OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | |
6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | |
7 | |
8 #include "build/build_config.h" | |
9 // Link errors are tedious to track, raise a compile-time error instead. | |
10 #if defined(OS_ANDROID) | |
11 #error "Android is not supported." | |
12 #endif // defined(OS_ANDROID). | |
13 | |
14 #include <string> | |
15 | |
16 #include "base/basictypes.h" | |
17 #include "base/memory/scoped_ptr.h" | |
18 | |
19 namespace sandbox { | |
20 | |
21 // This class should be used to manipulate the current process' credentials. | |
22 // It is currently a stub used to manipulate POSIX.1e capabilities as | |
23 // implemented by the Linux kernel. | |
24 class Credentials { | |
25 public: | |
26 Credentials(); | |
27 ~Credentials(); | |
28 | |
29 // Drop all capabilities in the effective, inheritable and permitted sets for | |
30 // the current process. | |
31 void DropAllCapabilities(); | |
32 // Return true iff there is any capability in any of the capabilities sets | |
33 // of the current process. | |
34 bool HasAnyCapability(); | |
Jorge Lucangeli Obes
2013/10/31 20:55:32
Does your PoC use the API like this? Seems like a
jln (very slow on Chromium)
2013/10/31 21:02:22
Ohh, this is mostly for CHECK / DCHECK. The API as
| |
35 // Returns the capabilities of the current process in textual form, as | |
36 // documented in libcap2's cap_to_text(3). This is mostly useful for | |
37 // debugging and tests. | |
38 scoped_ptr<std::string> GetCurrentCapString(); | |
39 | |
40 private: | |
41 DISALLOW_COPY_AND_ASSIGN(Credentials); | |
42 }; | |
43 | |
44 } // namespace sandbox. | |
45 | |
46 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | |
OLD | NEW |