Avoid bextr in dump_constants

When dump_constants is compiled for newer AMD processors it can end up using a
bextr instruction that may not be present on other makes/models of processors.

The act of calling std::cout on a numeric type ends up in
num_put<,>::do_put() which does:

const unsigned __nbuf = (numeric_limits<unsigned long>::digits / 3)
                          + ((numeric_limits<unsigned long>::digits % 3) != 0)
                          + ((__iob.flags() & ios_base::showbase) != 0) + 1;

ios_base::showbase is 0x0200, so the bit test against showbase results
in:

bextr  $0x109,0x8(%rdx),%r12d

which says to extract 1 bit from bit offset 9.  A workaround is to
use to_string() to avoid passing numeric types to cout. This alternative
is straightforward and the implementation is simpler (to_string() does
not have formatting nor locale options), though it doesn't prevent
the problem from occurring again in the future (e.g., when the source or
compiler changes).

Bug: None
Test: `make tests`. Ran dump_constants on arm32, arm64, and x64 in
CrOS build environment.

Change-Id: Ic16574141f6c935bff958e5d1f27c81994a993ab
1 file changed
tree: db0fbef7625dfc5f44ca804ff654a713bb9f2e1b
  1. .clang-format
  2. .github/
  3. .gitignore
  4. Android.bp
  5. CPPLINT.cfg
  6. Cargo.toml
  7. CleanSpec.mk
  8. HACKING.md
  9. LICENSE
  10. MODULE_LICENSE_BSD
  11. Makefile
  12. NOTICE
  13. OWNERS
  14. OWNERS.rust
  15. PRESUBMIT.cfg
  16. PREUPLOAD.cfg
  17. README.md
  18. RELEASE.md
  19. TEST_MAPPING
  20. arch.h
  21. bpf.c
  22. bpf.h
  23. build.rs
  24. common.mk
  25. dump_constants.cc
  26. elfparse.c
  27. elfparse.h
  28. examples/
  29. gen_constants-inl.h
  30. gen_constants.c
  31. gen_constants.sh
  32. gen_syscalls.c
  33. gen_syscalls.sh
  34. get_googletest.sh
  35. lib.rs
  36. libconstants.h
  37. libminijail-private.h
  38. libminijail.c
  39. libminijail.h
  40. libminijail.pc.in
  41. libminijail.rs
  42. libminijail_unittest.cc
  43. libminijailpreload.c
  44. libsyscalls.h
  45. linux-x86/
  46. minijail0.1
  47. minijail0.5
  48. minijail0.c
  49. minijail0_cli.c
  50. minijail0_cli.h
  51. minijail0_cli_unittest.cc
  52. navbar.md
  53. parse_seccomp_policy.cc
  54. platform2_preinstall.sh
  55. scoped_minijail.h
  56. setup.py
  57. signal_handler.c
  58. signal_handler.h
  59. syscall_filter.c
  60. syscall_filter.h
  61. syscall_filter_unittest.cc
  62. syscall_filter_unittest_macros.h
  63. syscall_wrapper.c
  64. syscall_wrapper.h
  65. system.c
  66. system.h
  67. system_unittest.cc
  68. test/
  69. testrunner.cc
  70. tools/
  71. util.c
  72. util.h
  73. util_unittest.cc
README.md

Minijail

The Minijail homepage and main repo is https://android.googlesource.com/platform/external/minijail/.

There might be other copies floating around, but this is the official one!

What is it?

Minijail is a sandboxing and containment tool used in Chrome OS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.

Getting the code

You're one git clone away from happiness.

$ git clone https://android.googlesource.com/platform/external/minijail
$ cd minijail

Releases are tagged as linux-vXX: https://android.googlesource.com/platform/external/minijail/+refs

Building

See the HACKING.md document for more details.

Release process

See the RELEASE.md document for more details.

Additional tools

See the tools/README.md document for more details.

Contact

We've got a couple of contact points.

Talks and presentations

The following talk serves as a good introduction to Minijail and how it can be used.

Video, slides.

Example usage

The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.

After you play with the simple examples below, you should check that out.

Change root to any user

# id
uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
# minijail0 -u jorgelo -g 5000 /usr/bin/id
uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)

Drop root while keeping some capabilities

# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
Name: cat
...
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000000000003000