mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Allow two madvise calls for asan & tsan builds.
bbfa21f177/lib/sanitizer_common/sanitizer_posix_libcdep.cc (L71)
PiperOrigin-RevId: 252048323
Change-Id: I457e708f0b024fd9db4ad39265cb904777ca52b5
This commit is contained in:
parent
dfbfb5cc43
commit
970257d87b
|
@ -92,6 +92,12 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) {
|
||||||
})
|
})
|
||||||
.AddFile("/etc/localtime")
|
.AddFile("/etc/localtime")
|
||||||
.AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size) */);
|
.AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size) */);
|
||||||
|
#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
|
||||||
|
defined(THREAD_SANITIZER)
|
||||||
|
LOG(WARNING) << "Allowing additional calls to support the LLVM "
|
||||||
|
<< "(ASAN/MSAN/TSAN) sanitizer";
|
||||||
|
builder->AllowLlvmSanitizers();
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void Sandbox::Terminate(bool attempt_graceful_exit) {
|
void Sandbox::Terminate(bool attempt_graceful_exit) {
|
||||||
|
|
|
@ -173,6 +173,17 @@ PolicyBuilder& PolicyBuilder::AllowSystemMalloc() {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PolicyBuilder& PolicyBuilder::AllowLlvmSanitizers() {
|
||||||
|
#if defined(ADDRESS_SANITIZER) || defined(THREAD_SANITIZER)
|
||||||
|
AddPolicyOnSyscall(__NR_madvise, {
|
||||||
|
ARG_32(2),
|
||||||
|
JEQ32(MADV_DONTDUMP, ALLOW),
|
||||||
|
JEQ32(MADV_NOHUGEPAGE, ALLOW),
|
||||||
|
});
|
||||||
|
#endif
|
||||||
|
return *this;
|
||||||
|
}
|
||||||
|
|
||||||
PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() {
|
PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() {
|
||||||
return AddPolicyOnSyscall(__NR_madvise, {
|
return AddPolicyOnSyscall(__NR_madvise, {
|
||||||
ARG_32(2),
|
ARG_32(2),
|
||||||
|
|
|
@ -139,6 +139,13 @@ class PolicyBuilder final {
|
||||||
// friends.
|
// friends.
|
||||||
PolicyBuilder& AllowTcMalloc();
|
PolicyBuilder& AllowTcMalloc();
|
||||||
|
|
||||||
|
// Allows system calls typically used by the LLVM sanitizers (address
|
||||||
|
// sanitizer, memory sanitizer, and thread sanitizer). This method is
|
||||||
|
// intended as a best effort for adding system calls that are common to many
|
||||||
|
// binaries. It may not be fully inclusive of all potential system calls for
|
||||||
|
// all binaries.
|
||||||
|
PolicyBuilder& AllowLlvmSanitizers();
|
||||||
|
|
||||||
// Appends code to allow mmap. Specifically this allows the mmap2 syscall on
|
// Appends code to allow mmap. Specifically this allows the mmap2 syscall on
|
||||||
// architectures where this syscalls exist and the mmap syscall on all other
|
// architectures where this syscalls exist and the mmap syscall on all other
|
||||||
// architectures.
|
// architectures.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user