OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" | 5 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" |
6 | 6 |
7 #include <fcntl.h> | 7 #include <fcntl.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdlib.h> | 9 #include <stdlib.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
11 #include <unistd.h> | 11 #include <unistd.h> |
12 | 12 |
| 13 #include <memory> |
13 #include <string> | 14 #include <string> |
14 #include <utility> | 15 #include <utility> |
15 | 16 |
16 #include "base/command_line.h" | 17 #include "base/command_line.h" |
17 #include "base/environment.h" | 18 #include "base/environment.h" |
18 #include "base/files/file_path.h" | 19 #include "base/files/file_path.h" |
19 #include "base/files/file_util.h" | 20 #include "base/files/file_util.h" |
20 #include "base/files/scoped_file.h" | 21 #include "base/files/scoped_file.h" |
21 #include "base/logging.h" | 22 #include "base/logging.h" |
22 #include "base/macros.h" | 23 #include "base/macros.h" |
23 #include "base/memory/scoped_ptr.h" | |
24 #include "base/path_service.h" | 24 #include "base/path_service.h" |
25 #include "base/posix/eintr_wrapper.h" | 25 #include "base/posix/eintr_wrapper.h" |
26 #include "base/process/launch.h" | 26 #include "base/process/launch.h" |
27 #include "base/process/process_metrics.h" | 27 #include "base/process/process_metrics.h" |
28 #include "base/strings/string_number_conversions.h" | 28 #include "base/strings/string_number_conversions.h" |
29 #include "sandbox/linux/suid/common/sandbox.h" | 29 #include "sandbox/linux/suid/common/sandbox.h" |
30 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" | 30 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" |
31 | 31 |
32 namespace { | 32 namespace { |
33 | 33 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 return saved_env_var_copy; | 72 return saved_env_var_copy; |
73 } | 73 } |
74 | 74 |
75 // The ELF loader will clear many environment variables so we save them to | 75 // The ELF loader will clear many environment variables so we save them to |
76 // different names here so that the SUID sandbox can resolve them for the | 76 // different names here so that the SUID sandbox can resolve them for the |
77 // renderer. | 77 // renderer. |
78 void SaveSUIDUnsafeEnvironmentVariables(base::Environment* env) { | 78 void SaveSUIDUnsafeEnvironmentVariables(base::Environment* env) { |
79 for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) { | 79 for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) { |
80 const char* env_var = kSUIDUnsafeEnvironmentVariables[i]; | 80 const char* env_var = kSUIDUnsafeEnvironmentVariables[i]; |
81 // Get the saved environment variable corresponding to envvar. | 81 // Get the saved environment variable corresponding to envvar. |
82 scoped_ptr<std::string> saved_env_var(CreateSavedVariableName(env_var)); | 82 std::unique_ptr<std::string> saved_env_var( |
| 83 CreateSavedVariableName(env_var)); |
83 if (saved_env_var == NULL) | 84 if (saved_env_var == NULL) |
84 continue; | 85 continue; |
85 | 86 |
86 std::string value; | 87 std::string value; |
87 if (env->GetVar(env_var, &value)) | 88 if (env->GetVar(env_var, &value)) |
88 env->SetVar(saved_env_var->c_str(), value); | 89 env->SetVar(saved_env_var->c_str(), value); |
89 else | 90 else |
90 env->UnSetVar(saved_env_var->c_str()); | 91 env->UnSetVar(saved_env_var->c_str()); |
91 } | 92 } |
92 } | 93 } |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
189 // kZygoteIdFd. Fixing this requires a sandbox API change. :( | 190 // kZygoteIdFd. Fixing this requires a sandbox API change. :( |
190 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd)); | 191 fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd)); |
191 } | 192 } |
192 | 193 |
193 void SetuidSandboxHost::SetupLaunchEnvironment() { | 194 void SetuidSandboxHost::SetupLaunchEnvironment() { |
194 SaveSUIDUnsafeEnvironmentVariables(env_.get()); | 195 SaveSUIDUnsafeEnvironmentVariables(env_.get()); |
195 SetSandboxAPIEnvironmentVariable(env_.get()); | 196 SetSandboxAPIEnvironmentVariable(env_.get()); |
196 } | 197 } |
197 | 198 |
198 } // namespace sandbox | 199 } // namespace sandbox |
OLD | NEW |