2020-01-17 21:05:03 +08:00
|
|
|
// Copyright 2019 Google LLC
|
2019-07-09 16:31:48 +08:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
2022-01-28 17:38:27 +08:00
|
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
2019-07-09 16:31:48 +08:00
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
#include "sandboxed_api/sandbox2/stack_trace.h"
|
|
|
|
|
|
|
|
#include <dirent.h>
|
|
|
|
|
|
|
|
#include <cstdio>
|
|
|
|
#include <utility>
|
|
|
|
|
|
|
|
#include "gmock/gmock.h"
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
#include "sandboxed_api/util/flag.h"
|
|
|
|
#include "absl/memory/memory.h"
|
|
|
|
#include "absl/strings/match.h"
|
|
|
|
#include "absl/strings/str_cat.h"
|
|
|
|
#include "sandboxed_api/sandbox2/executor.h"
|
|
|
|
#include "sandboxed_api/sandbox2/global_forkclient.h"
|
|
|
|
#include "sandboxed_api/sandbox2/policy.h"
|
|
|
|
#include "sandboxed_api/sandbox2/policybuilder.h"
|
|
|
|
#include "sandboxed_api/sandbox2/result.h"
|
|
|
|
#include "sandboxed_api/sandbox2/sandbox2.h"
|
|
|
|
#include "sandboxed_api/sandbox2/util/bpf_helper.h"
|
2021-01-14 01:25:25 +08:00
|
|
|
#include "sandboxed_api/testing.h"
|
|
|
|
#include "sandboxed_api/util/fileops.h"
|
2019-07-09 16:31:48 +08:00
|
|
|
#include "sandboxed_api/util/status_matchers.h"
|
2021-01-14 01:25:25 +08:00
|
|
|
#include "sandboxed_api/util/temp_file.h"
|
2019-07-09 16:31:48 +08:00
|
|
|
|
|
|
|
ABSL_DECLARE_FLAG(bool, sandbox_libunwind_crash_handler);
|
|
|
|
|
2020-04-02 22:42:17 +08:00
|
|
|
namespace sandbox2 {
|
|
|
|
namespace {
|
|
|
|
|
2021-01-14 01:25:25 +08:00
|
|
|
namespace file_util = ::sapi::file_util;
|
|
|
|
using ::sapi::CreateNamedTempFileAndClose;
|
|
|
|
using ::sapi::GetTestSourcePath;
|
2020-07-20 15:24:12 +08:00
|
|
|
using ::testing::ElementsAre;
|
2019-07-09 16:31:48 +08:00
|
|
|
using ::testing::Eq;
|
|
|
|
using ::testing::HasSubstr;
|
2020-07-20 15:24:12 +08:00
|
|
|
using ::testing::IsEmpty;
|
2019-07-09 16:31:48 +08:00
|
|
|
using ::testing::Not;
|
|
|
|
|
|
|
|
// Temporarily overrides a flag, restores the original flag value when it goes
|
|
|
|
// out of scope.
|
|
|
|
template <typename T>
|
|
|
|
class TemporaryFlagOverride {
|
|
|
|
public:
|
|
|
|
using Flag = T;
|
|
|
|
TemporaryFlagOverride(Flag* flag, T value)
|
|
|
|
: flag_(flag), original_value_(absl::GetFlag(*flag)) {
|
|
|
|
absl::SetFlag(flag, value);
|
|
|
|
}
|
|
|
|
|
|
|
|
~TemporaryFlagOverride() { absl::SetFlag(flag_, original_value_); }
|
|
|
|
|
|
|
|
private:
|
|
|
|
Flag* flag_;
|
|
|
|
T original_value_;
|
|
|
|
};
|
|
|
|
|
|
|
|
// Test that symbolization of stack traces works.
|
|
|
|
void SymbolizationWorksCommon(
|
|
|
|
const std::function<void(PolicyBuilder*)>& modify_policy) {
|
|
|
|
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
|
|
|
|
std::vector<std::string> args = {path, "1"};
|
|
|
|
auto executor = absl::make_unique<Executor>(path, args);
|
|
|
|
|
2020-04-02 22:42:17 +08:00
|
|
|
std::string temp_filename = CreateNamedTempFileAndClose("/tmp/").value();
|
2019-07-09 16:31:48 +08:00
|
|
|
file_util::fileops::CopyFile("/proc/cpuinfo", temp_filename, 0444);
|
|
|
|
struct TempCleanup {
|
|
|
|
~TempCleanup() { remove(capture->c_str()); }
|
|
|
|
std::string* capture;
|
|
|
|
} temp_cleanup{&temp_filename};
|
|
|
|
|
|
|
|
PolicyBuilder policybuilder;
|
|
|
|
policybuilder
|
|
|
|
// Don't restrict the syscalls at all.
|
|
|
|
.DangerDefaultAllowAll()
|
|
|
|
.AddFile(path)
|
|
|
|
.AddLibrariesForBinary(path)
|
|
|
|
.AddFileAt(temp_filename, "/proc/cpuinfo");
|
|
|
|
|
|
|
|
modify_policy(&policybuilder);
|
|
|
|
SAPI_ASSERT_OK_AND_ASSIGN(auto policy, policybuilder.TryBuild());
|
|
|
|
|
|
|
|
Sandbox2 s2(std::move(executor), std::move(policy));
|
|
|
|
auto result = s2.Run();
|
|
|
|
|
|
|
|
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));
|
|
|
|
ASSERT_THAT(result.GetStackTrace(), HasSubstr("CrashMe"));
|
|
|
|
// Check that demangling works as well.
