diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2019-11-14 18:56:34 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-11-16 09:58:54 +0100 |
| commit | 690740b4a4e1ce9c661ca07fdd14cb2486f04e00 (patch) | |
| tree | 5ce0ababf2c64b623115a0fbd33edfd11ec9b47e | |
| parent | a6e3054436b5cc7f8c4acbce9841ecb17f699fb1 (diff) | |
executor: refactor sandbox flags
In preparation for future changes.
| -rw-r--r-- | executor/common_linux.h | 14 | ||||
| -rw-r--r-- | executor/executor.cc | 42 | ||||
| -rw-r--r-- | pkg/csource/common.go | 10 | ||||
| -rw-r--r-- | pkg/csource/generated.go | 12 | ||||
| -rw-r--r-- | pkg/csource/options.go | 4 | ||||
| -rw-r--r-- | pkg/csource/options_test.go | 6 | ||||
| -rw-r--r-- | pkg/host/features.go | 26 | ||||
| -rw-r--r-- | pkg/host/features_linux.go | 4 | ||||
| -rw-r--r-- | pkg/ipc/ipc.go | 36 | ||||
| -rw-r--r-- | pkg/ipc/ipcconfig/ipcconfig.go | 2 | ||||
| -rw-r--r-- | pkg/mgrconfig/config.go | 2 | ||||
| -rw-r--r-- | pkg/mgrconfig/load.go | 4 | ||||
| -rw-r--r-- | syz-fuzzer/testing.go | 6 |
13 files changed, 76 insertions, 92 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 4c8e79c4e..cc5c58950 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -1912,9 +1912,7 @@ static void reset_ebtables() static void checkpoint_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif checkpoint_ebtables(); @@ -1926,9 +1924,7 @@ static void checkpoint_net_namespace(void) static void reset_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif reset_ebtables(); @@ -2539,8 +2535,8 @@ static void syz_setfilecon(const char* path, const char* context) fail("setfilecon: could not set context to %s, currently %s", context, new_context); } -#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1 -static int do_sandbox_android_untrusted_app(void) +#define SYZ_HAVE_SANDBOX_ANDROID 1 +static int do_sandbox_android(void) { setup_common(); sandbox_common(); @@ -2564,7 +2560,7 @@ static int do_sandbox_android_untrusted_app(void) initialize_tun(); #endif #if SYZ_EXECUTOR || SYZ_NET_DEVICES - // Note: sandbox_android_untrusted_app does not unshare net namespace. + // Note: sandbox_android does not unshare net namespace. initialize_netdevices_init(); initialize_netdevices(); #endif diff --git a/executor/executor.cc b/executor/executor.cc index a01893eb7..c8a4b8b2e 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -100,18 +100,14 @@ static uint32 hash(uint32 a); static bool dedup(uint32 sig); #endif -enum sandbox_type { - sandbox_none, - sandbox_setuid, - sandbox_namespace, - sandbox_android_untrusted_app -}; - uint64 start_time_ms = 0; static bool flag_debug; static bool flag_coverage; -static sandbox_type flag_sandbox; +static bool flag_sandbox_none; +static bool flag_sandbox_setuid; +static bool flag_sandbox_namespace; +static bool flag_sandbox_android; static bool flag_extra_coverage; static bool flag_net_injection; static bool flag_net_devices; @@ -408,28 +404,23 @@ int main(int argc, char** argv) } int status = 0; - switch (flag_sandbox) { - case sandbox_none: + if (flag_sandbox_none) status = do_sandbox_none(); - break; #if SYZ_HAVE_SANDBOX_SETUID - case sandbox_setuid: + else if (flag_sandbox_setuid) status = do_sandbox_setuid(); - break; #endif #if SYZ_HAVE_SANDBOX_NAMESPACE - case sandbox_namespace: + else if (flag_sandbox_namespace) status = do_sandbox_namespace(); - break; #endif -#if SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP - case sandbox_android_untrusted_app: - status = do_sandbox_android_untrusted_app(); - break; +#if SYZ_HAVE_SANDBOX_ANDROID + else if (flag_sandbox_android) + status = do_sandbox_android(); #endif - default: + else fail("unknown sandbox type"); - } + #if SYZ_EXECUTOR_USES_FORK_SERVER fprintf(stderr, "loop exited with status %d\n", status); // Other statuses happen when fuzzer processes manages to kill loop, e.g. with: @@ -469,13 +460,14 @@ void parse_env_flags(uint64 flags) // Note: Values correspond to ordering in pkg/ipc/ipc.go, e.g. FlagSandboxNamespace flag_debug = flags & (1 << 0); flag_coverage = flags & (1 << 1); - flag_sandbox = sandbox_none; if (flags & (1 << 2)) - flag_sandbox = sandbox_setuid; + flag_sandbox_setuid = true; else if (flags & (1 << 3)) - flag_sandbox = sandbox_namespace; + flag_sandbox_namespace = true; else if (flags & (1 << 4)) - flag_sandbox = sandbox_android_untrusted_app; + flag_sandbox_android = true; + else + flag_sandbox_none = true; flag_extra_coverage = flags & (1 << 5); flag_net_injection = flags & (1 << 6); flag_net_devices = flags & (1 << 7); diff --git a/pkg/csource/common.go b/pkg/csource/common.go index 2d3f35b52..d30a3c268 100644 --- a/pkg/csource/common.go +++ b/pkg/csource/common.go @@ -24,10 +24,10 @@ const ( openbsd = "openbsd" netbsd = "netbsd" - sandboxNone = "none" - sandboxSetuid = "setuid" - sandboxNamespace = "namespace" - sandboxAndroidUntrustedApp = "android_untrusted_app" + sandboxNone = "none" + sandboxSetuid = "setuid" + sandboxNamespace = "namespace" + sandboxAndroid = "android" ) func createCommonHeader(p, mmapProg *prog.Prog, replacements map[string]string, opts Options) ([]byte, error) { @@ -96,7 +96,7 @@ func commonDefines(p *prog.Prog, opts Options) map[string]bool { "SYZ_SANDBOX_NONE": opts.Sandbox == sandboxNone, "SYZ_SANDBOX_SETUID": opts.Sandbox == sandboxSetuid, "SYZ_SANDBOX_NAMESPACE": opts.Sandbox == sandboxNamespace, - "SYZ_SANDBOX_ANDROID": opts.Sandbox == sandboxAndroidUntrustedApp, + "SYZ_SANDBOX_ANDROID": opts.Sandbox == sandboxAndroid, "SYZ_THREADED": opts.Threaded, "SYZ_COLLIDE": opts.Collide, "SYZ_REPEAT": opts.Repeat, diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 7d40c5615..cc75000d5 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -4595,9 +4595,7 @@ static void reset_ebtables() static void checkpoint_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif checkpoint_ebtables(); @@ -4609,9 +4607,7 @@ static void checkpoint_net_namespace(void) static void reset_net_namespace(void) { #if SYZ_EXECUTOR - if (!flag_net_reset) - return; - if (flag_sandbox == sandbox_setuid) + if (!flag_net_reset || flag_sandbox_setuid) return; #endif reset_ebtables(); @@ -5139,8 +5135,8 @@ static void syz_setfilecon(const char* path, const char* context) fail("setfilecon: could not set context to %s, currently %s", context, new_context); } -#define SYZ_HAVE_SANDBOX_ANDROID_UNTRUSTED_APP 1 -static int do_sandbox_android_untrusted_app(void) +#define SYZ_HAVE_SANDBOX_ANDROID 1 +static int do_sandbox_android(void) { setup_common(); sandbox_common(); diff --git a/pkg/csource/options.go b/pkg/csource/options.go index 57e9fc9dc..8e78d44e9 100644 --- a/pkg/csource/options.go +++ b/pkg/csource/options.go @@ -54,7 +54,7 @@ type Options struct { // Invalid combinations must not be passed to Write. func (opts Options) Check(OS string) error { switch opts.Sandbox { - case "", sandboxNone, sandboxNamespace, sandboxSetuid, sandboxAndroidUntrustedApp: + case "", sandboxNone, sandboxNamespace, sandboxSetuid, sandboxAndroid: default: return fmt.Errorf("unknown sandbox %v", opts.Sandbox) } @@ -133,7 +133,7 @@ func (opts Options) checkLinuxOnly(OS string) error { } if opts.Sandbox == sandboxNamespace || (opts.Sandbox == sandboxSetuid && !