Move code away from libminijail.c.
The file has over 2000 lines. Move code to other files as it makes
sense.
Bug: 30662698
Change-Id: Iad3c4a5b2327a4c6956a837a08eb880c7edd7b03
diff --git a/libminijail.c b/libminijail.c
index 1741ea0..16c3703 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -32,7 +32,6 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/user.h>
-#include <sys/utsname.h>
#include <sys/wait.h>
#include <unistd.h>
@@ -209,32 +208,6 @@
/* Note, |pids| will already have been used before this call. */
}
-/* Returns true if the kernel version is less than 3.8. */
-int seccomp_kernel_support_not_required()
-{
- int major, minor;
- struct utsname uts;
- return (uname(&uts) != -1 &&
- sscanf(uts.release, "%d.%d", &major, &minor) == 2 &&
- ((major < 3) || ((major == 3) && (minor < 8))));
-}
-
-/* Allow seccomp soft-fail on Android devices with kernel version < 3.8. */
-int can_softfail()
-{
-#if SECCOMP_SOFTFAIL
- if (is_android()) {
- if (seccomp_kernel_support_not_required())
- return 1;
- else
- return 0;
- } else {
- return 1;
- }
-#endif
- return 0;
-}
-
/* Minijail API. */
struct minijail API *minijail_new(void)
@@ -538,20 +511,6 @@
return 0;
}
-static char *append_external_path(const char *external_path,
- const char *path_inside_chroot)
-{
- char *path;
- size_t pathlen;
-
- /* One extra char for '/' and one for '\0', hence + 2. */
- pathlen = strlen(path_inside_chroot) + strlen(external_path) + 2;
- path = malloc(pathlen);
- snprintf(path, pathlen, "%s/%s", external_path, path_inside_chroot);
-
- return path;
-}
-
char API *minijail_get_original_path(struct minijail *j,
const char *path_inside_chroot)
{
@@ -581,14 +540,14 @@
if (!strncmp(b->dest, path_inside_chroot, strlen(b->dest))) {
const char *relative_path =
path_inside_chroot + strlen(b->dest);
- return append_external_path(b->src, relative_path);
+ return path_join(b->src, relative_path);
}
b = b->next;
}
/* If there is a chroot path, append |path_inside_chroot| to that. */
if (j->chrootdir)
- return append_external_path(j->chrootdir, path_inside_chroot);
+ return path_join(j->chrootdir, path_inside_chroot);
/* No chroot, so the path outside is the same as it is inside. */
return strdup(path_inside_chroot);
@@ -693,7 +652,7 @@
void API minijail_parse_seccomp_filters(struct minijail *j, const char *path)
{
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL)) {
- if ((errno == EINVAL) && can_softfail()) {
+ if ((errno == EINVAL) && seccomp_can_softfail()) {
warn("not loading seccomp filter,"
" seccomp not supported");
j->flags.seccomp_filter = 0;
@@ -757,8 +716,7 @@
state->total += length;
}
-static void minijail_marshal_mount(struct marshal_state *state,
- const struct mountpoint *m)
+void marshal_mount(struct marshal_state *state, const struct mountpoint *m)
{
marshal_append(state, m->src, strlen(m->src) + 1);
marshal_append(state, m->dest, strlen(m->dest) + 1);
@@ -794,7 +752,7 @@
fp->len * sizeof(struct sock_filter));
}
for (m = j->mounts_head; m; m = m->next) {
- minijail_marshal_mount(state, m);
+ marshal_mount(state, m);
}
for (i = 0; i < j->cgroup_count; ++i)
marshal_append(state, j->cgroups[i], strlen(j->cgroups[i]) + 1);
@@ -816,40 +774,6 @@
return (state.total > available);
}
-/*
- * consumebytes: consumes @length bytes from a buffer @buf of length @buflength
- * @length Number of bytes to consume
- * @buf Buffer to consume from
- * @buflength Size of @buf
- *
- * Returns a pointer to the base of the bytes, or NULL for errors.
- */
-void *consumebytes(size_t length, char **buf, size_t *buflength)
-{
- char *p = *buf;
- if (length > *buflength)
- return NULL;
- *buf += length;
- *buflength -= length;
- return p;
-}
-
-/*
- * consumestr: consumes a C string from a buffer @buf of length @length
- * @buf Buffer to consume
- * @length Length of buffer
- *
- * Returns a pointer to the base of the string, or NULL for errors.
- */
-char *consumestr(char **buf, size_t *buflength)
-{
- size_t len = strnlen(*buf, *buflength);
- if (len == *buflength)
- /* There's no null-terminator. */
- return NULL;
- return consumebytes(len + 1, buf, buflength);
-}
-
int minijail_unmarshal(struct minijail *j, char *serialized, size_t length)
{
size_t i;
@@ -1087,10 +1011,11 @@
}
/*
- * Make sure the mount target exists. Create it if needed and possible.
+ * setup_mount_destination: Ensures the mount target exists.
+ * Creates it if needed and possible.
