1 /* util.h
2 * Copyright 2012 The ChromiumOS Authors
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
5 *
6 * Logging and other utility functions.
7 */
8
9 #ifndef _UTIL_H_
10 #define _UTIL_H_
11
12 #include <stdbool.h>
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <sys/types.h>
17 #include <syslog.h>
18 #include <unistd.h>
19
20 #include "libsyscalls.h"
21
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25
26 /*
27 * Silence compiler warnings for unused variables/functions.
28 *
29 * If the definition is actually used, the attribute should be removed, but if
30 * it's forgotten or left in place, it doesn't cause a problem.
31 *
32 * If the definition is actually unused, the compiler is free to remove it from
33 * the output so as to save size. If you want to make sure the definition is
34 * kept (e.g. for ABI compatibility), look at the "used" attribute instead.
35 */
36 #define attribute_unused __attribute__((__unused__))
37
38 /*
39 * Mark the symbol as "weak" in the ELF output. This provides a fallback symbol
40 * that may be overriden at link time. See this page for more details:
41 * https://en.wikipedia.org/wiki/Weak_symbol
42 */
43 #define attribute_weak __attribute__((__weak__))
44
45 /*
46 * Mark the function as a printf-style function.
47 * @format_idx The index in the function argument list where the format string
48 * is passed (where the first argument is "1").
49 * @check_idx The index in the function argument list where the first argument
50 * used in the format string is passed.
51 * Some examples:
52 * foo([1] const char *format, [2] ...): format=1 check=2
53 * foo([1] int, [2] const char *format, [3] ...): format=2 check=3
54 * foo([1] const char *format, [2] const char *, [3] ...): format=1 check=3
55 */
56 #define attribute_printf(format_idx, check_idx) \
57 __attribute__((__format__(__printf__, format_idx, check_idx)))
58
59 #ifndef __cplusplus
60 /* If writing C++, use std::unique_ptr with a destructor instead. */
61
62 /*
63 * Mark a local variable for automatic cleanup when exiting its scope.
64 * See attribute_cleanup_fp as an example below.
65 * Make sure any variable using this is always initialized to something.
66 * @func The function to call on (a pointer to) the variable.
67 */
68 #define attribute_cleanup(func) \
69 __attribute__((__cleanup__(func)))
70
71 /*
72 * Automatically close a FILE* when exiting its scope.
73 * Make sure the pointer is always initialized.
74 * Some examples:
75 * attribute_cleanup_fp FILE *fp = fopen(...);
76 * attribute_cleanup_fp FILE *fp = NULL;
77 * ...
78 * fp = fopen(...);
79 *
80 * NB: This will automatically close the underlying fd, so do not use this
81 * with fdopen calls if the fd should be left open.
82 */
83 #define attribute_cleanup_fp attribute_cleanup(_cleanup_fp)
_cleanup_fp(FILE ** fp)84 static inline void _cleanup_fp(FILE **fp)
85 {
86 if (*fp)
87 fclose(*fp);
88 }
89
90 /*
91 * Automatically close a fd when exiting its scope.
92 * Make sure the fd is always initialized.
93 * Some examples:
94 * attribute_cleanup_fd int fd = open(...);
95 * attribute_cleanup_fd int fd = -1;
96 * ...
97 * fd = open(...);
98 *
99 * NB: Be careful when using this with attribute_cleanup_fp and fdopen.
100 */
101 #define attribute_cleanup_fd attribute_cleanup(_cleanup_fd)
_cleanup_fd(int * fd)102 static inline void _cleanup_fd(int *fd)
103 {
104 if (*fd >= 0)
105 close(*fd);
106 }
107
108 /*
109 * Automatically free a heap allocation when exiting its scope.
110 * Make sure the pointer is always initialized.
111 * Some examples:
112 * attribute_cleanup_str char *s = strdup(...);
113 * attribute_cleanup_str char *s = NULL;
114 * ...
115 * s = strdup(...);
116 */
117 #define attribute_cleanup_str attribute_cleanup(_cleanup_str)
_cleanup_str(char ** ptr)118 static inline void _cleanup_str(char **ptr)
119 {
120 free(*ptr);
121 }
122
123 #endif /* __cplusplus */
124
125 /* clang-format off */
126 #define die(_msg, ...) \
127 do_fatal_log(LOG_ERR, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
128
129 #define pdie(_msg, ...) \
130 die(_msg ": %m", ## __VA_ARGS__)
131
132 #define warn(_msg, ...) \
133 do_log(LOG_WARNING, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
134
135 #define pwarn(_msg, ...) \
136 warn(_msg ": %m", ## __VA_ARGS__)
137
138 #define info(_msg, ...) \
139 do_log(LOG_INFO, "libminijail[%d]: " _msg, getpid(), ## __VA_ARGS__)
140
141 #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
142 /* clang-format on */
143
144 extern const char *const log_syscalls[];
145 extern const size_t log_syscalls_len;
146
147 enum logging_system_t {
148 /* Log to syslog. This is the default. */
149 LOG_TO_SYSLOG = 0,
150
151 /* Log to a file descriptor. */
152 LOG_TO_FD,
153 };
154
155 /*
156 * Even though this function internally calls abort(2)/exit(2), it is
157 * intentionally not marked with the noreturn attribute. When marked as
158 * noreturn, clang coalesces several of the do_fatal_log() calls in methods that
159 * have a large number of such calls (like minijail_enter()), making it
160 * impossible for breakpad to correctly identify the line where it was called,
161 * making the backtrace somewhat useless.
162 */
163 extern void do_fatal_log(int priority, const char *format, ...)
164 attribute_printf(2, 3);
165
166 extern void do_log(int priority, const char *format, ...)
167 attribute_printf(2, 3);
168
is_android(void)169 static inline int is_android(void)
170 {
171 #if defined(__ANDROID__)
172 return 1;
173 #else
174 return 0;
175 #endif
176 }
177
compiled_with_asan(void)178 static inline bool compiled_with_asan(void)
179 {
180 #if defined(__SANITIZE_ADDRESS__)
181 /* For gcc. */
182 return true;
183 #elif defined(__has_feature)
184 /* For clang. */
185 return __has_feature(address_sanitizer) ||
186 __has_feature(hwaddress_sanitizer);
187 #else
188 return false;
189 #endif
190 }
191
192 void __asan_init(void) attribute_weak;
193 void __hwasan_init(void) attribute_weak;
194
running_with_asan(void)195 static inline bool running_with_asan(void)
196 {
197 /*
198 * There are some configurations under which ASan needs a dynamic (as
199 * opposed to compile-time) test. Some Android processes that start
200 * before /data is mounted run with non-instrumented libminijail.so, so
201 * the symbol-sniffing code must be present to make the right decision.
202 */
203 return compiled_with_asan() || &__asan_init != 0 || &__hwasan_init != 0;
204 }
205
debug_logging_allowed(void)206 static inline bool debug_logging_allowed(void)
207 {
208 #if defined(ALLOW_DEBUG_LOGGING)
209 return true;
210 #else
211 return false;
212 #endif
213 }
214
seccomp_default_ret_log(void)215 static inline bool seccomp_default_ret_log(void)
216 {
217 #if defined(SECCOMP_DEFAULT_RET_LOG)
218 return true;
219 #else
220 return false;
221 #endif
222 }
223
block_symlinks_in_bindmount_paths(void)224 static inline bool block_symlinks_in_bindmount_paths(void)
225 {
226 #if defined(BLOCK_SYMLINKS_IN_BINDMOUNT_PATHS)
227 return true;
228 #else
229 return false;
230 #endif
231 }
232
block_symlinks_in_noninit_mountns_tmp(void)233 static inline bool block_symlinks_in_noninit_mountns_tmp(void)
234 {
235 #if defined(BLOCK_SYMLINKS_IN_NONINIT_MOUNTNS_TMP)
236 return true;
237 #else
238 return false;
239 #endif
240 }
241
get_num_syscalls(void)242 static inline size_t get_num_syscalls(void)
243 {
244 return syscall_table_size;
245 }
246
247 int lookup_syscall(const char *name, size_t *ind);
248 const char *lookup_syscall_name(int nr);
249
250 long int parse_single_constant(char *constant_str, char **endptr);
251 long int parse_constant(char *constant_str, char **endptr);
252 int parse_size(size_t *size, const char *sizespec);
253
254 char *strip(char *s);
255
256 /*
257 * streq: determine whether two strings are equal.
258 */
streq(const char * s1,const char * s2)259 static inline bool streq(const char *s1, const char *s2)
260 {
261 return strcmp(s1, s2) == 0;
262 }
263
264 /*
265 * tokenize: locate the next token in @stringp using the @delim
266 * @stringp A pointer to the string to scan for tokens
267 * @delim The delimiter to split by
268 *
269 * Note that, unlike strtok, @delim is not a set of characters, but the full
270 * delimiter. e.g. "a,;b,;c" with a delim of ",;" will yield ["a","b","c"].
271 *
272 * Note that, unlike strtok, this may return an empty token. e.g. "a,,b" with
273 * strtok will yield ["a","b"], but this will yield ["a","","b"].
