From fd918ffb967e49f3d5a504fd978d2ff20dd44b74 Mon Sep 17 00:00:00 2001 From: Jed Davis Date: Wed, 27 Jul 2022 19:41:04 +0000 Subject: [PATCH] Bug 1779312 - Rename `SANDBOX_LOG_ERROR` to just `SANDBOX_LOG`. r=glandium Originally this was written for B2G and used the Android logging facility, which (like syslog) includes a severity level. However, all current usage is on desktop where we just write to stderr, and there was never much demand to add support for any log levels besides "error". More importantly for the current situation, renaming the macro to `SANDBOX_LOG` avoids confusion between `SANDBOX_LOG_ERROR` and `SANDBOX_LOG_ERRNO` (or `SANDBOX_LOG_ERROR_ERRNO` or whatever). Differential Revision: https://phabricator.services.mozilla.com/D152097 --- security/sandbox/linux/Sandbox.cpp | 42 ++++++------ .../sandbox/linux/SandboxBrokerClient.cpp | 12 ++-- security/sandbox/linux/SandboxFilter.cpp | 68 +++++++++---------- security/sandbox/linux/SandboxLogging.h | 4 +- security/sandbox/linux/SandboxOpenedFiles.cpp | 6 +- .../sandbox/linux/SandboxReporterClient.cpp | 2 +- .../sandbox/linux/broker/SandboxBroker.cpp | 59 ++++++++-------- .../broker/SandboxBrokerPolicyFactory.cpp | 9 ++- security/sandbox/linux/glue/SandboxCrash.cpp | 19 +++--- .../sandbox/linux/launch/SandboxLaunch.cpp | 12 ++-- .../linux/reporter/SandboxReporter.cpp | 14 ++-- 11 files changed, 118 insertions(+), 129 deletions(-) diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp index eb28ac85821d..9263d4194746 100644 --- a/security/sandbox/linux/Sandbox.cpp +++ b/security/sandbox/linux/Sandbox.cpp @@ -142,7 +142,7 @@ MOZ_NEVER_INLINE static void SigSysHandler(int nr, siginfo_t* info, // TODO, someday when this is enabled on MIPS: include the two extra // args in the error message. - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "seccomp sandbox violation: pid %d, tid %d, syscall %d," " args %d %d %d %d %d %d.%s", report.mPid, report.mTid, report.mSyscall, report.mArgs[0], @@ -222,22 +222,21 @@ static void InstallSigSysHandler(void) { if (!aUseTSync && errno == ETXTBSY) { return false; } - SANDBOX_LOG_ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno)); + SANDBOX_LOG("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno)); MOZ_CRASH("prctl(PR_SET_NO_NEW_PRIVS)"); } if (aUseTSync) { if (syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC, aProg) != 0) { - SANDBOX_LOG_ERROR("thread-synchronized seccomp failed: %s", - strerror(errno)); + SANDBOX_LOG("thread-synchronized seccomp failed: %s", strerror(errno)); MOZ_CRASH("seccomp+tsync failed, but kernel supports tsync"); } } else { if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, (unsigned long)aProg, 0, 0)) { - SANDBOX_LOG_ERROR("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s", - strerror(errno)); + SANDBOX_LOG("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s", + strerror(errno)); MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)"); } } @@ -317,7 +316,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { myTid = syscall(__NR_gettid); taskdp = opendir("/proc/self/task"); if (taskdp == nullptr) { - SANDBOX_LOG_ERROR("opendir /proc/self/task: %s\n", strerror(errno)); + SANDBOX_LOG("opendir /proc/self/task: %s\n", strerror(errno)); MOZ_CRASH("failed while trying to open directory /proc/self/task"); } @@ -348,12 +347,12 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { gSetSandboxDone = 0; if (syscall(__NR_tgkill, pid, tid, tsyncSignum) != 0) { if (errno == ESRCH) { - SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid); + SANDBOX_LOG("Thread %d unexpectedly exited.", tid); // Rescan threads, in case it forked before exiting. sandboxProgress = true; continue; } - SANDBOX_LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno)); + SANDBOX_LOG("tgkill(%d,%d): %s\n", pid, tid, strerror(errno)); MOZ_CRASH("failed while trying to send a signal to a thread"); } // It's unlikely, but if the thread somehow manages to exit @@ -381,7 +380,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { if (syscall(__NR_futex, reinterpret_cast(&gSetSandboxDone), FUTEX_WAIT, 