Chromium Code Reviews Chromium Code Reviews
Issue 59763014:
DPCHECK known conditions when we guess false in CurrentProcessHasOpenDirectories (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <dirent.h> | 7 #include <dirent.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <stdio.h> | 10 #include <stdio.h> |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 156 Credentials::~Credentials() { | 156 Credentials::~Credentials() { |
| 157 } | 157 } |
| 158 | 158 |
| 159 bool Credentials::HasOpenDirectory(int proc_fd) { | 159 bool Credentials::HasOpenDirectory(int proc_fd) { |
| 160 int proc_self_fd = -1; | 160 int proc_self_fd = -1; |
| 161 if (proc_fd >= 0) { | 161 if (proc_fd >= 0) { |
| 162 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); | 162 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); |
| 163 } else { | 163 } else { |
| 164 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); | 164 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); |
| 165 if (proc_self_fd < 0) { | 165 if (proc_self_fd < 0) { |
| 166 // If this process has been chrooted (eg into /proc/self/fdinfo) then | |
| 167 // the new root dir will not have directory listing permissions for us | |
| 168 // (hence EACCES). And if we do have this permission, then /proc won't | |
| 169 // exist anyway (hence ENOENT). | |
| 170 CHECK(errno == EACCES || errno == ENOENT); | |
|
jln (very slow on Chromium)
2013/11/27 21:26:15
Do you want to make this a DPCHECK instead?
DCHEC
Mostyn Bramley-Moore
2013/11/28 09:35:32
Done.
| |
| 171 | |
| 166 // If not available, guess false. | 172 // If not available, guess false. |
| 167 // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what | |
| 168 // other situations are here. http://crbug.com/314985 | |
| 169 return false; | 173 return false; |
| 170 } | 174 } |
| 171 } | 175 } |
| 172 CHECK_GE(proc_self_fd, 0); | 176 CHECK_GE(proc_self_fd, 0); |
| 173 | 177 |
| 174 // Ownership of proc_self_fd is transferred here, it must not be closed | 178 // Ownership of proc_self_fd is transferred here, it must not be closed |
| 175 // or modified afterwards except via dir. | 179 // or modified afterwards except via dir. |
| 176 ScopedDIR dir(fdopendir(proc_self_fd)); | 180 ScopedDIR dir(fdopendir(proc_self_fd)); |
| 177 CHECK(dir); | 181 CHECK(dir); |
| 178 | 182 |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 257 } | 261 } |
| 258 | 262 |
| 259 bool Credentials::DropFileSystemAccess() { | 263 bool Credentials::DropFileSystemAccess() { |
| 260 // Chrooting to a safe empty dir will only be safe if no directory file | 264 // Chrooting to a safe empty dir will only be safe if no directory file |
| 261 // descriptor is available to the process. | 265 // descriptor is available to the process. |
| 262 DCHECK(!HasOpenDirectory(-1)); | 266 DCHECK(!HasOpenDirectory(-1)); |
| 263 return ChrootToSafeEmptyDir(); | 267 return ChrootToSafeEmptyDir(); |
| 264 } | 268 } |
| 265 | 269 |
| 266 } // namespace sandbox. | 270 } // namespace sandbox. |
| OLD | NEW |
