chrome/browser/android/seccomp_support_detector.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/android/seccomp_support_detector.h"
   6
   7 #include <stdio.h>
   8 #include <sys/utsname.h>
   9
  10 #include "base/metrics/histogram_macros.h"
  11 #include "base/metrics/sparse_histogram.h"
  12 #include "content/public/browser/browser_thread.h"
  13
  14 #if defined(USE_SECCOMP_BPF)
  15 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
  16 #endif
  17
  18 using content::BrowserThread;
  19
  20 enum AndroidSeccompStatus {
  21   // DETECTION_FAILED was formerly used when probing for seccomp was done
  22   // out-of-process. There does not appear to be a gain in doing so, as
  23   // explained in the comment in DetectSeccomp(). This enum remains for
  24   // historical reasons.
  25   DETECTION_FAILED_OBSOLETE,  // The process crashed during detection.
  26
  27   NOT_SUPPORTED,     // Kernel has no seccomp support.
  28   SUPPORTED,         // Kernel has seccomp support.
  29   LAST_STATUS
  30 };
  31
  32 // static
  33 void SeccompSupportDetector::StartDetection() {
  34   // This is instantiated here, and then ownership is maintained by the
  35   // Closure objects when the object is being passed between threads. When
  36   // the last Closure runs, it will delete this.
  37   scoped_refptr<SeccompSupportDetector> detector(new SeccompSupportDetector());
  38   BrowserThread::PostBlockingPoolTask(FROM_HERE,
  39       base::Bind(&SeccompSupportDetector::DetectKernelVersion, detector));
  40   BrowserThread::PostBlockingPoolTask(FROM_HERE,
  41       base::Bind(&SeccompSupportDetector::DetectSeccomp, detector));
  42 }
  43
  44 SeccompSupportDetector::SeccompSupportDetector() {
  45 }
  46
  47 SeccompSupportDetector::~SeccompSupportDetector() {
  48 }
  49
  50 void SeccompSupportDetector::DetectKernelVersion() {
  51   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
  52
  53   // This method will report the kernel major and minor versions by
  54   // taking the lower 16 bits of each version number and combining
  55   // the two into a 32-bit number.
  56
  57   utsname uts;
  58   if (uname(&uts) == 0) {
  59     int major, minor;
  60     if (sscanf(uts.release, "%d.%d", &major, &minor) == 2) {
  61       int version = ((major & 0xFFFF) << 16) | (minor & 0xFFFF);
  62       UMA_HISTOGRAM_SPARSE_SLOWLY("Android.KernelVersion", version);
  63     }
  64   }
  65 }
  66
  67 void SeccompSupportDetector::DetectSeccomp() {
  68   DCHECK(BrowserThread::GetBlockingPool()->RunsTasksOnCurrentThread());
  69
  70 #if defined(USE_SECCOMP_BPF)
  71   bool prctl_supported = sandbox::SandboxBPF::SupportsSeccompSandbox(
  72       sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED);
  73 #else
  74   bool prctl_supported = false;
  75 #endif
  76
  77   UMA_HISTOGRAM_ENUMERATION("Android.SeccompStatus.Prctl",
  78                             prctl_supported ? SUPPORTED : NOT_SUPPORTED,
  79                             LAST_STATUS);
  80
  81   // Probing for the seccomp syscall can provoke kernel panics in certain LGE
  82   // devices. For now, this data will not be collected. In the future, this
  83   // should detect SeccompLevel::MULTI_THREADED. http://crbug.com/478478
  84 }