From f26df9655b6d8bb54933b3d995f3da8fae000a85 Mon Sep 17 00:00:00 2001 From: blueboxd <48254131+blueboxd@users.noreply.github.com> Date: Fri, 9 Dec 2022 05:49:57 +0900 Subject: [PATCH] cleanup sandbox/ --- sandbox/mac/sandbox_logging.cc | 98 +------------------------------ sandbox/mac/seatbelt_exec.cc | 15 +---- sandbox/mac/seatbelt_unittest.cc | 42 +++++++++++++ sandbox/policy/BUILD.gn | 1 - sandbox/policy/mac/common.sb | 4 +- sandbox/policy/mac/renderer.sb | 2 +- sandbox/policy/mac/sandbox_mac.h | 17 ------ sandbox/policy/mac/sandbox_mac.mm | 74 ----------------------- 8 files changed, 47 insertions(+), 206 deletions(-) diff --git a/sandbox/mac/sandbox_logging.cc b/sandbox/mac/sandbox_logging.cc index 2879672766e78b..f52f1d1da4d431 100644 --- a/sandbox/mac/sandbox_logging.cc +++ b/sandbox/mac/sandbox_logging.cc @@ -5,6 +5,7 @@ #include "sandbox/mac/sandbox_logging.h" #include +#include #include #include #include @@ -16,18 +17,6 @@ #include "build/build_config.h" -#include -#if !defined(MAC_OS_X_VERSION_10_12) || \ - MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 -#define USE_ASL -#endif - -#if defined(USE_ASL) -#include -#else -#include -#endif - #if defined(ARCH_CPU_X86_64) #define ABORT() \ { \ @@ -53,77 +42,6 @@ namespace { enum class Level { FATAL, ERR, WARN, INFO }; -#if defined(USE_ASL) - -void SendAslLog(Level level, const char* message) { - class ASLClient { - public: - explicit ASLClient() - : client_(asl_open(nullptr, - "com.apple.console", - ASL_OPT_STDERR | ASL_OPT_NO_DELAY)) {} - ~ASLClient() { asl_close(client_); } - - aslclient get() const { return client_; } - - ASLClient(const ASLClient&) = delete; - ASLClient& operator=(const ASLClient&) = delete; - - private: - aslclient client_; - } asl_client; - - class ASLMessage { - public: - ASLMessage() : message_(asl_new(ASL_TYPE_MSG)) {} - ~ASLMessage() { asl_free(message_); } - - aslmsg get() const { return message_; } - - ASLMessage(const ASLMessage&) = delete; - ASLMessage& operator=(const ASLMessage&) = delete; - - private: - aslmsg message_; - } asl_message; - - // By default, messages are only readable by the admin group. Explicitly - // make them readable by the user generating the messages. - char euid_string[12]; - snprintf(euid_string, sizeof(euid_string) / sizeof(euid_string[0]), "%d", - geteuid()); - asl_set(asl_message.get(), ASL_KEY_READ_UID, euid_string); - - std::string asl_level_string; - switch (level) { - case Level::FATAL: - asl_level_string = ASL_STRING_CRIT; - break; - case Level::ERR: - asl_level_string = ASL_STRING_ERR; - break; - case Level::WARN: - asl_level_string = ASL_STRING_WARNING; - break; - case Level::INFO: - default: - asl_level_string = ASL_STRING_INFO; - break; - } - - asl_set(asl_message.get(), ASL_KEY_LEVEL, asl_level_string.c_str()); - asl_set(asl_message.get(), ASL_KEY_MSG, message); - asl_send(asl_client.get(), asl_message.get()); - - if (__builtin_available(macOS 10.11, *)) { - if (level == Level::FATAL) { - abort_report_np(message); - } - } -} - -#else - void SendOsLog(Level level, const char* message) { const class OSLog { public: @@ -158,8 +76,6 @@ void SendOsLog(Level level, const char* message) { } } -#endif // defined(USE_ASL) - // |error| is strerror(errno) when a P* logging function is called. Pass // |nullptr| if no errno is set. void DoLogging(Level level, @@ -170,11 +86,7 @@ void DoLogging(Level level, int ret = vsnprintf(message, sizeof(message), fmt, args); if (ret < 0) { -#if defined(USE_ASL) - SendAslLog(level, "warning: log message could not be formatted"); -#else SendOsLog(level, "warning: log message could not be formatted"); -#endif // defined(USE_ASL) return; } @@ -185,18 +97,10 @@ void DoLogging(Level level, if (error) final_message += ": " + *error; -#if defined(USE_ASL) - SendAslLog(level, final_message.c_str()); -#else SendOsLog(level, final_message.c_str()); -#endif // defined(USE_ASL) if (truncated) { -#if defined(USE_ASL) - SendAslLog(level, "warning: previous log message truncated"); -#else SendOsLog(level, "warning: previous log message truncated"); -#endif // defined(USE_ASL) } } diff --git a/sandbox/mac/seatbelt_exec.cc