Stop using LD_PRELOAD to interpose open calls |
|||||||||
Issue descriptionconvert from ld_preload to alt-syscall
,
Sep 15 2016
Move USB access from: app -> ld_preload -> special libusb -> broker -> permission_broker to open (alt-syscall) -> daemon thing? -> permission_broker
,
Sep 22 2016
,
Oct 11 2016
,
Oct 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/6aa7ed77d1207f5c264fcbb98a070c5de126145d commit 6aa7ed77d1207f5c264fcbb98a070c5de126145d Author: Eric Caruso <ejcaruso@chromium.org> Date: Mon Oct 03 20:19:50 2016 container_utils: add device_jail This allows us to proxy open calls to permission_broker from inside a container by running device_jail on an existing device and then bind-mounting the resulting fake device over the real one in the container. Post-open functionality should be left alone, but open calls are intercepted by permission_broker. BUG= chromium:644338 TEST=In a terminal: # chmod a+rw /dev/cuse # sudo -u chronos device_jail /dev/bus/usb/001/001 # cat /dev/jailed-189-0 | od -tx1 and check that permission_broker was invoked to open /dev/bus/usb/001/001 in syslog Plug in a device that won't be automatically claimed by Chrome e.g. an android device and jail it, then cat the jailed device and make sure permission is allowed and you get data Change-Id: I5d04a89d1c2acfd47d3b02dd069219c379cfe670 Reviewed-on: https://chromium-review.googlesource.com/395608 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/6aa7ed77d1207f5c264fcbb98a070c5de126145d/container_utils/container_utils.gyp [add] https://crrev.com/6aa7ed77d1207f5c264fcbb98a070c5de126145d/container_utils/device_jail.cc
,
Nov 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ac419460195ddd4ea45664f3851771dbcf2ecdb4 commit ac419460195ddd4ea45664f3851771dbcf2ecdb4 Author: Eric Caruso <ejcaruso@chromium.org> Date: Mon Oct 31 23:06:36 2016 config: add CONFIG_CUSE=m Since we are going to use CUSE for device_jail, we need to have this kernel module enabled. BUG= chromium:644338 TEST=emerge Change-Id: Ia02b1734227d8ea2d6072fc4114d9d93afa096b5 Reviewed-on: https://chromium-review.googlesource.com/405868 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/ac419460195ddd4ea45664f3851771dbcf2ecdb4/chromeos/config/base.config
,
Nov 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/08aa3970b2989177e4b6e2fbf5da54154cac0f83 commit 08aa3970b2989177e4b6e2fbf5da54154cac0f83 Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Nov 01 17:31:34 2016 config: add CONFIG_CUSE=m Since we are going to use CUSE for device_jail, we need to have this kernel module enabled. BUG= chromium:644338 TEST=emerge Change-Id: I82cb40b49595fa98131dccff80d16086e4671f74 Reviewed-on: https://chromium-review.googlesource.com/406269 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/08aa3970b2989177e4b6e2fbf5da54154cac0f83/chromeos/config/base.config
,
Nov 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/049a8100a3ab077206948331936f292efd31df32 commit 049a8100a3ab077206948331936f292efd31df32 Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Oct 18 18:13:16 2016 config: add CONFIG_CUSE=m Since we are going to use CUSE for device_jail, we need to have this kernel module enabled. BUG= chromium:644338 TEST=emerge Change-Id: I429b1594c708c0cf494dc7fe6afaa1c1736647b1 Reviewed-on: https://chromium-review.googlesource.com/400100 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/049a8100a3ab077206948331936f292efd31df32/chromeos/config/base.config
,
Nov 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/049a8100a3ab077206948331936f292efd31df32 commit 049a8100a3ab077206948331936f292efd31df32 Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Oct 18 18:13:16 2016 config: add CONFIG_CUSE=m Since we are going to use CUSE for device_jail, we need to have this kernel module enabled. BUG= chromium:644338 TEST=emerge Change-Id: I429b1594c708c0cf494dc7fe6afaa1c1736647b1 Reviewed-on: https://chromium-review.googlesource.com/400100 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/049a8100a3ab077206948331936f292efd31df32/chromeos/config/base.config
,
