diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 15:58:25 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-28 15:58:25 +0000 |
commit | 3a378c97d33ce4ac0693fb1e83c70acdc27cd175 (patch) | |
tree | 4533b7472f0475d2ba0bb28d9e366d7cfb03b8ef | |
parent | 5907fe8e275a8f2477831fdad016dc5c1179ac75 (diff) | |
parent | 0a1a6fd4ae779b963dc143356407b1b2fbb6c108 (diff) | |
download | minijail-android13-frc-resolv-release.tar.gz |
Snap for 8512216 from 0a1a6fd4ae779b963dc143356407b1b2fbb6c108 to tm-frc-resolv-releaset_frc_res_330443000android13-frc-resolv-release
Change-Id: I3e2f3eabb062e10f3033a59e308c34bc457b23d5
-rw-r--r-- | OWNERS | 4 | ||||
-rw-r--r-- | OWNERS_GENERAL | 3 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | TEST_MAPPING | 14 | ||||
-rw-r--r-- | libminijail-private.h | 6 | ||||
-rw-r--r-- | libminijail.c | 18 | ||||
-rw-r--r-- | rust/minijail/src/lib.rs | 5 | ||||
-rwxr-xr-x | tools/compile_seccomp_policy.py | 2 |
8 files changed, 39 insertions, 15 deletions
@@ -1,7 +1,5 @@ set noparent -allenwebb@google.com -jorgelo@google.com -vapier@google.com +include OWNERS_GENERAL # Emeritus. drewry@google.com keescook@google.com diff --git a/OWNERS_GENERAL b/OWNERS_GENERAL new file mode 100644 index 0000000..e5179ef --- /dev/null +++ b/OWNERS_GENERAL @@ -0,0 +1,3 @@ +allenwebb@google.com +jorgelo@google.com +vapier@google.com @@ -154,7 +154,7 @@ FEATURES=test emerge-${BOARD} chromeos-base/minijail dev-rust/minijail-sys \ # Check integration tests. cros deploy <DUT> chromeos-base/minijail -tast run <DUT> security.Minijail security.MinijailSeccomp +tast run <DUT> security.Minijail.* security.MinijailSeccomp ``` Finally, when uploading the CL make sure to include the list of changes diff --git a/TEST_MAPPING b/TEST_MAPPING index bdded19..539379e 100644 --- a/TEST_MAPPING +++ b/TEST_MAPPING @@ -12,5 +12,19 @@ { "name": "syscall_filter_unittest_gtest" } + ], + "hwasan-postsubmit": [ + { + "name": "libminijail_unittest_gtest" + }, + { + "name": "mj_system_unittest_gtest" + }, + { + "name": "mj_util_unittest_gtest" + }, + { + "name": "syscall_filter_unittest_gtest" + } ] } diff --git a/libminijail-private.h b/libminijail-private.h index a257a27..8feec55 100644 --- a/libminijail-private.h +++ b/libminijail-private.h @@ -19,9 +19,9 @@ extern "C" { */ #define API __attribute__((__visibility__("default"))) -static const char *const kFdEnvVar = "__MINIJAIL_FD"; -static const char *const kLdPreloadEnvVar = "LD_PRELOAD"; -static const char *const kSeccompPolicyPathEnvVar = "SECCOMP_POLICY_PATH"; +static const char kFdEnvVar[] = "__MINIJAIL_FD"; +static const char kLdPreloadEnvVar[] = "LD_PRELOAD"; +static const char kSeccompPolicyPathEnvVar[] = "SECCOMP_POLICY_PATH"; struct minijail; diff --git a/libminijail.c b/libminijail.c index ea59404..aab1294 100644 --- a/libminijail.c +++ b/libminijail.c @@ -2889,6 +2889,12 @@ static void setup_child_std_fds(struct minijail *j, if (setsid() < 0) { pdie("setsid() failed"); } + + if (isatty(STDIN_FILENO)) { + if (ioctl(STDIN_FILENO, TIOCSCTTY, 0) != 0) { + pwarn("failed to set controlling terminal"); + } + } } } @@ -2943,12 +2949,12 @@ int API minijail_run_env(struct minijail *j, const char *filename, char *const argv[], char *const envp[]) { struct minijail_run_config config = { - .filename = filename, - .elf_fd = -1, - .argv = argv, - .envp = envp, - .use_preload = true, - .exec_in_child = true, + .filename = filename, + .elf_fd = -1, + .argv = argv, + .envp = envp, + .use_preload = true, + .exec_in_child = true, }; return minijail_run_config_internal(j, &config); } diff --git a/rust/minijail/src/lib.rs b/rust/minijail/src/lib.rs index 000bba3..5028041 100644 --- a/rust/minijail/src/lib.rs +++ b/rust/minijail/src/lib.rs @@ -401,7 +401,7 @@ fn translate_wait_error(ret: libc::c_int) -> Result<()> { if ret > 0 && ret <= 0xff { return Err(Error::ReturnCode(ret as u8)); } - unreachable!(format!("Unexpected returned value from wait: {}", ret)); + unreachable!("Unexpected returned value from wait: {}", ret); } impl Minijail { @@ -510,6 +510,9 @@ impl Minijail { } let buffer = fs::read(path).map_err(Error::ReadProgram)?; + self.parse_seccomp_bytes(&buffer) + } + pub fn parse_seccomp_bytes(&mut self, buffer: &[u8]) -> Result<()> { if buffer.len() % std::mem::size_of::<sock_filter>() != 0 { return Err(Error::WrongProgramSize); } diff --git a/tools/compile_seccomp_policy.py b/tools/compile_seccomp_policy.py index 3487357..2219ae5 100755 --- a/tools/compile_seccomp_policy.py +++ b/tools/compile_seccomp_policy.py @@ -45,7 +45,7 @@ HEADER_TEMPLATE = """/* DO NOT EDIT GENERATED FILE */ #define MJ_SECCOMP_%(upper_name)s_H #include <stdint.h> -static const unsigned char %(name)s_binary_seccomp_policy[] = { +static const unsigned char %(name)s_binary_seccomp_policy[] __attribute__((__aligned__(4))) = { %(program)s }; |