From 5498907383c7f1654188b6a0d02d8b03112a28c3 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 5 Mar 2012 16:19:08 -0500 Subject: libsandbox: push down constructor init Since every consumer of sb_open gets a copy of the sbio_open data, push the init of this into the .data section of the respective consumers to avoid the runtime overhead. This just leaves sandbox_lib setup in the constructor function, but that is only needed by the execve wrapper, so push down init of that to the existing sb_init logic which happens before our execve wrapper gets used. URL: http://bugs.gentoo.org/404013 Reported-by: Mike Gilbert Signed-off-by: Mike Frysinger --- libsandbox/libsandbox.c | 43 ++++++------------------------------------- libsbutil/sb_open.c | 11 ----------- libsbutil/sbutil.h | 2 +- src/sandbox.c | 1 + 4 files changed, 8 insertions(+), 49 deletions(-) diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 0fcbb65..a36e190 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -61,6 +61,7 @@ typedef struct { static char *cached_env_vars[MAX_DYN_PREFIXES]; bool sandbox_on = true; static bool sb_init = false; +int (*sbio_open)(const char *, int, mode_t) = sb_unwrapped_open; static char *resolve_path(const char *, int); static int check_prefixes(char **, int, const char *); @@ -68,50 +69,15 @@ static void clean_env_entries(char ***, int *); static void init_context(sbcontext_t *); static void init_env_entries(char ***, int *, const char *, const char *, int); - -/* - * Initialize the shabang - */ -#if 0 -__attribute__((destructor)) -void libsb_fini(void) -{ - /* let the kernel reap our resources -- it's faster anyways */ - int x; - - sb_init = false; - - for (x = 0; x < MAX_DYN_PREFIXES; ++x) { - if (NULL != cached_env_vars[x]) { - free(cached_env_vars[x]); - cached_env_vars[x] = NULL; - } - } - - for (x = 0; x < MAX_DYN_PREFIXES; ++x) - clean_env_entries(&(sbcontext.prefixes[x]), - &(sbcontext.num_prefixes[x])); -} -#endif - +#ifdef SB_MEM_DEBUG __attribute__((constructor)) void libsb_init(void) { save_errno(); - -#ifdef SB_MEM_DEBUG mtrace(); -#endif - - sb_set_open(sb_unwrapped_open); - - /* Get the path and name to this library */ - get_sandbox_lib(sandbox_lib); - -// sb_init = true; - restore_errno(); } +#endif static const char *sb_get_fd_dir(void) { @@ -1084,6 +1050,9 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in sb_lock(); if (!sb_init) { + /* Get the path and name to this library */ + get_sandbox_lib(sandbox_lib); + init_context(&sbcontext); sb_init = true; } diff --git a/libsbutil/sb_open.c b/libsbutil/sb_open.c index 2e405c6..27dda9c 100644 --- a/libsbutil/sb_open.c +++ b/libsbutil/sb_open.c @@ -10,17 +10,6 @@ #include "headers.h" #include "sbutil.h" -static int (*sbio_open)(const char *, int, mode_t) = (void *)open; - - -void sb_set_open(void *new_open) -{ - if (!check_ptr(new_open)) - return; - - sbio_open = new_open; -} - /* General purpose function to _reliably_ open a file * * Returns the file descriptor or -1 on error (and errno set) diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h index e232b31..bdff33f 100644 --- a/libsbutil/sbutil.h +++ b/libsbutil/sbutil.h @@ -91,7 +91,7 @@ bool is_env_on (const char *); bool is_env_off (const char *); /* libsandbox need to use a wrapper for open */ -void sb_set_open(void *new_open); +attribute_hidden extern int (*sbio_open)(const char *, int, mode_t); /* Convenience functions to reliably open, read and write to a file */ int sb_open(const char *path, int flags, mode_t mode); size_t sb_read(int fd, void *buf, size_t count); diff --git a/src/sandbox.c b/src/sandbox.c index d36126e..a8e28fe 100644 --- a/src/sandbox.c +++ b/src/sandbox.c @@ -18,6 +18,7 @@ static int print_debug = 0; #define dprintf(fmt, args...) do { if (print_debug) printf(fmt, ## args); } while (0) #define dputs(str) do { if (print_debug) puts(str); } while (0) +int (*sbio_open)(const char *, int, mode_t) = (void *)open; volatile static int stop_called = 0; volatile static pid_t child_pid = 0; -- cgit v1.2.3-65-gdbad