| // Copyright 2019 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "debugd/src/probe_tool.h" |
| |
| #include <fcntl.h> |
| |
| #include <array> |
| #include <memory> |
| #include <string> |
| #include <utility> |
| #include <vector> |
| |
| #include <base/files/file_path.h> |
| #include <base/files/file_util.h> |
| #include <base/files/scoped_file.h> |
| #include <base/files/scoped_temp_dir.h> |
| #include <base/json/json_reader.h> |
| #include <base/json/json_writer.h> |
| #include <base/logging.h> |
| #include <base/optional.h> |
| #include <base/strings/string_number_conversions.h> |
| #include <base/strings/stringprintf.h> |
| #include <base/strings/string_split.h> |
| #include <base/values.h> |
| #include <brillo/errors/error_codes.h> |
| #include <build/build_config.h> |
| #include <build/buildflag.h> |
| #include <chromeos/dbus/service_constants.h> |
| #include <vboot/crossystem.h> |
| |
| #include "debugd/src/error_utils.h" |
| #include "debugd/src/sandboxed_process.h" |
| |
| namespace debugd { |
| |
| namespace { |
| constexpr char kErrorPath[] = "org.chromium.debugd.RunProbeFunctionError"; |
| constexpr char kSandboxInfoDir[] = "/etc/runtime_probe/sandbox"; |
| constexpr char kSandboxArgs[] = "/etc/runtime_probe/sandbox/args.json"; |
| constexpr std::array<const char*, 3> kBinaryAndArgs{"/usr/bin/runtime_probe", |
| "--helper", "--"}; |
| constexpr char kRunAs[] = "runtime_probe"; |
| |
| bool CreateNonblockingPipe(base::ScopedFD* read_fd, base::ScopedFD* write_fd) { |
| int pipe_fd[2]; |
| int ret = pipe2(pipe_fd, O_CLOEXEC | O_NONBLOCK); |
| if (ret != 0) { |
| PLOG(ERROR) << "Cannot create a pipe"; |
| return false; |
| } |
| read_fd->reset(pipe_fd[0]); |
| write_fd->reset(pipe_fd[1]); |
| return true; |
| } |
| |
| std::string GetStringFromValue(const base::Value& value) { |
| std::string json; |
| base::JSONWriter::WriteWithOptions( |
| value, base::JSONWriter::OPTIONS_PRETTY_PRINT, &json); |
| return json; |
| } |
| |
| bool AppendSandboxArgs(brillo::ErrorPtr* error, |
| const std::string& function_name, |
| std::vector<std::string>* parsed_args) { |
| std::string minijail_args_str; |
| if (!base::ReadFileToString(base::FilePath(kSandboxArgs), |
| &minijail_args_str)) { |
| DEBUGD_ADD_ERROR_FMT(error, kErrorPath, |
| "Failed to read minijail arguments from: %s", |
| kSandboxArgs); |
| return false; |
| } |
| auto minijail_args_dict = base::JSONReader::Read(minijail_args_str); |
| if (!minijail_args_dict || !minijail_args_dict->is_dict()) { |
| DEBUGD_ADD_ERROR_FMT(error, kErrorPath, |
| "Minijail arguments are not stored in dict. Expected " |
| "dict but got: %s", |
| minijail_args_str.c_str()); |
| return false; |
| } |
| const auto* minijail_args = minijail_args_dict->FindListKey(function_name); |
| if (!minijail_args) { |
| DEBUGD_ADD_ERROR_FMT(error, kErrorPath, |
| "Arguments of \"%s\" is not found in minijail " |
| "arguments file: %s", |
| function_name.c_str(), kSandboxArgs); |
| return false; |
| } |
| DVLOG(1) << "Minijail arguments: " << (*minijail_args); |
| for (const auto& arg : minijail_args->GetList()) { |
| if (!arg.is_string()) { |
| auto arg_str = GetStringFromValue(arg); |
| DEBUGD_ADD_ERROR_FMT( |
| error, kErrorPath, |
| "Failed to parse minijail arguments. Expected string but got: %s", |
| arg_str.c_str()); |
| return false; |
| } |
| parsed_args->push_back(arg.GetString()); |
| } |
| return true; |
| } |
| |
| base::Optional<std::string> GetFunctionNameFromProbeStatement( |
| brillo::ErrorPtr* error, const std::string& probe_statement) { |
