• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* util.h
2  * Copyright 2012 The ChromiumOS Authors
3  * Use of this source code is governed by a BSD-style license that can be
4  * found in the LICENSE file.
5  *
6  * Logging and other utility functions.
7  */
8 
9 #ifndef _UTIL_H_
10 #define _UTIL_H_
11 
12 #include <stdbool.h>
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <sys/types.h>
17 #include <syslog.h>
18 #include <unistd.h>
19 
20 #include "libsyscalls.h"
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 /*
27  * Silence compiler warnings for unused variables/functions.
28  *
29  * If the definition is actually used, the attribute should be removed, but if
30  * it's forgotten or left in place, it doesn't cause a problem.
31  *
32  * If the definition is actually unused, the compiler is free to remove it from
33  * the output so as to save size.  If you want to make sure the definition is
34  * kept (e.g. for ABI compatibility), look at the "used" attribute instead.
35  */
36 #define attribute_unused __attribute__((__unused__))
37 
38 /*
39  * Mark the symbol as "weak" in the ELF output.  This provides a fallback symbol
40  * that may be overriden at link time.  See this page for more details:
41  * https://en.wikipedia.org/wiki/Weak_symbol
42  */
43 #define attribute_weak __attribute__((__weak__))
44 
45 /*
46  * Mark the function as a printf-style function.
47  * @format_idx The index in the function argument list where the format string
48  *             is passed (where the first argument is "1").
49  * @check_idx The index in the function argument list where the first argument
50  *            used in the format string is passed.
51  * Some examples:
52  *   foo([1] const char *format, [2] ...): format=1 check=2
53  *   foo([1] int, [2] const char *format, [3] ...): format=2 check=3
54  *   foo([1] const char *format, [2] const char *, [3] ...): format=1 check=3
55  */
56 #define attribute_printf(format_idx, check_idx) \
57 	__attribute__((__format__(__printf__, format_idx, check_idx)))
58 
59 #ifndef __cplusplus
60 /* If writing C++, use std::unique_ptr with a destructor instead. */
61 
62 /*
63  * Mark a local variable for automatic cleanup when exiting its scope.
64  * See attribute_cleanup_fp as an example below.
65  * Make sure any variable using this is always initialized to something.
66  * @func The function to call on (a pointer to) the variable.
67  */
68 #define attribute_cleanup(func) \
69 	__attribute__((__cleanup__(func)))
70 
71 /*
72  * Automatically close a FILE* when exiting its scope.
73  * Make sure the pointer is always initialized.
74  * Some examples:
75  *   attribute_cleanup_fp FILE *fp = fopen(...);
76  *   attribute_cleanup_fp FILE *fp = NULL;
77  *   ...
78  *   fp = fopen(...);
79  *
80  * NB: This will automatically close the underlying fd, so do not use this
81  * with fdopen calls if the fd should be left open.
82  */
83 #define attribute_cleanup_fp attribute_cleanup(_cleanup_fp)
_cleanup_fp(FILE ** fp)84 static inline void _cleanup_fp(FILE **fp)
85 {
86 	if (*fp)
87 		fclose(*fp);
88 }
89 
90 /*
91  * Automatically close a fd when exiting its scope.
92  * Make sure the fd is always initialized.
93  * Some examples:
94  *   attribute_cleanup_fd int fd = open(...);
95  *   attribute_cleanup_fd int fd = -1;
96  *   ...
97  *   fd = open(...);
98  *
99  * NB: Be careful when using this with attribute_cleanup_fp and fdopen.
100  */
101 #define attribute_cleanup_fd attribute_cleanup(_cleanup_fd)
_cleanup_fd(int * fd)102 static inline void _cleanup_fd(int *fd)
103 {
104 	if (*fd >= 0)
105 		close(*fd);
106 }
107 
108 /*
109  * Automatically free a heap allocation when exiting its scope.
110  * Make sure the pointer is always initialized.
111  * Some examples:
112  *   attribute_cleanup_str char *s = strdup(...);
113  *   attribute_cleanup_str char *s = NULL;
114  *   ...
