Add missing TSAN syscalls

PiperOrigin-RevId: 368427218 Change-Id: I73cd330028b805d8a86712936fb0c5103ce9914a
2024-03-22 13:11:30 +08:00 · 2021-04-14 07:38:47 -07:00 · 2021-04-14 07:38:47 -07:00 · 2ff96ba0e7
commit 2ff96ba0e7
parent bc6bb0c7e5
1 changed files with 18 additions and 7 deletions
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@ -207,6 +207,17 @@ PolicyBuilder& PolicyBuilder::AllowLlvmSanitizers() {
    // https://github.com/llvm/llvm-project/blob/62ec4ac90738a5f2d209ed28c822223e58aaaeb7/compiler-rt/lib/sanitizer_common/sanitizer_allocator_secondary.h#L98
    AllowMmap();
  }
+  if constexpr (sapi::sanitizers::IsTSan()) {
+    AllowMmap();
+    AllowSyscall(__NR_munmap);
+    AddPolicyOnSyscall(__NR_mprotect,
+                       {
+                           ARG_32(2),
+                           BPF_STMT(BPF_AND | BPF_ALU | BPF_K,
+                                    ~uint32_t{PROT_READ | PROT_WRITE}),
+                           JEQ(0, ALLOW),
+                       });
+  }
  return *this;
 }

@ -538,17 +549,17 @@ PolicyBuilder& PolicyBuilder::AllowFutexOp(int op) {
 PolicyBuilder& PolicyBuilder::AllowStaticStartup() {
  AllowGetRlimit();
  AllowSyscalls({
-      // These syscalls take a pointer, so no restriction.
-      __NR_uname, __NR_brk, __NR_set_tid_address,
+    // These syscalls take a pointer, so no restriction.
+    __NR_uname, __NR_brk, __NR_set_tid_address,

 #if defined(__ARM_NR_set_tls)
-          // libc sets the TLS during startup
-          __ARM_NR_set_tls,
+        // libc sets the TLS during startup
+        __ARM_NR_set_tls,
 #endif

-          // This syscall takes a pointer and a length.
-          // We could restrict length, but it might change, so not worth it.
-          __NR_set_robust_list,
+        // This syscall takes a pointer and a length.
+        // We could restrict length, but it might change, so not worth it.
+        __NR_set_robust_list,
  });

  AllowFutexOp(FUTEX_WAIT_BITSET);