diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-01 10:56:54 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-01 10:56:54 +0000 |
| commit | 1032072f7dccf47ec04b32c14cbba3e1542f242f (patch) | |
| tree | 4b470fca9aa8ca8fe896099fda3da5e8d507cfa7 | |
| parent | c42e1ec1179e128406eda67cb924e497390093c8 (diff) | |
| parent | 3c6795b8906b224736c9eb914dd9bf50204f52c7 (diff) | |
| download | minijail-platform-tools-34.0.1.tar.gz | |
Snap for 9550355 from 3c6795b8906b224736c9eb914dd9bf50204f52c7 to sdk-releaseplatform-tools-34.0.1platform-tools-34.0.0platform-tools-33.0.4
Change-Id: I19eaa0a4766571f1f09f33ad11875bf992393528
76 files changed, 637 insertions, 338 deletions
@@ -551,55 +551,3 @@ cc_binary { static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries + ["libminijail"], } - -rust_defaults { - name: "libminijail_rust_defaults", - target: { - darwin: { - enabled: false, - }, - }, -} - -// This target was generated by cargo2android.py --run --device, with some -// manual fixes. -rust_library { - name: "libminijail_sys", - defaults: ["libminijail_rust_defaults"], - host_supported: true, - crate_name: "minijail_sys", - srcs: ["rust/minijail-sys/lib.rs"], - edition: "2018", - rustlibs: [ - "liblibc", - ], - shared_libs: [ - "libcap", - "libminijail", - ], - apex_available: [ - "//apex_available:platform", - "com.android.compos", - "com.android.virt", - ], -} - -// This target was generated by cargo2android.py --run --device, with some -// manual fixes. -rust_library { - name: "libminijail_rust", - defaults: ["libminijail_rust_defaults"], - host_supported: true, - crate_name: "minijail", - srcs: ["rust/minijail/src/lib.rs"], - edition: "2018", - rustlibs: [ - "liblibc", - "libminijail_sys", - ], - apex_available: [ - "//apex_available:platform", - "com.android.compos", - "com.android.virt", - ], -} @@ -38,10 +38,10 @@ Building the tests will automatically execute them. ## Code Review We use [Android Review] for Minijail code review. The easiest way to submit -changes for review is using `repo upload` on a Chromium OS or Android checkout. +changes for review is using `repo upload` on a ChromiumOS or Android checkout. Go to [Android Review HTTP Credentials] to obtain credentials to push code. For more detailed instructions see the [Android source documentation] or the -[Chromium OS documentation]. +[ChromiumOS documentation]. ## Source Style @@ -81,6 +81,6 @@ Please keep it in sync with [minijail0_cli.c]. [Android Review]: https://android-review.googlesource.com/ [Android Review HTTP Credentials]: https://android-review.googlesource.com/settings/#HTTPCredentials [Android source documentation]: https://source.android.com/setup/start -[Chromium OS documentation]: https://chromium.googlesource.com/chromiumos/docs/+/HEAD/developer_guide.md +[ChromiumOS documentation]: https://chromium.googlesource.com/chromiumos/docs/+/HEAD/developer_guide.md [Google Markdown style guide]: https://github.com/google/styleguide/blob/gh-pages/docguide/style.md [Google Test]: https://github.com/google/googletest @@ -1,4 +1,4 @@ -/* Copyright 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are @@ -10,7 +10,7 @@ * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. - * * Neither the name of Google Inc. nor the names of its + * * Neither the name of Google LLC nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * @@ -1,4 +1,4 @@ -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright 2012 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -72,6 +72,14 @@ ifeq ($(BLOCK_SYMLINKS_IN_BINDMOUNT_PATHS),yes) CPPFLAGS += -DBLOCK_SYMLINKS_IN_BINDMOUNT_PATHS endif +# Prevents symlinks from being followed in the /tmp folder. +# Symlinks could be followed to modify arbitrary files when a process +# had access to the /tmp folder. +BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP ?= no +ifeq ($(BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP),yes) +CPPFLAGS += -DBLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP +endif + ifeq ($(USE_ASAN),yes) CPPFLAGS += -fsanitize=address -fno-omit-frame-pointer LDFLAGS += -fsanitize=address -fno-omit-frame-pointer @@ -1,4 +1,4 @@ -// Copyright 2014 The Chromium OS Authors. All rights reserved. +// Copyright 2014 The ChromiumOS Authors // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are @@ -10,7 +10,7 @@ // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. -// * Neither the name of Google Inc. nor the names of its +// * Neither the name of Google LLC nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // @@ -1,5 +1,10 @@ set noparent -include OWNERS_GENERAL +# Android: exclude upstream owners so that code review requests will be routed +# to the Android/downstream owners below. +#include OWNERS_GENERAL +adelva@google.com +victorhsieh@google.com + # Emeritus. -drewry@google.com -keescook@google.com +#drewry@google.com +#keescook@google.com @@ -4,7 +4,7 @@ The Minijail homepage is https://google.github.io/minijail/. The main source repo is -https://android.googlesource.com/platform/external/minijail/. +https://chromium.googlesource.com/chromiumos/platform/minijail. There might be other copies floating around, but this is the official one! @@ -12,7 +12,7 @@ There might be other copies floating around, but this is the official one! ## What is it? -Minijail is a sandboxing and containment tool used in Chrome OS and Android. +Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself. @@ -21,12 +21,12 @@ and a library that can be used by code to sandbox itself. You're one `git clone` away from happiness. ``` -$ git clone https://android.googlesource.com/platform/external/minijail +$ git clone https://chromium.googlesource.com/chromiumos/platform/minijail $ cd minijail ``` Releases are tagged as `linux-vXX`: -https://android.googlesource.com/platform/external/minijail/+refs +https://chromium.googlesource.com/chromiumos/platform/minijail/+refs ## Building @@ -49,14 +49,14 @@ We've got a couple of contact points. * [minijail-dev@google.com]: Internal Google developer mailing list. * [crbug.com/list]: Existing bug reports & feature requests. * [crbug.com/new]: File new bug reports & feature requests. -* [AOSP Gerrit]: Code reviews. +* [Chromium Gerrit]: Code reviews. [minijail@chromium.org]: https://groups.google.com/a/chromium.org/forum/#!forum/minijail [minijail-users@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-users [minijail-dev@google.com]: https://groups.google.com/a/google.com/forum/#!forum/minijail-dev [crbug.com/list]: https://crbug.com/?q=component:OS>Systems>Minijail [crbug.com/new]: https://bugs.chromium.org/p/chromium/issues/entry?components=OS>Systems>Minijail -[AOSP Gerrit]: https://android-review.googlesource.com/q/project:platform/external/minijail +[Chromium Gerrit]: https://chromium-review.googlesource.com/q/project:chromiumos/platform/minijail ## Talks and presentations @@ -67,7 +67,7 @@ The following talk serves as a good introduction to Minijail and how it can be u ## Example usage -The Chromium OS project has a comprehensive +The ChromiumOS project has a comprehensive [sandboxing](https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md) document that is largely based on Minijail. @@ -100,7 +100,7 @@ Q. "Why is it called minijail0?" A. It is minijail0 because it was a rewrite of an earlier program named minijail, which was considerably less mini, and in particular had a dependency -on libchrome (the Chrome OS packaged version of Chromium's //base). We needed a +on libchrome (the ChromeOS packaged version of Chromium's //base). We needed a new name to not collide with the deprecated one. We didn't want to call it minijail2 or something that would make people @@ -114,51 +114,3 @@ controlled surprise system call use. https://crrev.com/c/4585/ added the original implementation. Source: Conversations with original authors, ellyjones@ and wad@. - -## How to manually upgrade Minijail on Chrome OS - -Minijail is manually upgraded on Chrome OS so that there is a way to test -changes in the Chrome OS commit queue. Committed changes have already passed -Android's presubmit checks, but the ebuild upgrade CL goes through the Chrome -OS commit queue and must pass the tests before any additional changes are -available for use on Chrome OS. To upgrade minijail on Chrome OS, complete the -following steps. - -```bash -# Sync Minijail repo -cd ~/chromiumos/src/aosp/external/minijail -git checkout m/main -repo sync . - -# Set up local branch. -cd ~/trunk/src/third_party/chromiumos-overlay/ -repo start minijail . # replace minijail with the local branch name you want. - -# Run upgrade script. -~/trunk/chromite/scripts/cros_uprev --force --overlay-type public \ - --packages chromeos-base/minijail:dev-rust/minijail-sys:dev-rust/minijail -``` - -At this point the Minijail-related packages should be upgraded, so you may want -to add the changes to a commit and do some local testing before uploading a -change list. Here are the recommended local tests to try (make sure you are -**not** working on the minijail packages first i.e. `cros_workon list-all`): - -```bash -# Check build. -./build_packages --board=${BOARD} - -# Check unit tests. -FEATURES=test emerge-${BOARD} chromeos-base/minijail dev-rust/minijail-sys \ - dev-rust/minijail - -# Check integration tests. -cros deploy <DUT> chromeos-base/minijail -tast run <DUT> security.Minijail.* security.MinijailSeccomp -``` - -Finally, when uploading the CL make sure to include the list of changes -since the last uprev. The command to generate the list is as follows: -```bash -git log --oneline --no-merges <previous hash in ebuild file>..HEAD -``` @@ -1,5 +1,5 @@ /* arch.h - * Copyright 2014 The Chromium OS Authors. All rights reserved. + * Copyright 2014 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -1,5 +1,5 @@ /* bpf.h - * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -1,4 +1,4 @@ -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright 2012 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. # diff --git a/config_parser.c b/config_parser.c index 5568407..9b3aa22 100644 --- a/config_parser.c +++ b/config_parser.c @@ -1,4 +1,4 @@ -/* Copyright 2021 The Chromium OS Authors. All rights reserved. +/* Copyright 2021 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/config_parser.h b/config_parser.h index 36c96db..b158e5c 100644 --- a/config_parser.h +++ b/config_parser.h @@ -1,4 +1,4 @@ -/* Copyright 2021 The Chromium OS Authors. All rights reserved. +/* Copyright 2021 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/config_parser_unittest.cc b/config_parser_unittest.cc index a9c6571..2e4ad17 100644 --- a/config_parser_unittest.cc +++ b/config_parser_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2021 The Chromium OS Authors. All rights reserved. +/* Copyright 2021 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/dump_constants.cc b/dump_constants.cc index f3d7074..6a0a3ba 100644 --- a/dump_constants.cc +++ b/dump_constants.cc @@ -1,4 +1,4 @@ -/* Copyright 2018 The Chromium OS Authors. All rights reserved. +/* Copyright 2018 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -1,4 +1,4 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. +/* Copyright 2014 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -1,5 +1,5 @@ /* elfparse.h - * Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Copyright 2014 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/gen_constants-inl.h b/gen_constants-inl.h index 8a09adb..d09349c 100644 --- a/gen_constants-inl.h +++ b/gen_constants-inl.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. +/* Copyright 2014 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -73,3 +73,7 @@ struct fscrypt_policy_v1 { #if !defined(FS_IOC_GET_ENCRYPTION_POLICY_EX) #define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) #endif + +#if !defined(MADV_FREE) +#define MADV_FREE 8 +#endif diff --git a/gen_constants.sh b/gen_constants.sh index 20f9f42..628a13d 100755 --- a/gen_constants.sh +++ b/gen_constants.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2015 The Chromium OS Authors. All rights reserved. +# Copyright 2015 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/gen_syscalls-inl.h b/gen_syscalls-inl.h index 7d78397..aee71e2 100644 --- a/gen_syscalls-inl.h +++ b/gen_syscalls-inl.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. +/* Copyright 2014 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -86,4 +86,19 @@ #elif __arm64__ #define __NR_rseq 293 #endif + +#ifndef __NR_clone3 +#define __NR_clone3 435 +#endif + #endif /* __NR_rseq */ + +#ifndef __NR_membarrier +#ifdef __x86_64__ +#define __NR_membarrier 324 +#elif __i386__ +#define __NR_membarrier 375 +#elif __arm64__ +#define __NR_membarrier 283 +#endif +#endif /* __NR_membarrier */ diff --git a/gen_syscalls.sh b/gen_syscalls.sh index 7e1707c..d5155e8 100755 --- a/gen_syscalls.sh +++ b/gen_syscalls.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright 2012 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -1,4 +1,4 @@ -/* Copyright 2022 The ChromiumOS Authors. +/* Copyright 2022 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/landlock_util.c b/landlock_util.c index 50e4ef7..2aa8336 100644 --- a/landlock_util.c +++ b/landlock_util.c @@ -1,4 +1,4 @@ -/* Copyright 2022 The ChromiumOS Authors. +/* Copyright 2022 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/landlock_util.h b/landlock_util.h index 0ec2abe..ab1b472 100644 --- a/landlock_util.h +++ b/landlock_util.h @@ -1,4 +1,4 @@ -/* Copyright 2022 The ChromiumOS Authors. +/* Copyright 2022 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -50,6 +50,11 @@ extern "C" { LANDLOCK_ACCESS_FS_MAKE_DIR | \ LANDLOCK_ACCESS_FS_MAKE_REG) +#define ACCESS_FS_ROUGHLY_EDIT ( \ + LANDLOCK_ACCESS_FS_WRITE_FILE | \ + LANDLOCK_ACCESS_FS_REMOVE_DIR | \ + LANDLOCK_ACCESS_FS_REMOVE_FILE) + #define ACCESS_FS_ROUGHLY_FULL_WRITE ( \ LANDLOCK_ACCESS_FS_WRITE_FILE | \ LANDLOCK_ACCESS_FS_REMOVE_DIR | \ @@ -67,6 +72,9 @@ extern "C" { LANDLOCK_ACCESS_FS_WRITE_FILE | \ LANDLOCK_ACCESS_FS_READ_FILE) +#define HANDLED_ACCESS_TYPES (ACCESS_FS_ROUGHLY_READ_EXECUTE | \ + ACCESS_FS_ROUGHLY_FULL_WRITE) + /* * Performs Landlock create ruleset syscall. * diff --git a/libconstants.h b/libconstants.h index c289955..0548de9 100644 --- a/libconstants.h +++ b/libconstants.h @@ -1,4 +1,4 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. +/* Copyright 2015 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/libminijail-private.h b/libminijail-private.h index 8feec55..6351f8e 100644 --- a/libminijail-private.h +++ b/libminijail-private.h @@ -1,5 +1,5 @@ /* libminijail-private.h - * Copyright (c) 2011 The Chromium OS Authors. All rights reserved. + * Copyright 2011 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/libminijail.c b/libminijail.c index a1ad689..bb60904 100644 --- a/libminijail.c +++ b/libminijail.