchar_t* dll_name) {
@@ -735,4 +666,84 @@
return handle_closer_.InitializeTargetHandles(target);
}
+ResultCode PolicyBase::AddRuleInternal(SubSystem subsystem,
+ Semantics semantics,
+ const wchar_t* pattern) {
+ if (NULL == policy_) {
+ policy_ = MakeBrokerPolicyMemory();
+ DCHECK(policy_);
+ policy_maker_ = new LowLevelPolicy(policy_);
+ DCHECK(policy_maker_);
+ }
+
+ switch (subsystem) {
+ case SUBSYS_FILES: {
+ if (!file_system_init_) {
+ if (!FileSystemPolicy::SetInitialRules(policy_maker_))
+ return SBOX_ERROR_BAD_PARAMS;
+ file_system_init_ = true;
+ }
+ if (!FileSystemPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+ case SUBSYS_SYNC: {
+ if (!SyncPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+ case SUBSYS_PROCESS: {
+ if (lockdown_level_ < USER_INTERACTIVE &&
+ TargetPolicy::PROCESS_ALL_EXEC == semantics) {
+ // This is unsupported. This is a huge security risk to give full access
+ // to a process handle.
+ return SBOX_ERROR_UNSUPPORTED;
+ }
+ if (!ProcessPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+ case SUBSYS_NAMED_PIPES: {
+ if (!NamedPipePolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+ case SUBSYS_REGISTRY: {
+ if (!RegistryPolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+ case SUBSYS_HANDLES: {
+ if (!HandlePolicy::GenerateRules(pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+
+ case SUBSYS_WIN32K_LOCKDOWN: {
+ if (!ProcessMitigationsWin32KLockdownPolicy::GenerateRules(
+ pattern, semantics, policy_maker_)) {
+ NOTREACHED();
+ return SBOX_ERROR_BAD_PARAMS;
+ }
+ break;
+ }
+
+ default: { return SBOX_ERROR_UNSUPPORTED; }
+ }
+
+ return SBOX_ALL_OK;
+}
+
} // namespace sandbox
diff --git a/sandbox/win/src/sandbox_policy_base.h b/sandbox/win/src/sandbox_policy_base.h
index 952df0d..9ba8d27 100644
--- a/sandbox/win/src/sandbox_policy_base.h
+++ b/sandbox/win/src/sandbox_policy_base.h
@@ -115,6 +115,10 @@
// Sets up the handle closer for a new target.
bool SetupHandleCloser(TargetProcess* target);
+ ResultCode AddRuleInternal(SubSystem subsystem,
+ Semantics semantics,
+ const wchar_t* pattern);
+
// This lock synchronizes operations on the targets_ collection.
CRITICAL_SECTION lock_;
// Maintains the list of target process associated with this policy.
diff --git a/sandbox/win/src/sync_policy_test.cc b/sandbox/win/src/sync_policy_test.cc
index ced5498..5368943 100644
--- a/sandbox/win/src/sync_policy_test.cc
+++ b/sandbox/win/src/sync_policy_test.cc
@@ -25,7 +25,7 @@
desired_access, FALSE, argv[1]));
DWORD error_open = ::GetLastError();
- if (event_open.Get())
+ if (event_open.IsValid())
return SBOX_TEST_SUCCEEDED;
if (ERROR_ACCESS_DENIED == error_open ||
@@ -57,7 +57,7 @@
if (event_name)
event_open.Set(::OpenEvent(EVENT_ALL_ACCESS, FALSE, event_name));
- if (event_create.Get()) {
+ if (event_create.IsValid()) {
DWORD wait = ::WaitForSingleObject(event_create.Get(), 0);
if (initial_state && WAIT_OBJECT_0 != wait)
return SBOX_TEST_FAILED;
@@ -68,10 +68,11 @@
if (event_name) {
// Both event_open and event_create have to be valid.
