This repository has been archived by the owner on Apr 3, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 212
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SeccompSupportDetector for Android.
This class will report to UMA the Android kernel version and the level of kernel support for seccomp-bpf sandboxing. BUG=468455 Review URL: https://codereview.chromium.org/1018953004 Cr-Commit-Position: refs/heads/master@{#321451}
- Loading branch information
Showing
13 changed files
with
300 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
// Copyright 2015 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/android/seccomp_support_detector.h" | ||
|
||
#include <stdio.h> | ||
#include <sys/utsname.h> | ||
|
||
#include "base/message_loop/message_loop_proxy.h" | ||
#include "base/metrics/histogram_macros.h" | ||
#include "base/metrics/sparse_histogram.h" | ||
#include "chrome/common/chrome_utility_messages.h" | ||
#include "content/public/browser/browser_thread.h" | ||
#include "content/public/browser/utility_process_host.h" | ||
|
||
using content::BrowserThread; | ||
|
||
enum AndroidSeccompStatus { | ||
DETECTION_FAILED, // The process crashed during detection. | ||
NOT_SUPPORTED, // Kernel has no seccomp support. | ||
SUPPORTED, // Kernel has seccomp support. | ||
LAST_STATUS | ||
}; | ||
|
||
// static | ||
void SeccompSupportDetector::StartDetection() { | ||
// This is instantiated here, and then ownership is maintained by the | ||
// Closure objects when the object is being passed between threads. A | ||
// reference is also taken by the UtilityProcessHost, which will release | ||
// it when the process exits. | ||
scoped_refptr<SeccompSupportDetector> detector(new SeccompSupportDetector()); | ||
BrowserThread::PostBlockingPoolTask(FROM_HERE, | ||
base::Bind(&SeccompSupportDetector::DetectKernelVersion, detector)); | ||
} | ||
|
||
SeccompSupportDetector::SeccompSupportDetector() : prctl_detected_(false) { | ||
} | ||
|
||
SeccompSupportDetector::~SeccompSupportDetector() { | ||
} | ||
|
||
void SeccompSupportDetector::DetectKernelVersion() { | ||
DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread()); | ||
|
||
// This method will report the kernel major and minor versions by | ||
// taking the lower 16 bits of each version number and combining | ||
// the two into a 32-bit number. | ||
|
||
utsname uts; | ||
if (uname(&uts) == 0) { | ||
int major, minor; | ||
if (sscanf(uts.release, "%d.%d", &major, &minor) == 2) { | ||
int version = ((major & 0xFFFF) << 16) | (minor & 0xFFFF); | ||
UMA_HISTOGRAM_SPARSE_SLOWLY("Android.KernelVersion", version); | ||
} | ||
} | ||
|
||
#if defined(USE_SECCOMP_BPF) | ||
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, | ||
base::Bind(&SeccompSupportDetector::DetectSeccomp, this)); | ||
#else | ||
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, | ||
base::Bind(&SeccompSupportDetector::OnDetectPrctl, this, false)); | ||
BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, | ||
base::Bind(&SeccompSupportDetector::OnDetectSyscall, this, false)); | ||
#endif | ||
} | ||
|
||
void SeccompSupportDetector::DetectSeccomp() { | ||
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
|
||
content::UtilityProcessHost* utility_process_host = | ||
content::UtilityProcessHost::Create( | ||
this, base::MessageLoopProxy::current()); | ||
utility_process_host->Send(new ChromeUtilityMsg_DetectSeccompSupport()); | ||
} | ||
|
||
void SeccompSupportDetector::OnProcessCrashed(int exit_code) { | ||
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
// The process crashed. Since prctl detection happens first, report which | ||
// probe failed. | ||
if (prctl_detected_) { | ||
UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Syscall", | ||
DETECTION_FAILED, | ||
LAST_STATUS); | ||
} else { | ||
UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Prctl", | ||
DETECTION_FAILED, | ||
LAST_STATUS); | ||
} | ||
} | ||
|
||
bool SeccompSupportDetector::OnMessageReceived(const IPC::Message& message) { | ||
bool handled = false; | ||
IPC_BEGIN_MESSAGE_MAP(SeccompSupportDetector, message) | ||
IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_DetectSeccompSupport_ResultPrctl, | ||
OnDetectPrctl) | ||
IPC_MESSAGE_HANDLER(ChromeUtilityHostMsg_DetectSeccompSupport_ResultSyscall, | ||
OnDetectSyscall) | ||
IPC_MESSAGE_UNHANDLED(handled = false) | ||
IPC_END_MESSAGE_MAP() | ||
return handled; | ||
} | ||
|
||
void SeccompSupportDetector::OnDetectPrctl(bool prctl_supported) { | ||
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
DCHECK(!prctl_detected_); | ||
|
||
prctl_detected_ = true; | ||
|
||
UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Prctl", | ||
prctl_supported ? SUPPORTED : NOT_SUPPORTED, | ||
LAST_STATUS); | ||
} | ||
|
||
void SeccompSupportDetector::OnDetectSyscall(bool syscall_supported) { | ||
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
DCHECK(prctl_detected_); | ||
|
||
UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Syscall", | ||
syscall_supported ? SUPPORTED : NOT_SUPPORTED, | ||
LAST_STATUS); | ||
|
||
// The utility process will shutdown after this, and this object will | ||
// be deleted when the UtilityProcessHost releases its reference. | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// Copyright 2015 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_BROWSER_ANDROID_SECCOMP_SUPPORT_DETECTOR_H_ | ||
#define CHROME_BROWSER_ANDROID_SECCOMP_SUPPORT_DETECTOR_H_ | ||
|
||
#include "base/compiler_specific.h" | ||
#include "content/public/browser/utility_process_host_client.h" | ||
|
||
// This class is used to report via UMA the Android kernel version and | ||
// level of seccomp-bpf support. The kernel version is read from the blocking | ||
// thread pool, while seccomp support is tested in a utility process, in case | ||
// the probing causes a crash. | ||
class SeccompSupportDetector : public content::UtilityProcessHostClient { | ||
public: | ||
// Starts the detection process. This should be called once per browser | ||
// session. This is safe to call from any thread. | ||
static void StartDetection(); | ||
|
||
private: | ||
SeccompSupportDetector(); | ||
~SeccompSupportDetector() override; | ||
|
||
// Called on the blocking thread pool. This reads the utsname and records | ||
// the kernel version. | ||
void DetectKernelVersion(); | ||
|
||
// Called on the IO thread. This starts a utility process to detect seccomp. | ||
void DetectSeccomp(); | ||
|
||
// UtilityProcessHostClient: | ||
void OnProcessCrashed(int exit_code) override; | ||
bool OnMessageReceived(const IPC::Message& message) override; | ||
|
||
// OnDetectPrctl is always received before OnDetectSyscall. | ||
void OnDetectPrctl(bool prctl_supported); | ||
void OnDetectSyscall(bool syscall_supported); | ||
|
||
// Whether OnDetectPrctl was received. | ||
bool prctl_detected_; | ||
|
||
DISALLOW_COPY_AND_ASSIGN(SeccompSupportDetector); | ||
}; | ||
|
||
#endif // CHROME_BROWSER_ANDROID_SECCOMP_SUPPORT_DETECTOR_H_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.