Nov 6 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/70a08678f6847e687209fe8e1eee013e84de5bd6 commit 70a08678f6847e687209fe8e1eee013e84de5bd6 Author: Eric Caruso <ejcaruso@chromium.org> Date: Mon Oct 31 18:40:49 2016 container_utils: swap device_jail threads Use the other thread to run the CUSE message loop, and the main thread to run the PermissionBrokerClient. This allows us to avoid all of the stupid threading gymnastics and get rid of dependencies in PBC. BUG= chromium:644338 TEST=cat an unclaimed device and check for data Change-Id: Ia669a1e1f0931bfeeab64e5ab34b414f0745f699 Reviewed-on: https://chromium-review.googlesource.com/405369 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/70a08678f6847e687209fe8e1eee013e84de5bd6/container_utils/device_jail/permission_broker_client.cc [modify] https://crrev.com/70a08678f6847e687209fe8e1eee013e84de5bd6/container_utils/device_jail/permission_broker_client.h [modify] https://crrev.com/70a08678f6847e687209fe8e1eee013e84de5bd6/container_utils/device_jail/device_jail.cc
,
Nov 11 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/eclass-overlay/+/4b7783530bf6becbb364ce5aaaef068dc11c9a56 commit 4b7783530bf6becbb364ce5aaaef068dc11c9a56 Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Nov 08 22:43:15 2016 eclass: add devicejail user/group, cuse group The cuse group will have access to /dev/cuse. We will run device_jail and device_jail_fs as the device_jail user in order to make sure we don't have root daemons running around. BUG= chromium:644338 TEST=build_packages, check /build/board Change-Id: I6750ff0347d80558dc084ee30a5f227124496d24 Reviewed-on: https://chromium-review.googlesource.com/410061 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [add] https://crrev.com/4b7783530bf6becbb364ce5aaaef068dc11c9a56/profiles/base/accounts/group/cuse [add] https://crrev.com/4b7783530bf6becbb364ce5aaaef068dc11c9a56/profiles/base/accounts/user/devicejail [add] https://crrev.com/4b7783530bf6becbb364ce5aaaef068dc11c9a56/profiles/base/accounts/group/devicejail
,
Nov 12 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/528566c15a42b40affbec3e641de6376ca6640db commit 528566c15a42b40affbec3e641de6376ca6640db Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Oct 27 23:47:32 2016 container_utils: perform open async This gets rid of FutureFD and the PermissionBrokerClient should no longer have to block when you call into it to get a file descriptor from permission_broker. BUG= chromium:644338 TEST=verify behavior has not changed on the DUT, cat a jailed device multiple times in parallel, check that the calls to jail_open are interleaved, and that the results are still what is expected Change-Id: I8235af09db8c76b92cdc1325d9482135ab15bbea Reviewed-on: https://chromium-review.googlesource.com/404555 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/528566c15a42b40affbec3e641de6376ca6640db/container_utils/device_jail/permission_broker_client.cc [modify] https://crrev.com/528566c15a42b40affbec3e641de6376ca6640db/container_utils/device_jail/permission_broker_client.h [modify] https://crrev.com/528566c15a42b40affbec3e641de6376ca6640db/container_utils/device_jail/device_jail.cc
,
Dec 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/721610f379a5896e3d1adf04f1167ddfced25e35 commit 721610f379a5896e3d1adf04f1167ddfced25e35 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Dec 01 19:28:41 2016 container_utils: remove broker_service This is going to be replaced with device_jail and device_jail_fs for containers, and has no other consumers. We can get rid of it. CQ-DEPEND=CL:415591 BUG= chromium:644338 TEST=emerge, build_packages Change-Id: I48e1f46b36be57ffdbdf38984068386558d18ee2 Reviewed-on: https://chromium-review.googlesource.com/415550 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/721610f379a5896e3d1adf04f1167ddfced25e35/chromeos-base/container_utils/container_utils-9999.ebuild
,
Dec 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/ea0777fd6ee26e49028c4ce250269a84a6c29533 commit ea0777fd6ee26e49028c4ce250269a84a6c29533 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Dec 01 19:30:15 2016 container_utils: remove broker_service After removing this from the ebuild we aren't building or installing any of these files anymore, so we can remove them. CQ-DEPEND=CL:415550 BUG= chromium:644338 TEST=emerge, build_packages Change-Id: I360190c8033f5abcdd1805e76189e815c1aa6550 Reviewed-on: https://chromium-review.googlesource.com/415591 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [delete] https://crrev.com/791c69603fc7505059229f01055b526506699f6b/container_utils/broker-service-post-upstart-socket-bridge.conf [delete] https://crrev.com/791c69603fc7505059229f01055b526506699f6b/container_utils/broker_service.h [delete] https://crrev.com/791c69603fc7505059229f01055b526506699f6b/container_utils/broker-service.conf [modify] https://crrev.com/ea0777fd6ee26e49028c4ce250269a84a6c29533/container_utils/container_utils.gyp [delete] https://crrev.com/791c69603fc7505059229f01055b526506699f6b/container_utils/broker-service-pre-upstart-socket-bridge.conf [delete] https://crrev.com/791c69603fc7505059229f01055b526506699f6b/container_utils/broker_service.cc