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -73,6 +73,15 @@ (MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_NOATIME | MS_NODIRATIME | \ MS_RELATIME | MS_RDONLY) +/* + * TODO(b/235960683): Drop this after CrOS upgrades to glibc >= 2.34 + * because MS_NOSYMFOLLOW will be defined in sys/mount.h. + */ +#ifndef MS_NOSYMFOLLOW +/* Added locally in kernels 4.x+. */ +#define MS_NOSYMFOLLOW 256 +#endif + struct minijail_rlimit { int type; rlim_t cur; @@ -102,6 +111,12 @@ struct hook { struct hook *next; }; +struct fs_rule { + char *path; + uint64_t landlock_flags; + struct fs_rule *next; +}; + struct preserved_fd { int parent_fd; int child_fd; @@ -113,46 +128,46 @@ struct minijail { * accounted for in minijail_pre{enter|exec}() below. */ struct { - int uid : 1; - int gid : 1; - int inherit_suppl_gids : 1; - int set_suppl_gids : 1; - int keep_suppl_gids : 1; - int use_caps : 1; - int capbset_drop : 1; - int set_ambient_caps : 1; - int vfs : 1; - int enter_vfs : 1; - int pids : 1; - int ipc : 1; - int uts : 1; - int net : 1; - int enter_net : 1; - int ns_cgroups : 1; - int userns : 1; - int disable_setgroups : 1; - int seccomp : 1; - int remount_proc_ro : 1; - int no_new_privs : 1; - int seccomp_filter : 1; - int seccomp_filter_tsync : 1; - int seccomp_filter_logging : 1; - int seccomp_filter_allow_speculation : 1; - int chroot : 1; - int pivot_root : 1; - int mount_dev : 1; - int mount_tmp : 1; - int do_init : 1; - int run_as_init : 1; - int pid_file : 1; - int cgroups : 1; - int alt_syscall : 1; - int reset_signal_mask : 1; - int reset_signal_handlers : 1; - int close_open_fds : 1; - int new_session_keyring : 1; - int forward_signals : 1; - int setsid : 1; + bool uid : 1; + bool gid : 1; + bool inherit_suppl_gids : 1; + bool set_suppl_gids : 1; + bool keep_suppl_gids : 1; + bool use_caps : 1; + bool capbset_drop : 1; + bool set_ambient_caps : 1; + bool vfs : 1; + bool enter_vfs : 1; + bool pids : 1; + bool ipc : 1; + bool uts : 1; + bool net : 1; + bool enter_net : 1; + bool ns_cgroups : 1; + bool userns : 1; + bool disable_setgroups : 1; + bool seccomp : 1; + bool remount_proc_ro : 1; + bool no_new_privs : 1; + bool seccomp_filter : 1; + bool seccomp_filter_tsync : 1; + bool seccomp_filter_logging : 1; + bool seccomp_filter_allow_speculation : 1; + bool chroot : 1; + bool pivot_root : 1; + bool mount_dev : 1; + bool mount_tmp : 1; + bool do_init : 1; + bool run_as_init : 1; + bool pid_file : 1; + bool cgroups : 1; + bool alt_syscall : 1; + bool reset_signal_mask : 1; + bool reset_signal_handlers : 1; + bool close_open_fds : 1; + bool new_session_keyring : 1; + bool forward_signals : 1; + bool setsid : 1; } flags; uid_t uid; gid_t gid; @@ -181,6 +196,9 @@ struct minijail { struct minijail_remount *remounts_head; struct minijail_remount *remounts_tail; size_t tmpfs_size; + bool using_minimalistic_mountns; + struct fs_rule *fs_rules_head; + struct fs_rule *fs_rules_tail; char *cgroups[MAX_CGROUPS]; size_t cgroup_count; struct minijail_rlimit rlimits[MAX_RLIMITS]; @@ -191,10 +209,6 @@ struct minijail { struct preserved_fd preserved_fds[MAX_PRESERVED_FDS]; size_t preserved_fd_count; char *seccomp_policy_path; - /* Landlock ruleset file descriptor. */ - int ruleset_fd; - /* Flag set to true if at least one landlock rule is used. */ - bool landlock_used; }; static void run_hooks_or_die(const struct minijail *j, @@ -287,34 +301,38 @@ void minijail_preenter(struct minijail *j) free_remounts_list(j); } -/* Adds a rule to the landlock ruleset. */ -static bool add_fs_restriction_internal(struct minijail *j, - const char *path, - uint64_t landlock_flags) +/* Adds a rule for a given path to apply once minijail is entered. */ +int add_fs_restriction_path(struct minijail *j, + const char *path, + uint64_t landlock_flags) { - if (!j->landlock_used) { - struct minijail_landlock_ruleset_attr ruleset_attr = { - .handled_access_fs = ACCESS_FS_ROUGHLY_READ_EXECUTE | - ACCESS_FS_ROUGHLY_FULL_WRITE, - }; - j->ruleset_fd = landlock_create_ruleset( - &ruleset_attr, sizeof(ruleset_attr), 0); - if (j->ruleset_fd < 0) { - const int err = errno; - pwarn("Failed to create a ruleset"); - switch (err) { - case ENOSYS: - pwarn("Landlock is not supported by the current kernel"); - break; - case EOPNOTSUPP: - pwarn("Landlock is currently disabled by kernel config"); - break; - } - return false; - } - j->landlock_used = true; + struct fs_rule *r = calloc(1, sizeof(*r)); + if (!r) + return -ENOMEM; + r->path = strdup(path); + r->landlock_flags = landlock_flags; + + if (j->fs_rules_tail) { + j->fs_rules_tail->next = r; + j->fs_rules_tail = r; + } else { + j->fs_rules_head = r; + j->fs_rules_tail = r; } - return populate_ruleset_internal(path, j->ruleset_fd, landlock_flags); + + return 0; +} + +bool mount_has_bind_flag(struct mountpoint *m) { + return !!(m->flags & MS_BIND); +} + +bool mount_has_readonly_flag(struct mountpoint *m) { + return !!(m->flags & MS_RDONLY); +} + +bool mount_events_allowed(struct mountpoint *m) { + return !!(m->flags & MS_SHARED) || !!(m->flags & MS_SLAVE); } /* @@ -359,8 +377,7 @@ struct minijail API *minijail_new(void) struct minijail *j = calloc(1, sizeof(struct minijail)); if (j) { j->remount_mode = MS_PRIVATE; - j->landlock_used = false; - j->ruleset_fd = -1; + j->using_minimalistic_mountns = false; } return j; } @@ -511,6 +528,50 @@ void API minijail_log_seccomp_filter_failures(struct minijail *j) } } +void API minijail_set_using_minimalistic_mountns(struct minijail *j) +{ + j->using_minimalistic_mountns = true; +} + +void API minijail_add_minimalistic_mountns_fs_rules(struct minijail *j) +{ + struct mountpoint *m = j->mounts_head; + bool landlock_enabled_by_profile = false; + if (!j->using_minimalistic_mountns) + return; + + /* Apply Landlock rules. */ + while (m) { + landlock_enabled_by_profile = true; + minijail_add_fs_restriction_rx(j, m->dest); + /* Allow rw if mounted as writable, or mount flags allow mount events.