From 197f7614b77c8f73ac74da9feabf9c4d0c61e7d3 Mon Sep 17 00:00:00 2001 From: Zeno Albisser Date: Tue, 22 Apr 2014 15:47:49 +0200 Subject: Add proxy functions for libc symbols to allow sandboxing. These functions override symbols exported by libc, such as fopen, localtime and similar and call the exported _override function in QtWebEngineCore. This code should live in an executable, but never in a library as it causes erratic behavior depending on the linking order. With this change we now also update the submodule shasum for the 3rdparty submodule to point to a commit that includes the patches for eLinux. Change-Id: I88f32c615181eefff2b38b374eed6f57c677d186 Reviewed-by: Zeno Albisser --- src/process/main.cpp | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) (limited to 'src/process/main.cpp') diff --git a/src/process/main.cpp b/src/process/main.cpp index 800dbdcfa..a38e201c6 100644 --- a/src/process/main.cpp +++ b/src/process/main.cpp @@ -41,6 +41,115 @@ #include "process_main.h" +#include + +#if defined(OS_LINUX) +#if defined(__GLIBC__) && !defined(__UCLIBC__) && !defined(OS_ANDROID) && !defined(HAVE_XSTAT) +#define HAVE_XSTAT 1 +#endif + +struct tm; +struct stat; +struct stat64; + +// exported in zygote_main_linux.cc +namespace content { +struct tm* localtime_override(const time_t* timep); +struct tm* localtime64_override(const time_t* timep); +struct tm* localtime_r_override(const time_t* timep, struct tm* result); +struct tm* localtime64_r_override(const time_t* timep, struct tm* result); +} + +// exported in libc_urandom_proxy.cc +namespace sandbox { +FILE* fopen_override(const char* path, const char* mode); +FILE* fopen64_override(const char* path, const char* mode); +#if HAVE_XSTAT +int xstat_override(int version, const char *path, struct stat *buf); +int xstat64_override(int version, const char *path, struct stat64 *buf); +#else +int stat_override(const char *path, struct stat *buf); +int stat64_override(const char *path, struct stat64 *buf); +#endif +} + +// from zygote_main_linux.cc +__attribute__ ((__visibility__("default"))) +struct tm* localtime_proxy(const time_t* timep) __asm__ ("localtime"); +struct tm* localtime_proxy(const time_t* timep) +{ + return content::localtime_override(timep); +} + +__attribute__ ((__visibility__("default"))) +struct tm* localtime64_proxy(const time_t* timep) __asm__ ("localtime64"); +struct tm* localtime64_proxy(const time_t* timep) +{ + return content::localtime64_override(timep); +} + +__attribute__ ((__visibility__("default"))) +struct tm* localtime_r_proxy(const time_t* timep, struct tm* result) __asm__ ("localtime_r"); +struct tm* localtime_r_proxy(const time_t* timep, struct tm* result) +{ + return content::localtime_r_override(timep, result); +} + +__attribute__ ((__visibility__("default"))) +struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result) __asm__ ("localtime64_r"); +struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result) +{ + return content::localtime64_r_override(timep, result); +} + +// from libc_urandom_proxy.cc +__attribute__ ((__visibility__("default"))) +FILE* fopen_proxy(const char* path, const char* mode) __asm__ ("fopen"); +FILE* fopen_proxy(const char* path, const char* mode) +{ + return sandbox::fopen_override(path, mode); +} + +__attribute__ ((__visibility__("default"))) +FILE* fopen64_proxy(const char* path, const char* mode) __asm__ ("fopen64"); +FILE* fopen64_proxy(const char* path, const char* mode) +{ + return sandbox::fopen64_override(path, mode); +} + +#if HAVE_XSTAT +__attribute__ ((__visibility__("default"))) +int xstat_proxy(int version, const char *path, struct stat *buf) __asm__ ("__xstat"); +int xstat_proxy(int version, const char *path, struct stat *buf) +{ + return sandbox::xstat_override(version, path, buf); +} + +__attribute__ ((__visibility__("default"))) +int xstat64_proxy(int version, const char *path, struct stat64 *buf) __asm__ ("__xstat64"); +int xstat64_proxy(int version, const char *path, struct stat64 *buf) +{ + return sandbox::xstat64_override(version, path, buf); +} + +#else +__attribute__ ((__visibility__("default"))) +int stat_proxy(const char *path, struct stat *buf) __asm__ ("stat"); +int stat_proxy(const char *path, struct stat *buf) +{ + return sandbox::stat_override(path, buf); +} + +__attribute__ ((__visibility__("default"))) +int stat64_proxy(const char *path, struct stat64 *buf) __asm__ ("stat64"); +int stat64_proxy(const char *path, struct stat64 *buf) +{ + return sandbox::stat64_override(path, buf); +} + +#endif +#endif // defined(OS_LINUX) + int main(int argc, const char **argv) { return QtWebEngine::processMain(argc, argv); -- cgit v1.2.3