search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / content / shell / android / linker_test_apk / chromium_linker_test_linker_tests.cc
blob6a458513c2e89bf074f38ade930db7e630d3afa4
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // This file implements the native methods of
6 // org.content.chromium.app.LinkerTests
7 // Unlike the content of linker_jni.cc, it is part of the content library and
8 // can thus use base/ and the C++ STL.
9
10 #include "content/shell/android/linker_test_apk/chromium_linker_test_linker_tests.h"
11
12 #include <sys/mman.h>
13 #include <errno.h>
14 #include <stdio.h>
15 #include <string>
16 #include <vector>
17
18 #include "base/basictypes.h"
19 #include "base/debug/proc_maps_linux.h"
20 #include "base/logging.h"
21 #include "base/strings/stringprintf.h"
22 #include "jni/LinkerTests_jni.h"
23 #include "third_party/re2/re2/re2.h"
24
25 namespace content {
26
27 namespace {
28
29 using base::debug::MappedMemoryRegion;
30
31 jboolean RunChecks(bool in_browser_process, bool need_relros) {
32 // IMPORTANT NOTE: The Python test control script reads the logcat for
33 // lines like:
34 // BROWSER_LINKER_TEST: <status>
35 // RENDERER_LINKER_TEST: <status>
36 //
37 // Where <status> can be either SUCCESS or FAIL. Other lines starting
38 // with the same prefixes, but not using SUCCESS or FAIL are ignored.
39 const char* prefix =
40 in_browser_process ? "BROWSER_LINKER_TEST: " : "RENDERER_LINKER_TEST: ";
41
42 // The RELRO section(s) will appear in /proc/self/maps as a mapped memory
43 // region for a file with a recognizable name. For the LegacyLinker the
44 // full name will be something like:
45 //
46 // "/dev/ashmem/RELRO:<libname> (deleted)"
47 //
48 // and for the ModernLinker, something like:
49 //
50 // "/data/data/org.chromium.chromium_linker_test_apk/
51 // app_chromium_linker_test/RELRO:<libname> (deleted)"
52 //
53 // Where <libname> is the library name and '(deleted)' is actually
54 // added by the kernel to indicate there is no corresponding file
55 // on the filesystem.
56 //
57 // For regular builds, there is only one library, and thus one RELRO
58 // section, but for the component build, there are several libraries,
59 // each one with its own RELRO.
60 static const char kLegacyRelroSectionPattern[] = "/dev/ashmem/RELRO:.*";
61 static const char kModernRelroSectionPattern[] = "/data/.*/RELRO:.*";
62
63 // Parse /proc/self/maps and builds a list of region mappings in this
64 // process.
65 std::string maps;
66 base::debug::ReadProcMaps(&maps);
67 if (maps.empty()) {
68 LOG(ERROR) << prefix << "FAIL Cannot parse /proc/self/maps";
69 return false;
70 }
71
72 std::vector<MappedMemoryRegion> regions;
73 base::debug::ParseProcMaps(maps, &regions);
74 if (regions.empty()) {
75 LOG(ERROR) << prefix << "FAIL Cannot read memory mappings in this process";
76 return false;
77 }
78
79 const RE2 legacy_linker_re(kLegacyRelroSectionPattern);
80 const RE2 modern_linker_re(kModernRelroSectionPattern);
81
82 int num_shared_relros = 0;
83 int num_bad_shared_relros = 0;
84
85 for (size_t n = 0; n < regions.size(); ++n) {
86 MappedMemoryRegion& region = regions[n];
87
88 const std::string path = region.path;
89 const bool is_legacy_relro = re2::RE2::FullMatch(path, legacy_linker_re);
90 const bool is_modern_relro = re2::RE2::FullMatch(path, modern_linker_re);
91
92 if (is_legacy_relro && is_modern_relro) {
93 LOG(ERROR) << prefix
94 << "FAIL RELRO cannot be both Legacy and Modern (test error)";
95 return false;
96 }
97
98 if (!is_legacy_relro && !is_modern_relro) {
99 // Ignore any mapping that isn't a shared RELRO.