*/
-static int setup_mount_destination(const char *source, const char *dest,
- uid_t uid, uid_t gid)
+int setup_mount_destination(const char *source, const char *dest, uid_t uid,
+ uid_t gid)
{
int rc;
struct stat st_buf;
@@ -1478,7 +1403,7 @@
if (j->flags.seccomp_filter) {
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER,
j->filter_prog)) {
- if ((errno == EINVAL) && can_softfail()) {
+ if ((errno == EINVAL) && seccomp_can_softfail()) {
warn("seccomp not supported");
return;
}
@@ -1628,7 +1553,7 @@
* privilege-dropping syscalls :)
*/
if (j->flags.seccomp && prctl(PR_SET_SECCOMP, 1)) {
- if ((errno == EINVAL) && can_softfail()) {
+ if ((errno == EINVAL) && seccomp_can_softfail()) {
warn("seccomp not supported");
return;
}
diff --git a/syscall_filter.c b/syscall_filter.c
index b8ce461..b0dae77 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -17,6 +17,21 @@
#define ONE_INSTR 1
#define TWO_INSTRS 2
+int seccomp_can_softfail()
+{
+#if SECCOMP_SOFTFAIL
+ if (is_android()) {
+ if (kernel_lessthan_3_8())
+ return 1;
+ else
+ return 0;
+ } else {
+ return 1;
+ }
+#endif
+ return 0;
+}
+
int str_to_op(const char *op_str)
{
if (!strcmp(op_str, "==")) {
diff --git a/syscall_filter.h b/syscall_filter.h
index 4790d9f..159cb30 100644
--- a/syscall_filter.h
+++ b/syscall_filter.h
@@ -34,4 +34,9 @@
size_t index, size_t cap);
void free_block_list(struct filter_block *head);
+/*
+ * Seccomp can soft-fail on Android devices with kernel version < 3.8.
+ */
+int seccomp_can_softfail();
+
#endif /* SYSCALL_FILTER_H */
diff --git a/util.c b/util.c
index 3de8eb7..b77de37 100644
--- a/util.c
+++ b/util.c
@@ -6,6 +6,7 @@
#include <ctype.h>
#include <stdio.h>
#include <string.h>
+#include <sys/utsname.h>
#include "util.h"
@@ -61,8 +62,6 @@
const size_t log_syscalls_len = sizeof(log_syscalls)/sizeof(log_syscalls[0]);
-long int parse_single_constant(char *constant_str, char **endptr);
-
int lookup_syscall(const char *name)
{
const struct syscall_entry *entry = syscall_table;
@@ -81,6 +80,21 @@
return NULL;
}
+long int parse_single_constant(char *constant_str, char **endptr)
+{
+ const struct constant_entry *entry = constant_table;
+ for (; entry->name; ++entry) {
+ if (!strcmp(entry->name, constant_str)) {
+ if (endptr)
+ *endptr = constant_str + strlen(constant_str);
+
+ return entry->value;
+ }
+ }
+
+ return strtol(constant_str, endptr, 0);
+}
+
long int parse_constant(char *constant_str, char **endptr)
{
long int value = 0;
@@ -111,21 +125,6 @@
return value;
}
-long int parse_single_constant(char *constant_str, char **endptr)
-{
- const struct constant_entry *entry = constant_table;
- for (; entry->name; ++entry) {
- if (!strcmp(entry->name, constant_str)) {
- if (endptr)
- *endptr = constant_str + strlen(constant_str);
-
- return entry->value;
- }
- }
-
- return strtol(constant_str, endptr, 0);
-}
-
char *strip(char *s)
{
char *end;
@@ -187,3 +186,44 @@
return ret;
}
+
+int kernel_lessthan_3_8()
+{
+ int major, minor;
+ struct utsname uts;
+ return (uname(&uts) != -1 &&
+ sscanf(uts.release, "%d.%d", &major, &minor) == 2 &&
+ ((major < 3) || ((major == 3) && (minor < 8))));
+}
+
+char *path_join(const char *external_path, const char *internal_path)
+{
+ char *path;
+ size_t pathlen;
+
+ /* One extra char for '/' and one for '\0', hence + 2. */
+ pathlen = strlen(external_path) + strlen(internal_path) + 2;
+ path = malloc(pathlen);
+ snprintf(path, pathlen, "%s/%s", external_path, internal_path);
+
+ return path;
+}
+
+void *consumebytes(size_t length, char **buf, size_t *buflength)
+{
+ char *p = *buf;
+ if (length > *buflength)
+ return NULL;
+ *buf += length;
+ *buflength -= length;
+ return p;
+}
+
+char *consumestr(char **buf, size_t *buflength)
+{
+ size_t len = strnlen(*buf, *buflength);
+ if (len == *buflength)
+ /* There's no null-terminator. */
+ return NULL;
+ return consumebytes(len + 1, buf, buflength);
+}
diff --git a/util.h b/util.h
index 78feb52..16a1a72 100644
--- a/util.h
+++ b/util.h
@@ -54,8 +54,33 @@
int lookup_syscall(const char *name);
const char *lookup_syscall_name(int nr);
+
long int parse_constant(char *constant_str, char **endptr);
+
char *strip(char *s);
char *tokenize(char **stringp, const char *delim);
+int kernel_lessthan_3_8();
+
+char *path_join(const char *external_path, const char *internal_path);
+
+/*
+ * consumebytes: consumes @length bytes from a buffer @buf of length @buflength
+ * @length Number of bytes to consume
+ * @buf Buffer to consume from
+ * @buflength Size of @buf
+ *
+ * Returns a pointer to the base of the bytes, or NULL for errors.
+ */
+void *consumebytes(size_t length, char **buf, size_t *buflength);
+
+/*
+ * consumestr: consumes a C string from a buffer @buf of length @length
+ * @buf Buffer to consume
+ * @length Length of buffer
+ *
+ * Returns a pointer to the base of the string, or NULL for errors.
+ */
+char *consumestr(char **buf, size_t *buflength);
+
#endif /* _UTIL_H_ */