Android N IOT Release 2 (NIT1.180611.010.B1)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCW3M6LQAKCRDorT+BmrEO
eG0aAJ9BFdAj5A6/0alGXtF95xZusGRPVQCfdGPWvrfuvKtfBhLU8LbrNL6vmfc=
=u9JP
-----END PGP SIGNATURE-----
syscall_filter: Add a small operand optimization

Since all <, <=, >, >= operands are unsigned, when the immediate fits in
32-bits (which should be the vast majority of the time), we can omit one
of the comparison that would normally occur. So, for

 arg1 >= K

That would be roughly translated to

 if (hi(arg1) > hi(K)) jump NEXT;
 if (hi(arg1) == hi(K) && lo(arg1) >= lo(K)) jump NEXT;
 jump KILL;

If the first check (|hi(arg1) > hi(K)|) fails, we then evaluate the
whole second expression. If |hi(K) == 0|, then the only value of
|hi(arg1)| for which it would fail would be if |hi(arg1) == 0|, so we
don't need to evaluate |hi(arg1) == hi(K)| at all, since we know that
it's always going to be true. In other words,

 // given that |hi(K) == 0|,
 if (hi(arg1) > 0) jump NEXT;
 // if the code gets here, |hi(arg1) == 0|.
 if (lo(arg1) >= lo(K)) jump NEXT;
 jump KILL;

The case for > is identical, and </<= get translated into >/>= since
cBPF only supports the latter two operators, which concludes the
proof of correctness for this optimization.

This saves one opcode.

Bug: 111726641
Test: make tests
Test: echo 'read: arg1 <= 0xbadc0ffee0ddf00d' | \
      ./parse_seccomp_policy --dump - | \
      ./libseccomp/tools/scmp_bpf_disasm
Test: echo 'read: arg1 <= 0xff' | ./parse_seccomp_policy --dump - | \
      ./libseccomp/tools/scmp_bpf_disasm

Change-Id: Ia00362ce92ff5e858c7366dab013e2db88c09818
4 files changed
tree: f760fce3adbf0afc846a41982ea243577c631047
  1. .clang-format
  2. .gitignore
  3. Android.bp
  4. CPPLINT.cfg
  5. CleanSpec.mk
  6. HACKING.md
  7. LICENSE
  8. MODULE_LICENSE_BSD
  9. Makefile
  10. NOTICE
  11. OWNERS
  12. PRESUBMIT.cfg
  13. PREUPLOAD.cfg
  14. README.md
  15. RELEASE.md
  16. arch.h
  17. bpf.c
  18. bpf.h
  19. common.mk
  20. elfparse.c
  21. elfparse.h
  22. examples/
  23. gen_constants-inl.h
  24. gen_constants.c
  25. gen_constants.sh
  26. gen_syscalls.c
  27. gen_syscalls.sh
  28. get_googletest.sh
  29. libconstants.h
  30. libminijail-private.h
  31. libminijail.c
  32. libminijail.h
  33. libminijail.pc.in
  34. libminijail_unittest.cc
  35. libminijailpreload.c
  36. libsyscalls.h
  37. linux-x86/
  38. minijail0.1
  39. minijail0.5
  40. minijail0.c
  41. minijail0_cli.c
  42. minijail0_cli.h
  43. minijail0_cli_unittest.cc
  44. navbar.md
  45. parse_seccomp_policy.cc
  46. platform2_preinstall.sh
  47. scoped_minijail.h
  48. signal_handler.c
  49. signal_handler.h
  50. syscall_filter.c
  51. syscall_filter.h
  52. syscall_filter_unittest.cc
  53. syscall_filter_unittest_macros.h
  54. syscall_wrapper.c
  55. syscall_wrapper.h
  56. system.c
  57. system.h
  58. system_unittest.cc
  59. test/
  60. testrunner.cc
  61. tools/
  62. util.c
  63. util.h
  64. util_unittest.cc
README.md

Minijail

The Minijail homepage & main repo is https://android.googlesource.com/platform/external/minijail/.

There might be other copies floating around, but this is the official one!

What is it?

Minijail is a sandboxing and containment tool used in Chrome OS, and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.

Getting The Code

You're one git clone away from happiness.

$ git clone https://android.googlesource.com/platform/external/minijail
$ cd minijail

Releases are tagged as linux-vXX: https://android.googlesource.com/platform/external/minijail/+refs

Building

See the HACKING.md document for more details.

Release Process

See the RELEASE.md document for more details.

Contact

We've got a couple of contact points.

Talks and Presentations

The following talk serves as a good introduction to Minijail and how it can be used.

Video, slides.

Example Usage

The Chromium OS project has a comprehensive sandboxing document that is largely based on Minijail.

After you play with the simple examples below, you should check that out.

Change root to any user

# id
uid=0(root) gid=0(root) groups=0(root),128(pkcs11)
# minijail0 -u jorgelo -g 5000 /usr/bin/id
uid=72178(jorgelo) gid=5000(eng) groups=5000(eng)

Drop root while keeping some capabilities

# minijail0 -u jorgelo -c 3000 -- /bin/cat /proc/self/status
Name: cat
...
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000000000003000