diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-04-06 18:43:10 -0700 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-04-06 18:43:10 -0700 |
commit | 2413f3713ae8a306a23550e2eecd59f380f34eae (patch) | |
tree | 097849fef9aa6b967da6e828533764b918bfb01a | |
parent | f783b5273d66d19a78705276a38ae68ef2e3e165 (diff) | |
download | minijail-2413f3713ae8a306a23550e2eecd59f380f34eae.tar.gz |
Skip setting seccomp filter when running with ASan.android-n-preview-2
Also add an example build target for an ASan-ified libminijail (useful
for debugging).
Bug: 28052772
Change-Id: Ib36a0303d635becaa8802dee56d486f11060ea47
-rw-r--r-- | Android.mk | 19 | ||||
-rw-r--r-- | libminijail.c | 15 | ||||
-rw-r--r-- | util.h | 8 |
3 files changed, 42 insertions, 0 deletions
@@ -102,6 +102,25 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) include $(BUILD_SHARED_LIBRARY) +# Example ASan-ified libminijail shared library for target. +# Commented out since it's only needed for local debugging. +# ========================================================= +# include $(CLEAR_VARS) +# LOCAL_MODULE := libminijail_asan +# LOCAL_MODULE_TAGS := optional +# +# LOCAL_CFLAGS := $(minijailCommonCFlags) +# LOCAL_CLANG := true +# LOCAL_SANITIZE := address +# LOCAL_MODULE_RELATIVE_PATH := asan +# LOCAL_SRC_FILES := $(libminijailSrcFiles) +# +# LOCAL_STATIC_LIBRARIES := libminijail_generated +# LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) +# LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) +# include $(BUILD_SHARED_LIBRARY) + + # libminijail static library for target. # ========================================================= include $(CLEAR_VARS) diff --git a/libminijail.c b/libminijail.c index fcfee1e..a0c4c86 100644 --- a/libminijail.c +++ b/libminijail.c @@ -1355,6 +1355,21 @@ void set_seccomp_filter(const struct minijail *j) } /* + * Code running with ASan + * (https://github.com/google/sanitizers/wiki/AddressSanitizer) + * will make system calls not included in the syscall filter policy, + * which will likely crash the program. Skip setting seccomp filter in + * that case. + * 'running_with_asan()' has no inputs and is completely defined at + * build time, so this cannot be used by an attacker to skip setting + * seccomp filter. + */ + if (j->flags.seccomp_filter && running_with_asan()) { + warn("running with ASan, not setting seccomp filter"); + return; + } + + /* * If we're logging seccomp filter failures, * install the SIGSYS handler first. */ @@ -37,6 +37,14 @@ static inline int is_android() { #endif } +static inline int running_with_asan() { +#if defined(__clang__) && __has_feature(address_sanitizer) + return 1; +#else + return 0; +#endif +} + int lookup_syscall(const char *name); const char *lookup_syscall_name(int nr); long int parse_constant(char *constant_str, char **endptr); |