0, &futexTimeout) != 0) { if (errno != EWOULDBLOCK && errno != ETIMEDOUT && errno != EINTR) { - SANDBOX_LOG_ERROR("FUTEX_WAIT: %s\n", strerror(errno)); + SANDBOX_LOG("FUTEX_WAIT: %s\n", strerror(errno)); MOZ_CRASH("failed during FUTEX_WAIT"); } } @@ -395,7 +394,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { // Has the thread ceased to exist? if (syscall(__NR_tgkill, pid, tid, 0) != 0) { if (errno == ESRCH) { - SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid); + SANDBOX_LOG("Thread %d unexpectedly exited.", tid); } // Rescan threads, in case it forked before exiting. // Also, if it somehow failed in a way that wasn't ESRCH, @@ -408,7 +407,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { if (now.tv_sec > timeLimit.tv_sec || (now.tv_sec == timeLimit.tv_sec && now.tv_nsec > timeLimit.tv_nsec)) { - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "Thread %d unresponsive for %d seconds." " Killing process.", tid, crashDelay); @@ -424,8 +423,8 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) { oldHandler = signal(tsyncSignum, SIG_DFL); if (oldHandler != SetThreadSandboxHandler) { // See the comment on FindFreeSignalNumber about race conditions. - SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!", tsyncSignum, - oldHandler); + SANDBOX_LOG("handler for signal %d was changed to %p!", tsyncSignum, + oldHandler); MOZ_CRASH("handler for the signal was changed to another"); } gSeccompTsyncBroadcastSignum = 0; @@ -482,7 +481,7 @@ void SandboxEarlyInit() { // masked. const int tsyncSignum = FindFreeSignalNumber(); if (tsyncSignum == 0) { - SANDBOX_LOG_ERROR("No available signal numbers!"); + SANDBOX_LOG("No available signal numbers!"); MOZ_CRASH("failed while trying to find a free signal number"); } gSeccompTsyncBroadcastSignum = tsyncSignum; @@ -499,8 +498,7 @@ void SandboxEarlyInit() { } else { MOZ_CRASH("failed because the signal is in use by another handler"); } - SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n", tsyncSignum, - oldHandler); + SANDBOX_LOG("signal %d in use by handler %p!\n", tsyncSignum, oldHandler); } } } @@ -561,7 +559,7 @@ static void SetCurrentProcessSandbox( return sandbox::bpf_dsl::Trap( [](const sandbox::arch_seccomp_data&, void* aux) -> intptr_t { auto error = reinterpret_cast(aux); - SANDBOX_LOG_ERROR("Panic: %s", error); + SANDBOX_LOG("Panic: %s", error); MOZ_CRASH("Sandbox Panic"); // unreachable }, @@ -598,12 +596,12 @@ static void SetCurrentProcessSandbox( const SandboxInfo info = SandboxInfo::Get(); if (info.Test(SandboxInfo::kHasSeccompTSync)) { if (info.Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("using seccomp tsync"); + SANDBOX_LOG("using seccomp tsync"); } ApplySandboxWithTSync(&fprog); } else { if (info.Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("no tsync support; using signal broadcast"); + SANDBOX_LOG("no tsync support; using signal broadcast"); } BroadcastSetThreadSandbox(&fprog); } @@ -666,8 +664,8 @@ void SetMediaPluginSandbox(const char* aFilePath) { SandboxOpenedFile plugin(aFilePath); if (!plugin.IsOpen()) { - SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath, - strerror(errno)); + SANDBOX_LOG("failed to open plugin file %s: %s", aFilePath, + strerror(errno)); MOZ_CRASH("failed while trying to open the plugin file "); } diff --git a/security/sandbox/linux/SandboxBrokerClient.cpp b/security/sandbox/linux/SandboxBrokerClient.cpp index 321f4fd69dec..8dd8a2f5cfc7 100644 --- a/security/sandbox/linux/SandboxBrokerClient.cpp +++ b/security/sandbox/linux/SandboxBrokerClient.cpp @@ -47,11 +47,11 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath, getpid(), aPath + kProcSelfLen); if (static_cast(len) < sizeof(rewrittenPath)) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("rewriting %s -> %s", aPath, rewrittenPath); + SANDBOX_LOG("rewriting %s -> %s", aPath, rewrittenPath); } path = rewrittenPath; } else { - SANDBOX_LOG_ERROR("not rewriting unexpectedly long path %s", aPath); + SANDBOX_LOG("not rewriting unexpectedly long path %s", aPath); } } @@ -113,8 +113,8 