*/ + if (!mount_has_readonly_flag(m) || mount_events_allowed(m)) + minijail_add_fs_restriction_rw(j, m->dest); + m = m->next; + } + if (landlock_enabled_by_profile) { + minijail_enable_default_fs_restrictions(j); + minijail_add_fs_restriction_edit(j, "/dev"); + minijail_add_fs_restriction_ro(j, "/proc"); + if (j->flags.vfs) + minijail_add_fs_restriction_rw(j, "/tmp"); + } +} + +void API minijail_enable_default_fs_restrictions(struct minijail *j) +{ + // Common library locations. + minijail_add_fs_restriction_rx(j, "/lib"); + minijail_add_fs_restriction_rx(j, "/lib64"); + minijail_add_fs_restriction_rx(j, "/usr/lib"); + minijail_add_fs_restriction_rx(j, "/usr/lib64"); + // Common locations for services invoking Minijail. + minijail_add_fs_restriction_rx(j, "/bin"); + minijail_add_fs_restriction_rx(j, "/sbin"); + minijail_add_fs_restriction_rx(j, "/usr/sbin"); + minijail_add_fs_restriction_rx(j, "/usr/bin"); +} + void API minijail_use_caps(struct minijail *j, uint64_t capmask) { /* @@ -851,28 +912,35 @@ int API minijail_create_session(struct minijail *j) int API minijail_add_fs_restriction_rx(struct minijail *j, const char *path) { - return !add_fs_restriction_internal(j, path, - ACCESS_FS_ROUGHLY_READ_EXECUTE); + return !add_fs_restriction_path(j, path, + ACCESS_FS_ROUGHLY_READ_EXECUTE); } int API minijail_add_fs_restriction_ro(struct minijail *j, const char *path) { - return !add_fs_restriction_internal(j, path, ACCESS_FS_ROUGHLY_READ); + return !add_fs_restriction_path(j, path, ACCESS_FS_ROUGHLY_READ); } int API minijail_add_fs_restriction_rw(struct minijail *j, const char *path) { - return !add_fs_restriction_internal(j, path, + return !add_fs_restriction_path(j, path, ACCESS_FS_ROUGHLY_READ | ACCESS_FS_ROUGHLY_BASIC_WRITE); } int API minijail_add_fs_restriction_advanced_rw(struct minijail *j, const char *path) { - return !add_fs_restriction_internal(j, path, + return !add_fs_restriction_path(j, path, ACCESS_FS_ROUGHLY_READ | ACCESS_FS_ROUGHLY_FULL_WRITE); } +int API minijail_add_fs_restriction_edit(struct minijail *j, + const char *path) +{ + return !add_fs_restriction_path(j, path, + ACCESS_FS_ROUGHLY_READ | ACCESS_FS_ROUGHLY_EDIT); +} + static bool is_valid_bind_path(const char *path) { if (!block_symlinks_in_bindmount_paths()) { @@ -993,12 +1061,20 @@ int API minijail_bind(struct minijail *j, const char *src, const char *dest, { unsigned long flags = MS_BIND; + /* + * Check for symlinks in bind-mount source paths to warn the user early. + * Minijail will perform one final check immediately before the mount() + * call. + */ if (!is_valid_bind_path(src)) { warn("src '%s' is not a valid bind mount path", src); return -ELOOP; } - /* |dest| might not yet exist. */ + /* + * Symlinks in |dest| are blocked by the ChromiumOS LSM: + * <kernel>/security/chromiumos/lsm.c#77 + */ if (!writeable) flags |= MS_RDONLY; @@ -1447,6 +1523,8 @@ int minijail_unmarshal(struct minijail *j, char *serialized, size_t length) j->filter_prog = NULL; j->hooks_head = NULL; j->hooks_tail = NULL; + j->fs_rules_head = NULL; + j->fs_rules_tail = NULL; if (j->user) { /* stale pointer */ char *user = consumestr(&serialized, &length); @@ -1804,7 +1882,7 @@ static int mount_one(const struct minijail *j, struct mountpoint *m, int ret; char *dest; bool do_remount = false; - bool has_bind_flag = !!(m->flags & MS_BIND); + bool has_bind_flag = mount_has_bind_flag(m); bool has_remount_flag = !!(m->flags & MS_REMOUNT); unsigned long original_mnt_flags = 0; @@ -1865,6 +1943,19 @@ static int mount_one(const struct minijail *j, struct mountpoint *m, } } + /* + * Do a final check for symlinks in |m->src|. + * |m->src| will only contain a valid path when purely bind-mounting + * (but not when remounting a bind mount). + * + * Short of having a version of mount(2) that can take fd's, this is the + * smallest we can make the TOCTOU window. + */ + if (has_bind_flag && !has_remount_flag && !is_valid_bind_path(m->src)) { + warn("src '%s' is not a valid bind mount path", m->src); + goto error; + } + ret = mount(m->src, dest, m->type, m->flags, m->data); if (ret) { pwarn("cannot mount '%s' as '%s' with flags %#lx", m->src, dest, @@ -2011,8 +2102,14 @@ static int mount_tmp(const struct minijail *j) pdie("tmpfs size spec error"); else if ((size_t)ret >= sizeof(data)) pdie("tmpfs size spec too large"); - return mount("none", "/tmp", "tmpfs", MS_NODEV | MS_NOEXEC | MS_NOSUID, - data); + + unsigned long flags = MS_NODEV | MS_NOEXEC | MS_NOSUID; + + if (block_symlinks_in_noninit_mountns_tmp()) { + flags |= MS_NOSYMFOLLOW; + } + + return mount("none", "/tmp", "tmpfs", flags, data); } static int remount_proc_readonly(const struct minijail *j) @@ -2299,10 +2396,40 @@ static void drop_caps(const struct minijail *j, unsigned int last_valid_cap) cap_free(caps); } +/* Creates a ruleset for current inodes then calls landlock_restrict_self(). */ static void apply_landlock_restrictions(const struct minijail *j) { - if (j->landlock_used && j->ruleset_fd >= 0) { - if (landlock_restrict_self(j->ruleset_fd, 0)) { + struct fs_rule *r; + attribute_cleanup_fd int ruleset_fd = -1; + + r = j->fs_rules_head; + while (r) { + if (ruleset_fd < 0) { + struct minijail_landlock_ruleset_attr ruleset_attr = { + .handled_access_fs = HANDLED_ACCESS_TYPES + }; + ruleset_fd = landlock_create_ruleset( + &ruleset_attr, sizeof(ruleset_attr), 0); + if (ruleset_fd < 0) { + const int err = errno; + pwarn("Failed to create a ruleset"); + switch (err) { + case ENOSYS: + pwarn("Landlock is not supported by the current kernel"); + break; + case EOPNOTSUPP: + pwarn("Landlock is currently disabled by kernel config"); + break; + } + return; + } + } + populate_ruleset_internal(r->path, ruleset_fd, r->landlock_flags); + r = r->next; + } + + if (ruleset_fd >= 0) { + if (landlock_restrict_self(ruleset_fd, 0)) { pdie("Failed to enforce ruleset"); } } @@ -3642,11 +3769,6 @@ static int minijail_run_internal(struct minijail *j, if (!config->exec_in_child) return 0; - if (j->ruleset_fd >= 0) { - close(j->ruleset_fd); - j->ruleset_fd = -1; - } - /* * We're going to execve(), so make sure any remaining resources are * freed. Exceptions are: @@ -3802,8 +3924,6 @@ void API minijail_destroy(struct minijail *j) { size_t i; - if (j->ruleset_fd >= 0) - close(j->ruleset_fd); if (j->filter_prog) { free(j->filter_prog->filter); free(j->filter_prog); @@ -3816,6 +3936,12 @@ void API minijail_destroy(struct minijail *j) free(c); } j->hooks_tail = NULL; + while (j->fs_rules_head) { + struct fs_rule *r = j->fs_rules_head; + j->fs_rules_head = r->next; + free(r); + } + j->fs_rules_tail = NULL; if (j->user) free(j->user); if (j->suppl_gid_list) diff --git a/libminijail.h b/libminijail.h index a2900af..1125169 100644 --- a/libminijail.h +++ b/libminijail.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -106,6 +106,10 @@ void minijail_use_seccomp(struct minijail *j); void minijail_no_new_privs(struct minijail *j); void minijail_use_seccomp_filter(struct minijail *j); void minijail_set_seccomp_filter_tsync(struct minijail *j); +/* Sets using_minimalistic_mountns to true. */ +void minijail_set_using_minimalistic_mountns(struct minijail *j); +void minijail_add_minimalistic_mountns_fs_rules(struct minijail *j); +void minijail_enable_default_fs_restrictions(struct minijail *j); /* * Allow speculative execution features that may cause data leaks across * processes, by setting the SECCOMP_FILTER_FLAG_SPEC_ALLOW seccomp flag. @@ -204,6 +208,9 @@ int minijail_add_fs_restriction_rw(struct minijail *j, const char *path); int minijail_add_fs_restriction_advanced_rw(struct minijail *j, const char *path); +/* Adds a path with read and write permissions that exclude create. */ +int minijail_add_fs_restriction_edit(struct minijail *j, const char *path); + /* * Install signal handlers in the minijail process that forward received * signals to the jailed child process. @@ -520,7 +527,8 @@ int minijail_wait(struct minijail *j); /* * Frees the given minijail. It does not matter if the process