115  *   s = strdup(...);
116  */
117 #define attribute_cleanup_str attribute_cleanup(_cleanup_str)
_cleanup_str(char ** ptr)118 static inline void _cleanup_str(char **ptr)
119 {
120 	free(*ptr);
121 }
122 
123 #endif /* __cplusplus */
124 
125 /* clang-format off */
126 #define die(_msg, ...) \
127 	do_fatal_log(LOG_ERR, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
128 
129 #define pdie(_msg, ...) \
130 	die(_msg ": %m", ## __VA_ARGS__)
131 
132 #define warn(_msg, ...) \
133 	do_log(LOG_WARNING, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
134 
135 #define pwarn(_msg, ...) \
136 	warn(_msg ": %m", ## __VA_ARGS__)
137 
138 #define info(_msg, ...) \
139 	do_log(LOG_INFO, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
140 
141 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
142 /* clang-format on */
143 
144 extern const char *const log_syscalls[];
145 extern const size_t log_syscalls_len;
146 
147 enum logging_system_t {
148 	/* Log to syslog. This is the default. */
149 	LOG_TO_SYSLOG = 0,
150 
151 	/* Log to a file descriptor. */
152 	LOG_TO_FD,
153 };
154 
155 /*
156  * Even though this function internally calls abort(2)/exit(2), it is
157  * intentionally not marked with the noreturn attribute. When marked as
158  * noreturn, clang coalesces several of the do_fatal_log() calls in methods that
159  * have a large number of such calls (like minijail_enter()), making it
160  * impossible for breakpad to correctly identify the line where it was called,
161  * making the backtrace somewhat useless.
162  */
163 extern void do_fatal_log(int priority, const char *format, ...)
164     attribute_printf(2, 3);
165 
166 extern void do_log(int priority, const char *format, ...)
167     attribute_printf(2, 3);
168 
is_android(void)169 static inline int is_android(void)
170 {
171 #if defined(__ANDROID__)
172 	return 1;
173 #else
174 	return 0;
175 #endif
176 }
177 
compiled_with_asan(void)178 static inline bool compiled_with_asan(void)
179 {
180 #if defined(__SANITIZE_ADDRESS__)
181 	/* For gcc. */
182 	return true;
183 #elif defined(__has_feature)
184 	/* For clang. */
185 	return __has_feature(address_sanitizer) ||
186 	       __has_feature(hwaddress_sanitizer);
187 #else
188 	return false;
189 #endif
190 }
191 
192 void __asan_init(void) attribute_weak;
193 void __hwasan_init(void) attribute_weak;
194 
running_with_asan(void)195 static inline bool running_with_asan(void)
196 {
197 	/*
198 	 * There are some configurations under which ASan needs a dynamic (as
199 	 * opposed to compile-time) test. Some Android processes that start
200 	 * before /data is mounted run with non-instrumented libminijail.so, so
201 	 * the symbol-sniffing code must be present to make the right decision.
202 	 */
203 	return compiled_with_asan() || &__asan_init != 0 || &__hwasan_init != 0;
204 }
205 
debug_logging_allowed(void)206 static inline bool debug_logging_allowed(void)
207 {
208 #if defined(ALLOW_DEBUG_LOGGING)
209 	return true;
210 #else
211 	return false;
212 #endif
213 }
214 
seccomp_default_ret_log(void)215 static inline bool seccomp_default_ret_log(void)
216 {
217 #if defined(SECCOMP_DEFAULT_RET_LOG)
218 	return true;
219 #else
220 	return false;
221 #endif
222 }
223 
block_symlinks_in_bindmount_paths(void)224 static inline bool block_symlinks_in_bindmount_paths(void)
225 {
226 #if defined(BLOCK_SYMLINKS_IN_BINDMOUNT_PATHS)
227 	return true;
228 #else
229 	return false;
230 #endif
231 }
232 
block_symlinks_in_noninit_mountns_tmp(void)233 static inline bool block_symlinks_in_noninit_mountns_tmp(void)
234 {
235 #if defined(BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP)
236 	return true;
237 #else
238 	return false;
239 #endif
240 }
241 
get_num_syscalls(void)242 static inline size_t get_num_syscalls(void)
243 {
244 	return syscall_table_size;
245 }
246 
247 int lookup_syscall(const char *name, size_t *ind);
248 const char *lookup_syscall_name(int nr);
249 
250 long int parse_single_constant(char *constant_str, char **endptr);
251 long int parse_constant(char *constant_str, char **endptr);
252 int parse_size(size_t *size, const char *sizespec);
253 
254 char *strip(char *s);
255 
256 /*
257  * streq: determine whether two strings are equal.
258  */
streq(const char * s1,const char * s2)259 static inline bool streq(const char *s1, const char *s2)
260 {
261 	return strcmp(s1, s2) == 0;
262 }
263 
264 /*
265  * tokenize: locate the next token in @stringp using the @delim
266  * @stringp A pointer to the string to scan for tokens
267  * @delim   The delimiter to split by
268  *
269  * Note that, unlike strtok, @delim is not a set of characters, but the full
270  * delimiter.  e.g. "a,;b,;c" with a delim of ",;" will yield ["a","b","c"].
271  *
272  * Note that, unlike strtok, this may return an empty token.  e.g. "a,,b" with
273  * strtok will yield ["a","b"], but this will yield ["a","","b"].