,
Feb 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ff1e1287e67aeb182c953f6e4ad58fc386c6c1c9 commit ff1e1287e67aeb182c953f6e4ad58fc386c6c1c9 Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Feb 03 00:42:52 2017 Revert "config: add CONFIG_CUSE=m" This reverts commit 08aa3970b2989177e4b6e2fbf5da54154cac0f83. Reason for revert: We're not using CUSE anymore. Original change's description: > config: add CONFIG_CUSE=m > > Since we are going to use CUSE for device_jail, we need to have > this kernel module enabled. > > BUG= chromium:644338 > TEST=emerge > > Change-Id: I82cb40b49595fa98131dccff80d16086e4671f74 > Reviewed-on: https://chromium-review.googlesource.com/406269 > Commit-Ready: Eric Caruso <ejcaruso@chromium.org> > Tested-by: Eric Caruso <ejcaruso@chromium.org> > Reviewed-by: Mike Frysinger <vapier@chromium.org> > TBR=vapier@chromium.org,ejcaruso@chromium.org BUG= chromium:644338 NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: I4ac959d4fa4f89d39fd58095276604bfb928d78f Reviewed-on: https://chromium-review.googlesource.com/424316 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/ff1e1287e67aeb182c953f6e4ad58fc386c6c1c9/chromeos/config/base.config
,
Feb 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/00cfea7faf1155779ef95759304c0a45bc28550c commit 00cfea7faf1155779ef95759304c0a45bc28550c Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Feb 03 00:42:49 2017 Revert "config: add CONFIG_CUSE=m" This reverts commit 049a8100a3ab077206948331936f292efd31df32. Reason for revert: We're not using CUSE anymore. Original change's description: > config: add CONFIG_CUSE=m > > Since we are going to use CUSE for device_jail, we need to have > this kernel module enabled. > > BUG= chromium:644338 > TEST=emerge > > Change-Id: I429b1594c708c0cf494dc7fe6afaa1c1736647b1 > Reviewed-on: https://chromium-review.googlesource.com/400100 > Commit-Ready: Eric Caruso <ejcaruso@chromium.org> > Tested-by: Eric Caruso <ejcaruso@chromium.org> > Reviewed-by: Mike Frysinger <vapier@chromium.org> > TBR=vapier@chromium.org,dgreid@chromium.org,ejcaruso@chromium.org BUG= chromium:644338 NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: I9038509a00ba3c052ee54a3f62dffb6cb2b226bd Reviewed-on: https://chromium-review.googlesource.com/424314 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/00cfea7faf1155779ef95759304c0a45bc28550c/chromeos/config/base.config
,
Feb 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/4a3780ae27e2bbe7ee9afd093afdcb1cc16781f3 commit 4a3780ae27e2bbe7ee9afd093afdcb1cc16781f3 Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Feb 03 07:31:07 2017 linux-headers: add device_jail header This allows us to interface with the device_jail control device via ioctls. This header is copied from CL:418004. Any changes there will need to be made here as well or else we risk breaking compatibility, though we shouldn't need to change this too much. BUG= chromium:644338 TEST=compile userspace program using ioctls Change-Id: I1e60f84fb58dd6bd6efb8e4f3cbcdb147f53703a Reviewed-on: https://chromium-review.googlesource.com/419187 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [add] https://crrev.com/4a3780ae27e2bbe7ee9afd093afdcb1cc16781f3/sys-kernel/linux-headers/files/0011-CHROMIUM-kernel-device_jail.patch [rename] https://crrev.com/4a3780ae27e2bbe7ee9afd093afdcb1cc16781f3/sys-kernel/linux-headers/linux-headers-4.0-r8.ebuild [modify] https://crrev.com/4a3780ae27e2bbe7ee9afd093afdcb1cc16781f3/sys-kernel/linux-headers/linux-headers-4.0.ebuild
,
