Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(165)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp/stat.cc

Issue 371047: Allow the seccomp sandbox to be enabled, even if the suid sandbox has... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/seccomp/socketcall.cc ('k') | sandbox/linux/seccomp/syscall_table.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:eol-style
+ LF
OLDNEW
1 #include "debug.h" 1 #include "debug.h"
2 #include "sandbox_impl.h" 2 #include "sandbox_impl.h"
3 3
4 namespace playground { 4 namespace playground {
5 5
6 int Sandbox::sandbox_stat(const char *path, void *buf) { 6 int Sandbox::sandbox_stat(const char *path, void *buf) {
7 Debug::syscall(__NR_stat, "Executing handler"); 7 Debug::syscall(__NR_stat, "Executing handler");
8 size_t len = strlen(path); 8 size_t len = strlen(path);
9 struct Request { 9 struct Request {
10 int sysnum; 10 int sysnum;
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 long rc; 52 long rc;
53 SysCalls sys; 53 SysCalls sys;
54 if (write(sys, processFdPub(), request, sizeof(data)) != (int)sizeof(data) || 54 if (write(sys, processFdPub(), request, sizeof(data)) != (int)sizeof(data) ||
55 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) { 55 read(sys, threadFdPub(), &rc, sizeof(rc)) != sizeof(rc)) {
56 die("Failed to forward stat64() request [sandbox]"); 56 die("Failed to forward stat64() request [sandbox]");
57 } 57 }
58 return static_cast<int>(rc); 58 return static_cast<int>(rc);
59 } 59 }
60 #endif 60 #endif
61 61
62 bool Sandbox::process_stat(int parentProc, int sandboxFd, int threadFdPub, 62 bool Sandbox::process_stat(int parentMapsFd, int sandboxFd, int threadFdPub,
63 int threadFd, SecureMem::Args* mem) { 63 int threadFd, SecureMem::Args* mem) {
64 // Read request 64 // Read request
65 SysCalls sys; 65 SysCalls sys;
66 Stat stat_req; 66 Stat stat_req;
67 if (read(sys, sandboxFd, &stat_req, sizeof(stat_req)) != sizeof(stat_req)) { 67 if (read(sys, sandboxFd, &stat_req, sizeof(stat_req)) != sizeof(stat_req)) {
68 read_parm_failed: 68 read_parm_failed:
69 die("Failed to read parameters for stat() [process]"); 69 die("Failed to read parameters for stat() [process]");
70 } 70 }
71 int rc = -ENAMETOOLONG; 71 int rc = -ENAMETOOLONG;
72 if (stat_req.path_length >= (int)sizeof(mem->pathname)) { 72 if (stat_req.path_length >= (int)sizeof(mem->pathname)) {
73 char buf[32]; 73 char buf[32];
74 while (stat_req.path_length > 0) { 74 while (stat_req.path_length > 0) {
75 size_t len = stat_req.path_length > sizeof(buf) ? 75 size_t len = stat_req.path_length > sizeof(buf) ?
76 sizeof(buf) : stat_req.path_length; 76 sizeof(buf) : stat_req.path_length;
77 ssize_t i = read(sys, sandboxFd, buf, len); 77 ssize_t i = read(sys, sandboxFd, buf, len);
78 if (i <= 0) { 78 if (i <= 0) {
79 goto read_parm_failed; 79 goto read_parm_failed;
80 } 80 }
81 stat_req.path_length -= i; 81 stat_req.path_length -= i;
82 } 82 }
83 if (write(sys, threadFd, &rc, sizeof(rc)) != sizeof(rc)) { 83 if (write(sys, threadFd, &rc, sizeof(rc)) != sizeof(rc)) {
84 die("Failed to return data from stat() [process]"); 84 die("Failed to return data from stat() [process]");
85 } 85 }
86 return false; 86 return false;
87 } 87 }
88 SecureMem::lockSystemCall(parentProc, mem); 88 SecureMem::lockSystemCall(parentMapsFd, mem);
89 if (read(sys, sandboxFd, mem->pathname, stat_req.path_length) != 89 if (read(sys, sandboxFd, mem->pathname, stat_req.path_length) !=
90 (ssize_t)stat_req.path_length) { 90 (ssize_t)stat_req.path_length) {
91 goto read_parm_failed; 91 goto read_parm_failed;
92 } 92 }
93 mem->pathname[stat_req.path_length] = '\000'; 93 mem->pathname[stat_req.path_length] = '\000';
94 94
95 // TODO(markus): Implement sandboxing policy 95 // TODO(markus): Implement sandboxing policy
96 Debug::message(("Allowing access to \"" + std::string(mem->pathname) + 96 Debug::message(("Allowing access to \"" + std::string(mem->pathname) +
97 "\"").c_str()); 97 "\"").c_str());
98 98
99 // Tell trusted thread to stat the file. 99 // Tell trusted thread to stat the file.
100 SecureMem::sendSystemCall(threadFdPub, true, parentProc, mem, 100 SecureMem::sendSystemCall(threadFdPub, true, parentMapsFd, mem,
101 #if defined(__i386__) 101 #if defined(__i386__)
102 stat_req.sysnum == __NR_stat64 ? __NR_stat64 : 102 stat_req.sysnum == __NR_stat64 ? __NR_stat64 :
103 #endif 103 #endif
104 __NR_stat, 104 __NR_stat,
105 mem->pathname - (char*)mem + (char*)mem->self, 105 mem->pathname - (char*)mem + (char*)mem->self,
106 stat_req.buf); 106 stat_req.buf);
107 return true; 107 return true;
108 } 108 }
109 109
110 } // namespace 110 } // namespace
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp/socketcall.cc ('k') | sandbox/linux/seccomp/syscall_table.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698