Add a libsanitizer API __sanitizer_sandbox_on_notify(void* reserved), which should be used by

the client programs to notify the tools that sandboxing is about to be turned on. llvm-svn: 169732
2012-12-10 13:10:40 +00:00 · 2012-12-10 13:10:40 +00:00 · 1746f555ee
parent 0f58558101
commit 1746f555ee
6 changed files with 29 additions and 0 deletions
--- a/compiler-rt/include/sanitizer/common_interface_defs.h
+++ b/compiler-rt/include/sanitizer/common_interface_defs.h
@ -81,6 +81,12 @@ extern "C" {
  // stderr.
  void __sanitizer_set_report_fd(int fd)
      SANITIZER_INTERFACE_ATTRIBUTE;
+
+  // Notify the tools that the sandbox is going to be turned on. The reserved
+  // parameter will be used in the future to hold a structure with functions
+  // that the tools may call to bypass the sandbox.
+  void __sanitizer_sandbox_on_notify(void *reserved)
+      SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE;
 }  // extern "C"

 #endif  // SANITIZER_COMMON_INTERFACE_DEFS_H
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common.cc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common.cc
@ -201,4 +201,10 @@ void __sanitizer_set_report_fd(int fd) {
    internal_close(report_fd);
  report_fd = fd;
 }
+
+void NOINLINE __sanitizer_sandbox_on_notify(void *reserved) {
+  (void)reserved;
+  PrepareForSandboxing();
+}
+
 }  // extern "C"
--- a/compiler-rt/lib/sanitizer_common/sanitizer_common.h
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common.h
@ -123,6 +123,7 @@ const char *GetPwd();
 void ReExec();
 bool StackSizeIsUnlimited();
 void SetStackSizeLimitInBytes(uptr limit);
+void PrepareForSandboxing();

 // Other
 void SleepForSeconds(int seconds);
--- a/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_linux.cc
@ -218,6 +218,14 @@ void ReExec() {
  execv(argv[0], argv.data());
 }

+void PrepareForSandboxing() {
+  // Some kinds of sandboxes may forbid filesystem access, so we won't be able
+  // to read the file mappings from /proc/self/maps. Luckily, neither the
+  // process will be able to load additional libraries, so it's fine to use the
+  // cached mappings.
+  MemoryMappingLayout::CacheMemoryMappings();
+}
+
 // ----------------- sanitizer_procmaps.h
 // Linker initialized.
 ProcSelfMapsBuff MemoryMappingLayout::cached_proc_self_maps_;
--- a/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_mac.cc
@ -126,6 +126,10 @@ void ReExec() {
  UNIMPLEMENTED();
 }

+void PrepareForSandboxing() {
+  // Nothing here for now.
+}
+
 // ----------------- sanitizer_procmaps.h

 MemoryMappingLayout::MemoryMappingLayout() {
--- a/compiler-rt/lib/sanitizer_common/sanitizer_win.cc
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_win.cc
@ -129,6 +129,10 @@ void ReExec() {
  UNIMPLEMENTED();
 }

+void PrepareForSandboxing() {
+  // Nothing here for now.
+}
+
 bool StackSizeIsUnlimited() {
  UNIMPLEMENTED();
 }