Index: sandbox/linux/services/credentials.cc |
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc |
index 0dea5aaf1302bb3f51f50c736695d11965d817a3..2e66d97cf53a45895d0ea7caeb1e8315f0a510a8 100644 |
--- a/sandbox/linux/services/credentials.cc |
+++ b/sandbox/linux/services/credentials.cc |
@@ -110,24 +110,23 @@ |
error == ENOSYS); |
} |
-// Converts a Capability to the corresponding Linux CAP_XXX value. |
-int CapabilityToKernelValue(Credentials::Capability cap) { |
+// Converts a LinuxCapability to the corresponding Linux CAP_XXX value. |
+int LinuxCapabilityToKernelValue(LinuxCapability cap) { |
switch (cap) { |
- case Credentials::Capability::SYS_CHROOT: |
+ case LinuxCapability::kCapSysChroot: |
return CAP_SYS_CHROOT; |
- case Credentials::Capability::SYS_ADMIN: |
+ case LinuxCapability::kCapSysAdmin: |
return CAP_SYS_ADMIN; |
} |
- LOG(FATAL) << "Invalid Capability: " << static_cast<int>(cap); |
+ LOG(FATAL) << "Invalid LinuxCapability: " << static_cast<int>(cap); |
return 0; |
} |
} // namespace. |
-// static |
bool Credentials::DropAllCapabilities(int proc_fd) { |
- if (!SetCapabilities(proc_fd, std::vector<Capability>())) { |
+ if (!SetCapabilities(proc_fd, std::vector<LinuxCapability>())) { |
return false; |
} |
@@ -135,40 +134,14 @@ |
return true; |
} |
-// static |
bool Credentials::DropAllCapabilities() { |
base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
return Credentials::DropAllCapabilities(proc_fd.get()); |
} |
// static |
-bool Credentials::DropAllCapabilitiesOnCurrentThread() { |
- return SetCapabilitiesOnCurrentThread(std::vector<Capability>()); |
-} |
- |
-// static |
-bool Credentials::SetCapabilitiesOnCurrentThread( |
- const std::vector<Capability>& caps) { |
- struct cap_hdr hdr = {}; |
- hdr.version = _LINUX_CAPABILITY_VERSION_3; |
- struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {{}}; |
- |
- // Initially, cap has no capability flags set. Enable the effective and |
- // permitted flags only for the requested capabilities. |
- for (const Capability cap : caps) { |
- const int cap_num = CapabilityToKernelValue(cap); |
- const size_t index = CAP_TO_INDEX(cap_num); |
- const uint32_t mask = CAP_TO_MASK(cap_num); |
- data[index].effective |= mask; |
- data[index].permitted |= mask; |
- } |
- |
- return sys_capset(&hdr, data) == 0; |
-} |
- |
-// static |
bool Credentials::SetCapabilities(int proc_fd, |
- const std::vector<Capability>& caps) { |
+ const std::vector<LinuxCapability>& caps) { |
DCHECK_LE(0, proc_fd); |
#if !defined(THREAD_SANITIZER) |
@@ -177,7 +150,21 @@ |
CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
#endif |
- return SetCapabilitiesOnCurrentThread(caps); |
+ struct cap_hdr hdr = {}; |
+ hdr.version = _LINUX_CAPABILITY_VERSION_3; |
+ struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {{}}; |
+ |
+ // Initially, cap has no capability flags set. Enable the effective and |
+ // permitted flags only for the requested capabilities. |
+ for (const LinuxCapability cap : caps) { |
+ const int cap_num = LinuxCapabilityToKernelValue(cap); |
+ const size_t index = CAP_TO_INDEX(cap_num); |
+ const uint32_t mask = CAP_TO_MASK(cap_num); |
+ data[index].effective |= mask; |
+ data[index].permitted |= mask; |
+ } |
+ |
+ return sys_capset(&hdr, data) == 0; |
} |
bool Credentials::HasAnyCapability() { |
@@ -196,14 +183,14 @@ |
return false; |
} |
-bool Credentials::HasCapability(Capability cap) { |
+bool Credentials::HasCapability(LinuxCapability cap) { |
struct cap_hdr hdr = {}; |
hdr.version = _LINUX_CAPABILITY_VERSION_3; |
struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {{}}; |
PCHECK(sys_capget(&hdr, data) == 0); |
- const int cap_num = CapabilityToKernelValue(cap); |
+ const int cap_num = LinuxCapabilityToKernelValue(cap); |
const size_t index = CAP_TO_INDEX(cap_num); |
const uint32_t mask = CAP_TO_MASK(cap_num); |