Avoid bextr in dump_constants

When dump_constants is compiled for newer AMD processors it can end up using a
bextr instruction that may not be present on other makes/models of processors.

The act of calling std::cout on a numeric type ends up in
num_put<,>::do_put() which does:

const unsigned __nbuf = (numeric_limits<unsigned long>::digits / 3)
                          + ((numeric_limits<unsigned long>::digits % 3) != 0)
                          + ((__iob.flags() & ios_base::showbase) != 0) + 1;

ios_base::showbase is 0x0200, so the bit test against showbase results

bextr  $0x109,0x8(%rdx),%r12d

which says to extract 1 bit from bit offset 9.  A workaround is to
use to_string() to avoid passing numeric types to cout. This alternative
is straightforward and the implementation is simpler (to_string() does
not have formatting nor locale options), though it doesn't prevent
the problem from occurring again in the future (e.g., when the source or
compiler changes).

Bug: None
Test: `make tests`. Ran dump_constants on arm32, arm64, and x64 in
CrOS build environment.

Change-Id: Ic16574141f6c935bff958e5d1f27c81994a993ab
1 file changed
tree: db0fbef7625dfc5f44ca804ff654a713bb9f2e1b
  1. .clang-format
  2. .github/
  3. .gitignore
  4. Android.bp
  5. CPPLINT.cfg
  6. Cargo.toml
  7. CleanSpec.mk
  8. HACKING.md
  11. Makefile
  12. NOTICE
  13. OWNERS
  14. OWNERS.rust
  15. PRESUBMIT.cfg
  16. PREUPLOAD.cfg
  17. README.md
  18. RELEASE.md
  20. arch.h
  21. bpf.c
  22. bpf.h
  23. build.rs
  24. common.mk
  25. dump_constants.cc
  26. elfparse.c
  27. elfparse.h
  28. examples/
  29. gen_constants-inl.h
  30. gen_constants.c
  31. gen_constants.sh
  32. gen_syscalls.c
  33. gen_syscalls.sh
  34. get_googletest.sh
  35. lib.rs
  36. libconstants.h
  37. libminijail-private.h
  38. libminijail.c
  39. libminijail.h
  40. libminijail.pc.in
  41. libminijail.rs
  42. libminijail_unittest.cc
  43. libminijailpreload.c
  44. libsyscalls.h
  45. linux-x86/
  46. minijail0.1
  47. minijail0.5
  48. minijail0.c
  49. minijail0_cli.c
  50. minijail0_cli.h
  51. minijail0_cli_unittest.cc
  52. navbar.md
  53. parse_seccomp_policy.cc
  54. platform2_preinstall.sh
  55. scoped_minijail.h
  56. setup.py
  57. signal_handler.c
  58. signal_handler.h
  59. syscall_filter.c
  60. syscall_filter.h
  61. syscall_filter_unittest.cc
  62. syscall_filter_unittest_macros.h
  63. syscall_wrapper.c
  64. syscall_wrapper.h
  65. system.c
  66. system.h
  67. system_unittest.cc
  68. test/
  69. testrunner.cc
  70. tools/
  71. util.c
  72. util.h
  73. util_unittest.cc


The Minijail homepage and main repo is https://android.googlesource.com/platform/external/minijail/.

There might be other copies floating around, but this is the official one!

What is it?

Minijail is a sandboxing and containment tool used in Chrome OS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.

Getting the code

You're one git clone away from happiness.

$ git clone https://android.googlesource.com/platform/external/minijail
$ cd minijail

Releases are tagged as linux-vXX: https://android.googlesource.com/platform/external/minijail/+refs


See the HACKING.md document for more details.

Release process

See the RELEASE.md document for more details.

Additional tools

See the tools/README.md document for more details.


We've got a couple of contact points.

Talks and presentations

The following talk serves as a good introduction to Minijail and how it can be used.

Video, slides.

Example usage

The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.

After you play with the simple examples below, you should check that out.

Change root to any user

# id
uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
# minijail0 -u jorgelo -g 5000 /usr/bin/id
uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)

Drop root while keeping some capabilities

# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
Name: cat
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000000000003000