- if (event_open.Get() && event_create)
+ if (event_open.IsValid() && event_create.IsValid())
return SBOX_TEST_SUCCEEDED;
- if (event_open.Get() && !event_create || !event_open.Get() && event_create)
+ if (event_open.IsValid() && !event_create.IsValid() ||
+ !event_open.IsValid() && event_create.IsValid())
return SBOX_TEST_FAILED;
} else {
// Only event_create has to be valid.
diff --git a/sandbox/win/src/target_process.cc b/sandbox/win/src/target_process.cc
index 5f73adc..fea52b2 100644
--- a/sandbox/win/src/target_process.cc
+++ b/sandbox/win/src/target_process.cc
@@ -132,7 +132,7 @@
}
PROCESS_INFORMATION temp_process_info = {};
- if (!::CreateProcessAsUserW(lockdown_token_,
+ if (!::CreateProcessAsUserW(lockdown_token_.Get(),
exe_path,
cmd_line.get(),
NULL, // No security attribute.
@@ -164,7 +164,7 @@
// impersonation token with more rights. This allows the target to start;
// otherwise it will crash too early for us to help.
HANDLE temp_thread = process_info.thread_handle();
- if (!::SetThreadToken(&temp_thread, initial_token_)) {
+ if (!::SetThreadToken(&temp_thread, initial_token_.Get())) {
win_result = ::GetLastError();
// It might be a security breach if we let the target run outside the job
// so kill it before it causes damage.
@@ -261,13 +261,13 @@
DWORD access = FILE_MAP_READ | FILE_MAP_WRITE;
HANDLE target_shared_section;
- if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_,
+ if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_.Get(),
sandbox_process_info_.process_handle(),
&target_shared_section, access, FALSE, 0)) {
return ::GetLastError();
}
- void* shared_memory = ::MapViewOfFile(shared_section_,
+ void* shared_memory = ::MapViewOfFile(shared_section_.Get(),
FILE_MAP_WRITE|FILE_MAP_READ,
0, 0, 0);
if (NULL == shared_memory) {
diff --git a/sandbox/win/tests/common/controller.cc b/sandbox/win/tests/common/controller.cc
index 8d355b6..bdf9627 100644
--- a/sandbox/win/tests/common/controller.cc
+++ b/sandbox/win/tests/common/controller.cc
@@ -129,8 +129,8 @@
}
TestRunner::~TestRunner() {
- if (target_process_ && kill_on_destruction_)
- ::TerminateProcess(target_process_, 0);
+ if (target_process_.IsValid() && kill_on_destruction_)
+ ::TerminateProcess(target_process_.Get(), 0);
if (policy_)
policy_->Release();
@@ -195,8 +195,8 @@
return SBOX_TEST_FAILED_TO_RUN_TEST;
// For simplicity TestRunner supports only one process per instance.
- if (target_process_) {
- if (IsProcessRunning(target_process_))
+ if (target_process_.IsValid()) {
+ if (IsProcessRunning(target_process_.Get()))
return SBOX_TEST_FAILED_TO_RUN_TEST;
target_process_.Close();
target_process_id_ = 0;
diff --git a/sandbox/win/tests/common/controller.h b/sandbox/win/tests/common/controller.h
index 03bfa30..a6498ed 100644
--- a/sandbox/win/tests/common/controller.h
+++ b/sandbox/win/tests/common/controller.h
@@ -119,7 +119,7 @@
BrokerServices* broker() { return broker_; }
// Returns the process handle for an asynchronous test.
- HANDLE process() { return target_process_; }
+ HANDLE process() { return target_process_.Get(); }
// Returns the process ID for an asynchronous test.
DWORD process_id() { return target_process_id_; }
diff --git a/sandbox/win/tests/validation_tests/commands.cc b/sandbox/win/tests/validation_tests/commands.cc
index 45717b4..f64465a 100644
--- a/sandbox/win/tests/validation_tests/commands.cc
+++ b/sandbox/win/tests/validation_tests/commands.cc
@@ -267,7 +267,7 @@
DACL_SECURITY_INFORMATION, NULL, NULL,
NULL, NULL);
::CloseHandle(test_handle);
- if (result != ERROR_ACCESS_DENIED) {
+ if (result == ERROR_SUCCESS) {
return SBOX_TEST_SUCCEEDED;
}
} else if (::GetLastError() != ERROR_ACCESS_DENIED) {