Chromium Code Reviews Chromium Code Reviews
Issue 1855303003:
Wrap deprecated sandbox functions in C++ class. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_POSIX) | 7 #if defined(OS_POSIX) |
| 8 #if defined(OS_MACOSX) | 8 #if defined(OS_MACOSX) |
| 9 extern "C" { | 9 extern "C" { |
| 10 #include <sandbox.h> | 10 #include <sandbox.h> |
|
Robert Sesek
2016/04/05 14:13:25
Remove.
Greg K
2016/04/05 18:24:44
It's still needed for the profile constants.
| |
| 11 } | 11 } |
| 12 #endif | 12 #endif |
| 13 #include <fcntl.h> | 13 #include <fcntl.h> |
| 14 #include <stddef.h> | 14 #include <stddef.h> |
| 15 #include <sys/socket.h> | 15 #include <sys/socket.h> |
| 16 #include <sys/stat.h> | 16 #include <sys/stat.h> |
| 17 #include <unistd.h> | 17 #include <unistd.h> |
| 18 | 18 |
| 19 #include <queue> | 19 #include <queue> |
| 20 | 20 |
| 21 #include "base/callback.h" | 21 #include "base/callback.h" |
| 22 #include "base/file_descriptor_posix.h" | 22 #include "base/file_descriptor_posix.h" |
| 23 #include "base/location.h" | 23 #include "base/location.h" |
| 24 #include "base/pickle.h" | 24 #include "base/pickle.h" |
| 25 #include "base/posix/eintr_wrapper.h" | 25 #include "base/posix/eintr_wrapper.h" |
| 26 #include "base/single_thread_task_runner.h" | 26 #include "base/single_thread_task_runner.h" |
| 27 #include "base/synchronization/waitable_event.h" | 27 #include "base/synchronization/waitable_event.h" |
| 28 #include "ipc/ipc_message_attachment_set.h" | 28 #include "ipc/ipc_message_attachment_set.h" |
| 29 #include "ipc/ipc_message_utils.h" | 29 #include "ipc/ipc_message_utils.h" |
| 30 #include "ipc/ipc_test_base.h" | 30 #include "ipc/ipc_test_base.h" |
| 31 | 31 |
| 32 #if defined(OS_POSIX) | 32 #if defined(OS_POSIX) |
| 33 #include "base/macros.h" | 33 #include "base/macros.h" |
| 34 #endif | 34 #endif |
| 35 | 35 |
| 36 #if defined(OS_MACOSX) | |
| 37 #include "sandbox/mac/seatbelt.h" | |
| 38 #endif | |
| 39 | |
| 36 namespace { | 40 namespace { |
| 37 | 41 |
| 38 const unsigned kNumFDsToSend = 7; // per message | 42 const unsigned kNumFDsToSend = 7; // per message |
| 39 const unsigned kNumMessages = 20; | 43 const unsigned kNumMessages = 20; |
| 40 const char* kDevZeroPath = "/dev/zero"; | 44 const char* kDevZeroPath = "/dev/zero"; |
| 41 | 45 |
| 42 #if defined(OS_POSIX) | 46 #if defined(OS_POSIX) |
| 43 static_assert(kNumFDsToSend == | 47 static_assert(kNumFDsToSend == |
| 44 IPC::MessageAttachmentSet::kMaxDescriptorsPerMessage, | 48 IPC::MessageAttachmentSet::kMaxDescriptorsPerMessage, |
| 45 "The number of FDs to send must be kMaxDescriptorsPerMessage."); | 49 "The number of FDs to send must be kMaxDescriptorsPerMessage."); |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 186 | 190 |
| 187 MULTIPROCESS_IPC_TEST_CLIENT_MAIN(SendFdsSandboxedClient) { | 191 MULTIPROCESS_IPC_TEST_CLIENT_MAIN(SendFdsSandboxedClient) { |
| 188 struct stat st; | 192 struct stat st; |
| 189 const int fd = open(kDevZeroPath, O_RDONLY); | 193 const int fd = open(kDevZeroPath, O_RDONLY); |
| 190 fstat(fd, &st); | 194 fstat(fd, &st); |
| 191 if (IGNORE_EINTR(close(fd)) < 0) | 195 if (IGNORE_EINTR(close(fd)) < 0) |
| 192 return -1; | 196 return -1; |
| 193 | 197 |
| 194 // Enable the sandbox. | 198 // Enable the sandbox. |
| 195 char* error_buff = NULL; | 199 char* error_buff = NULL; |
| 196 #pragma clang diagnostic push | 200 int error = sandbox::Seatbelt::sandbox_init(kSBXProfilePureComputation, |
| 197 #pragma clang diagnostic ignored "-Wdeprecated-declarations" | 201 SANDBOX_NAMED, &error_buff); |
| 198 int error = sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED, | |
| 199 &error_buff); | |
| 200 bool success = (error == 0 && error_buff == NULL); | 202 bool success = (error == 0 && error_buff == NULL); |
| 201 if (!success) | 203 if (!success) |
| 202 return -1; | 204 return -1; |
| 203 | 205 |
| 204 sandbox_free_error(error_buff); | 206 sandbox::Seatbelt::sandbox_free_error(error_buff); |
| 205 #pragma clang diagnostic pop | |
| 206 | 207 |
| 207 // Make sure sandbox is really enabled. | 208 // Make sure sandbox is really enabled. |
| 208 if (open(kDevZeroPath, O_RDONLY) != -1) { | 209 if (open(kDevZeroPath, O_RDONLY) != -1) { |
| 209 LOG(ERROR) << "Sandbox wasn't properly enabled"; | 210 LOG(ERROR) << "Sandbox wasn't properly enabled"; |
| 210 return -1; | 211 return -1; |
| 211 } | 212 } |
| 212 | 213 |
| 213 // See if we can receive a file descriptor. | 214 // See if we can receive a file descriptor. |
| 214 return SendFdsClientCommon("SendFdsSandboxedClient", st.st_ino); | 215 return SendFdsClientCommon("SendFdsSandboxedClient", st.st_ino); |
| 215 } | 216 } |
| (...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 381 base::WaitableEvent received_; | 382 base::WaitableEvent received_; |
| 382 }; | 383 }; |
| 383 | 384 |
| 384 TEST_F(IPCMultiSendingFdsTest, StressTest) { | 385 TEST_F(IPCMultiSendingFdsTest, StressTest) { |
| 385 Run(); | 386 Run(); |
| 386 } | 387 } |
| 387 | 388 |
| 388 } // namespace | 389 } // namespace |
| 389 | 390 |
| 390 #endif // defined(OS_POSIX) | 391 #endif // defined(OS_POSIX) |
| OLD | NEW |