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath, return -recvErrno; } if (recvd == 0) { - SANDBOX_LOG_ERROR("Unexpected EOF, op %d flags 0%o path %s", aReq->mOp, - aReq->mFlags, path); + SANDBOX_LOG("Unexpected EOF, op %d flags 0%o path %s", aReq->mOp, + aReq->mFlags, path); return -EIO; } MOZ_ASSERT(static_cast(recvd) <= ios[0].iov_len + ios[1].iov_len); @@ -132,8 +132,8 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath, // actually exist, if it's something that's optional or part of a // search path (e.g., shared libraries). In those cases, this // error message is expected. - SANDBOX_LOG_ERROR("Failed errno %d op %s flags 0%o path %s", resp.mError, - OperationDescription[aReq->mOp], aReq->mFlags, path); + SANDBOX_LOG("Failed errno %d op %s flags 0%o path %s", resp.mError, + OperationDescription[aReq->mOp], aReq->mFlags, path); } if (openedFd >= 0) { close(openedFd); diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index c786df47779c..e23070092d96 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -303,8 +303,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto path = reinterpret_cast(aArgs.args[1]); auto flags = static_cast(aArgs.args[2]); if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative openat(%d, \"%s\", 0%o)", fd, - path, flags); + SANDBOX_LOG("unsupported fd-relative openat(%d, \"%s\", 0%o)", fd, path, + flags); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Open(path, flags); @@ -323,8 +323,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { // Starting with kernel 5.8+ and glibc 2.33, there is faccessat2 that // supports flags, handled below. if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative faccessat(%d, \"%s\", %d)", fd, - path, mode); + SANDBOX_LOG("unsupported fd-relative faccessat(%d, \"%s\", %d)", fd, path, + mode); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Access(path, mode); @@ -337,9 +337,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto mode = static_cast(aArgs.args[2]); auto flags = static_cast(aArgs.args[3]); if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR( - "unsupported fd-relative faccessat2(%d, \"%s\", %d, %d)", fd, path, - mode, flags); + SANDBOX_LOG("unsupported fd-relative faccessat2(%d, \"%s\", %d, %d)", fd, + path, mode, flags); return BlockedSyscallTrap(aArgs, nullptr); } if ((flags & ~AT_EACCESS) == 0) { @@ -369,16 +368,15 @@ class SandboxPolicyCommon : public SandboxPolicyBase { } if (fd != AT_FDCWD && path && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)", - fd, path, buf, flags); + SANDBOX_LOG("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)", fd, + path, buf, flags); return BlockedSyscallTrap(aArgs, nullptr); } int badFlags = flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT); if (badFlags != 0) { - SANDBOX_LOG_ERROR( - "unsupported flags 0x%x in fstatat(%d, \"%s\", %p, 0x%x)", badFlags, - fd, path, buf, flags); + SANDBOX_LOG("unsupported flags 0x%x in fstatat(%d, \"%s\", %p, 0x%x)", + badFlags, fd, path, buf, flags); return BlockedSyscallTrap(aArgs, nullptr); } return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf) @@ -392,13 +390,13 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto mode = static_cast(aArgs.args[2]); auto flags = static_cast(aArgs.args[3]); if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative chmodat(%d, \"%s\", 0%o, %d)", - fd, path, mode, flags); + SANDBOX_LOG("unsupported fd-relative chmodat(%d, \"%s\", 0%o, %d)", fd, + path, mode, flags); return BlockedSyscallTrap(aArgs, nullptr); } if (flags != 0) { - SANDBOX_LOG_ERROR("unsupported flags in chmodat(%d, \"%s\", 0%o, %d)", fd, - path, mode, flags); + SANDBOX_LOG("unsupported flags in chmodat(%d, \"%s\", 0%o, %d)", fd, path, + mode, flags); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Chmod(path, mode); @@ -413,15 +411,14 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto flags = static_cast(aArgs.args[4]); if ((fd != AT_FDCWD && path[0] != '/') || (fd2 != AT_FDCWD && path2[0] != '/')) { - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "unsupported fd-relative linkat(%d, \"%s\", %d, \"%s\", 0x%x)", fd, path, fd2, path2, flags); return BlockedSyscallTrap(aArgs, nullptr); } if (flags != 0) { - SANDBOX_LOG_ERROR( - "unsupported flags in linkat(%d, \"%s\", %d, \"%s\", 0x%x)", fd, path, - fd2, path2, flags); + SANDBOX_LOG("unsupported flags in linkat(%d, \"%s\", %d, \"%s\", 0x%x)", + fd, path, fd2, path2, flags); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Link(path, path2); @@ -433,8 +430,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto fd2 = static_cast(aArgs.args[1]); auto path2 = reinterpret_cast(aArgs.args[2]); if (fd2 != AT_FDCWD && path2[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative symlinkat(\"%s\", %d, \"%s\")", - path, fd2, path2); + SANDBOX_LOG("unsupported fd-relative symlinkat(\"%s\", %d, \"%s\")", path, + fd2, path2); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Symlink(path, path2); @@ -448,9 +445,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto path2 = reinterpret_cast(aArgs.args[3]); if ((fd != AT_FDCWD && path[0] != '/') || (fd2 != AT_FDCWD && path2[0] != '/')) { - SANDBOX_LOG_ERROR( - "unsupported fd-relative renameat(%d, \"%s\", %d, \"%s\")", fd, path, - fd2, path2); + SANDBOX_LOG("unsupported fd-relative renameat(%d, \"%s\", %d, \"%s\")", + fd, path, fd2, path2); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Rename(path, path2); @@ -462,8 +458,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto path = reinterpret_cast(aArgs.args[1]); auto mode = static_cast(aArgs.args[2]); if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative mkdirat(%d, \"%s\", 0%o)", fd, - path, mode); + SANDBOX_LOG("unsupported fd-relative mkdirat(%d, \"%s\", 0%o)", fd, path, + mode); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Mkdir(path, mode); @@ -479,14 +475,14 @@ class SandboxPolicyCommon : public SandboxPolicyBase { return -ENOENT; } if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative unlinkat(%d, \"%s\", 0x%x)", - fd, path, flags); + SANDBOX_LOG("unsupported fd-relative unlinkat(%d, \"%s\", 0x%x)", fd, + path, flags); return BlockedSyscallTrap(aArgs, nullptr); } int badFlags = flags & ~AT_REMOVEDIR; if (badFlags != 0) { - SANDBOX_LOG_ERROR("unsupported flags 0x%x in unlinkat(%d, \"%s\", 0x%x)", - badFlags, fd, path, flags); + SANDBOX_LOG("unsupported flags 0x%x in unlinkat(%d, \"%s\", 0x%x)", + badFlags, fd, path, flags); return BlockedSyscallTrap(aArgs, nullptr); } return (flags & AT_REMOVEDIR) == 0 ? broker->Unlink(path) @@ -500,8 +496,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase { auto buf = reinterpret_cast(aArgs.args[2]); auto size = static_cast(aArgs.args[3]); if (fd != AT_FDCWD && path[0] != '/') { - SANDBOX_LOG_ERROR("unsupported fd-relative readlinkat(%d, %s, %p, %d)", - fd, path, buf, size); + SANDBOX_LOG("unsupported fd-relative readlinkat(%d, %s, %p, %d)", fd, + path, buf, size); return BlockedSyscallTrap(aArgs, nullptr); } return broker->Readlink(path, buf, size); @@ -1345,7 +1341,7 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { if (std::find(whitelist.begin(), whitelist.end(), sysno) != whitelist.end()) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Allowing syscall nr %d via whitelist", sysno); + SANDBOX_LOG("Allowing syscall nr %d via whitelist", sysno); } return Allow(); } @@ -1674,8 +1670,8 @@ class GMPSandboxPolicy : public SandboxPolicyCommon { } if ((flags & O_ACCMODE) != O_RDONLY) { - SANDBOX_LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)", - path, flags); + SANDBOX_LOG("non-read-only open of file %s attempted (flags=0%o)", path, + flags); return -EROFS; } int fd = files->GetDesc(path); diff --git a/security/sandbox/linux/SandboxLogging.h b/security/sandbox/linux/SandboxLogging.h index 3c85973ce4ca..b67124e3c233 100644 --- a/security/sandbox/linux/SandboxLogging.h +++ b/security/sandbox/linux/SandboxLogging.h @@ -7,7 +7,7 @@ #ifndef mozilla_SandboxLogging_h #define mozilla_SandboxLogging_h -// This header defines the SANDBOX_LOG_ERROR macro used in the Linux +// This header defines the SANDBOX_LOG macro used in the Linux // sandboxing code. It