Feb 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1e05826e43440ea3ea64ee0d76aad84ef07228de commit 1e05826e43440ea3ea64ee0d76aad84ef07228de Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Feb 03 07:31:11 2017 CHROMIUM: kernel device_jail It turns out we need to do this interposition in the kernel instead of in another userspace process unless we want to basically re- implement the device driver in userspace anyway, since ioctls are likely to muck with userspace memory arbitrarily. This registers a control device that you can make requests to in order to create jails, and the jails will interpose IO syscalls. Requests to open the jailed devices will be sent to whatever is listening on /dev/jail-request. During normal use this should be permission_broker. BUG= chromium:644338 TEST=Open a crosh with a nexus player connected as usb device 1-2: # device_jail_utility --add=/dev/bus/usb/001/002 # od -tx1 /dev/jailed-189-1 0000000 12 01 10 02 00 00 00 40 d1 18 e7 4e ff ff 02 03 0000020 04 01 09 02 25 00 01 01 00 80 fa 05 09 00 00 02 0000040 09 04 00 00 02 ff 42 01 05 07 05 02 02 00 02 00 0000060 07 05 82 02 00 02 00 0000067 device_jail_utility is found in CL:419188 and its server functionality can be used to mock out permission_broker as well. Running an adb container with the nexus player connected shows the device connected and I can access it with a shell using device_jail_fs mounted over /dev in the container. Trying to jail a non-USB device fails and logs to syslog that this is currently unsupported. Change-Id: I654f757bae4b09081c7e87944d5227e644c77e73 Signed-off-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/418004 Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/include/uapi/linux/Kbuild [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/jail_request.c [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/include/uapi/linux/device_jail.h [modify] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/Makefile [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/jail_device.h [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/jail_control.c [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/jail_request.h [add] https://crrev.com/1e05826e43440ea3ea64ee0d76aad84ef07228de/security/chromiumos/jail_device.c
,
Feb 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/455345d4a2bd8e113bdc662c63ad90ecf9080508 commit 455345d4a2bd8e113bdc662c63ad90ecf9080508 Author: Eric Caruso <ejcaruso@chromium.org> Date: Fri Feb 03 13:15:10 2017 Revert "config: add CONFIG_CUSE=m" This reverts commit ac419460195ddd4ea45664f3851771dbcf2ecdb4. Reason for revert: We're not using CUSE anymore. Original change's description: > config: add CONFIG_CUSE=m > > Since we are going to use CUSE for device_jail, we need to have > this kernel module enabled. > > BUG= chromium:644338 > TEST=emerge > > Change-Id: Ia02b1734227d8ea2d6072fc4114d9d93afa096b5 > Reviewed-on: https://chromium-review.googlesource.com/405868 > Commit-Ready: Eric Caruso <ejcaruso@chromium.org> > Tested-by: Eric Caruso <ejcaruso@chromium.org> > Reviewed-by: Mike Frysinger <vapier@chromium.org> > TBR=vapier@chromium.org,ejcaruso@chromium.org BUG= chromium:644338 NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: I6be04966c7450bb3736106994d9906725f53e119 Reviewed-on: https://chromium-review.googlesource.com/424315 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/455345d4a2bd8e113bdc662c63ad90ecf9080508/chromeos/config/base.config
,
Feb 4 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2816824df08e18f8e1753410f27a0e40f1fbb8fc commit 2816824df08e18f8e1753410f27a0e40f1fbb8fc Author: Eric Caruso <ejcaruso@chromium.org> Date: Sat Feb 04 01:52:19 2017 CHROMIUM: kernel device_jail It turns out we need to do this interposition in the kernel instead of in another userspace process unless we want to basically re- implement the device driver in userspace anyway, since ioctls are likely to muck with userspace memory arbitrarily. This registers a control device that you can make requests to in order to create jails, and the jails will interpose IO syscalls. Requests to open the jailed devices will be sent to whatever is listening on /dev/jail-request. During normal use this should be permission_broker. BUG= chromium:644338 TEST=Open a crosh with a nexus player connected as usb device 1-2: # device_jail_utility --add=/dev/bus/usb/001/002 # od -tx1 /dev/jailed-189-1 0000000 12 01 10 02 00 00 00 40 d1 18 e7 4e ff ff 02 03 0000020 04 01 09 02 25 00 01 01 00 80 fa 05 09 00 00 02 0000040 09 04 00 00 02 ff 42 01 05 07 05 02 02 00 02 00 0000060 07 05 82 02 00 02 00 0000067 device_jail_utility is found in CL:419188 and its server functionality