Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / fe4a372685f30fe7d0f30da2a46cc096f418c359^! / . / libminijailpreload.c
commitfe4a372685f30fe7d0f30da2a46cc096f418c359[log] [tgz]
authorWill Drewry <wad@chromium.org>Fri Sep 16 14:50:50 2011 -0500
committerWill Drewry <wad@chromium.org>Fri Sep 23 12:46:16 2011 -0700
tree6ce853bf73aa17e1aef5ac3398c136ac2458b26b
parent2ddaad07d7c54e370353abfa05efe2661898b428 [diff] [blame]
libminijail: move over to using marshalled binary for preload

Move libminijail and libminijailpreload over to using the marshalling
helper functions and add to/from_fd.  The format itself is not terribly
robust, but we can change it underneath the functions in the future
(or move struct minijail to a protobuf :).

These changes lay the groundwork for sending seccomp_filter policy. A
subsequent change will implement that and disable use in the parent.

BUG=chromium-os:19459
TEST=tested as per previous commits:
     minijail0 -[pvrcuGg] -- /bin/cat /proc/self/status
     .. /bin/ps aux
     .. /bin/bash -c 'env'

Change-Id: I565816611b31ce49f85fee2241c55a3328d7b770
Reviewed-on: http://gerrit.chromium.org/gerrit/7892
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>

diff --git a/libminijailpreload.c b/libminijailpreload.c
index a4970bc..fb74e93 100644
--- a/libminijailpreload.c
+++ b/libminijailpreload.c

@@ -34,11 +34,6 @@
       envp[i][0] = '\0';
 }
 
-static void splitarg(char *str, char **key, char **val) {
-  *key = strsep(&str, "=");
-  *val = strsep(&str, "");
-}
-
 /** @brief Fake main(), spliced in before the real call to main() by
  *         __libc_start_main (see below).
  *  We get serialized commands from our invoking process over an fd specified
@@ -48,10 +43,7 @@
  */
 static int fake_main(int argc, char **argv, char **envp) {
   char *fd_name = getenv(kFdEnvVar);
-  char *arg = NULL;
-  size_t arg_len;
   int fd = -1;
-  FILE *args;
   struct minijail *j;
   if (geteuid() != getuid() || getegid() != getgid())
     /* If we didn't do this check, an attacker could set kFdEnvVar for
@@ -64,43 +56,20 @@
   fd = atoi(fd_name);
   if (fd < 0)
     return MINIJAIL_ERR_PRELOAD;
-  args = fdopen(fd, "r");
-  if (!args)
-    return MINIJAIL_ERR_PRELOAD;
 
   j = minijail_new();
   if (!j)
     die("preload: out of memory");
-  while (getline(&arg, &arg_len, args) > 0) {
-    char *key, *val;
-    unsigned long v;
-    splitarg(arg, &key, &val);
-    if (!strcmp(arg, "eom\n")) {
-      break;
-    } else if (!strcmp(key, "caps")) {
-      v = strtoul(val, NULL, 16);
-      minijail_use_caps(j, v);
-    } else if (!strcmp(key, "ptrace")) {
-      minijail_disable_ptrace(j);
-    } else if (!strcmp(key, "uid")) {
-      v = atoi(val);
-      minijail_change_uid(j, v);
-    } else if (!strcmp(key, "gid")) {
-      v = atoi(val);
-      minijail_change_gid(j, v);
-    } else if (!strcmp(key, "seccomp")) {
-      minijail_use_seccomp(j);
-    }
-    free(arg);
-    arg = NULL;
-  }
-  if (!feof(args) && ferror(args))
-    die("preload: unexpected failure during unmarshalling");
-  fclose(args);
+  if (minijail_from_fd(fd, j))
+    die("preload: failed to parse minijail from parent");
+  close(fd);
+
   /* TODO(ellyjones): this trashes existing preloads, so one can't do:
    * LD_PRELOAD="/tmp/test.so libminijailpreload.so" prog; the descendants of
    * prog will have no LD_PRELOAD set at all. */
   unset_in_env(envp, kLdPreloadEnvVar);
+  /* Strip out flags meant for the parent. */
+  minijail_preenter(j);
   minijail_enter(j);
   minijail_destroy(j);
   dlclose(libc_handle);