is inside the - * minijail or not. + * minijail or not. It will not kill the process, see minijail_kill() if that is + * desired. */ void minijail_destroy(struct minijail *j); diff --git a/libminijail_unittest.cc b/libminijail_unittest.cc index eea0053..7ffbde5 100644 --- a/libminijail_unittest.cc +++ b/libminijail_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -103,6 +103,21 @@ std::map<std::string, std::string> GetNamespaces( return namespaces; } +void set_preload_path(minijail *j) { +#if defined(__ANDROID__) + // libminijailpreload.so isn't available in android, so skip trying to load + // it. Even without the preload, all the test cases either pass or are skipped + // for other reasons. + return; +#endif + // We need to get the absolute path because entering a new mntns will + // implicitly chdir(/) for us. + char *preload_path = realpath(kPreloadPath, nullptr); + ASSERT_NE(preload_path, nullptr); + minijail_set_preload_path(j, preload_path); + free(preload_path); +} + } // namespace /* Silence unused variable warnings. */ @@ -571,7 +586,7 @@ TEST(Test, minijail_run_env_pid_pipes) { GTEST_SKIP(); ScopedMinijail j(minijail_new()); - minijail_set_preload_path(j.get(), kPreloadPath); + set_preload_path(j.get()); char *argv[4]; argv[0] = const_cast<char*>(kCatPath); @@ -634,7 +649,7 @@ TEST(Test, minijail_run_fd_env_pid_pipes) { GTEST_SKIP(); ScopedMinijail j(minijail_new()); - minijail_set_preload_path(j.get(), kPreloadPath); + set_preload_path(j.get()); char *argv[4]; argv[0] = const_cast<char*>(kShellPath); @@ -724,7 +739,7 @@ TEST(Test, minijail_run_env_pid_pipes_with_local_preload) { ASSERT_EQ(setenv("TEST_PARENT", "test", 1 /*overwrite*/), 0); // Use the preload library from this test build. - ASSERT_EQ(0, minijail_set_preload_path(j.get(), "./libminijailpreload.so")); + set_preload_path(j.get()); int child_stderr; mj_run_ret = @@ -1069,7 +1084,7 @@ namespace { // Tests that require userns access. // Android unit tests don't currently support entering user namespaces as -// unprivileged users due to having an older kernel. Chrome OS unit tests +// unprivileged users due to having an older kernel. ChromeOS unit tests // don't support it either due to being in a chroot environment (see man 2 // clone for more information about failure modes with the CLONE_NEWUSER flag). class NamespaceTest : public ::testing::Test { @@ -1178,7 +1193,7 @@ TEST_F(NamespaceTest, test_namespaces) { {minijail_run_pid_pipes, minijail_run_pid_pipes_no_preload}) { for (const auto& test_function : test_functions) { ScopedMinijail j(minijail_new()); - minijail_set_preload_path(j.get(), kPreloadPath); + set_preload_path(j.get()); // Enter all the namespaces we can. minijail_namespace_cgroups(j.get()); @@ -1273,11 +1288,7 @@ TEST_F(NamespaceTest, test_enter_ns) { // Finally enter those namespaces. j = minijail_new(); - // We need to get the absolute path because entering a new mntns will - // implicitly chdir(/) for us. - char *path = realpath(kPreloadPath, nullptr); - ASSERT_NE(nullptr, path); - minijail_set_preload_path(j, path); + set_preload_path(j); minijail_namespace_net(j); minijail_namespace_vfs(j); diff --git a/libminijailpreload.c b/libminijailpreload.c index b5a3c75..17c8f97 100644 --- a/libminijailpreload.c +++ b/libminijailpreload.c @@ -1,5 +1,5 @@ /* libminijailpreload.c - preload hack library - * Copyright (c) 2011 The Chromium OS Authors. All rights reserved. + * Copyright 2011 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/libsyscalls.h b/libsyscalls.h index 29583ce..50a92a9 100644 --- a/libsyscalls.h +++ b/libsyscalls.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +/* Copyright 2011 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/minijail0.1 b/minijail0.1 index a53ec6f..c323f2d 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -1,4 +1,4 @@ -.TH MINIJAIL0 "1" "March 2016" "Chromium OS" "User Commands" +.TH MINIJAIL0 "1" "March 2016" "ChromiumOS" "User Commands" .SH NAME minijail0 \- sandbox a process .SH SYNOPSIS @@ -390,9 +390,9 @@ allows the operations to jail \fIprogram\fR. .RE .SH AUTHOR -The Chromium OS Authors <chromiumos-dev@chromium.org> +The ChromiumOS Authors <chromiumos-dev@chromium.org> .SH COPYRIGHT -Copyright \(co 2011 The Chromium OS Authors +Copyright \(co 2011 The ChromiumOS Authors License BSD-like. .SH "SEE ALSO" .BR libminijail.h , diff --git a/minijail0.5 b/minijail0.5 index 3e4f114..c0e18e8 100644 --- a/minijail0.5 +++ b/minijail0.5 @@ -1,4 +1,4 @@ -.TH MINIJAIL0 "5" "July 2011" "Chromium OS" "User Commands" +.TH MINIJAIL0 "5" "July 2011" "ChromiumOS" "User Commands" .SH NAME minijail0 \- sandbox a process .SH DESCRIPTION @@ -6,10 +6,11 @@ minijail0 \- sandbox a process Runs PROGRAM inside a sandbox. See \fBminijail0\fR(1) for details. .SH EXAMPLES -Safely switch from root to nobody while dropping all capabilities and -inheriting any groups from nobody: +Safely switch from user \fIroot\fR to \fInobody\fR, switch to primary group +\fInobody\fR, drop all capabilities, and inherit any supplementary groups from +user \fInobody\fR: - # minijail0 -c 0 -G -u nobody /usr/bin/whoami + # minijail0 -u nobody -g nobody -c 0 -G /usr/bin/whoami nobody Run in a PID and VFS namespace without superuser capabilities (but still @@ -183,9 +184,9 @@ will occupy a single line, without '=' and value. Otherwise, any string that is given after the '=' is interpreted as the argument. .SH AUTHOR -The Chromium OS Authors <chromiumos-dev@chromium.org> +The ChromiumOS Authors <chromiumos-dev@chromium.org> .SH COPYRIGHT -Copyright \(co 2011 The Chromium OS Authors +Copyright \(co 2011 The ChromiumOS Authors License BSD-like. .SH "SEE ALSO" .BR minijail0 (1) diff --git a/minijail0.c b/minijail0.c index 9b1fcf3..7ef74b5 100644 --- a/minijail0.c +++ b/minijail0.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/minijail0.sh b/minijail0.sh index cd5303a..21d9174 100755 --- a/minijail0.sh +++ b/minijail0.sh @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 2020 The Chromium OS Authors. All rights reserved. +# Copyright 2020 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/minijail0_cli.c b/minijail0_cli.c index 1b27167..25aa930 100644 --- a/minijail0_cli.c +++ b/minijail0_cli.c @@ -1,4 +1,4 @@ -/* Copyright 2018 The Chromium OS Authors. All rights reserved. +/* Copyright 2018 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -403,6 +403,7 @@ static void use_profile(struct minijail *j, const char *profile, *tmp_size = DEFAULT_TMP_SIZE; } minijail_remount_proc_readonly(j); + minijail_set_using_minimalistic_mountns(j); use_pivot_root(j, DEFAULT_PIVOT_ROOT, pivot_root, chroot); } else errx(1, "Unrecognized profile name '%s'", profile); @@ -467,6 +468,11 @@ enum { OPT_CONFIG, OPT_ENV_ADD, OPT_ENV_RESET, + OPT_FS_DEFAULT_PATHS, + OPT_FS_PATH_RX, + OPT_FS_PATH_RO, + OPT_FS_PATH_RW, + OPT_FS_PATH_ADVANCED_RW, OPT_LOGGING, OPT_PRELOAD_LIBRARY, OPT_PROFILE, @@ -501,6 +507,11 @@ static const struct option long_options[] = { {"mount", required_argument, 0, 'k'}, {"bind-mount", required_argument, 0, 'b'}, {"ns-mount", no_argument, 0, 'v'}, + {"fs-default-paths", no_argument, 0, OPT_FS_DEFAULT_PATHS}, + {"fs-path-rx", required_argument, 0, OPT_FS_PATH_RX}, + {"fs-path-ro", required_argument, 0, OPT_FS_PATH_RO}, + {"fs-path-rw", required_argument, 0, OPT_FS_PATH_RW}, + {"fs-path-advanced-rw", required_argument, 0, OPT_FS_PATH_ADVANCED_RW}, {0, 0, 0, 0}, }; @@ -615,6 +626,17 @@ static const char help_text[] = "Uncommon options:\n" " --allow-speculative-execution\n" " Allow speculative execution by disabling mitigations.