b/sandbox/mac/seatbelt_exec.cc index 0143627a772178..dd920be421bfcb 100644 --- a/sandbox/mac/seatbelt_exec.cc +++ b/sandbox/mac/seatbelt_exec.cc @@ -171,20 +171,7 @@ SeatbeltExecServer::CreateFromArguments(const char* executable_path, return result; } - char full_exec_path[PATH_MAX]; - if (realpath(executable_path, full_exec_path) == NULL) { - logging::PError("realpath"); - return result; - } - - auto server = std::make_unique(seatbelt_client_fd); - // These parameters are provided for every profile to use. - if (!server->SetParameter("EXECUTABLE_PATH", full_exec_path)) { - logging::Error("Failed to set up parameters for sandbox."); - return result; - } - - result.server = std::move(server); + result.server.reset(new SeatbeltExecServer(seatbelt_client_fd)); return result; } diff --git a/sandbox/mac/seatbelt_unittest.cc b/sandbox/mac/seatbelt_unittest.cc index ec42cffa6650d8..cbf88416905fa2 100644 --- a/sandbox/mac/seatbelt_unittest.cc +++ b/sandbox/mac/seatbelt_unittest.cc @@ -4,10 +4,14 @@ #include "sandbox/mac/seatbelt.h" +#include #include #include +#include #include +#include + #include "base/files/file.h" #include "base/files/scoped_temp_dir.h" #include "base/mac/mac_util.h" @@ -108,4 +112,42 @@ TEST_F(SeatbeltTest, Ftruncate) { } } +MULTIPROCESS_TEST_MAIN(ProcessSelfInfo) { + const char* profile = R"( + (version 1) + (deny default (with no-log)) + ; `process-info` is default-allowed. + (deny process-info*) + (allow process-info-pidinfo (target self)) + (deny sysctl-read) + )"; + + std::string error; + CHECK(Seatbelt::Init(profile, 0, &error)) << error; + + int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()}; + kinfo_proc proc; + size_t size = sizeof(proc); + + int rv = sysctl(mib, std::size(mib), &proc, &size, nullptr, 0); + PCHECK(rv == 0); + + mib[std::size(mib) - 1] = getppid(); + errno = 0; + rv = sysctl(mib, std::size(mib), &proc, &size, nullptr, 0); + PCHECK(rv == -1); + PCHECK(errno == EPERM); + + return 0; +} + +TEST_F(SeatbeltTest, ProcessSelfInfo) { + base::Process process = SpawnChild("ProcessSelfInfo"); + ASSERT_TRUE(process.IsValid()); + int exit_code = 42; + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); + EXPECT_EQ(exit_code, 0); +} + } // namespace sandbox diff --git a/sandbox/policy/BUILD.gn b/sandbox/policy/BUILD.gn index f028f9d79007ae..3616270754417e 100644 --- a/sandbox/policy/BUILD.gn +++ b/sandbox/policy/BUILD.gn @@ -132,7 +132,6 @@ component("policy") { "CoreGraphics.framework", "Foundation.framework", "IOSurface.framework", - "ImageIO.framework", ] } if (is_win) { diff --git a/sandbox/policy/mac/common.sb b/sandbox/policy/mac/common.sb index 2c6c0d9b8ae642..9e83e6235b979d 100644 --- a/sandbox/policy/mac/common.sb +++ b/sandbox/policy/mac/common.sb @@ -95,7 +95,7 @@ ; Allow logging for all processes. (if (not (defined? 'vnode-type)) - (allow file-write* (path (param log-file-path))) + (allow file-write* (path (param log-file-path))) ;else (allow file-write* (require-all @@ -179,7 +179,7 @@ ; Access to /dev. (if (not (defined? 'vnode-type)) - (allow file-ioctl file-ioctl file-read-data file-write-data (path "/dev/dtracehelper")) + (allow file-ioctl file-ioctl file-read-data file-write-data (path "/dev/dtracehelper")) ;else (allow file-ioctl file-read-data file-write-data (require-all diff --git a/sandbox/policy/mac/renderer.sb b/sandbox/policy/mac/renderer.sb index 52367aec0f21b3..7d0e21caed514c 100644 --- a/sandbox/policy/mac/renderer.sb +++ b/sandbox/policy/mac/renderer.sb @@ -40,7 +40,7 @@ (allow-cvms-blobs) (if (not (defined? 