|
|
|
|
ASSERT_THAT(result.GetStackTrace(), HasSubstr("CrashMe()"));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksNonSandboxedLibunwind) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, false);
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder*) {});
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksSandboxedLibunwind) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder*) {});
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksSandboxedLibunwindProcDirMounted) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
SymbolizationWorksCommon(
|
|
|
|
[](PolicyBuilder* builder) { builder->AddDirectory("/proc"); });
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksSandboxedLibunwindProcFileMounted) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder* builder) {
|
|
|
|
builder->AddFile("/proc/sys/vm/overcommit_memory");
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksSandboxedLibunwindSysDirMounted) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
SymbolizationWorksCommon(
|
|
|
|
[](PolicyBuilder* builder) { builder->AddDirectory("/sys"); });
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, SymbolizationWorksSandboxedLibunwindSysFileMounted) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder* builder) {
|
|
|
|
builder->AddFile("/sys/devices/system/cpu/online");
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
static size_t FileCountInDirectory(const std::string& path) {
|
|
|
|
std::vector<std::string> fds;
|
|
|
|
std::string error;
|
|
|
|
CHECK(file_util::fileops::ListDirectoryEntries(path, &fds, &error));
|
|
|
|
return fds.size();
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(StackTraceTest, ForkEnterNsLibunwindDoesNotLeakFDs) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
2021-03-18 20:56:15 +08:00
|
|
|
TemporaryFlagOverride<bool> temp_override(
|
|
|
|
&FLAGS_sandbox_libunwind_crash_handler, true);
|
|
|
|
|
|
|
|
// Very first sanitization might create some fds (e.g. for initial
|
|
|
|
// namespaces).
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder* builder) {
|
|
|
|
builder->AddFile("/sys/devices/system/cpu/online");
|
|
|
|
});
|
|
|
|
|
2019-07-09 16:31:48 +08:00
|
|
|
// Get list of open FDs in the global forkserver.
|
2020-11-06 00:47:34 +08:00
|
|
|
pid_t forkserver_pid = GlobalForkClient::GetPid();
|
2019-07-09 16:31:48 +08:00
|
|
|
std::string forkserver_fd_path =
|
|
|
|
absl::StrCat("/proc/", forkserver_pid, "/fd");
|
|
|
|
size_t filecount_before = FileCountInDirectory(forkserver_fd_path);
|
|
|
|
|
|
|
|
SymbolizationWorksCommon([](PolicyBuilder* builder) {
|
|
|
|
builder->AddFile("/sys/devices/system/cpu/online");
|
|
|
|
});
|
|
|
|
|
|
|
|
EXPECT_THAT(filecount_before, Eq(FileCountInDirectory(forkserver_fd_path)));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that symbolization skips writeable files (attack vector).
|
|
|
|
TEST(StackTraceTest, SymbolizationTrustedFilesOnly) {
|
|
|
|
SKIP_SANITIZERS_AND_COVERAGE;
|
|
|
|
const std::string path = GetTestSourcePath("sandbox2/testcases/symbolize");
|
|
|
|
std::vector<std::string> args = {path, "2"};
|
|
|
|
auto executor = absl::make_unique<Executor>(path, args);
|
2021-01-22 22:01:05 +08:00
|
|
|
SAPI_ASSERT_OK_AND_ASSIGN(
|
|
|
|
auto policy, PolicyBuilder{} // Don't restrict the syscalls at all.
|
|
|
|
.DangerDefaultAllowAll()
|
|
|
|
.AddFile(path)
|
|
|
|
.AddLibrariesForBinary(path)
|
|
|
|
.TryBuild());
|
2019-07-09 16:31:48 +08:00
|
|
|
|
|
|
|
Sandbox2 s2(std::move(executor), std::move(policy));
|
|
|
|
auto result = s2.Run();
|
|
|
|
|
|
|
|
ASSERT_THAT(result.final_status(), Eq(Result::SIGNALED));
|
|
|
|
ASSERT_THAT(result.GetStackTrace(), Not(HasSubstr("CrashMe")));
|
|
|
|
}
|
|
|
|
|
2020-07-20 15:24:12 +08:00
|
|
|
TEST(StackTraceTest, CompactStackTrace) {
|
|
|
|
EXPECT_THAT(CompactStackTrace({}), IsEmpty());
|
|
|
|
EXPECT_THAT(CompactStackTrace({"_start"}), ElementsAre("_start"));
|
|
|
|
EXPECT_THAT(CompactStackTrace({
|
|
|
|
"_start",
|
|
|
|
"main",
|
|
|
|
"recursive_call",
|
|
|
|
"recursive_call",
|
|
|
|
"recursive_call",
|
|
|
|
"tail_call",
|
|
|
|
}),
|
|
|
|
ElementsAre("_start", "main", "recursive_call",
|
|
|
|
"(previous frame repeated 2 times)", "tail_call"));
|
|
|
|
EXPECT_THAT(CompactStackTrace({
|
|
|
|
"_start",
|
|
|
|
"main",
|
|
|
|
"recursive_call",
|
|
|
|
"recursive_call",
|
|
|
|
"recursive_call",
|
|
|
|
"recursive_call",
|
|
|
|
}),
|
|
|
|
ElementsAre("_start", "main", "recursive_call",
|
|
|
|
"(previous frame repeated 3 times)"));
|
|
|
|
}
|
|
|
|
|
2019-07-09 16:31:48 +08:00
|
|
|
} // namespace
|
|
|
|
} // namespace sandbox2
|