\n" +" --fs-default-paths\n" +" Adds a set of allowed paths to allow running common system \n" +" executables.\n" +" --fs-path-rx\n" +" Adds an allowed read-execute path.\n" +" --fs-path-ro\n" +" Adds an allowed read-only path.\n" +" --fs-path-rw\n" +" Adds an allowed read-write path.\n" +" --fs-path-advanced-rw\n" +" Adds an allowed advanced read-write path.\n" " --preload-library=<file>\n" " Overrides the path to \"" PRELOADPATH "\".\n" " This is only really useful for local testing.\n" @@ -1002,6 +1024,21 @@ int parse_args(struct minijail *j, int argc, char *const argv[], case OPT_PRELOAD_LIBRARY: *preload_path = optarg; break; + case OPT_FS_DEFAULT_PATHS: + minijail_enable_default_fs_restrictions(j); + break; + case OPT_FS_PATH_RX: + minijail_add_fs_restriction_rx(j, optarg); + break; + case OPT_FS_PATH_RO: + minijail_add_fs_restriction_ro(j, optarg); + break; + case OPT_FS_PATH_RW: + minijail_add_fs_restriction_rw(j, optarg); + break; + case OPT_FS_PATH_ADVANCED_RW: + minijail_add_fs_restriction_advanced_rw(j, optarg); + break; case OPT_SECCOMP_BPF_BINARY: if (seccomp != None && seccomp != BpfBinaryFilter) { errx(1, "Do not use -s, -S, or " diff --git a/minijail0_cli.h b/minijail0_cli.h index cd504b3..00a541c 100644 --- a/minijail0_cli.h +++ b/minijail0_cli.h @@ -1,4 +1,4 @@ -/* Copyright 2018 The Chromium OS Authors. All rights reserved. +/* Copyright 2018 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc index 51747b3..8674e07 100644 --- a/minijail0_cli_unittest.cc +++ b/minijail0_cli_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2018 The Chromium OS Authors. All rights reserved. +/* Copyright 2018 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -613,5 +613,13 @@ TEST_F(CliTest, conf_parsing_with_dac_override) { ASSERT_TRUE(parse_args_(argv)); } +TEST_F(CliTest, conf_fs_path) { + std::vector<std::string> argv = {"-c 2", "--config", + source_path("test/landlock.conf"), + "/bin/sh"}; + + ASSERT_TRUE(parse_args_(argv)); +} + #endif // !__ANDROID__ diff --git a/parse_seccomp_policy.cc b/parse_seccomp_policy.cc index 37aeec6..e511156 100644 --- a/parse_seccomp_policy.cc +++ b/parse_seccomp_policy.cc @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/platform2_preinstall.sh b/platform2_preinstall.sh index 7d19d99..418c9fc 100755 --- a/platform2_preinstall.sh +++ b/platform2_preinstall.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2015 The Chromium OS Authors. All rights reserved. +# Copyright 2015 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/rust/OWNERS b/rust/OWNERS index f8111bb..ae85cbb 100644 --- a/rust/OWNERS +++ b/rust/OWNERS @@ -1,4 +1,4 @@ -# Copyright 2019 The Chromium OS Authors. All rights reserved. +# Copyright 2019 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/rust/minijail-sys/Android.bp b/rust/minijail-sys/Android.bp new file mode 100644 index 0000000..86c092e --- /dev/null +++ b/rust/minijail-sys/Android.bp @@ -0,0 +1,35 @@ +// This file is generated by cargo2android.py --config cargo2android.json. +// Do not modify this file as changes will be overridden on upgrade. + + + +package { + // See: http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // all of the 'license_kinds' from "external_minijail_license" + // to get the below license kinds: + // SPDX-license-identifier-BSD + default_applicable_licenses: ["external_minijail_license"], +} + +rust_library { + name: "libminijail_sys", + host_supported: true, + crate_name: "minijail_sys", + cargo_env_compat: true, + cargo_pkg_version: "0.0.13", + srcs: ["lib.rs"], + edition: "2018", + rustlibs: [ + "liblibc", + ], + shared_libs: [ + "libcap", + "libminijail", + ], + apex_available: [ + "//apex_available:platform", + "com.android.compos", + "com.android.virt", + ], +} diff --git a/rust/minijail-sys/Cargo.toml b/rust/minijail-sys/Cargo.toml index 4c49c95..6745d14 100644 --- a/rust/minijail-sys/Cargo.toml +++ b/rust/minijail-sys/Cargo.toml @@ -2,7 +2,7 @@ name = "minijail-sys" version = "0.0.13" description = "Provides raw (unsafe) bindings to the libminijail C library." -authors = ["The Chromium OS Authors"] +authors = ["The ChromiumOS Authors"] edition = "2018" build = "build.rs" diff --git a/rust/minijail-sys/build.rs b/rust/minijail-sys/build.rs index 5772da2..4aa172d 100644 --- a/rust/minijail-sys/build.rs +++ b/rust/minijail-sys/build.rs @@ -1,4 +1,4 @@ -// Copyright 2019 The Chromium OS Authors. All rights reserved. +// Copyright 2019 The ChromiumOS Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -85,15 +85,15 @@ fn bindings_generation() -> io::Result<()> { println!("cargo:rerun-if-changed={}", header_path.display()); let status = Command::new(&bindgen) .args(&["--default-enum-style", "rust"]) - .args(&["--blacklist-type", "__rlim64_t"]) + .args(&["--blocklist-type", "__rlim64_t"]) .args(&["--raw-line", "pub type __rlim64_t = u64;"]) - .args(&["--blacklist-type", "__u\\d{1,2}"]) + .args(&["--blocklist-type", "__u\\d{1,2}"]) .args(&["--raw-line", "pub type __u8 = u8;"]) .args(&["--raw-line", "pub type __u16 = u16;"]) .args(&["--raw-line", "pub type __u32 = u32;"]) - .args(&["--blacklist-type", "__uint64_t"]) - .args(&["--whitelist-function", "^minijail_.*"]) - .args(&["--whitelist-var", "^MINIJAIL_.*"]) + .args(&["--blocklist-type", "__uint64_t"]) + .args(&["--allowlist-function", "^minijail_.*"]) + .args(&["--allowlist-var", "^MINIJAIL_.*"]) .arg("--size_t-is-usize") .arg("--no-layout-tests") .arg("--disable-header-comment") diff --git a/rust/minijail-sys/cargo2android.json b/rust/minijail-sys/cargo2android.json new file mode 100644 index 0000000..4fb4f8f --- /dev/null +++ b/rust/minijail-sys/cargo2android.json @@ -0,0 +1,13 @@ +{ + "run": true, + "device": true, + "apex-available": [ + "//apex_available:platform", + "com.android.compos", + "com.android.virt" + ], + "patch": "patches/Android.bp.patch", + "lib-blocklist": [ + "minijail.pic" + ] +} diff --git a/rust/minijail-sys/lib.rs b/rust/minijail-sys/lib.rs index c418150..0285594 100644 --- a/rust/minijail-sys/lib.rs +++ b/rust/minijail-sys/lib.rs @@ -1,4 +1,4 @@ -// Copyright 2019 The Chromium OS Authors. All rights reserved. +// Copyright 2019 The ChromiumOS Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -18,15 +18,15 @@ // // Generated in CrOS SDK chroot with: // bindgen --default-enum-style rust \ -// --blacklist-type '__rlim64_t' \ +// --blocklist-type '__rlim64_t' \ // --raw-line 'pub type __rlim64_t = u64;' \ -// --blacklist-type '__u\d{1,2}' \ +// --blocklist-type '__u\d{1,2}' \ // --raw-line 'pub type __u8 = u8;' \ // --raw-line 'pub type __u16 = u16;' \ // --raw-line 'pub type __u32 = u32;' \ -// --blacklist-type '__uint64_t' \ -// --whitelist-function '^minijail_.*' \ -// --whitelist-var '^MINIJAIL_.*' \ +// --blocklist-type '__uint64_t' \ +// --allowlist-function '^minijail_.*' \ +// --allowlist-var '^MINIJAIL_.*' \ // --no-layout-tests \ // --output libminijail.rs \ // libminijail.h -- \ diff --git a/rust/minijail-sys/libminijail.rs b/rust/minijail-sys/libminijail.rs index b417314..a867aee 100644 --- a/rust/minijail-sys/libminijail.rs +++ b/rust/minijail-sys/libminijail.rs @@ -97,6 +97,15 @@ extern "C" { pub fn minijail_set_seccomp_filter_tsync(j: *mut minijail); } extern "C" { + pub fn minijail_set_using_minimalistic_mountns(j: *mut minijail); +} +extern "C" { + pub fn minijail_add_minimalistic_mountns_fs_rules(j: *mut minijail); +} +extern "C" { + pub fn minijail_enable_default_fs_restrictions(j: *mut minijail); +} +extern "C" { pub fn minijail_set_seccomp_filter_allow_speculation(j: *mut minijail); } extern "C" { @@ -228,6 +237,36 @@ extern "C" { ) -> ::std::os::raw::c_int; } extern "C" { + pub fn minijail_add_fs_restriction_rx( + j: *mut minijail, + path: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn minijail_add_fs_restriction_ro( + j: *mut minijail, + path: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn minijail_add_fs_restriction_rw( + j: *mut minijail, + path: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn minijail_add_fs_restriction_advanced_rw( + j: *mut minijail, + path: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn minijail_add_fs_restriction_edit( + j: *mut minijail, + path: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { pub fn minijail_forward_signals(j: *mut minijail) -> ::std::os::raw::c_int; } extern "C" { diff --git a/rust/minijail-sys/patches/Android.bp.patch b/rust/minijail-sys/patches/Android.bp.patch new file mode 100644 index 0000000..fe5115c --- /dev/null +++ b/rust/minijail-sys/patches/Android.bp.patch @@ -0,0 +1,16 @@ +diff --git a/rust/minijail-sys/Android.bp b/rust/minijail-sys/Android.bp +index bdba0d7..788dc77 100644 +--- a/rust/minijail-sys/Android.bp ++++ b/rust/minijail-sys/Android.bp +@@ -14,7 +14,10 @@ rust_library { + rustlibs: [ + "liblibc", + ], +- shared_libs: ["libcap"], ++ shared_libs: [ ++ "libcap", ++ "libminijail", ++ ], + apex_available: [ + "//apex_available:platform", + "com.android.compos", diff --git a/rust/minijail/Android.bp b/rust/minijail/Android.bp new file mode 100644 index 0000000..ba66d81 --- /dev/null +++ b/rust/minijail/Android.bp @@ -0,0 +1,33 @@ +// This file is generated by cargo2android.py --config cargo2android.json. +// Do not modify this file as changes will be overridden on upgrade. + + + +package { + // See: http://go/android-license-faq + // A large-scale-change added 'default_applicable_licenses' to import + // all of the 'license_kinds' from "external_minijail_license" + // to get the below license kinds: + // SPDX-license-identifier-BSD + default_applicable_licenses: ["external_minijail_license"], +} + +rust_library { + name: "libminijail_rust", + stem: "libminijail", + host_supported: true, + crate_name: "minijail", + cargo_env_compat: true, + cargo_pkg_version: "0.2.3", + srcs: ["src/lib.rs"], + edition: "2018", + rustlibs: [ + "liblibc", + "libminijail_sys", + ], + apex_available: [ + "//apex_available:platform", + "com.android.compos", + "com.android.virt", + ], +} diff --git a/rust/minijail/Cargo.toml b/rust/minijail/Cargo.toml index e6c08b8..5c4087f 100644 --- a/rust/minijail/Cargo.toml +++ b/rust/minijail/Cargo.toml @@ -2,14 +2,9 @@ name = "minijail" version = "0.2.3" description = "Provides a safe Rust friendly interface to libminijail." -authors = ["The Chromium OS Authors"] +authors = ["The ChromiumOS Authors"] edition = "2018" [dependencies] libc = "0.2.44" minijail-sys = { path = "../minijail-sys" } # provided by ebuild - -[[test]] -name = "fork_remap" -path = "tests/fork_remap.rs" -harness = false diff --git a/rust/minijail/cargo2android.json b/rust/minijail/cargo2android.json new file mode 100644 index 0000000..d2adf3e --- /dev/null +++ b/rust/minijail/cargo2android.json @@ -0,0 +1,9 @@ +{ + "run": true, + "device": true, + "apex-available": [ + "//apex_available:platform", + "com.android.compos", + "com.android.virt" + ] +} diff --git a/rust/minijail/src/lib.rs b/rust/minijail/src/lib.rs index 8c693e8..5d7d7fe 100644 --- a/rust/minijail/src/lib.rs +++ b/rust/minijail/src/lib.rs @@ -1,4 +1,4 @@ -// Copyright 2017 The Chromium OS Authors. All rights reserved. +// Copyright 2017 The ChromiumOS Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -319,7 +319,11 @@ impl Display for Error { SeccompViolation(s) => write!(f, "seccomp violation syscall #{}", s), Killed(s) => write!(f, "killed with signal number {}", s), ReturnCode(e) => write!(f, "exited with code {}", e), - Wait(errno) => write!(f, "failed to wait: {}", io::Error::from_raw_os_error(*errno)), + Wait(errno) => write!( + f, + "failed to wait: {}", + io::Error::from_raw_os_error(*errno) + ), } } } @@ -920,6 +924,9 @@ impl Minijail { /// /// This Function may abort in the child on error because a partially /// entered jail isn't recoverable. + /// + /// Once this is invoked the object is no longer usable, after this call + /// this minijail object is invalid. pub unsafe fn fork(&self, inheritable_fds: Option<&[RawFd]>) -> Result<pid_t> { let m: Vec<(RawFd, RawFd)> = inheritable_fds .unwrap_or(&[]) @@ -1000,7 +1007,8 @@ impl Minijail { } impl Drop for Minijail { - /// Frees the Minijail created in Minijail::new. + /// Frees the Minijail created in Minijail::new. This will not terminate the + /// minijailed process. fn drop(&mut self) { unsafe { // Destroys the minijail's memory. It is safe to do here because all references to @@ -1189,7 +1197,7 @@ fi #[test] fn runnable_fd_success() { let bin_file = File::open("/bin/true").unwrap(); - // On Chrome OS targets /bin/true is actually a script, so drop CLOEXEC to prevent ENOENT. + // On ChromeOS targets /bin/true is actually a script, so drop CLOEXEC to prevent ENOENT. clear_cloexec(&bin_file).unwrap(); let j = Minijail::new().unwrap(); diff --git a/rust/minijail/tests/fork_remap.rs b/rust/minijail/tests/fork_remap.rs index 6cf3415..21f7388 100644 --- a/rust/minijail/tests/fork_remap.rs +++ b/rust/minijail/tests/fork_remap.rs @@ -1,4 +1,4 @@ -// Copyright 2021 The Chromium OS Authors. All rights reserved. +// Copyright 2021 The ChromiumOS Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. diff --git a/scoped_minijail.h b/scoped_minijail.h index 38f1a91..160cd50 100644 --- a/scoped_minijail.h +++ b/scoped_minijail.h @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/signal_handler.c b/signal_handler.c index 175c9eb..77b32ca 100644 --- a/signal_handler.c +++ b/signal_handler.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/signal_handler.h b/signal_handler.h index 756273f..2b08018 100644 --- a/signal_handler.h +++ b/signal_handler.h @@ -1,5 +1,5 @@ /* signal_handler.h - * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/syscall_filter.c b/syscall_filter.c index 5ef8960..c986f3c 100644 --- a/syscall_filter.c +++ b/syscall_filter.