forked from OSchip/llvm-project
Add a libsanitizer API __sanitizer_sandbox_on_notify(void* reserved), which should be used by
the client programs to notify the tools that sandboxing is about to be turned on. llvm-svn: 169732
This commit is contained in:
Alexander Potapenko
parent
0f58558101
commit
1746f555ee
|
|
@ -81,6 +81,12 @@ extern "C" {
|
||||||
// stderr.
|
// stderr.
|
||||||
void __sanitizer_set_report_fd(int fd)
|
void __sanitizer_set_report_fd(int fd)
|
||||||
SANITIZER_INTERFACE_ATTRIBUTE;
|
SANITIZER_INTERFACE_ATTRIBUTE;
|
||||||
|
|
||||||
|
// Notify the tools that the sandbox is going to be turned on. The reserved
|
||||||
|
// parameter will be used in the future to hold a structure with functions
|
||||||
|
// that the tools may call to bypass the sandbox.
|
||||||
|
void __sanitizer_sandbox_on_notify(void *reserved)
|
||||||
|
SANITIZER_WEAK_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE;
|
||||||
} // extern "C"
|
} // extern "C"
|
||||||
|
|
||||||
#endif // SANITIZER_COMMON_INTERFACE_DEFS_H
|
#endif // SANITIZER_COMMON_INTERFACE_DEFS_H
|
||||||
|
|
|
||||||
|
|
@ -201,4 +201,10 @@ void __sanitizer_set_report_fd(int fd) {
|
||||||
internal_close(report_fd);
|
internal_close(report_fd);
|
||||||
report_fd = fd;
|
report_fd = fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void NOINLINE __sanitizer_sandbox_on_notify(void *reserved) {
|
||||||
|
(void)reserved;
|
||||||
|
PrepareForSandboxing();
|
||||||
|
}
|
||||||
|
|
||||||
} // extern "C"
|
} // extern "C"
|
||||||
|
|
|
||||||
|
|
@ -123,6 +123,7 @@ const char *GetPwd();
|
||||||
void ReExec();
|
void ReExec();
|
||||||
bool StackSizeIsUnlimited();
|
bool StackSizeIsUnlimited();
|
||||||
void SetStackSizeLimitInBytes(uptr limit);
|
void SetStackSizeLimitInBytes(uptr limit);
|
||||||
|
void PrepareForSandboxing();
|
||||||
|
|
||||||
// Other
|
// Other
|
||||||
void SleepForSeconds(int seconds);
|
void SleepForSeconds(int seconds);
|
||||||
|
|
|
||||||
|
|
@ -218,6 +218,14 @@ void ReExec() {
|
||||||
execv(argv[0], argv.data());
|
execv(argv[0], argv.data());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void PrepareForSandboxing() {
|
||||||
|
// Some kinds of sandboxes may forbid filesystem access, so we won't be able
|
||||||
|
// to read the file mappings from /proc/self/maps. Luckily, neither the
|
||||||
|
// process will be able to load additional libraries, so it's fine to use the
|
||||||
|
// cached mappings.
|
||||||
|
MemoryMappingLayout::CacheMemoryMappings();
|
||||||
|
}
|
||||||
|
|
||||||
// ----------------- sanitizer_procmaps.h
|
// ----------------- sanitizer_procmaps.h
|
||||||
// Linker initialized.
|
// Linker initialized.
|
||||||
ProcSelfMapsBuff MemoryMappingLayout::cached_proc_self_maps_;
|
ProcSelfMapsBuff MemoryMappingLayout::cached_proc_self_maps_;
|
||||||
|
|
|
||||||
|
|
@ -126,6 +126,10 @@ void ReExec() {
|
||||||
UNIMPLEMENTED();
|
UNIMPLEMENTED();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void PrepareForSandboxing() {
|
||||||
|
// Nothing here for now.
|
||||||
|
}
|
||||||
|
|
||||||
// ----------------- sanitizer_procmaps.h
|
// ----------------- sanitizer_procmaps.h
|
||||||
|
|
||||||
MemoryMappingLayout::MemoryMappingLayout() {
|
MemoryMappingLayout::MemoryMappingLayout() {
|
||||||
|
|
|
||||||
|
|
@ -129,6 +129,10 @@ void ReExec() {
|
||||||
UNIMPLEMENTED();
|
UNIMPLEMENTED();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void PrepareForSandboxing() {
|
||||||
|
// Nothing here for now.
|
||||||
|
}
|
||||||
|
|
||||||
bool StackSizeIsUnlimited() {
|
bool StackSizeIsUnlimited() {
|
||||||
UNIMPLEMENTED();
|
UNIMPLEMENTED();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue