Add proxy functions for libc symbols to allow sandboxing.

These functions override symbols exported by libc, such as fopen, localtime and similar and call the exported _override function in QtWebEngineCore. This code should live in an executable, but never in a library as it causes erratic behavior depending on the linking order. With this change we now also update the submodule shasum for the 3rdparty submodule to point to a commit that includes the patches for eLinux. Change-Id: I88f32c615181eefff2b38b374eed6f57c677d186 Reviewed-by: Zeno Albisser <zeno.albisser@digia.com>
author: Zeno Albisser <zeno.albisser@digia.com> 2014-04-22 15:47:49 +0200
committer: The Qt Project <gerrit-noreply@qt-project.org> 2014-04-24 22:39:11 +0200
commit: 197f7614b77c8f73ac74da9feabf9c4d0c61e7d3 (patch)
tree: ff62811d99592f694087799a31d098fb136a925a
parent: f9b035b6066fe6ac176c83b019a99e95e6570254 (diff)
2 files changed, 109 insertions, 0 deletions
diff --git a/src/3rdparty b/src/3rdparty
-Subproject 743a6413f3cc0a621865a81f06c6d7bed7b662c
+Subproject 91063955f2760bc583d6a8e66b1d0aa626510c5
diff --git a/src/process/main.cpp b/src/process/main.cpp
index 800dbdcfa..a38e201c6 100644
--- a/src/process/main.cpp
+++ b/src/process/main.cpp
@@ -41,6 +41,115 @@
 
 #include "process_main.h"
 
+#include <stdio.h>
+
+#if defined(OS_LINUX)
+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !defined(OS_ANDROID) && !defined(HAVE_XSTAT)
+#define HAVE_XSTAT 1
+#endif
+
+struct tm;
+struct stat;
+struct stat64;
+
+// exported in zygote_main_linux.cc
+namespace content {
+struct tm* localtime_override(const time_t* timep);
+struct tm* localtime64_override(const time_t* timep);
+struct tm* localtime_r_override(const time_t* timep, struct tm* result);
+struct tm* localtime64_r_override(const time_t* timep, struct tm* result);
+}
+
+// exported in libc_urandom_proxy.cc
+namespace sandbox {
+FILE* fopen_override(const char* path, const char* mode);
+FILE* fopen64_override(const char* path, const char* mode);
+#if HAVE_XSTAT
+int xstat_override(int version, const char *path, struct stat *buf);
+int xstat64_override(int version, const char *path, struct stat64 *buf);
+#else
+int stat_override(const char *path, struct stat *buf);
+int stat64_override(const char *path, struct stat64 *buf);
+#endif
+}
+
+// from zygote_main_linux.cc
+__attribute__ ((__visibility__("default")))
+struct tm* localtime_proxy(const time_t* timep) __asm__ ("localtime");
+struct tm* localtime_proxy(const time_t* timep)
+{
+    return content::localtime_override(timep);
+}
+
+__attribute__ ((__visibility__("default")))
+struct tm* localtime64_proxy(const time_t* timep) __asm__ ("localtime64");
+struct tm* localtime64_proxy(const time_t* timep)
+{
+    return content::localtime64_override(timep);
+}
+
+__attribute__ ((__visibility__("default")))
+struct tm* localtime_r_proxy(const time_t* timep, struct tm* result) __asm__ ("localtime_r");
+struct tm* localtime_r_proxy(const time_t* timep, struct tm* result)
+{
+    return content::localtime_r_override(timep, result);
+}
+
+__attribute__ ((__visibility__("default")))
+struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result) __asm__ ("localtime64_r");
+struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result)
+{
+    return content::localtime64_r_override(timep, result);
+}
+
+// from libc_urandom_proxy.cc
+__attribute__ ((__visibility__("default")))
+FILE* fopen_proxy(const char* path, const char* mode)  __asm__ ("fopen");
+FILE* fopen_proxy(const char* path, const char* mode)
+{
+    return sandbox::fopen_override(path, mode);
+}
+
+__attribute__ ((__visibility__("default")))
+FILE* fopen64_proxy(const char* path, const char* mode)  __asm__ ("fopen64");
+FILE* fopen64_proxy(const char* path, const char* mode)
+{
+    return sandbox::fopen64_override(path, mode);
+}
+
+#if HAVE_XSTAT
+__attribute__ ((__visibility__("default")))
+int xstat_proxy(int version, const char *path, struct stat *buf)  __asm__ ("__xstat");
+int xstat_proxy(int version, const char *path, struct stat *buf)
+{
+    return sandbox::xstat_override(version, path, buf);
+}
+
+__attribute__ ((__visibility__("default")))
+int xstat64_proxy(int version, const char *path, struct stat64 *buf)  __asm__ ("__xstat64");
+int xstat64_proxy(int version, const char *path, struct stat64 *buf)
+{
+    return sandbox::xstat64_override(version, path, buf);
+}
+
+#else
+__attribute__ ((__visibility__("default")))
+int stat_proxy(const char *path, struct stat *buf)  __asm__ ("stat");
+int stat_proxy(const char *path, struct stat *buf)
+{
+    return sandbox::stat_override(path, buf);
+}
+
+__attribute__ ((__visibility__("default")))
+int stat64_proxy(const char *path, struct stat64 *buf)  __asm__ ("stat64");
+int stat64_proxy(const char *path, struct stat64 *buf)
+{
+    return sandbox::stat64_override(path, buf);
+}
+
+#endif
+#endif // defined(OS_LINUX)
+
 int main(int argc, const char **argv)
 {
     return QtWebEngine::processMain(argc, argv);
author	Zeno Albisser <zeno.albisser@digia.com>	2014-04-22 15:47:49 +0200
committer	The Qt Project <gerrit-noreply@qt-project.org>	2014-04-24 22:39:11 +0200
commit	197f7614b77c8f73ac74da9feabf9c4d0c61e7d3 (patch)
tree	ff62811d99592f694087799a31d098fb136a925a
parent	f9b035b6066fe6ac176c83b019a99e95e6570254 (diff)