Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.cc

Issue 250773003: NaCl Linux: create NaClSandbox class (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address nits. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <dirent.h> 7 #include <dirent.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <signal.h> 10 #include <signal.h>
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
185 // (hence EACCES). And if we do have this permission, then /proc won't 185 // (hence EACCES). And if we do have this permission, then /proc won't
186 // exist anyway (hence ENOENT). 186 // exist anyway (hence ENOENT).
187 DPCHECK(errno == EACCES || errno == ENOENT) 187 DPCHECK(errno == EACCES || errno == ENOENT)
188 << "Unexpected failure when trying to open /proc/self/fd: (" 188 << "Unexpected failure when trying to open /proc/self/fd: ("
189 << errno << ") " << strerror(errno); 189 << errno << ") " << strerror(errno);
190 190
191 // If not available, guess false. 191 // If not available, guess false.
192 return false; 192 return false;
193 } 193 }
194 } 194 }
195 CHECK_GE(proc_self_fd, 0); 195 PCHECK(0 <= proc_self_fd);
196 196
197 // Ownership of proc_self_fd is transferred here, it must not be closed 197 // Ownership of proc_self_fd is transferred here, it must not be closed
198 // or modified afterwards except via dir. 198 // or modified afterwards except via dir.
199 ScopedDIR dir(fdopendir(proc_self_fd)); 199 ScopedDIR dir(fdopendir(proc_self_fd));
200 CHECK(dir); 200 CHECK(dir);
201 201
202 struct dirent e; 202 struct dirent e;
203 struct dirent* de; 203 struct dirent* de;
204 while (!readdir_r(dir.get(), &e, &de) && de) { 204 while (!readdir_r(dir.get(), &e, &de) && de) {
205 if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) { 205 if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) {
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
309 } 309 }
310 310
311 bool Credentials::DropFileSystemAccess() { 311 bool Credentials::DropFileSystemAccess() {
312 // Chrooting to a safe empty dir will only be safe if no directory file 312 // Chrooting to a safe empty dir will only be safe if no directory file
313 // descriptor is available to the process. 313 // descriptor is available to the process.
314 DCHECK(!HasOpenDirectory(-1)); 314 DCHECK(!HasOpenDirectory(-1));
315 return ChrootToSafeEmptyDir(); 315 return ChrootToSafeEmptyDir();
316 } 316 }
317 317
318 } // namespace sandbox. 318 } // namespace sandbox.
OLDNEW
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698