274 */
275 char *tokenize(char **stringp, const char *delim);
276
277 char *path_join(const char *external_path, const char *internal_path);
278
279 /*
280 * path_is_parent: checks whether @parent is a parent of @child.
281 * Note: this function does not evaluate '.' or '..' nor does it resolve
282 * symlinks.
283 */
284 bool path_is_parent(const char *parent, const char *child);
285
286 /*
287 * consumebytes: consumes @length bytes from a buffer @buf of length @buflength
288 * @length Number of bytes to consume
289 * @buf Buffer to consume from
290 * @buflength Size of @buf
291 *
292 * Returns a pointer to the base of the bytes, or NULL for errors.
293 */
294 void *consumebytes(size_t length, char **buf, size_t *buflength);
295
296 /*
297 * consumestr: consumes a C string from a buffer @buf of length @length
298 * @buf Buffer to consume
299 * @length Length of buffer
300 *
301 * Returns a pointer to the base of the string, or NULL for errors.
302 */
303 char *consumestr(char **buf, size_t *buflength);
304
305 /*
306 * init_logging: initializes the module-wide logging.
307 * @logger The logging system to use.
308 * @fd The file descriptor to log into. Ignored unless
309 * @logger = LOG_TO_FD.
310 * @min_priority The minimum priority to display. Corresponds to syslog's
311 * priority parameter. Ignored unless @logger = LOG_TO_FD.
312 */
313 void init_logging(enum logging_system_t logger, int fd, int min_priority);
314
315 /*
316 * minjail_free_env: Frees an environment array plus the environment strings it
317 * points to. The environment and its constituent strings must have been
318 * allocated (as opposed to pointing to static data), e.g. by using
319 * minijail_copy_env() and minijail_setenv().
320 *
321 * @env The environment to free.
322 */
323 void minijail_free_env(char **env);
324
325 /*
326 * minjail_copy_env: Copy an environment array (such as passed to execve),
327 * duplicating the environment strings and the array pointing at them.
328 *
329 * @env The environment to copy.
330 *
331 * Returns a pointer to the copied environment or NULL on memory allocation
332 * failure.
333 */
334 char **minijail_copy_env(char *const *env);
335
336 /*
337 * minjail_setenv: Set an environment variable in @env. Semantics match the
338 * standard setenv() function, but this operates on @env, not the global
339 * environment. @env must be dynamically allocated (as opposed to pointing to
340 * static data), e.g. via minijail_copy_env(). @name and @value get copied into
341 * newly-allocated memory.
342 *
343 * @env Address of the environment to modify. Might be re-allocated to
344 * make room for the new entry.
345 * @name Name of the key to set.
346 * @value The value to set.
347 * @overwrite Whether to replace the existing value for @name. If non-zero and
348 * the entry is already present, no changes will be made.
349 *
350 * Returns 0 and modifies *@env on success, returns an error code otherwise.
351 */
352 int minijail_setenv(char ***env, const char *name, const char *value,
353 int overwrite);
354
355 /*
356 * getmultiline: This is like getline() but supports line wrapping with \.
357 *
358 * @lineptr Address of a buffer that a mutli-line is stored.
359 * @n Number of bytes stored in *lineptr.
360 * @stream Input stream to read from.
361 *
362 * Returns number of bytes read or -1 on failure to read (including EOF).
363 */
364 ssize_t getmultiline(char **lineptr, size_t *n, FILE *stream);
365
366 /*
367 * minjail_getenv: Get an environment variable from @envp. Semantics match the
368 * standard getenv() function, but this operates on @envp, not the global
369 * environment (usually referred to as `extern char **environ`).
370 *
371 * @env Address of the environment to read from.
372 * @name Name of the key to get.
373 *
374 * Returns a pointer to the corresponding environment value. The caller must
375 * take care not to modify the pointed value, as this points directly to memory
376 * pointed to by @envp.
377 * If the environment variable name is not found, returns NULL.
378 */
379 char *minijail_getenv(char **env, const char *name);
380
381 /*
382 * minjail_unsetenv: Clear the environment variable @name from the @envp array
383 * of pointers to strings that have the KEY=VALUE format. If the operation is
384 * successful, the array will contain one item less than before the call.
385 * Only the first occurence is removed.
386 *
387 * @envp Address of the environment to clear the variable from.
388 * @name Name of the variable to clear.
389 *
390 * Returns false and modifies *@envp on success, returns true otherwise.
391 */
392 bool minijail_unsetenv(char **envp, const char *name);
393
394 #ifdef __cplusplus
395 }; /* extern "C" */
396 #endif
397
398 #endif /* _UTIL_H_ */
399