commit | 25cc64abd05a60f4b446251ac679a0b844d7a979 | [log] [tgz] |
---|---|---|
author | Jordan R Abrahams <ajordanr@google.com> | Thu Aug 12 18:18:15 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Thu Aug 12 18:35:23 2021 |
tree | b39784024cedfae81c53e0c2a25745766fcb6ccb | |
parent | f114755e2ec90bdcb86401e0e3b9e5fb19f6483d [diff] |
linux sandbox: add fstatfs for arm gpu policy This missing syscall is preventing the sandbox from starting ChromeOS when we apply a security patch to glibc. glibc's loader can be exploited on preload to get around no-exec restrictions. We've implemented a patch in CrOS's glibc implementation to resolve this. However, fstatfs is required to determine file-system information about the shared libraries. Without this patch, fstatfs calls on ChromeOS boards such as Trogdor are unable to get the user to the log-in screen when glibc requires fstatfs-ing shared objects on preload. Bug: chromium:1182687 Test: Local images with and without patch on local Trogdor device Change-Id: I35094cdf101e7981711e603d1e04df4214b525cf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3089652 Reviewed-by: Matthew Denton <mpdenton@chromium.org> Commit-Queue: Jordan R Abrahams <ajordanr@google.com> Cr-Commit-Position: refs/heads/master@{#911398} NOKEYCHECK=True GitOrigin-RevId: 7b24f4df5c4a4d13c23f42a8e33686748415dd01
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.