1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2012 The FreeBSD Foundation 5 * Copyright (c) 2015 Mariusz Zaborski <oshogbo@FreeBSD.org> 6 * Copyright (c) 2017 Robert N. M. Watson 7 * 8 * This software was developed by Pawel Jakub Dawidek under sponsorship from 9 * the FreeBSD Foundation. 10 * 11 * All rights reserved. 12 * This software was developed by SRI International and the University of 13 * Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237) 14 * ("CTSRD"), as part of the DARPA CRASH research programme. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 1. Redistributions of source code must retain the above copyright 20 * notice, this list of conditions and the following disclaimer. 21 * 2. Redistributions in binary form must reproduce the above copyright 22 * notice, this list of conditions and the following disclaimer in the 23 * documentation and/or other materials provided with the distribution. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 */ 37 38 #include <sys/cdefs.h> 39 __FBSDID("$FreeBSD$"); 40 41 #include <sys/types.h> 42 #include <sys/capsicum.h> 43 #include <sys/procdesc.h> 44 #include <sys/socket.h> 45 #include <sys/nv.h> 46 47 #include <assert.h> 48 #include <err.h> 49 #include <errno.h> 50 #include <stdbool.h> 51 #include <stdlib.h> 52 #include <strings.h> 53 #include <unistd.h> 54 55 #include "zygote.h" 56 57 /* Zygote info. */ 58 static int zygote_sock = -1; 59 60 #define ZYGOTE_SERVICE_EXECUTE 1 61 62 int 63 zygote_clone(uint64_t funcidx, int *chanfdp, int *procfdp) 64 { 65 nvlist_t *nvl; 66 int error; 67 68 if (zygote_sock == -1) { 69 /* Zygote didn't start. */ 70 errno = ENXIO; 71 return (-1); 72 } 73 74 nvl = nvlist_create(0); 75 nvlist_add_number(nvl, "funcidx", funcidx); 76 nvl = nvlist_xfer(zygote_sock, nvl, 0); 77 if (nvl == NULL) 78 return (-1); 79 if (nvlist_exists_number(nvl, "error")) { 80 error = (int)nvlist_get_number(nvl, "error"); 81 nvlist_destroy(nvl); 82 errno = error; 83 return (-1); 84 } 85 86 *chanfdp = nvlist_take_descriptor(nvl, "chanfd"); 87 *procfdp = nvlist_take_descriptor(nvl, "procfd"); 88 89 nvlist_destroy(nvl); 90 return (0); 91 } 92 93 int 94 zygote_clone_service_execute(int *chanfdp, int *procfdp) 95 { 96 97 return (zygote_clone(ZYGOTE_SERVICE_EXECUTE, chanfdp, procfdp)); 98 } 99 100 /* 101 * This function creates sandboxes on-demand whoever has access to it via 102 * 'sock' socket. Function sends two descriptors to the caller: process 103 * descriptor of the sandbox and socket pair descriptor for communication 104 * between sandbox and its owner. 105 */ 106 static void 107 zygote_main(int sock) 108 { 109 int error, procfd; 110 int chanfd[2]; 111 nvlist_t *nvlin, *nvlout; 112 uint64_t funcidx; 113 zygote_func_t *func; 114 pid_t pid; 115 116 assert(sock > STDERR_FILENO); 117 118 setproctitle("zygote"); 119 120 for (;;) { 121 nvlin = nvlist_recv(sock, 0); 122 if (nvlin == NULL) { 123 if (errno == ENOTCONN) { 124 /* Casper exited. */ 125 _exit(0); 126 } 127 continue; 128 } 129 funcidx = nvlist_get_number(nvlin, "funcidx"); 130 nvlist_destroy(nvlin); 131 132 switch (funcidx) { 133 case ZYGOTE_SERVICE_EXECUTE: 134 func = service_execute; 135 break; 136 default: 137 _exit(0); 138 } 139 140 /* 141 * Someone is requesting a new process, create one. 142 */ 143 procfd = -1; 144 chanfd[0] = -1; 145 chanfd[1] = -1; 146 error = 0; 147 if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, 148 chanfd) == -1) { 149 error = errno; 150 goto send; 151 } 152 pid = pdfork(&procfd, 0); 153 switch (pid) { 154 case -1: 155 /* Failure. */ 156 error = errno; 157 break; 158 case 0: 159 /* Child. */ 160 close(sock); 161 close(chanfd[0]); 162 func(chanfd[1]); 163 /* NOTREACHED */ 164 _exit(1); 165 default: 166 /* Parent. */ 167 close(chanfd[1]); 168 break; 169 } 170 send: 171 nvlout = nvlist_create(0); 172 if (error != 0) { 173 nvlist_add_number(nvlout, "error", (uint64_t)error); 174 if (chanfd[0] >= 0) 175 close(chanfd[0]); 176 if (procfd >= 0) 177 close(procfd); 178 } else { 179 nvlist_move_descriptor(nvlout, "chanfd", chanfd[0]); 180 nvlist_move_descriptor(nvlout, "procfd", procfd); 181 } 182 (void)nvlist_send(sock, nvlout); 183 nvlist_destroy(nvlout); 184 } 185 /* NOTREACHED */ 186 } 187 188 int 189 zygote_init(void) 190 { 191 int serrno, sp[2]; 192 pid_t pid; 193 194 if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sp) == -1) 195 return (-1); 196 197 pid = fork(); 198 switch (pid) { 199 case -1: 200 /* Failure. */ 201 serrno = errno; 202 close(sp[0]); 203 close(sp[1]); 204 errno = serrno; 205 return (-1); 206 case 0: 207 /* Child. */ 208 close(sp[0]); 209 zygote_main(sp[1]); 210 /* NOTREACHED */ 211 abort(); 212 default: 213 /* Parent. */ 214 zygote_sock = sp[0]; 215 close(sp[1]); 216 return (0); 217 } 218 /* NOTREACHED */ 219 } 220