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/syscall_filter.h b/syscall_filter.h index 304f8c0..dac5c2e 100644 --- a/syscall_filter.h +++ b/syscall_filter.h @@ -1,5 +1,5 @@ /* syscall_filter.h - * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc index 79755f9..c202b02 100644 --- a/syscall_filter_unittest.cc +++ b/syscall_filter_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/syscall_filter_unittest_macros.h b/syscall_filter_unittest_macros.h index b58dd7e..3848541 100644 --- a/syscall_filter_unittest_macros.h +++ b/syscall_filter_unittest_macros.h @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/syscall_wrapper.c b/syscall_wrapper.c index dd6f826..dfdbfcd 100644 --- a/syscall_wrapper.c +++ b/syscall_wrapper.c @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/syscall_wrapper.h b/syscall_wrapper.h index 7769108..c1988ac 100644 --- a/syscall_wrapper.h +++ b/syscall_wrapper.h @@ -1,4 +1,4 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. +/* Copyright 2016 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -1,4 +1,4 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2017 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -551,5 +551,17 @@ bool seccomp_filter_flags_available(unsigned int flags) bool is_canonical_path(const char *path) { attribute_cleanup_str char *rp = realpath(path, NULL); - return rp != NULL ? streq(path, rp) : false; + if (!rp) { + return false; + } + + if (streq(path, rp)) { + return true; + } + + size_t path_len = strlen(path); + size_t rp_len = strlen(rp); + /* If |path| has a single trailing slash, that's OK. */ + return path_len == rp_len + 1 && strncmp(path, rp, rp_len) == 0 && + path[path_len - 1] == '/'; } @@ -1,4 +1,4 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2017 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -69,6 +69,7 @@ bool seccomp_filter_flags_available(unsigned int flags); * -Absolute. * -No symlinks. * -No /./, /../, or extra '/'. + * -Single trailing '/' is OK. */ bool is_canonical_path(const char *path); diff --git a/system_unittest.cc b/system_unittest.cc index e50a6e6..5fa8076 100644 --- a/system_unittest.cc +++ b/system_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2017 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -258,3 +258,8 @@ TEST(is_canonical_path, basic) { EXPECT_TRUE(is_canonical_path("/proc")); EXPECT_TRUE(is_canonical_path("/proc/1")); } + +TEST(is_canonical_path, trailing_slash) { + EXPECT_TRUE(is_canonical_path("/proc/1/")); + EXPECT_FALSE(is_canonical_path("/proc/1//")); +} diff --git a/test/landlock.conf b/test/landlock.conf new file mode 100644 index 0000000..65ffe81 --- /dev/null +++ b/test/landlock.conf @@ -0,0 +1,7 @@ +% minijail-config-file v0 + +fs-default-paths +fs-path-ro = / +fs-path-rx = /lib +fs-path-rw = /tmp +fs-path-advanced-rw = /tmp
\ No newline at end of file diff --git a/test/read_stdin b/test/read_stdin index 29578a6..6200bb5 100644 --- a/test/read_stdin +++ b/test/read_stdin @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Copyright 2012 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/test_util.cc b/test_util.cc index cb751ff..bbe0215 100644 --- a/test_util.cc +++ b/test_util.cc @@ -1,4 +1,4 @@ -/* Copyright 2021 The Chromium OS Authors. All rights reserved. +/* Copyright 2021 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/test_util.h b/test_util.h index e915086..7f923ed 100644 --- a/test_util.h +++ b/test_util.h @@ -1,5 +1,5 @@ /* test_util.h - * Copyright 2021 The Chromium OS Authors. All rights reserved. + * Copyright 2021 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/testrunner.cc b/testrunner.cc index 162f0e5..70010f2 100644 --- a/testrunner.cc +++ b/testrunner.cc @@ -1,4 +1,4 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2017 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * diff --git a/tools/Android.bp b/tools/Android.bp index 71bb82d..62b3a88 100644 --- a/tools/Android.bp +++ b/tools/Android.bp @@ -31,14 +31,6 @@ python_binary_host { "compiler.py", "parser.py", ], - version: { - py2: { - enabled: false, - }, - py3: { - enabled: true, - }, - }, } python_test_host { @@ -53,14 +45,6 @@ python_test_host { data: [ "testdata/arch_64.json", ], - version: { - py2: { - enabled: false, - }, - py3: { - enabled: true, - }, - }, } python_test_host { @@ -76,14 +60,6 @@ python_test_host { data: [ "testdata/arch_64.json", ], - version: { - py2: { - enabled: false, - }, - py3: { - enabled: true, - }, - }, } python_binary_host { @@ -92,14 +68,6 @@ python_binary_host { srcs: [ "generate_constants_json.py", ], - version: { - py2: { - enabled: false, - }, - py3: { - enabled: true, - }, - }, } diff --git a/tools/generate_constants_json.py b/tools/generate_constants_json.py index 6b38022..3fe8684 100755 --- a/tools/generate_constants_json.py +++ b/tools/generate_constants_json.py @@ -38,6 +38,21 @@ _TABLE_ENTRY_RE = re.compile( # number. _TABLE_ENTRY_CONTENTS = re.compile(r'.*?(null|@[a-zA-Z0-9.]+).* (-?\d+)') +# When testing clang-r458909, we found a new constant_entry pattern: +# %struct.constant_entry { ptr @.str.894, i32 ptrtoint (ptr @.str.895 to i32) }, +# For the same constant, current clang-r458507 generates: +# %struct.constant_entry { i8* getelementptr inbounds +# ([19 x i8], [19 x i8]* @.str.894, i32 0, i32 0), +# i32 ptrtoint ([9 x i8]* @.str.895 to i32) }, +# This is for a char* constant defined in linux-x86/libconstants.gen.c: +# { "FS_KEY_DESC_PREFIX", (unsigned long) FS_KEY_DESC_PREFIX }, +# and FS_KEY_DESC_PREFIX is defined as a char* "fscrypt:" +# Current output for that constant in constants.json is: +# "FS_KEY_DESC_PREFIX": 0, +# but that value does not seem to be useful or accurate. +# So here we define a pattern to ignore such pointer constants: +_IGNORED_ENTRY_CONTENTS = re.compile(r'.*? ptrto.* \(.*\)') + ParseResults = collections.namedtuple('ParseResults', ['table_name', 'table_entries']) @@ -65,6 +80,8 @@ def parse_llvm_ir(ir): for entry in _TABLE_ENTRY_RE.findall(line): groups = _TABLE_ENTRY_CONTENTS.match(entry) if not groups: + if _IGNORED_ENTRY_CONTENTS.match(entry): + continue raise ValueError('Failed to parse table entry %r' % entry) name, value = groups.groups() if name == 'null': diff --git a/unittest_util.h b/unittest_util.h index 54993d7..4dcfe80 100644 --- a/unittest_util.h +++ b/unittest_util.h @@ -1,11 +1,12 @@ /* unittest_util.h - * Copyright 2022 The ChromiumOS Authors. All rights reserved. + * Copyright 2022 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Utility functions for unit tests. */ +#include <errno.h> #include <ftw.h> #include <stdio.h> #include <stdlib.h> @@ -1,4 +1,4 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +/* Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -1,5 +1,5 @@ /* util.h - * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. + * Copyright 2012 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * @@ -230,6 +230,15 @@ static inline bool block_symlinks_in_bindmount_paths(void) #endif } +static inline bool block_symlinks_in_noninit_mountns_tmp(void) +{ +#if defined(BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP) + return true; +#else + return false; +#endif +} + static inline size_t get_num_syscalls(void) { return syscall_table_size; diff --git a/util_unittest.cc b/util_unittest.cc index 354dbc4..b3a2350 100644 --- a/util_unittest.cc +++ b/util_unittest.cc @@ -1,4 +1,4 @@ -/* Copyright 2018 The Chromium OS Authors. All rights reserved. +/* Copyright 2018 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * |