diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 16:01:00 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 16:01:00 +0000 |
commit | 2a880e7ad6add572cfed33da9cedb915bfc84c31 (patch) | |
tree | 4533b7472f0475d2ba0bb28d9e366d7cfb03b8ef | |
parent | 9afa1ca0b8aa3f49ce726f6e7985d86b8c6bade1 (diff) | |
parent | 0a1a6fd4ae779b963dc143356407b1b2fbb6c108 (diff) | |
download | minijail-android13-frc-adbd-release.tar.gz |
Snap for 8512216 from 0a1a6fd4ae779b963dc143356407b1b2fbb6c108 to tm-frc-adbd-releaset_frc_adb_330444000android13-frc-adbd-release
Change-Id: Ie35bc5e7621026147d4c1345481b1e7db17b4c76
-rw-r--r-- | Makefile | 7 | ||||
-rw-r--r-- | OWNERS | 4 | ||||
-rw-r--r-- | OWNERS_GENERAL | 3 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | TEST_MAPPING | 14 | ||||
-rw-r--r-- | libminijail-private.h | 6 | ||||
-rw-r--r-- | libminijail.c | 18 | ||||
-rw-r--r-- | rust/minijail/src/lib.rs | 5 | ||||
-rwxr-xr-x | tools/compile_seccomp_policy.py | 2 |
9 files changed, 42 insertions, 19 deletions
@@ -95,8 +95,7 @@ tests: TEST(CXX_BINARY(libminijail_unittest)) \ TEST(CXX_BINARY(syscall_filter_unittest)) \ TEST(CXX_BINARY(system_unittest)) \ TEST(CXX_BINARY(util_unittest)) \ - TEST(CXX_BINARY(config_parser_unittest)) \ - + TEST(CXX_BINARY(config_parser_unittest)) CC_BINARY(minijail0): LDLIBS += -lcap -ldl CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \ @@ -185,7 +184,7 @@ libsyscalls.gen.o.depends: libsyscalls.gen.c # Only regenerate libsyscalls.gen.c if the Makefile or header changes. # NOTE! This will not detect if the file is not appropriate for the target. libsyscalls.gen.c: $(SRC)/libsyscalls.h $(SRC)/Makefile - @$(ECHO) "GEN $(subst $(SRC)/,,$<) -> $@" + @/bin/echo -e "GEN $(subst $(SRC)/,,$<) -> $@" $(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@" clean: CLEAN(libsyscalls.gen.c) @@ -198,7 +197,7 @@ libconstants.gen.o.depends: libconstants.gen.c # Only regenerate libconstants.gen.c if the Makefile or header changes. # NOTE! This will not detect if the file is not appropriate for the target. libconstants.gen.c: $(SRC)/libconstants.h $(SRC)/Makefile - @$(ECHO) "GEN $(subst $(SRC)/,,$<) -> $@" + @/bin/echo -e "GEN $(subst $(SRC)/,,$<) -> $@" $(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@" clean: CLEAN(libconstants.gen.c) @@ -1,7 +1,5 @@ set noparent -allenwebb@google.com -jorgelo@google.com -vapier@google.com +include OWNERS_GENERAL # Emeritus. drewry@google.com keescook@google.com diff --git a/OWNERS_GENERAL b/OWNERS_GENERAL new file mode 100644 index 0000000..e5179ef --- /dev/null +++ b/OWNERS_GENERAL @@ -0,0 +1,3 @@ +allenwebb@google.com +jorgelo@google.com +vapier@google.com @@ -154,7 +154,7 @@ FEATURES=test emerge-${BOARD} chromeos-base/minijail dev-rust/minijail-sys \ # Check integration tests. cros deploy <DUT> chromeos-base/minijail -tast run <DUT> security.Minijail security.MinijailSeccomp +tast run <DUT> security.Minijail.