Closed Bug 969088 Opened 10 years ago Closed 10 years ago

Indicate per-process/thread seccomp state in b2g-ps output

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file)

Link to Github pull-request: https://github.com/mozilla-b2g/gonk-misc/pull/150
49 bytes, text/x-github-pull-request
dhylands
: review+
Details | Review 
It seems useful, at least for people working on sandboxing, for b2g-ps to note which processes/threads have seccomp sandboxing enabled.  I have a proof-of-concept, seen here demonstrating bug 969040:

$ adb -s emulator-5554 shell b2g-ps -t 182
APPLICATION    SEC USER     PID   PPID  VSIZE  RSS     WCHAN    PC         NAME
Built-in Keyboa  2 app_182   182   127   71616  24292 ffffffff 4005b3c0 S /system/b2g/plugin-container
Chrome_ChildThr  0 app_182   183   182   71616  24292 c00bb45c 4005b3c0 S Chrome_ChildThr
JS GC Helper     0 app_182   184   182   71616  24292 c005deb8 4005b5cc S JS GC Helper
Socket Thread    0 app_182   185   182   71616  24292 c009e6d4 4005b438 S Socket Thread
BgHangManager    0 app_182   186   182   71616  24292 c005dfbc 4005b5cc S BgHangManager
(Nuwa)           0 app_182   187   182   71616  24292 c005deb8 4005b5cc S (Nuwa)
ImageBridgeChil  0 app_182   188   182   71616  24292 c005deb8 4005b5cc S ImageBridgeChil
Binder Thread #  0 app_182   189   182   71616  24292 c01ad2ac 4005a690 S Binder Thread #
Binder Thread #  0 app_182   190   182   71616  24292 c01ad2ac 4005a690 S Binder Thread #
Timer            0 app_182   193   182   71616  24292 c005dfbc 4005b5cc S Timer
Network Seer     2 app_182   207   182   71616  24292 c005deb8 4005b5cc S Network Seer
HTML5 Parser     2 app_182   209   182   71616  24292 c005deb8 4005b5cc S HTML5 Parser
Analysis Helper  2 app_182   210   182   71616  24292 c005deb8 4005b5cc S Analysis Helper
Analysis Helper  2 app_182   211   182   71616  24292 c005deb8 4005b5cc S Analysis Helper
Built-in Keyboa  2 app_182   212   182   71616  24292 c005deb8 4005b5cc S Built-in Keyboa
Media State      2 app_182   218   182   71616  24292 c005deb8 4005b5cc S Media State
I considered making it conditional on whether the running kernel supports seccomp (tested by reading /proc/self/status), but if I'm going to break scripts that parse b2g-ps output (are there any?) then I think I should break them everywhere, not have that be an extra "surprise" for seccomp-enabled devices.
Comment on attachment 8372007 [details] [review]
Link to Github pull-request: https://github.com/mozilla-b2g/gonk-misc/pull/150

I only had one comment, but on further reflection, I think that its a moot point.
Attachment #8372007 - Flags: review?(dhylands) → review+
https://github.com/mozilla-b2g/gonk-misc/commit/02147230f5878943bc51373afb852b248e814140
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: