| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/renderer/renderer_main_platform_delegate.h" |
| |
| #include <errno.h> |
| #include <sys/stat.h> |
| |
| #include "base/command_line.h" |
| #include "base/files/file_util.h" |
| #include "base/logging.h" |
| #include "content/common/sandbox_linux/sandbox_linux.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/sandbox_init.h" |
| |
| namespace content { |
| |
| RendererMainPlatformDelegate::RendererMainPlatformDelegate( |
| const MainFunctionParams& parameters) {} |
| |
| RendererMainPlatformDelegate::~RendererMainPlatformDelegate() { |
| } |
| |
| void RendererMainPlatformDelegate::PlatformInitialize() { |
| } |
| |
| void RendererMainPlatformDelegate::PlatformUninitialize() { |
| } |
| |
| bool RendererMainPlatformDelegate::EnableSandbox() { |
| // The setuid sandbox is started in the zygote process: zygote_main_linux.cc |
| // https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox.md |
| // |
| // Anything else is started in InitializeSandbox(). |
| LinuxSandbox::InitializeSandbox(); |
| // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before |
| // any renderer has been started. |
| // Here, we test that the status of SeccompBpf in the renderer is consistent |
| // with what LinuxSandbox::GetStatus() said we would do. |
| class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); |
| if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBPF) { |
| CHECK(linux_sandbox->seccomp_bpf_started()); |
| } |
| |
| // Under the setuid sandbox, we should not be able to open any file via the |
| // filesystem. |
| if (linux_sandbox->GetStatus() & kSandboxLinuxSUID) { |
| CHECK(!base::PathExists(base::FilePath("/proc/cpuinfo"))); |
| } |
| |
| #if defined(__x86_64__) |
| // Limit this test to architectures where seccomp BPF is active in renderers. |
| if (linux_sandbox->seccomp_bpf_started()) { |
| errno = 0; |
| // This should normally return EBADF since the first argument is bogus, |
| // but we know that under the seccomp-bpf sandbox, this should return EPERM. |
| CHECK_EQ(fchmod(-1, 07777), -1); |
| CHECK_EQ(errno, EPERM); |
| } |
| #endif // __x86_64__ |
| |
| return true; |
| } |
| |
| } // namespace content |