* security.MinijailSeccomp ``` Finally, when uploading the CL make sure to include the list of changes diff --git a/TEST_MAPPING b/TEST_MAPPING index bdded19..539379e 100644 --- a/TEST_MAPPING +++ b/TEST_MAPPING @@ -12,5 +12,19 @@ { "name": "syscall_filter_unittest_gtest" } + ], + "hwasan-postsubmit": [ + { + "name": "libminijail_unittest_gtest" + }, + { + "name": "mj_system_unittest_gtest" + }, + { + "name": "mj_util_unittest_gtest" + }, + { + "name": "syscall_filter_unittest_gtest" + } ] } diff --git a/libminijail-private.h b/libminijail-private.h index a257a27..8feec55 100644 --- a/libminijail-private.h +++ b/libminijail-private.h @@ -19,9 +19,9 @@ extern "C" { */ #define API __attribute__((__visibility__("default"))) -static const char *const kFdEnvVar = "__MINIJAIL_FD"; -static const char *const kLdPreloadEnvVar = "LD_PRELOAD"; -static const char *const kSeccompPolicyPathEnvVar = "SECCOMP_POLICY_PATH"; +static const char kFdEnvVar[] = "__MINIJAIL_FD"; +static const char kLdPreloadEnvVar[] = "LD_PRELOAD"; +static const char kSeccompPolicyPathEnvVar[] = "SECCOMP_POLICY_PATH"; struct minijail; diff --git a/libminijail.c b/libminijail.c index ea59404..aab1294 100644 --- a/libminijail.c +++ b/libminijail.c @@ -2889,6 +2889,12 @@ static void setup_child_std_fds(struct minijail *j, if (setsid() < 0) { pdie("setsid() failed"); } + + if (isatty(STDIN_FILENO)) { + if (ioctl(STDIN_FILENO, TIOCSCTTY, 0) != 0) { + pwarn("failed to set controlling terminal"); + } + } } } @@ -2943,12 +2949,12 @@ int API minijail_run_env(struct minijail *j, const char *filename, char *const argv[], char *const envp[]) { struct minijail_run_config config = { - .filename = filename, - .elf_fd = -1, - .argv = argv, - .envp = envp, - .use_preload = true, - .exec_in_child = true, + .filename = filename, + .elf_fd = -1, + .argv = argv, + .envp = envp, + .use_preload = true, + .exec_in_child = true, }; return minijail_run_config_internal(j, &config); } diff --git a/rust/minijail/src/lib.rs b/rust/minijail/src/lib.rs index 000bba3..5028041 100644 --- a/rust/minijail/src/lib.rs +++ b/rust/minijail/src/lib.rs @@ -401,7 +401,7 @@ fn translate_wait_error(ret: libc::c_int) -> Result<()> { if ret > 0 && ret <= 0xff { return Err(Error::ReturnCode(ret as u8)); } - unreachable!(format!("Unexpected returned value from wait: {}", ret)); + unreachable!("Unexpected returned value from wait: {}", ret); } impl Minijail { @@ -510,6 +510,9 @@ impl Minijail { } let buffer = fs::read(path).map_err(Error::ReadProgram)?; + self.parse_seccomp_bytes(&buffer) + } + pub fn parse_seccomp_bytes(&mut self, buffer: &[u8]) -> Result<()> { if buffer.len() % std::mem::size_of::<sock_filter>() != 0 { return Err(Error::WrongProgramSize); } diff --git a/tools/compile_seccomp_policy.py b/tools/compile_seccomp_policy.py index 3487357..2219ae5 100755 --- a/tools/compile_seccomp_policy.py +++ b/tools/compile_seccomp_policy.py @@ -45,7 +45,7 @@ HEADER_TEMPLATE = """/* DO NOT EDIT GENERATED FILE */ #define MJ_SECCOMP_%(upper_name)s_H #include <stdint.h> -static const unsigned char %(name)s_binary_seccomp_policy[] = { +static const unsigned char %(name)s_binary_seccomp_policy[] __attribute__((__aligned__(4))) = { %(program)s }; |