uses Android logging on Android and writes to // stderr otherwise. Android logging has severity levels; currently // only "error" severity is exposed here, and this isn't marked when @@ -43,7 +43,7 @@ void SandboxLogError(const char* aMessage); // Note that SafeSPrintf doesn't accept size modifiers or %u; all // decimal integers are %d, because it uses C++11 variadic templates // to use the actual argument type. -#define SANDBOX_LOG_ERROR(fmt, args...) \ +#define SANDBOX_LOG(fmt, args...) \ do { \ char _sandboxLogBuf[SANDBOX_LOG_LEN]; \ ::base::strings::SafeSPrintf(_sandboxLogBuf, fmt, ##args); \ diff --git a/security/sandbox/linux/SandboxOpenedFiles.cpp b/security/sandbox/linux/SandboxOpenedFiles.cpp index 05d0c03cef4f..45896169242f 100644 --- a/security/sandbox/linux/SandboxOpenedFiles.cpp +++ b/security/sandbox/linux/SandboxOpenedFiles.cpp @@ -45,14 +45,14 @@ int SandboxOpenedFile::GetDesc() const { if (fd >= 0) { fd = dup(fd); if (fd < 0) { - SANDBOX_LOG_ERROR("dup: %s", strerror(errno)); + SANDBOX_LOG("dup: %s", strerror(errno)); } } } else { fd = TakeDesc(); } if (fd < 0 && !mExpectError) { - SANDBOX_LOG_ERROR("unexpected multiple open of file %s", Path()); + SANDBOX_LOG("unexpected multiple open of file %s", Path()); } return fd; } @@ -70,7 +70,7 @@ int SandboxOpenedFiles::GetDesc(const char* aPath) const { return file.GetDesc(); } } - SANDBOX_LOG_ERROR("attempt to open unexpected file %s", aPath); + SANDBOX_LOG("attempt to open unexpected file %s", aPath); return -1; } diff --git a/security/sandbox/linux/SandboxReporterClient.cpp b/security/sandbox/linux/SandboxReporterClient.cpp index d869df991eac..4cad2c23cd45 100644 --- a/security/sandbox/linux/SandboxReporterClient.cpp +++ b/security/sandbox/linux/SandboxReporterClient.cpp @@ -81,7 +81,7 @@ void SandboxReporterClient::SendReport(const SandboxReport& aReport) { if (sent != sizeof(SandboxReport)) { MOZ_DIAGNOSTIC_ASSERT(sent == -1); - SANDBOX_LOG_ERROR("Failed to report rejected syscall: %s", strerror(errno)); + SANDBOX_LOG("Failed to report rejected syscall: %s", strerror(errno)); } } diff --git a/security/sandbox/linux/broker/SandboxBroker.cpp b/security/sandbox/linux/broker/SandboxBroker.cpp index a2bdfc2ea427..0eb181be33dc 100644 --- a/security/sandbox/linux/broker/SandboxBroker.cpp +++ b/security/sandbox/linux/broker/SandboxBroker.cpp @@ -47,7 +47,7 @@ SandboxBroker::SandboxBroker(UniquePtr aPolicy, int aChildPid, : mChildPid(aChildPid), mPolicy(std::move(aPolicy)) { int fds[2]; if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) { - SANDBOX_LOG_ERROR("SandboxBroker: socketpair failed: %s", strerror(errno)); + SANDBOX_LOG("SandboxBroker: socketpair failed: %s", strerror(errno)); mFileDesc = -1; aClientFd = -1; return; @@ -56,8 +56,7 @@ SandboxBroker::SandboxBroker(UniquePtr aPolicy, int aChildPid, aClientFd = fds[1]; if (!PlatformThread::Create(0, this, &mThread)) { - SANDBOX_LOG_ERROR("SandboxBroker: thread creation failed: %s", - strerror(errno)); + SANDBOX_LOG("SandboxBroker: thread creation failed: %s", strerror(errno)); close(mFileDesc); close(aClientFd); mFileDesc = -1; @@ -156,7 +155,7 @@ void SandboxBroker::Policy::AddPath(int aPerms, const char* aPath, MOZ_ASSERT(perms & MAY_ACCESS); if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("policy for %s: %d -> %d", aPath, perms, perms | aPerms); + SANDBOX_LOG("policy for %s: %d -> %d", aPath, perms, perms | aPerms); } perms |= aPerms; } @@ -237,8 +236,8 @@ void SandboxBroker::Policy::AddPrefixInternal(int aPerms, int newPerms = perms | aPerms | RECURSIVE; if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("policy for %s: %d -> %d", - PromiseFlatCString(aPath).get(), perms, newPerms); + SANDBOX_LOG("policy for %s: %d -> %d", PromiseFlatCString(aPath).get(), + perms, newPerms); } perms = newPerms; } @@ -302,7 +301,7 @@ void SandboxBroker::Policy::FixRecursivePermissions() { mMap.SwapElements(oldMap); if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("fixing recursive policy entries"); + SANDBOX_LOG("fixing recursive policy entries"); } for (const auto& entry : oldMap) { @@ -332,8 +331,8 @@ void SandboxBroker::Policy::FixRecursivePermissions() { // if a child is set with FORCE_DENY, do not compute inheritedPerms if ((localPerms & FORCE_DENY) == FORCE_DENY) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("skip inheritence policy for %s: %d", - PromiseFlatCString(path).get(), localPerms); + SANDBOX_LOG("skip inheritence policy for %s: %d", + PromiseFlatCString(path).get(), localPerms); } } else { inheritedPerms |= ancestorPerms & ~RECURSIVE; @@ -344,15 +343,15 @@ void SandboxBroker::Policy::FixRecursivePermissions() { const int newPerms = localPerms | inheritedPerms; if ((newPerms & ~RECURSIVE) == inheritedPerms) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("removing redundant %s: %d -> %d", - PromiseFlatCString(path).get(), localPerms, newPerms); + SANDBOX_LOG("removing redundant %s: %d -> %d", + PromiseFlatCString(path).get(), localPerms, newPerms); } // Skip adding this entry to the new map. continue; } if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("new policy for %s: %d -> %d", - PromiseFlatCString(path).get(), localPerms, newPerms); + SANDBOX_LOG("new policy for %s: %d -> %d", PromiseFlatCString(path).get(), + localPerms, newPerms); } mMap.InsertOrUpdate(path, newPerms); } @@ -627,7 +626,7 @@ int SandboxBroker::SymlinkPermissions(const char* aPath, ReverseSymlinks(nsDependentCString(pathBufSymlink, aPathLen)); if (!orig.IsEmpty()) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Reversing %s -> %s", aPath, orig.get()); + SANDBOX_LOG("Reversing %s -> %s", aPath, orig.get()); } base::strlcpy(pathBufSymlink, orig.get(), sizeof(pathBufSymlink)); } @@ -681,11 +680,11 @@ void SandboxBroker::ThreadMain(void) { // always try /tmp anyway in the substitution code if (NS_FAILED(rv) || mTempPath.IsEmpty()) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Tempdir: /tmp"); + SANDBOX_LOG("Tempdir: /tmp"); } } else { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Tempdir: %s", mTempPath.get()); + SANDBOX_LOG("Tempdir: %s", mTempPath.get()); } // If it's /tmp, clear it here so we don't compare against // it twice. Just let the fallback code do the work. @@ -721,7 +720,7 @@ void SandboxBroker::ThreadMain(void) { const ssize_t recvd = RecvWithFd(mFileDesc, ios, 2, &respfd); if (recvd == 0) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("EOF from pid %d", mChildPid); + SANDBOX_LOG("EOF from pid %d", mChildPid); } break; } @@ -729,18 +728,18 @@ void SandboxBroker::ThreadMain(void) { // at least in some cases, but protocol violation indicates a // hostile client, so terminate the broker instead. if (recvd < 0) { - SANDBOX_LOG_ERROR("bad read from pid %d: %s", mChildPid, strerror(errno)); + SANDBOX_LOG("bad read from pid %d: %s", mChildPid, strerror(errno)); shutdown(mFileDesc, SHUT_RD); break; } if (recvd < static_cast(sizeof(req))) { - SANDBOX_LOG_ERROR("bad read from pid %d (%d < %d)", mChildPid, recvd, - sizeof(req)); + SANDBOX_LOG("bad read from pid %d (%d < %d)", mChildPid, recvd, + sizeof(req)); shutdown(mFileDesc, SHUT_RD); break; } if (respfd == -1) { - SANDBOX_LOG_ERROR("no response fd from pid %d", mChildPid); + SANDBOX_LOG("no response fd from pid %d", mChildPid); shutdown(mFileDesc, SHUT_RD); break; } @@ -762,7 +761,7 @@ void SandboxBroker::ThreadMain(void) { // 0 terminated. size_t recvBufLen = static_cast(recvd) - sizeof(req); if (recvBufLen > 0 && recvBuf[recvBufLen - 1] != 0) { - SANDBOX_LOG_ERROR("corrupted path buffer from pid %d", mChildPid); + SANDBOX_LOG("corrupted path buffer from pid %d", mChildPid); shutdown(mFileDesc, SHUT_RD); break; } @@ -972,8 +971,8 @@ void SandboxBroker::ThreadMain(void) { nsDependentCString xlat(respBuf, respSize); if (!orig.Equals(xlat) && xlat[0] == '/') { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Recording mapping %s -> %s", xlat.get(), - orig.get()); + SANDBOX_LOG("Recording mapping %s -> %s", xlat.get(), + orig.get()); } mSymlinkMap.InsertOrUpdate(xlat, orig); } @@ -986,8 +985,8 @@ void SandboxBroker::ThreadMain(void) { if (!orig.Equals(resolvedXlat) && !xlat.Equals(resolvedXlat)) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Recording mapping %s -> %s", - resolvedXlat.get(), orig.get()); + SANDBOX_LOG("Recording mapping %s -> %s", + resolvedXlat.get(), orig.get()); } mSymlinkMap.InsertOrUpdate(resolvedXlat, orig); } @@ -1028,8 +1027,8 @@ void SandboxBroker::ThreadMain(void) { const size_t numIO = ios[1].iov_len > 0 ? 2 : 1; const ssize_t sent = SendWithFd(respfd, ios, numIO, openedFd); if (sent < 0) { - SANDBOX_LOG_ERROR("failed to send broker response to pid %d: %s", - mChildPid, strerror(errno)); + SANDBOX_LOG("failed to send broker response to pid %d: %s", mChildPid, + strerror(errno)); } else { MOZ_ASSERT(static_cast(sent) == ios[0].iov_len + ios[1].iov_len); } @@ -1072,7 +1071,7 @@ void SandboxBroker::AuditPermissive(int aOp, int aFlags, int aPerms, errno = 0; } - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "SandboxBroker: would have denied op=%s rflags=%o perms=%d path=%s for " "pid=%d" " permissive=1 error=\"%s\"", @@ -1083,7 +1082,7 @@ void SandboxBroker::AuditPermissive(int aOp, int aFlags, int aPerms, void SandboxBroker::AuditDenial(int aOp, int aFlags, int aPerms, const char* aPath) { if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "SandboxBroker: denied op=%s rflags=%o perms=%d path=%s for pid=%d", OperationDescription[aOp], aFlags, aPerms, aPath, mChildPid); } diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp index 3dbc66345440..7a54e6a66401 100644 --- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp +++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp @@ -142,7 +142,7 @@ static void JoinPathIfRelative(const nsACString& aCwd, const nsACString& inPath, nsACString& outPath) { if (inPath.Length() < 1) { outPath.Assign(aCwd); - SANDBOX_LOG_ERROR("Unjoinable path: %s", PromiseFlatCString(aCwd).get()); + SANDBOX_LOG("Unjoinable path: %s", PromiseFlatCString(aCwd).get()); return; } const char* startChar = inPath.BeginReading(); @@ -257,8 +257,8 @@ static void AddPathsFromFile(SandboxBroker::Policy* aPolicy, return; } if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Adding paths from %s to policy.", - PromiseFlatCString(aPath).get()); + SANDBOX_LOG("Adding paths from %s to policy.", + PromiseFlatCString(aPath).get()); } // Find the parent dir where this file sits in. @@ -273,8 +273,7 @@ static void AddPathsFromFile(SandboxBroker::Policy* aPolicy, return; } if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) { - SANDBOX_LOG_ERROR("Parent path is %s", - PromiseFlatCString(parentPath).get()); + SANDBOX_LOG("Parent path is %s", PromiseFlatCString(parentPath).get()); } AddPathsFromFileInternal(aPolicy, parentPath, aPath); } diff --git a/security/sandbox/linux/glue/SandboxCrash.cpp b/security/sandbox/linux/glue/SandboxCrash.cpp index d478cfa8b81f..9942925dbbc1 100644 --- a/security/sandbox/linux/glue/SandboxCrash.cpp +++ b/security/sandbox/linux/glue/SandboxCrash.cpp @@ -58,13 +58,12 @@ static void SandboxLogJSStack(void) { frame->GetName(cx, funName); if (!funName.IsVoid() || !fileName.IsVoid()) { - SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i, - funName.IsVoid() ? "(anonymous)" - : NS_ConvertUTF16toUTF8(funName).get(), - fileName.IsVoid() - ? "(no file)" - : NS_ConvertUTF16toUTF8(fileName).get(), - lineNumber); + SANDBOX_LOG("JS frame %d: %s %s line %d", i, + funName.IsVoid() ? "(anonymous)" + : NS_ConvertUTF16toUTF8(funName).get(), + fileName.IsVoid() ? "(no file)" + : NS_ConvertUTF16toUTF8(fileName).get(), + lineNumber); } frame = frame->GetCaller(cx); @@ -78,7 +77,7 @@ static void SandboxPrintStackFrame(uint32_t aFrameNumber, void* aPC, void* aSP, MozDescribeCodeAddress(aPC, &details); MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details); - SANDBOX_LOG_ERROR("frame %s", buf); + SANDBOX_LOG("frame %s", buf); } static void SandboxLogCStack(const void* aFirstFramePC) { @@ -87,7 +86,7 @@ static void SandboxLogCStack(const void* aFirstFramePC) { // x86 frame pointer walking may or may not work (bug 1082276). MozStackWalk(SandboxPrintStackFrame, aFirstFramePC, /* max */ 0, nullptr); - SANDBOX_LOG_ERROR("end of