Allow two madvise calls for asan & tsan builds.

bbfa21f177/lib/sanitizer_common/sanitizer_posix_libcdep.cc (L71)

PiperOrigin-RevId: 252048323
Change-Id: I457e708f0b024fd9db4ad39265cb904777ca52b5
This commit is contained in:
Sandboxed API Team 2019-06-07 07:52:51 -07:00 committed by Copybara-Service
parent dfbfb5cc43
commit 970257d87b
3 changed files with 24 additions and 0 deletions

View File

@ -92,6 +92,12 @@ void InitDefaultPolicyBuilder(sandbox2::PolicyBuilder* builder) {
}) })
.AddFile("/etc/localtime") .AddFile("/etc/localtime")
.AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size) */); .AddTmpfs("/tmp", 1ULL << 30 /* 1GiB tmpfs (max size) */);
#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
defined(THREAD_SANITIZER)
LOG(WARNING) << "Allowing additional calls to support the LLVM "
<< "(ASAN/MSAN/TSAN) sanitizer";
builder->AllowLlvmSanitizers();
#endif
} }
void Sandbox::Terminate(bool attempt_graceful_exit) { void Sandbox::Terminate(bool attempt_graceful_exit) {

View File

@ -173,6 +173,17 @@ PolicyBuilder& PolicyBuilder::AllowSystemMalloc() {
return *this; return *this;
} }
PolicyBuilder& PolicyBuilder::AllowLlvmSanitizers() {
#if defined(ADDRESS_SANITIZER) || defined(THREAD_SANITIZER)
AddPolicyOnSyscall(__NR_madvise, {
ARG_32(2),
JEQ32(MADV_DONTDUMP, ALLOW),
JEQ32(MADV_NOHUGEPAGE, ALLOW),
});
#endif
return *this;
}
PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() { PolicyBuilder& PolicyBuilder::AllowLimitedMadvise() {
return AddPolicyOnSyscall(__NR_madvise, { return AddPolicyOnSyscall(__NR_madvise, {
ARG_32(2), ARG_32(2),

View File

@ -139,6 +139,13 @@ class PolicyBuilder final {
// friends. // friends.
PolicyBuilder& AllowTcMalloc(); PolicyBuilder& AllowTcMalloc();
// Allows system calls typically used by the LLVM sanitizers (address
// sanitizer, memory sanitizer, and thread sanitizer). This method is
// intended as a best effort for adding system calls that are common to many
// binaries. It may not be fully inclusive of all potential system calls for
// all binaries.
PolicyBuilder& AllowLlvmSanitizers();
// Appends code to allow mmap. Specifically this allows the mmap2 syscall on // Appends code to allow mmap. Specifically this allows the mmap2 syscall on
// architectures where this syscalls exist and the mmap syscall on all other // architectures where this syscalls exist and the mmap syscall on all other
// architectures. // architectures.