'vnode-type)) - (allow file-write-data (path "/dev/null")) + (allow file-write-data (path "/dev/null")) ;else (allow file-write-data (require-all diff --git a/sandbox/policy/mac/sandbox_mac.h b/sandbox/policy/mac/sandbox_mac.h index 068891bffd47cb..329ed8d8f60ba1 100644 --- a/sandbox/policy/mac/sandbox_mac.h +++ b/sandbox/policy/mac/sandbox_mac.h @@ -35,23 +35,6 @@ SANDBOX_POLICY_EXPORT base::FilePath GetCanonicalPath( SANDBOX_POLICY_EXPORT std::string GetSandboxProfile( sandbox::mojom::Sandbox sandbox_type); -class SANDBOX_POLICY_EXPORT SandboxMac { - public: - SandboxMac() = delete; - // Warm up System APIs that empirically need to be accessed before the - // sandbox is turned on. |sandbox_type| is the type of sandbox to warm up. - // Valid |sandbox_type| values are defined by the enum SandboxType, or can be - // defined by the embedder via - // ContentClient::GetSandboxProfileForProcessType(). - static void Warmup(sandbox::mojom::Sandbox sandbox_type); - - // Turns on the OS X sandbox for this process. - // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal - // values. - // - // Returns true on success, false if an error occurred enabling the sandbox. - static bool Enable(sandbox::mojom::Sandbox sandbox_type); -}; // Returns true if the compiled policy for the sandbox `sandbox_type` can be // cached and reused across multiple processes. Some sandbox policies bind // parameters that prevent the policy from being reused. diff --git a/sandbox/policy/mac/sandbox_mac.mm b/sandbox/policy/mac/sandbox_mac.mm index 417eed09ed91a5..d709edc697f139 100644 --- a/sandbox/policy/mac/sandbox_mac.mm +++ b/sandbox/policy/mac/sandbox_mac.mm @@ -4,41 +4,13 @@ #include "sandbox/policy/mac/sandbox_mac.h" -#import -#include -#include - -#include -#include #include #include -#include -#include -#include #include -#include "base/command_line.h" -#include "base/compiler_specific.h" -#include "base/files/file_util.h" #include "base/feature_list.h" #include "base/files/scoped_file.h" -#include "base/mac/bundle_locations.h" -#include "base/mac/foundation_util.h" -#include "base/mac/mac_util.h" -#include "base/mac/mach_port_rendezvous.h" -#include "base/mac/scoped_cftyperef.h" -#include "base/mac/scoped_nsobject.h" -#include "base/rand_util.h" -#include "base/stl_util.h" -#include "base/strings/string_piece.h" -#include "base/strings/string_split.h" -#include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" -#include "base/strings/sys_string_conversions.h" -#include "base/strings/utf_string_conversions.h" -#include "base/system/sys_info.h" -#include "sandbox/mac/sandbox_compiler.h" #include "base/logging.h" #include "base/posix/eintr_wrapper.h" #include "components/services/screen_ai/buildflags/buildflags.h" @@ -61,57 +33,11 @@ #endif #include "sandbox/policy/mac/speech_recognition.sb.h" #include "sandbox/policy/mac/utility.sb.h" -#include "sandbox/policy/sandbox_type.h" -#include "sandbox/policy/switches.h" #include "sandbox/policy/mojom/sandbox.mojom.h" namespace sandbox { namespace policy { -// Load the appropriate template for the given sandbox type. -// Returns the template as a string or an empty string on error. -std::string LoadSandboxTemplate(sandbox::mojom::Sandbox sandbox_type) { - DCHECK_EQ(sandbox_type, sandbox::mojom::Sandbox::kGpu); - return kSeatbeltPolicyString_gpu; -} - -// Turns on the OS X sandbox for this process. - -// static -bool SandboxMac::Enable(sandbox::mojom::Sandbox sandbox_type) { - DCHECK_EQ(sandbox_type, sandbox::mojom::Sandbox::kGpu); - - std::string sandbox_data = LoadSandboxTemplate(sandbox_type); - if (sandbox_data.empty()) - return false; - - SandboxCompiler compiler(sandbox_data); - - // Enable verbose logging if enabled on the command line. (See common.sb - // for details). - const base::CommandLine* command_line = - base::CommandLine::ForCurrentProcess(); - bool enable_logging = - command_line->HasSwitch(switches::kEnableSandboxLogging); - - // Splice the path of the user's home directory into the sandbox profile - // (see renderer.sb for details). - std::string home_dir = [NSHomeDirectory() fileSystemRepresentation]; - base::FilePath home_dir_canonical = - GetCanonicalPath(base::FilePath(home_dir)); - - if (sandbox_type == sandbox::mojom::Sandbox::kGpu) { - base::FilePath bundle_path = - GetCanonicalPath(base::mac::FrameworkBundlePath()); - } - - // Initialize sandbox. - std::string error_str; - bool success = compiler.CompileAndApplyProfile(&error_str); - DLOG_IF(FATAL, !success) << "Failed to initialize sandbox: " << error_str; - return success; -} - base::FilePath GetCanonicalPath(const base::FilePath& path) { base::ScopedFD fd(HANDLE_EINTR(open(path.value().c_str(), O_RDONLY))); if (!fd.is_valid()) {