can be used to mock out permission_broker as well. Running an adb container with the nexus player connected shows the device connected and I can access it with a shell using device_jail_fs mounted over /dev in the container. Trying to jail a non-USB device fails and logs to syslog that this is currently unsupported. Original-reviewed-on: https://chromium-review.googlesource.com/418004 Original-reviewed-by: Dylan Reid <dgreid@chromium.org> Change-Id: I771783423c9ee5f604355da4659759da0ab53b26 Signed-off-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/437744 [modify] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/include/uapi/linux/Kbuild [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/jail_request.c [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/include/uapi/linux/device_jail.h [modify] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/Makefile [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/jail_device.h [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/jail_control.c [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/jail_request.h [add] https://crrev.com/2816824df08e18f8e1753410f27a0e40f1fbb8fc/security/chromiumos/jail_device.c
,
Feb 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/582f688021c49c2bfeb312ff70e29b984375ed03 commit 582f688021c49c2bfeb312ff70e29b984375ed03 Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Feb 07 03:06:54 2017 CHROMIUM: compat jail-control interface We need a compat_ioctl function for 32-bit programs on 64-bit kernels. In addition, since the struct size is different, we need to define a compat struct and compat ioctl number for the JAIL_CONTROL_ADD_DEVICE ioctl. Note to future cherry-pickers: this can be squashed into the previous device_jail commit to reduce the amount of patches we need to carry forward. BUG= chromium:644338 TEST=device_jail_utility and device_jail_fs on elm Change-Id: Icf17df44502f4e65b9f861dfdccb9f3a204e6757 Reviewed-on: https://chromium-review.googlesource.com/438605 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/582f688021c49c2bfeb312ff70e29b984375ed03/security/chromiumos/jail_control.c
,
Feb 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/dd7c32af2926d8241a251d97b3843d7b12b3f9bd commit dd7c32af2926d8241a251d97b3843d7b12b3f9bd Author: Eric Caruso <ejcaruso@chromium.org> Date: Wed Feb 08 04:14:29 2017 CHROMIUM: compat jail-control interface We need a compat_ioctl function for 32-bit programs on 64-bit kernels. In addition, since the struct size is different, we need to define a compat struct and compat ioctl number for the JAIL_CONTROL_ADD_DEVICE ioctl. Note to future cherry-pickers: this can be squashed into the previous device_jail commit to reduce the amount of patches we need to carry forward. BUG= chromium:644338 TEST=device_jail_utility and device_jail_fs on kevin Change-Id: Id88644902526ca84cbbedb37cfd31c406f3d3a2d Reviewed-on: https://chromium-review.googlesource.com/438768 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/dd7c32af2926d8241a251d97b3843d7b12b3f9bd/security/chromiumos/jail_control.c
,
Feb 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/b8de029537ba6999d4aa314ec013c23eae2ad600 commit b8de029537ba6999d4aa314ec013c23eae2ad600 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Feb 09 20:47:33 2017 container_utils: add device_jail_fs Add this binaries to the container_utils package and the init and udev rules to make everything work. CQ-DEPEND=CL:406509,CL:410061 BUG= chromium:644338 TEST=cros deploy, USE=containers ./build_packages Change-Id: I384900826e6e1c6b68cff9964ace3ad30ad40ded Reviewed-on: https://chromium-review.googlesource.com/406627 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/b8de029537ba6999d4aa314ec013c23eae2ad600/chromeos-base/container_utils/container_utils-9999.ebuild
,
Feb 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9f27af971a49cc54dbdb6f280b7af7b576e71475 commit 9f27af971a49cc54dbdb6f280b7af7b576e71475 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Feb 09 20:47:36 2017 CHROMIUM: compat jail-control interface We need a compat_ioctl function for 32-bit programs on 64-bit kernels. In addition, since the struct size is different, we need to define a compat struct and compat ioctl number for the JAIL_CONTROL_ADD_DEVICE ioctl. Note to future cherry-pickers: this can be squashed into the previous device_jail commit to reduce the amount of patches we need to carry forward. BUG= chromium:644338 TEST=device_jail_utility and device_jail_fs on kevin Change-Id: I8d6be07d170046ee0832a9b7f1dc9318b099ad3d Reviewed-on: https://chromium-review.googlesource.com/437913 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/9f27af971a49cc54dbdb6f280b7af7b576e71475/security/chromiumos/jail_control.c
,
Feb 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/a51cf356ca461f8ea788eda79625ae2996cc2c06 commit a51cf356ca461f8ea788eda79625ae2996cc2c06 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Feb 09 20:47:33 2017 container_utils: add device_jail FUSE daemon This FUSE daemon exports a filesystem that can be mounted over the /dev directory of a container. It should hide devices that have not been shared with containers based on the pid of the calling process, and expose a set of base devices as well as spawn instances of device_jail for whitelisted devices. It also passes through most files, but hides broken symlinks pointing inside of the filesystem to avoid leaking the presence of devices containers are not supposed to be able to see. CQ-DEPEND=CL:406627,CL:410061 BUG= chromium:644338 TEST=attach e.g. android device; use lsusb -t to find what bus and device it is, then (for example): # start device-jail # cat /tmp/djfs/bus/usb/001/004 and verify that we attempt to open /dev/jailed-189-3 via syslog, and that the request is routed through permission_broker, and that it's successful and the read succeeds; check that other devices are hidden Change-Id: I5539c90fc8afa20d125afba03ae6a03e6ee20126 Reviewed-on: https://chromium-review.googlesource.com/406509 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [add] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/device_jail/device_jail_fs.cc [modify] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/container_utils.gyp [add] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/device_jail/fs_data.cc [add] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/device_jail/fs_data.h [add] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/device-jail.conf [add] https://crrev.com/a51cf356ca461f8ea788eda79625ae2996cc2c06/container_utils/udev/99-device-jail.rules
,
Feb 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/75e725b8739577bd7da269a8ae380647b5b0425d commit 75e725b8739577bd7da269a8ae380647b5b0425d Author: Eric Caruso <ejcaruso@chromium.org> Date: Wed Feb 15 21:33:11 2017 CHROMIUM: device_jail: detach all interfaces permission_broker iterates through every available interface of the USB device to detach drivers. We should do the same thing here. BUG= chromium:644338 TEST=On kevin: kill permission_broker, set up device_jail_utility server. Use lsusb -t to find a device with an attached kernel driver, i.e. btusb, add a jail for it In python: >>> f = open("/dev/jailed-189-XXX", "rb") Choose "detach" in the server. Check syslog, lsusb -t again to make sure the driver was detached. In python: >>> f.close() Ensure the driver is reattached. (If using btusb you can also check visually that the bluetooth menu disables itself when you detach the driver, and re-enables itself when you attach it again.) Change-Id: I4fe7f7ccbcba9cfc8d7d5ab8ab44677145f58dca Reviewed-on: https://chromium-review.googlesource.com/441105 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/75e725b8739577bd7da269a8ae380647b5b0425d/security/chromiumos/jail_device.c
,
Feb 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/35cf0aee8ab867925c5a0274792df742aac7bee3 commit 35cf0aee8ab867925c5a0274792df742aac7bee3 Author: Eric Caruso <ejcaruso@chromium.org> Date: Wed Feb 15 21:33:12 2017 permission_broker: add dependency on container_utils If USE=containers is set, we want to add in functionality from container_utils to field open-requests from /dev/jail-request in addition to the normal D-Bus API. This allows us to use the kernel device_jail. BUG= chromium:644338 TEST=emerge Change-Id: I46cf2ad9918554aa111d25f5b64967b0b3d97f4d Reviewed-on: https://chromium-review.googlesource.com/421104 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/35cf0aee8ab867925c5a0274792df742aac7bee3/chromeos-base/permission_broker/permission_broker-9999.ebuild
,