(OS == openbsd || OS == freebsd || OS == netbsd)) || - opts.Sandbox == sandboxAndroidUntrustedApp { + opts.Sandbox == sandboxAndroid { return fmt.Errorf("option Sandbox=%v is not supported on %v", opts.Sandbox, OS) } if opts.Fault { diff --git a/pkg/csource/options_test.go b/pkg/csource/options_test.go index 8a38553fc..1834803ff 100644 --- a/pkg/csource/options_test.go +++ b/pkg/csource/options_test.go @@ -49,7 +49,7 @@ func TestParseOptionsCanned(t *testing.T) { HandleSegv: true, Repro: true, }, - `{"threaded":true,"collide":true,"repeat":true,"procs":10,"sandbox":"android_untrusted_app", + `{"threaded":true,"collide":true,"repeat":true,"procs":10,"sandbox":"android", "fault":true,"fault_call":1,"fault_nth":2,"tun":true,"tmpdir":true,"cgroups":true, "netdev":true,"resetnet":true, "segv":true,"waitrepeat":true,"debug":true,"repro":true}`: { @@ -57,7 +57,7 @@ func TestParseOptionsCanned(t *testing.T) { Collide: true, Repeat: true, Procs: 10, - Sandbox: "android_untrusted_app", + Sandbox: "android", Fault: true, FaultCall: 1, FaultNth: 2, @@ -170,7 +170,7 @@ func enumerateField(OS string, opt Options, field int) []Options { fldName := s.Type().Field(field).Name fld := s.Field(field) if fldName == "Sandbox" { - for _, sandbox := range []string{"", "none", "setuid", "namespace", "android_untrusted_app"} { + for _, sandbox := range []string{"", "none", "setuid", "namespace", "android"} { fld.SetString(sandbox) opts = append(opts, opt) } diff --git a/pkg/host/features.go b/pkg/host/features.go index 8c3945a98..53af77241 100644 --- a/pkg/host/features.go +++ b/pkg/host/features.go @@ -18,7 +18,7 @@ const ( FeatureExtraCoverage FeatureSandboxSetuid FeatureSandboxNamespace - FeatureSandboxAndroidUntrustedApp + FeatureSandboxAndroid FeatureFaultInjection FeatureLeakChecking FeatureNetworkInjection @@ -46,18 +46,18 @@ func unconditionallyEnabled() string { return "" } func Check(target *prog.Target) (*Features, error) { const unsupported = "support is not implemented in syzkaller" res := &Features{ - FeatureCoverage: {Name: "code coverage", Reason: unsupported}, - FeatureComparisons: {Name: "comparison tracing", Reason: unsupported}, - FeatureExtraCoverage: {Name: "extra coverage", Reason: unsupported}, - FeatureSandboxSetuid: {Name: "setuid sandbox", Reason: unsupported}, - FeatureSandboxNamespace: {Name: "namespace sandbox", Reason: unsupported}, - FeatureSandboxAndroidUntrustedApp: {Name: "Android sandbox", Reason: unsupported}, - FeatureFaultInjection: {Name: "fault injection", Reason: unsupported}, - FeatureLeakChecking: {Name: "leak checking", Reason: unsupported}, - FeatureNetworkInjection: {Name: "net packet injection", Reason: unsupported}, - FeatureNetworkDevices: {Name: "net device setup", Reason: unsupported}, - FeatureKCSAN: {Name: "concurrency sanitizer", Reason: unsupported}, - FeatureDevlinkPCI: {Name: "devlink PCI setup", Reason: unsupported}, + FeatureCoverage: {Name: "code coverage", Reason: unsupported}, + FeatureComparisons: {Name: "comparison tracing", Reason: unsupported}, + FeatureExtraCoverage: {Name: "extra coverage", Reason: unsupported}, + FeatureSandboxSetuid: {Name: "setuid sandbox", Reason: unsupported}, + FeatureSandboxNamespace: {Name: "namespace sandbox", Reason: unsupported}, + FeatureSandboxAndroid: {Name: "Android sandbox", Reason: unsupported}, + FeatureFaultInjection: {Name: "fault injection", Reason: unsupported}, + FeatureLeakChecking: {Name: "leak checking", Reason: unsupported}, + FeatureNetworkInjection: {Name: "net packet injection", Reason: unsupported}, + FeatureNetworkDevices: {Name: "net device setup", Reason: unsupported}, + FeatureKCSAN: {Name: "concurrency sanitizer", Reason: unsupported}, + FeatureDevlinkPCI: {Name: "devlink PCI setup", Reason: unsupported}, } if targets.Get(target.OS, target.Arch).HostFuzzer { return res, nil diff --git a/pkg/host/features_linux.go b/pkg/host/features_linux.go index 780c938a1..a1586e8ac 100644 --- a/pkg/host/features_linux.go +++ b/pkg/host/features_linux.go @@ -20,7 +20,7 @@ func init() { checkFeature[FeatureExtraCoverage] = checkExtraCoverage checkFeature[FeatureSandboxSetuid] = unconditionallyEnabled checkFeature[FeatureSandboxNamespace] = checkSandboxNamespace - checkFeature[FeatureSandboxAndroidUntrustedApp] = checkSandboxAndroidUntrustedApp + checkFeature[FeatureSandboxAndroid] = checkSandboxAndroid checkFeature[FeatureFaultInjection] = checkFaultInjection checkFeature[FeatureLeakChecking] = checkLeakChecking checkFeature[FeatureNetworkInjection] = checkNetworkInjection @@ -169,7 +169,7 @@ func checkSandboxNamespace() string { return "" } -func checkSandboxAndroidUntrustedApp() string { +func checkSandboxAndroid() string { if err := osutil.IsAccessible("/sys/fs/selinux/policy"); err != nil { return err.Error() } diff --git a/pkg/ipc/ipc.go b/pkg/ipc/ipc.go index cd3d6b02e..9fdb63241 100644 --- a/pkg/ipc/ipc.go +++ b/pkg/ipc/ipc.go @@ -27,18 +27,18 @@ type EnvFlags uint64 // Note: New / changed flags should be added to parse_env_flags in executor.cc const ( - FlagDebug EnvFlags = 1 << iota // debug output from executor - FlagSignal // collect feedback signals (coverage) - FlagSandboxSetuid // impersonate nobody user - FlagSandboxNamespace // use namespaces for sandboxing - FlagSandboxAndroidUntrustedApp // use Android sandboxing for the untrusted_app domain - FlagExtraCover // collect extra coverage - FlagEnableTun // setup and use /dev/tun for packet injection - FlagEnableNetDev // setup more network devices for testing - FlagEnableNetReset // reset network namespace between programs - FlagEnableCgroups // setup cgroups for testing - FlagEnableCloseFds // close fds after each program - FlagEnableDevlinkPCI // setup devlink PCI device + FlagDebug EnvFlags = 1 << iota // debug output from executor + FlagSignal // collect feedback signals (coverage) + FlagSandboxSetuid // impersonate nobody user + FlagSandboxNamespace // use namespaces for sandboxing + FlagSandboxAndroid // use Android sandboxing for the untrusted_app domain + FlagExtraCover // collect extra coverage + FlagEnableTun // setup and use /dev/tun for packet injection + FlagEnableNetDev // setup more network devices for testing + FlagEnableNetReset // reset network namespace between programs + FlagEnableCgroups // setup cgroups for testing + FlagEnableCloseFds // close fds after each program + FlagEnableDevlinkPCI // setup devlink PCI device // Executor does not know about these: FlagUseShmem // use shared memory instead of pipes for communication FlagUseForkServer // use extended protocol with handshake @@ -134,10 +134,10 @@ func SandboxToFlags(sandbox string) (EnvFlags, error) { return FlagSandboxSetuid, nil case "namespace": return FlagSandboxNamespace, nil - case "android_untrusted_app": - return FlagSandboxAndroidUntrustedApp, nil + case "android": + return FlagSandboxAndroid, nil default: - return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android_untrusted_app") + return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android") } } @@ -146,8 +146,8 @@ func FlagsToSandbox(flags EnvFlags) string { return "setuid" } else if flags&FlagSandboxNamespace != 0 { return "namespace" - } else if flags&FlagSandboxAndroidUntrustedApp != 0 { - return "android_untrusted_app" + } else if flags&FlagSandboxAndroid != 0 { + return "android" } return "none" } @@ -542,7 +542,7 @@ func makeCommand(pid int, bin []string, config *Config, inFile, outFile *os.File } }() - if config.Flags&(FlagSandboxSetuid|FlagSandboxNamespace|FlagSandboxAndroidUntrustedApp) != 0 { + if config.Flags&(FlagSandboxSetuid|FlagSandboxNamespace|FlagSandboxAndroid) != 0 { if err := os.Chmod(dir, 0777); err != nil { return nil, fmt.Errorf("failed to chmod temp dir: %v", err) } diff --git a/pkg/ipc/ipcconfig/ipcconfig.go b/pkg/ipc/ipcconfig/ipcconfig.go index f2bd2028e..55e29fae4 100644 --- a/pkg/ipc/ipcconfig/ipcconfig.go +++ b/pkg/ipc/ipcconfig/ipcconfig.go @@ -16,7 +16,7 @@ var ( flagThreaded = flag.Bool("threaded", true, "use threaded mode in executor") flagCollide = flag.Bool("collide", true, "collide syscalls to provoke data races") flagSignal = flag.Bool("cover", false, "collect feedback signals (coverage)") - flagSandbox = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android_untrusted_app)") + flagSandbox = flag.String("sandbox", "none", "sandbox for fuzzing (none/setuid/namespace/android)") flagDebug = flag.Bool("debug", false, "debug output from executor") flagTimeout = flag.Duration("timeout", 0, "execution timeout") ) diff --git a/pkg/mgrconfig/config.go b/pkg/mgrconfig/config.go index ea03c429e..07df5d0c7 100644 --- a/pkg/mgrconfig/config.go +++ b/pkg/mgrconfig/config.go @@ -63,7 +63,7 @@ type Config struct { // "namespace": create a new namespace for fuzzer using CLONE_NEWNS/CLONE_NEWNET/CLONE_NEWPID/etc, // requires building kernel with CONFIG_NAMESPACES, CONFIG_UTS_NS, CONFIG_USER_NS, // CONFIG_PID_NS and CONFIG_NET_NS. Supported only for some OSes. - // "android_untrusted_app": (Android) Emulate permissions of an untrusted app. + // "android": (Android) Emulate permissions of an untrusted app. Sandbox string `json:"sandbox"` // Use KCOV coverage (default: true). diff --git a/pkg/mgrconfig/load.go b/pkg/mgrconfig/load.go index f02f3c59c..0733a9c2a 100644 --- a/pkg/mgrconfig/load.go +++ b/pkg/mgrconfig/load.go @@ -98,9 +98,9 @@ func Complete(cfg *Config) error { return fmt.Errorf("bad config param procs: '%v', want [1, 32]", cfg.Procs) } switch cfg.Sandbox { - case "none", "setuid", "namespace", "android_untrusted_app": + case "none", "setuid", "namespace", "android": default: - return fmt.Errorf("config param sandbox must contain one of none/setuid/namespace/android_untrusted_app") + return fmt.Errorf("config param sandbox must contain one of none/setuid/namespace/android") } if err := checkSSHParams(cfg); err != nil { return err diff --git a/syz-fuzzer/testing.go b/syz-fuzzer/testing.go index d38642dc8..95d9ca9c2 100644 --- a/syz-fuzzer/testing.go +++ b/syz-fuzzer/testing.go @@ -139,9 +139,9 @@ func checkMachine(args *checkArgs) (*rpctype.CheckArgs, error) { args.ipcConfig.Flags&ipc.FlagSandboxNamespace != 0 { return nil, fmt.Errorf("sandbox=namespace is not supported (%v)", feat.Reason) } - if feat := features[host.FeatureSandboxAndroidUntrustedApp]; !feat.Enabled && - args.ipcConfig.Flags&ipc.FlagSandboxAndroidUntrustedApp != 0 { - return nil, fmt.Errorf("sandbox=android_untrusted_app is not supported (%v)", feat.Reason) + if feat := features[host.FeatureSandboxAndroid]; !feat.Enabled && + args.ipcConfig.Flags&ipc.FlagSandboxAndroid != 0 { + return nil, fmt.Errorf("sandbox=android is not supported (%v)", feat.Reason) } if err := checkSimpleProgram(args, features); err != nil { return nil, err |