274  */
275 char *tokenize(char **stringp, const char *delim);
276 
277 char *path_join(const char *external_path, const char *internal_path);
278 
279 /*
280  * path_is_parent: checks whether @parent is a parent of @child.
281  * Note: this function does not evaluate '.' or '..' nor does it resolve
282  * symlinks.
283  */
284 bool path_is_parent(const char *parent, const char *child);
285 
286 /*
287  * consumebytes: consumes @length bytes from a buffer @buf of length @buflength
288  * @length    Number of bytes to consume
289  * @buf       Buffer to consume from
290  * @buflength Size of @buf
291  *
292  * Returns a pointer to the base of the bytes, or NULL for errors.
293  */
294 void *consumebytes(size_t length, char **buf, size_t *buflength);
295 
296 /*
297  * consumestr: consumes a C string from a buffer @buf of length @length
298  * @buf    Buffer to consume
299  * @length Length of buffer
300  *
301  * Returns a pointer to the base of the string, or NULL for errors.
302  */
303 char *consumestr(char **buf, size_t *buflength);
304 
305 /*
306  * init_logging: initializes the module-wide logging.
307  * @logger       The logging system to use.
308  * @fd           The file descriptor to log into. Ignored unless
309  *               @logger = LOG_TO_FD.
310  * @min_priority The minimum priority to display. Corresponds to syslog's
311  *               priority parameter. Ignored unless @logger = LOG_TO_FD.
312  */
313 void init_logging(enum logging_system_t logger, int fd, int min_priority);
314 
315 /*
316  * minjail_free_env: Frees an environment array plus the environment strings it
317  * points to. The environment and its constituent strings must have been
318  * allocated (as opposed to pointing to static data), e.g. by using
319  * minijail_copy_env() and minijail_setenv().
320  *
321  * @env The environment to free.
322  */
323 void minijail_free_env(char **env);
324 
325 /*
326  * minjail_copy_env: Copy an environment array (such as passed to execve),
327  * duplicating the environment strings and the array pointing at them.
328  *
329  * @env The environment to copy.
330  *
331  * Returns a pointer to the copied environment or NULL on memory allocation
332  * failure.
333  */
334 char **minijail_copy_env(char *const *env);
335 
336 /*
337  * minjail_setenv: Set an environment variable in @env. Semantics match the
338  * standard setenv() function, but this operates on @env, not the global
339  * environment. @env must be dynamically allocated (as opposed to pointing to
340  * static data), e.g. via minijail_copy_env(). @name and @value get copied into
341  * newly-allocated memory.
342  *
343  * @env       Address of the environment to modify. Might be re-allocated to
344  *            make room for the new entry.
345  * @name      Name of the key to set.
346  * @value     The value to set.
347  * @overwrite Whether to replace the existing value for @name. If non-zero and
348  *            the entry is already present, no changes will be made.
349  *
350  * Returns 0 and modifies *@env on success, returns an error code otherwise.
351  */
352 int minijail_setenv(char ***env, const char *name, const char *value,
353 		    int overwrite);
354 
355 /*
356  * getmultiline: This is like getline() but supports line wrapping with \.
357  *
358  * @lineptr    Address of a buffer that a mutli-line is stored.
359  * @n          Number of bytes stored in *lineptr.
360  * @stream     Input stream to read from.
361  *
362  * Returns number of bytes read or -1 on failure to read (including EOF).
363  */
364 ssize_t getmultiline(char **lineptr, size_t *n, FILE *stream);
365 
366 /*
367  * minjail_getenv: Get an environment variable from @envp. Semantics match the
368  * standard getenv() function, but this operates on @envp, not the global
369  * environment (usually referred to as `extern char **environ`).
370  *
371  * @env       Address of the environment to read from.
372  * @name      Name of the key to get.
373  *
374  * Returns a pointer to the corresponding environment value. The caller must
375  * take care not to modify the pointed value, as this points directly to memory
376  * pointed to by @envp.
377  * If the environment variable name is not found, returns NULL.
378  */
379 char *minijail_getenv(char **env, const char *name);
380 
381 /*
382  * minjail_unsetenv: Clear the environment variable @name from the @envp array
383  * of pointers to strings that have the KEY=VALUE format. If the operation is
384  * successful, the array will contain one item less than before the call.
385  * Only the first occurence is removed.
386  *
387  * @envp      Address of the environment to clear the variable from.
388  * @name      Name of the variable to clear.
389  *
390  * Returns false and modifies *@envp on success, returns true otherwise.
391  */
392 bool minijail_unsetenv(char **envp, const char *name);
393 
394 #ifdef __cplusplus
395 }; /* extern "C" */
396 #endif
397 
398 #endif /* _UTIL_H_ */
399