diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2021-05-14 01:04:15 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2021-05-14 01:04:15 +0000 |
| commit | 72fdc167981f971bd20c1e39094cb3ae35ca915a (patch) | |
| tree | 832aaffc3276b8ebfc0960c3d4bc4138ad8a6490 | |
| parent | 3f5fea41f1a142971ae197ca873d86f605965ab3 (diff) | |
| parent | f58d5792e4f726c41da8bd9a4285b05f2db5f6d1 (diff) | |
| download | minijail-android12-release.tar.gz | |
Snap for 7360053 from f58d5792e4f726c41da8bd9a4285b05f2db5f6d1 to sc-releaseandroid-vts-12.0_r9android-vts-12.0_r8android-vts-12.0_r7android-vts-12.0_r6android-vts-12.0_r5android-vts-12.0_r4android-vts-12.0_r3android-vts-12.0_r2android-vts-12.0_r12android-vts-12.0_r11android-vts-12.0_r10android-vts-12.0_r1android-security-12.0.0_r59android-security-12.0.0_r58android-security-12.0.0_r57android-security-12.0.0_r56android-security-12.0.0_r55android-security-12.0.0_r54android-security-12.0.0_r53android-security-12.0.0_r52android-security-12.0.0_r51android-security-12.0.0_r50android-security-12.0.0_r49android-security-12.0.0_r48android-security-12.0.0_r47android-security-12.0.0_r46android-security-12.0.0_r45android-security-12.0.0_r44android-security-12.0.0_r43android-security-12.0.0_r42android-security-12.0.0_r41android-security-12.0.0_r40android-security-12.0.0_r39android-security-12.0.0_r38android-security-12.0.0_r37android-security-12.0.0_r36android-security-12.0.0_r35android-security-12.0.0_r34android-platform-12.0.0_r9android-platform-12.0.0_r8android-platform-12.0.0_r7android-platform-12.0.0_r6android-platform-12.0.0_r5android-platform-12.0.0_r4android-platform-12.0.0_r31android-platform-12.0.0_r30android-platform-12.0.0_r3android-platform-12.0.0_r29android-platform-12.0.0_r28android-platform-12.0.0_r27android-platform-12.0.0_r26android-platform-12.0.0_r25android-platform-12.0.0_r24android-platform-12.0.0_r23android-platform-12.0.0_r22android-platform-12.0.0_r21android-platform-12.0.0_r20android-platform-12.0.0_r2android-platform-12.0.0_r19android-platform-12.0.0_r18android-platform-12.0.0_r17android-platform-12.0.0_r16android-platform-12.0.0_r15android-platform-12.0.0_r14android-platform-12.0.0_r13android-platform-12.0.0_r12android-platform-12.0.0_r11android-platform-12.0.0_r10android-platform-12.0.0_r1android-cts-12.0_r9android-cts-12.0_r8android-cts-12.0_r7android-cts-12.0_r6android-cts-12.0_r5android-cts-12.0_r4android-cts-12.0_r3android-cts-12.0_r2android-cts-12.0_r12android-cts-12.0_r11android-cts-12.0_r10android-cts-12.0_r1android-12.0.0_r9android-12.0.0_r8android-12.0.0_r34android-12.0.0_r33android-12.0.0_r31android-12.0.0_r30android-12.0.0_r3android-12.0.0_r25android-12.0.0_r2android-12.0.0_r11android-12.0.0_r10android-12.0.0_r1android12-tests-releaseandroid12-security-releaseandroid12-s5-releaseandroid12-s4-releaseandroid12-s3-releaseandroid12-s2-releaseandroid12-s1-releaseandroid12-releaseandroid12-platform-release
Change-Id: I0767b62a8c39e223704091a573989864e3189c54
| -rw-r--r-- | libminijail.c | 20 | ||||
| -rw-r--r-- | libminijail.h | 10 | ||||
| -rw-r--r-- | libminijail_unittest.cc | 4 | ||||
| -rw-r--r-- | rust/minijail-sys/libminijail.rs | 3 | ||||
| -rw-r--r-- | rust/minijail/src/lib.rs | 25 |
5 files changed, 62 insertions, 0 deletions