stack."); + SANDBOX_LOG("end of stack."); } static void SandboxCrash(int nr, siginfo_t* info, void* void_context, @@ -96,7 +95,7 @@ static void SandboxCrash(int nr, siginfo_t* info, void* void_context, bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context); if (!dumped) { - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "crash reporter is disabled (or failed);" " trying stack trace:"); SandboxLogCStack(aFirstFramePC); diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp index 02cf94cb24b2..6742abf53bd9 100644 --- a/security/sandbox/linux/launch/SandboxLaunch.cpp +++ b/security/sandbox/linux/launch/SandboxLaunch.cpp @@ -130,7 +130,7 @@ static bool IsGraphicsOkWithoutNetwork() { accessFlags = R_OK | W_OK; } if (access(socketPath.get(), accessFlags) != 0) { - SANDBOX_LOG_ERROR( + SANDBOX_LOG( "%s is inaccessible (%s); can't isolate network namespace in" " content processes", socketPath.get(), strerror(errno)); @@ -417,7 +417,7 @@ SandboxFork::SandboxFork(int aFlags, bool aChroot, int aServerFd, int aClientFd) int fds[2]; int rv = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, fds); if (rv != 0) { - SANDBOX_LOG_ERROR("socketpair: %s", strerror(errno)); + SANDBOX_LOG("socketpair: %s", strerror(errno)); MOZ_CRASH("socketpair failed"); } mChrootClient = fds[0]; @@ -452,7 +452,7 @@ static void BlockAllSignals(sigset_t* aOldSigs) { MOZ_RELEASE_ASSERT(rv == 0); rv = pthread_sigmask(SIG_BLOCK, &allSigs, aOldSigs); if (rv != 0) { - SANDBOX_LOG_ERROR("pthread_sigmask (block all): %s", strerror(rv)); + SANDBOX_LOG("pthread_sigmask (block all): %s", strerror(rv)); MOZ_CRASH("pthread_sigmask"); } } @@ -463,7 +463,7 @@ static void RestoreSignals(const sigset_t* aOldSigs) { // state right now: int rv = pthread_sigmask(SIG_SETMASK, aOldSigs, nullptr); if (rv != 0) { - SANDBOX_LOG_ERROR("pthread_sigmask (restore): %s", strerror(rv)); + SANDBOX_LOG("pthread_sigmask (restore): %s", strerror(rv)); MOZ_CRASH("pthread_sigmask"); } } @@ -592,7 +592,7 @@ static void ConfigureUserNamespace(uid_t uid, gid_t gid) { static void DropAllCaps() { if (!LinuxCapabilities().SetCurrent()) { - SANDBOX_LOG_ERROR("capset (drop all): %s", strerror(errno)); + SANDBOX_LOG("capset (drop all): %s", strerror(errno)); } } @@ -656,7 +656,7 @@ void SandboxFork::StartChrootServer() { LinuxCapabilities caps; caps.Effective(CAP_SYS_CHROOT) = true; if (!caps.SetCurrent()) { - SANDBOX_LOG_ERROR("capset (chroot helper): %s", strerror(errno)); + SANDBOX_LOG("capset (chroot helper): %s", strerror(errno)); MOZ_DIAGNOSTIC_ASSERT(false); } diff --git a/security/sandbox/linux/reporter/SandboxReporter.cpp b/security/sandbox/linux/reporter/SandboxReporter.cpp index 6512057b74f8..63c3e214fcb4 100644 --- a/security/sandbox/linux/reporter/SandboxReporter.cpp +++ b/security/sandbox/linux/reporter/SandboxReporter.cpp @@ -50,16 +50,14 @@ bool SandboxReporter::Init() { int fds[2]; if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) { - SANDBOX_LOG_ERROR("SandboxReporter: socketpair failed: %s", - strerror(errno)); + SANDBOX_LOG("SandboxReporter: socketpair failed: %s", strerror(errno)); return false; } mClientFd = fds[0]; mServerFd = fds[1]; if (!PlatformThread::Create(0, this, &mThread)) { - SANDBOX_LOG_ERROR("SandboxReporter: thread creation failed: %s", - strerror(errno)); + SANDBOX_LOG("SandboxReporter: thread creation failed: %s", strerror(errno)); close(mClientFd); close(mServerFd); mClientFd = mServerFd = -1; @@ -261,19 +259,19 @@ void SandboxReporter::ThreadMain(void) { if (errno == EINTR) { continue; } - SANDBOX_LOG_ERROR("SandboxReporter: recvmsg: %s", strerror(errno)); + SANDBOX_LOG("SandboxReporter: recvmsg: %s", strerror(errno)); } if (recvd <= 0) { break; } if (static_cast(recvd) < sizeof(rep)) { - SANDBOX_LOG_ERROR("SandboxReporter: packet too short (%d < %d)", recvd, - sizeof(rep)); + SANDBOX_LOG("SandboxReporter: packet too short (%d < %d)", recvd, + sizeof(rep)); continue; } if (msg.msg_flags & MSG_TRUNC) { - SANDBOX_LOG_ERROR("SandboxReporter: packet too long"); + SANDBOX_LOG("SandboxReporter: packet too long"); continue; }