Chromium Code Reviews Chromium Code Reviews
Issue 721553002:
sandbox: Extend BrokerPolicy to support file creation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/syscall_broker/broker_client.h" | 5 #include "sandbox/linux/syscall_broker/broker_client.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 47 RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC); | 47 RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC); |
| 48 recvmsg_flags |= MSG_CMSG_CLOEXEC; | 48 recvmsg_flags |= MSG_CMSG_CLOEXEC; |
| 49 flags &= ~O_CLOEXEC; | 49 flags &= ~O_CLOEXEC; |
| 50 } | 50 } |
| 51 | 51 |
| 52 // There is no point in forwarding a request that we know will be denied. | 52 // There is no point in forwarding a request that we know will be denied. |
| 53 // Of course, the real security check needs to be on the other side of the | 53 // Of course, the real security check needs to be on the other side of the |
| 54 // IPC. | 54 // IPC. |
| 55 if (fast_check_in_client_) { | 55 if (fast_check_in_client_) { |
| 56 if (syscall_type == COMMAND_OPEN && | 56 if (syscall_type == COMMAND_OPEN && |
| 57 !broker_policy_.GetFileNameIfAllowedToOpen(pathname, flags, NULL)) { | 57 !broker_policy_.GetFileNameIfAllowedToOpen(pathname, flags, NULL, |
|
Jorge Lucangeli Obes
2014/11/20 00:13:20
Given that we have two NULL arguments now, it migh
leecam
2014/11/20 00:56:38
Done.
| |
| 58 NULL)) { | |
| 58 return -broker_policy_.denied_errno(); | 59 return -broker_policy_.denied_errno(); |
| 59 } | 60 } |
| 60 if (syscall_type == COMMAND_ACCESS && | 61 if (syscall_type == COMMAND_ACCESS && |
| 61 !broker_policy_.GetFileNameIfAllowedToAccess(pathname, flags, NULL)) { | 62 !broker_policy_.GetFileNameIfAllowedToAccess(pathname, flags, NULL)) { |
| 62 return -broker_policy_.denied_errno(); | 63 return -broker_policy_.denied_errno(); |
| 63 } | 64 } |
| 64 } | 65 } |
| 65 | 66 |
| 66 Pickle write_pickle; | 67 Pickle write_pickle; |
| 67 write_pickle.WriteInt(syscall_type); | 68 write_pickle.WriteInt(syscall_type); |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 133 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode); | 134 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode); |
| 134 } | 135 } |
| 135 | 136 |
| 136 int BrokerClient::Open(const char* pathname, int flags) const { | 137 int BrokerClient::Open(const char* pathname, int flags) const { |
| 137 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags); | 138 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags); |
| 138 } | 139 } |
| 139 | 140 |
| 140 } // namespace syscall_broker | 141 } // namespace syscall_broker |
| 141 | 142 |
| 142 } // namespace sandbox | 143 } // namespace sandbox |
| OLD | NEW |