Feb 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/0d3e5764c455ab7a06f5411dfb8c154265dccf01 commit 0d3e5764c455ab7a06f5411dfb8c154265dccf01 Author: Eric Caruso <ejcaruso@chromium.org> Date: Sat Feb 18 03:07:03 2017 CHROMIUM: device_jail: detach all interfaces permission_broker iterates through every available interface of the USB device to detach drivers. We should do the same thing here. BUG= chromium:644338 TEST=On kevin: kill permission_broker, set up device_jail_utility server. Use lsusb -t to find a device with an attached kernel driver, i.e. btusb, add a jail for it In python: >>> f = open("/dev/jailed-189-XXX", "rb") Choose "detach" in the server. Check syslog, lsusb -t again to make sure the driver was detached. In python: >>> f.close() Ensure the driver is reattached. (If using btusb you can also check visually that the bluetooth menu disables itself when you detach the driver, and re-enables itself when you attach it again.) Change-Id: I4fe7f7ccbcba9cfc8d7d5ab8ab44677145f58dca Reviewed-on: https://chromium-review.googlesource.com/441105 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit 75e725b8739577bd7da269a8ae380647b5b0425d) Reviewed-on: https://chromium-review.googlesource.com/442762 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/0d3e5764c455ab7a06f5411dfb8c154265dccf01/security/chromiumos/jail_device.c
,
Feb 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2703e85328b4ec315d6c699bead64da88cc173dd commit 2703e85328b4ec315d6c699bead64da88cc173dd Author: Eric Caruso <ejcaruso@chromium.org> Date: Tue Feb 21 22:07:41 2017 CHROMIUM: device_jail: detach all interfaces permission_broker iterates through every available interface of the USB device to detach drivers. We should do the same thing here. BUG= chromium:644338 TEST=On kevin: kill permission_broker, set up device_jail_utility server. Use lsusb -t to find a device with an attached kernel driver, i.e. btusb, add a jail for it In python: >>> f = open("/dev/jailed-189-XXX", "rb") Choose "detach" in the server. Check syslog, lsusb -t again to make sure the driver was detached. In python: >>> f.close() Ensure the driver is reattached. (If using btusb you can also check visually that the bluetooth menu disables itself when you detach the driver, and re-enables itself when you attach it again.) Change-Id: I4fe7f7ccbcba9cfc8d7d5ab8ab44677145f58dca Reviewed-on: https://chromium-review.googlesource.com/441105 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit 75e725b8739577bd7da269a8ae380647b5b0425d) Reviewed-on: https://chromium-review.googlesource.com/443388 Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [modify] https://crrev.com/2703e85328b4ec315d6c699bead64da88cc173dd/security/chromiumos/jail_device.c
,
Feb 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/f6ead933bd0819f78863988dfdb4dd10c3e92e5b commit f6ead933bd0819f78863988dfdb4dd10c3e92e5b Author: Eric Caruso <ejcaruso@chromium.org> Date: Sat Feb 25 18:32:04 2017 security_DeviceJail: add AllowDeny test Adds test base for device_jail and a simple test to make sure allow and deny verdicts have expected results. BUG= chromium:644338 TEST=test_that on kevin Change-Id: Ia83c3b3cd9280f34a4ed786c52739ae9c65eea89 Reviewed-on: https://chromium-review.googlesource.com/444037 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Andrew de los Reyes <adlr@chromium.org> [add] https://crrev.com/f6ead933bd0819f78863988dfdb4dd10c3e92e5b/client/site_tests/security_DeviceJail_AllowDeny/security_DeviceJail_AllowDeny.py [add] https://crrev.com/f6ead933bd0819f78863988dfdb4dd10c3e92e5b/client/cros/device_jail_test_base.py [add] https://crrev.com/f6ead933bd0819f78863988dfdb4dd10c3e92e5b/client/site_tests/security_DeviceJail_AllowDeny/control [add] https://crrev.com/f6ead933bd0819f78863988dfdb4dd10c3e92e5b/client/cros/device_jail_utils.py
,
Feb 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/3d8f319c9ed81255eb1079d11cb1f57d2e204c07 commit 3d8f319c9ed81255eb1079d11cb1f57d2e204c07 Author: Eric Caruso <ejcaruso@chromium.org> Date: Sat Feb 25 18:32:06 2017 permission_broker: Add device_jail server This uses the device_jail library to answer kernel requests to open device files. CQ-DEPEND=CL:421104 BUG= chromium:644338 TEST=start device-jail and use devices in /tmp/djfs/bus/usb Change-Id: Ic394d559db016cb4d40e1198e8199c222c51dda4 Reviewed-on: https://chromium-review.googlesource.com/422408 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/3d8f319c9ed81255eb1079d11cb1f57d2e204c07/permission_broker/permission_broker.cc [modify] https://crrev.com/3d8f319c9ed81255eb1079d11cb1f57d2e204c07/permission_broker/permission_broker.h [modify] https://crrev.com/3d8f319c9ed81255eb1079d11cb1f57d2e204c07/permission_broker/permission_broker.gyp [modify] https://crrev.com/3d8f319c9ed81255eb1079d11cb1f57d2e204c07/common-mk/common.gypi [modify] https://crrev.com/3d8f319c9ed81255eb1079d11cb1f57d2e204c07/container_utils/udev/99-device-jail.rules
