diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-05-04 01:27:11 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-05-04 01:27:11 +0000 |
commit | e701fefab7cf42e847b0c90dfda8f83c978d6503 (patch) | |
tree | 5622c6f9ff0f05fac81f8c81aca7fc1e26a28b17 | |
parent | 811da3ffbbc8edb4505dd8617f94f19dd3055235 (diff) | |
parent | abb93141f0255a624bda29e4842611f8bc120df8 (diff) | |
download | minijail-e701fefab7cf42e847b0c90dfda8f83c978d6503.tar.gz |
Skip setting seccomp filter when running with ASan.
am: abb93141f0
* commit 'abb93141f0255a624bda29e4842611f8bc120df8':
Skip setting seccomp filter when running with ASan.
Change-Id: Ib3ba92897d4229ae09f9cb9c87e2b57b5f090f9e
-rw-r--r-- | Android.mk | 19 | ||||
-rw-r--r-- | libminijail.c | 15 | ||||
-rw-r--r-- | util.h | 8 |
3 files changed, 42 insertions, 0 deletions
@@ -102,6 +102,25 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) include $(BUILD_SHARED_LIBRARY) +# Example ASan-ified libminijail shared library for target. +# Commented out since it's only needed for local debugging. +# ========================================================= +# include $(CLEAR_VARS) +# LOCAL_MODULE := libminijail_asan +# LOCAL_MODULE_TAGS := optional +# +# LOCAL_CFLAGS := $(minijailCommonCFlags) +# LOCAL_CLANG := true +# LOCAL_SANITIZE := address +# LOCAL_MODULE_RELATIVE_PATH := asan +# LOCAL_SRC_FILES := $(libminijailSrcFiles) +# +# LOCAL_STATIC_LIBRARIES := libminijail_generated +# LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) +# LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) +# include $(BUILD_SHARED_LIBRARY) + + # libminijail static library for target. # ========================================================= include $(CLEAR_VARS) diff --git a/libminijail.c b/libminijail.c index 2164186..0af36a3 100644 --- a/libminijail.c +++ b/libminijail.c @@ -1272,6 +1272,21 @@ void set_seccomp_filter(const struct minijail *j) } /* + * Code running with ASan + * (https://github.com/google/sanitizers/wiki/AddressSanitizer) + * will make system calls not included in the syscall filter policy, + * which will likely crash the program. Skip setting seccomp filter in + * that case. + * 'running_with_asan()' has no inputs and is completely defined at + * build time, so this cannot be used by an attacker to skip setting + * seccomp filter. + */ + if (j->flags.seccomp_filter && running_with_asan()) { + warn("running with ASan, not setting seccomp filter"); + return; + } + + /* * If we're logging seccomp filter failures, * install the SIGSYS handler first. */ @@ -37,6 +37,14 @@ static inline int is_android() { #endif } +static inline int running_with_asan() { +#if defined(__clang__) && __has_feature(address_sanitizer) + return 1; +#else + return 0; +#endif +} + int lookup_syscall(const char *name); const char *lookup_syscall_name(int nr); long int parse_constant(char *constant_str, char **endptr); |