diff --git a/libminijail.c b/libminijail.c index b09a05c..0820dbb 100644 --- a/libminijail.c +++ b/libminijail.c @@ -2518,6 +2518,26 @@ error: return err; } +int API minijail_copy_jail(const struct minijail *from, struct minijail *out) +{ + size_t sz = minijail_size(from); + if (!sz) + return -EINVAL; + + char *buf = malloc(sz); + if (!buf) + return -ENOMEM; + + int err = minijail_marshal(from, buf, sz); + if (err) + goto error; + + err = minijail_unmarshal(out, buf, sz); +error: + free(buf); + return err; +} + static int setup_preload(const struct minijail *j attribute_unused, char ***child_env attribute_unused) { diff --git a/libminijail.h b/libminijail.h index 067fabd..cfd42d2 100644 --- a/libminijail.h +++ b/libminijail.h @@ -484,6 +484,16 @@ int minijail_wait(struct minijail *j); void minijail_destroy(struct minijail *j); /* + * Deep copies the minijail in |from| to |out| providing two identical jails + * that can be used to contain separate children created with minijail_fork(). + * + * Duplicating a jail is invalid after a jail has been passed to + * minijail_fork(). Many minijail_*() calls will yield undefined + * results when called on a jail duplicated post-fork. + */ +int minijail_copy_jail(const struct minijail *from, struct minijail *out); + +/* * minijail_log_to_fd: redirects the module-wide logging to an FD instead of * syslog. * @fd FD to log to. Caller must ensure this is available after diff --git a/libminijail_unittest.cc b/libminijail_unittest.cc index 521982f..78e3cfb 100644 --- a/libminijail_unittest.cc +++ b/libminijail_unittest.cc @@ -221,6 +221,10 @@ TEST_F(MarshalTest, 0xff) { EXPECT_EQ(-EINVAL, minijail_unmarshal(j_, buf_, sizeof(buf_))); } +TEST_F(MarshalTest, copy_empty) { + ASSERT_EQ(0, minijail_copy_jail(m_, j_)); +} + TEST(KillTest, running_process) { const ScopedMinijail j(minijail_new()); char* const argv[] = {"sh", "-c", "sleep 1000", nullptr}; diff --git a/rust/minijail-sys/libminijail.rs b/rust/minijail-sys/libminijail.rs index aa613cb..594a479 100644 --- a/rust/minijail-sys/libminijail.rs +++ b/rust/minijail-sys/libminijail.rs @@ -286,6 +286,9 @@ extern "C" { ) -> ::std::os::raw::c_int; } extern "C" { + pub fn minijail_copy_jail(from: *const minijail, out: *mut minijail) -> ::std::os::raw::c_int; +} +extern "C" { pub fn minijail_add_hook( j: *mut minijail, hook: minijail_hook_t, diff --git a/rust/minijail/src/lib.rs b/rust/minijail/src/lib.rs index ba9c8af..ba59075 100644 --- a/rust/minijail/src/lib.rs +++ b/rust/minijail/src/lib.rs @@ -266,6 +266,22 @@ impl Minijail { Ok(Minijail { jail: j }) } + /// Clones self to a new `Minijail`. Useful because `fork` can only be called once on a + /// `Minijail`. + pub fn try_clone(&self) -> Result<Minijail> { + let jail_out = Minijail::new()?; + unsafe { + // Safe to clone one minijail to the other as minijail_clone doesn't modify the source + // jail(`self`) and leaves a valid minijail in the destination(`jail_out`). + let ret = minijail_copy_jail(self.jail, jail_out.jail); + if ret < 0 { + return Err(Error::ReturnCode(ret as u8)); + } + } + + Ok(jail_out) + } + // The following functions are safe because they only set values in the // struct already owned by minijail. The struct's lifetime is tied to // `struct Minijail` so it is guaranteed to be valid @@ -991,6 +1007,15 @@ mod tests { } #[test] + fn run_clone() { + let j = Minijail::new().unwrap(); + let b = j.try_clone().unwrap(); + // Pass the same FDs to both clones and make sure they don't conflict. + j.run("/bin/true", &[1, 2], &EMPTY_STRING_SLICE).unwrap(); + b.run("/bin/true", &[1, 2], &EMPTY_STRING_SLICE).unwrap(); + } + + #[test] fn run_string_vec() { let j = Minijail::new().unwrap(); let args = vec!["ignored".to_string()]; |