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/ff4980b9816082b3706e6f85075111612c5c5ce1 commit ff4980b9816082b3706e6f85075111612c5c5ce1 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Mar 02 02:42:13 2017 security_DeviceJail: add Lockdown test This ensures that when permission_broker locks down the device before letting us open it, we can't execute privileged operations such as detaching the kernel driver from its interfaces. BUG= chromium:644338 TEST=test_that on kevin Change-Id: Ie800dd2255abb5f312cf2dcc9944ec1273b8f0cc Reviewed-on: https://chromium-review.googlesource.com/444038 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Andrew de los Reyes <adlr@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [add] https://crrev.com/ff4980b9816082b3706e6f85075111612c5c5ce1/client/site_tests/security_DeviceJail_Lockdown/security_DeviceJail_Lockdown.py [add] https://crrev.com/ff4980b9816082b3706e6f85075111612c5c5ce1/client/site_tests/security_DeviceJail_Lockdown/control
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/2a436a59ade2af245277823a37944b22f9b81a22 commit 2a436a59ade2af245277823a37944b22f9b81a22 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Mar 02 02:42:14 2017 security_DeviceJail: add Detach test This test checks that device jail correctly detaches drivers from every USB interface for the device that is jailed when the jail device is opened, and that they are reattached when the jail device is closed. BUG= chromium:644338 TEST=test_that on kevin CQ-DEPEND=CL:442762,CL:443388 Change-Id: I2af2e81675e863afb5c68b2522dd31d7c14e862b Reviewed-on: https://chromium-review.googlesource.com/444039 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Andrew de los Reyes <adlr@chromium.org> [add] https://crrev.com/2a436a59ade2af245277823a37944b22f9b81a22/client/site_tests/security_DeviceJail_Detach/control [add] https://crrev.com/2a436a59ade2af245277823a37944b22f9b81a22/client/site_tests/security_DeviceJail_Detach/security_DeviceJail_Detach.py
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/c707b651248a58989fc1cac7396a0028b8e5b973 commit c707b651248a58989fc1cac7396a0028b8e5b973 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Mar 02 02:42:14 2017 security_DeviceJail: add Filesystem test Ensure that we are hiding all of the devices we should be, and that all of the devices that should be jailed are. This makes sure that containers using device_jail_fs can't see more devices than we would like. BUG= chromium:644338 TEST=test_that on kevin Change-Id: I08db775e1096b02dc1acb18025bfae5039043b97 Reviewed-on: https://chromium-review.googlesource.com/446021 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Andrew de los Reyes <adlr@chromium.org> [add] https://crrev.com/c707b651248a58989fc1cac7396a0028b8e5b973/client/site_tests/security_DeviceJail_Filesystem/security_DeviceJail_Filesystem.py [add] https://crrev.com/c707b651248a58989fc1cac7396a0028b8e5b973/client/site_tests/security_DeviceJail_Filesystem/control
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/6cec6491873cecd817181d5f7dde8a88c17424d3 commit 6cec6491873cecd817181d5f7dde8a88c17424d3 Author: Eric Caruso <ejcaruso@chromium.org> Date: Thu Mar 02 23:12:43 2017 autotest-tests-security: add DeviceJail tests This adds the device jail tests, guarded by the containers USE flag. CQ-DEPEND=CL:446021 BUG= chromium:644338 TEST=emerge Change-Id: Ie978598aaedcb65e0142924033f85683312b748e Reviewed-on: https://chromium-review.googlesource.com/444822 Commit-Ready: Eric Caruso <ejcaruso@chromium.org> Tested-by: Eric Caruso <ejcaruso@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/6cec6491873cecd817181d5f7dde8a88c17424d3/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
,
Mar 3 2017
All of the device jail code is in now. I'm closing this out; further work will be tracked in bug #644347 .
,
May 9 2018
,
May 17 2018
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 7 2016