100 continue;
101 }
102
103 num_shared_relros++;
104
105 void* region_start = reinterpret_cast<void*>(region.start);
106 void* region_end = reinterpret_cast<void*>(region.end);
107
108 // Check that it is mapped read-only.
109 const uint8 expected_flags = MappedMemoryRegion::READ;
110 const uint8 expected_mask = MappedMemoryRegion::READ |
111 MappedMemoryRegion::WRITE |
112 MappedMemoryRegion::EXECUTE;
113
114 uint8 region_flags = region.permissions & expected_mask;
115 if (region_flags != expected_flags) {
116 LOG(ERROR)
117 << prefix
118 << base::StringPrintf(
119 "Shared RELRO section at %p-%p is not mapped read-only. "
120 "Protection flags are %d (%d expected)!",
121 region_start,
122 region_end,
123 region_flags,
124 expected_flags);
125 num_bad_shared_relros++;
126 continue;
127 }
128
129 // Shared RELROs implemented by the Android M+ system linker are not in
130 // ashmem. The Android M+ system linker maps everything with MAP_PRIVATE
131 // rather than MAP_SHARED. Remapping such a RELRO section read-write will
132 // therefore succeed, but it is not a problem. The memory copy-on-writes,
133 // and updates are not visible to either the mapped file or other processes
134 // mapping the same file. So... we skip the remap test for ModernLinker.
135 if (is_modern_relro) {
136 continue;
137 }
138
139 // Check that trying to remap it read-write fails with EACCES
140 size_t region_size = region.end - region.start;
141 int ret = ::mprotect(region_start, region_size, PROT_READ | PROT_WRITE);
142 if (ret != -1) {
143 LOG(ERROR)
144 << prefix
145 << base::StringPrintf(
146 "Shared RELRO section at %p-%p could be remapped read-write!?",
147 region_start,
148 region_end);
149 num_bad_shared_relros++;
150 // Just in case.
151 ::mprotect(region_start, region_size, PROT_READ);
152 } else if (errno != EACCES) {
153 LOG(ERROR) << prefix << base::StringPrintf(
154 "Shared RELRO section at %p-%p failed "
155 "read-write mprotect with "
156 "unexpected error %d (EACCES:%d wanted): %s",
157 region_start,
158 region_end,
159 errno,
160 EACCES,
161 strerror(errno));
162 num_bad_shared_relros++;
163 }
164 }
165
166 VLOG(0)
167 << prefix
168 << base::StringPrintf(
169 "There are %d shared RELRO sections in this process, %d are bad",
170 num_shared_relros,
171 num_bad_shared_relros);
172
173 if (num_bad_shared_relros > 0) {
174 LOG(ERROR) << prefix << "FAIL Bad RELROs sections in this process";
175 return false;
176 }
177
178 if (need_relros) {
179 if (num_shared_relros == 0) {
180 LOG(ERROR) << prefix
181 << "FAIL Missing shared RELRO sections in this process!";
182 return false;
183 }
184 } else {
185 if (num_shared_relros > 0) {
186 LOG(ERROR) << prefix << "FAIL Unexpected " << num_shared_relros
187 << " shared RELRO sections in this process!";
188 return false;
189 }
190 }
191
192 VLOG(0) << prefix << "SUCCESS";
193 return true;
194 }
195
196 } // namespace
197
198 jboolean CheckForSharedRelros(JNIEnv* env,
199 const JavaParamRef<jclass>& clazz,
200 jboolean in_browser_process) {
201 return RunChecks(in_browser_process, true);
202 }
203
204 jboolean CheckForNoSharedRelros(JNIEnv* env,
205 const JavaParamRef<jclass>& clazz,
206 jboolean in_browser_process) {
207 return RunChecks(in_browser_process, false);
208 }
209
210 bool RegisterLinkerTestsJni(JNIEnv* env) { return RegisterNativesImpl(env); }
211
212 } // namespace content