| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <limits.h> | 9 #include <limits.h> |
| 10 #include <pthread.h> | 10 #include <pthread.h> |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 // Test the WorkingDirectoryIsRoot() helper. | 138 // Test the WorkingDirectoryIsRoot() helper. |
| 139 SANDBOX_TEST(Credentials, CanDetectRoot) { | 139 SANDBOX_TEST(Credentials, CanDetectRoot) { |
| 140 PCHECK(0 == chdir("/proc/")); | 140 PCHECK(0 == chdir("/proc/")); |
| 141 CHECK(!WorkingDirectoryIsRoot()); | 141 CHECK(!WorkingDirectoryIsRoot()); |
| 142 PCHECK(0 == chdir("/")); | 142 PCHECK(0 == chdir("/")); |
| 143 CHECK(WorkingDirectoryIsRoot()); | 143 CHECK(WorkingDirectoryIsRoot()); |
| 144 } | 144 } |
| 145 | 145 |
| 146 // Disabled on ASAN because of crbug.com/451603. | 146 // Disabled on ASAN because of crbug.com/451603. |
| 147 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) { | 147 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) { |
| 148 CHECK(Credentials::HasFileSystemAccess()); |
| 148 CHECK(Credentials::DropAllCapabilities()); | 149 CHECK(Credentials::DropAllCapabilities()); |
| 149 // Probably missing kernel support. | 150 // Probably missing kernel support. |
| 150 if (!Credentials::MoveToNewUserNS()) return; | 151 if (!Credentials::MoveToNewUserNS()) return; |
| 151 CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get())); | 152 CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get())); |
| 152 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 153 CHECK(!Credentials::HasFileSystemAccess()); |
| 153 CHECK(WorkingDirectoryIsRoot()); | 154 CHECK(WorkingDirectoryIsRoot()); |
| 154 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); | 155 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); |
| 155 // We want the chroot to never have a subdirectory. A subdirectory | 156 // We want the chroot to never have a subdirectory. A subdirectory |
| 156 // could allow a chroot escape. | 157 // could allow a chroot escape. |
| 157 CHECK_NE(0, mkdir("/test", 0700)); | 158 CHECK_NE(0, mkdir("/test", 0700)); |
| 158 } | 159 } |
| 159 | 160 |
| 160 // Check that after dropping filesystem access and dropping privileges | 161 // Check that after dropping filesystem access and dropping privileges |
| 161 // it is not possible to regain capabilities. | 162 // it is not possible to regain capabilities. |
| 162 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) { | 163 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) { |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 261 action.sa_handler = &SignalHandler; | 262 action.sa_handler = &SignalHandler; |
| 262 PCHECK(sigaction(SIGUSR1, &action, nullptr) == 0); | 263 PCHECK(sigaction(SIGUSR1, &action, nullptr) == 0); |
| 263 | 264 |
| 264 PCHECK(raise(SIGUSR1) == 0); | 265 PCHECK(raise(SIGUSR1) == 0); |
| 265 CHECK_EQ(1, signal_handler_called); | 266 CHECK_EQ(1, signal_handler_called); |
| 266 } | 267 } |
| 267 | 268 |
| 268 } // namespace. | 269 } // namespace. |
| 269 | 270 |
| 270 } // namespace sandbox. | 271 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2357393003:
Add check for file system access to the sandbox. (Closed)