| // The name of the probe function is the only key in the dictionary. |
| auto probe_statement_dict = base::JSONReader::Read(probe_statement); |
| if (!probe_statement_dict || !probe_statement_dict->is_dict()) { |
| DEBUGD_ADD_ERROR_FMT( |
| error, kErrorPath, |
| "Failed to parse probe statement. Expected json but got: %s", |
| probe_statement.c_str()); |
| return base::nullopt; |
| } |
| if (probe_statement_dict->DictSize() != 1) { |
| DEBUGD_ADD_ERROR_FMT( |
| error, kErrorPath, |
| "Expected only one probe function in probe statement but got: %zu", |
| probe_statement_dict->DictSize()); |
| return base::nullopt; |
| } |
| auto it = probe_statement_dict->DictItems().begin(); |
| const auto& function_name = it->first; |
| return function_name; |
| } |
| |
| std::unique_ptr<brillo::Process> CreateSandboxedProcess( |
| brillo::ErrorPtr* error, const std::string& probe_statement) { |
| const auto function_name = |
| GetFunctionNameFromProbeStatement(error, probe_statement); |
| if (!function_name) |
| return nullptr; |
| |
| auto sandboxed_process = std::make_unique<SandboxedProcess>(); |
| // The following is the general minijail set up for runtime_probe in debugd |
| // /dev/log needs to be bind mounted before any possible tmpfs mount on run |
| // See: |
| // minijail0 manpage (`man 1 minijail0` in cros\_sdk) |
| // https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md |
| std::vector<std::string> parsed_args{ |
| "-G", // Inherit all the supplementary groups |
| "-P", "/mnt/empty", // Set /mnt/empty as the root fs using pivot_root |
| "-b", "/", // Bind mount rootfs |
| "-b", "/proc", // Bind mount /proc |
| "-b", "/dev/log", // Enable logging |
| "-t", // Mount a tmpfs on /tmp |
| "-r", // Remount /proc readonly |
| "-d" // Mount /dev with a minimal set of nodes. |
| }; |
| if (!AppendSandboxArgs(error, *function_name, &parsed_args)) |
| return nullptr; |
| |
| sandboxed_process->SandboxAs(kRunAs, kRunAs); |
| const auto seccomp_path = base::FilePath{kSandboxInfoDir}.Append( |
| base::StringPrintf("%s-seccomp.policy", function_name->c_str())); |
| if (!base::PathExists(seccomp_path)) { |
| DEBUGD_ADD_ERROR_FMT(error, kErrorPath, |
| "Seccomp policy file of \"%s\" is not found at: %s", |
| function_name->c_str(), seccomp_path.value().c_str()); |
| return nullptr; |
| } |
| sandboxed_process->SetSeccompFilterPolicyFile(seccomp_path.MaybeAsASCII()); |
| DVLOG(1) << "Sandbox for " << (*function_name) << " is ready"; |
| if (!sandboxed_process->Init(parsed_args)) { |
| DEBUGD_ADD_ERROR(error, kErrorPath, |
| "Sandboxed process initialization failure"); |
| return nullptr; |
| } |
| return sandboxed_process; |
| } |
| |
| } // namespace |
| |
| bool ProbeTool::EvaluateProbeFunction( |
| brillo::ErrorPtr* error, |
| const std::string& probe_statement, |
| brillo::dbus_utils::FileDescriptor* outfd) { |
| // Details of sandboxing for probing should be centralized in a single |
| // directory. Sandboxing is mandatory when we don't allow debug features. |
| auto process = CreateSandboxedProcess(error, probe_statement); |
| if (process == nullptr) |
| return false; |
| |
| base::ScopedFD read_fd, write_fd; |
| if (!CreateNonblockingPipe(&read_fd, &write_fd)) { |
| DEBUGD_ADD_ERROR(error, kErrorPath, "Cannot create a pipe"); |
| return false; |
| } |
| |
| for (auto arg : kBinaryAndArgs) { |
| process->AddArg(arg); |
| } |
| process->AddArg(probe_statement); |
| process->BindFd(write_fd.get(), STDOUT_FILENO); |
| process->Start(); |
| process->Release(); |
| *outfd = std::move(read_fd); |
| return true; |
| } |
| |
| } // namespace debugd |