Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(266)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/syscall_broker/broker_client.cc

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: minor fix Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/syscall_broker/broker_host.cc » ('j') | sandbox/linux/syscall_broker/broker_policy.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/syscall_broker/broker_client.h" 5 #include "sandbox/linux/syscall_broker/broker_client.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
46 RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC); 46 RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC);
47 recvmsg_flags |= MSG_CMSG_CLOEXEC; 47 recvmsg_flags |= MSG_CMSG_CLOEXEC;
48 flags &= ~O_CLOEXEC; 48 flags &= ~O_CLOEXEC;
49 } 49 }
50 50
51 // There is no point in forwarding a request that we know will be denied. 51 // There is no point in forwarding a request that we know will be denied.
52 // Of course, the real security check needs to be on the other side of the 52 // Of course, the real security check needs to be on the other side of the
53 // IPC. 53 // IPC.
54 if (fast_check_in_client_) { 54 if (fast_check_in_client_) {
55 if (syscall_type == COMMAND_OPEN && 55 if (syscall_type == COMMAND_OPEN &&
56 !broker_policy_.GetFileNameIfAllowedToOpen(pathname, flags, NULL)) { 56 !broker_policy_.GetFileNameIfAllowedToOpen(pathname, flags, NULL,
57 NULL)) {
57 return -broker_policy_.denied_errno(); 58 return -broker_policy_.denied_errno();
58 } 59 }
59 if (syscall_type == COMMAND_ACCESS && 60 if (syscall_type == COMMAND_ACCESS &&
60 !broker_policy_.GetFileNameIfAllowedToAccess(pathname, flags, NULL)) { 61 !broker_policy_.GetFileNameIfAllowedToAccess(pathname, flags, NULL)) {
61 return -broker_policy_.denied_errno(); 62 return -broker_policy_.denied_errno();
62 } 63 }
63 } 64 }
64 65
65 Pickle write_pickle; 66 Pickle write_pickle;
66 write_pickle.WriteInt(syscall_type); 67 write_pickle.WriteInt(syscall_type);
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode); 136 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode);
136 } 137 }
137 138
138 int BrokerClient::Open(const char* pathname, int flags) const { 139 int BrokerClient::Open(const char* pathname, int flags) const {
139 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags); 140 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags);
140 } 141 }
141 142
142 } // namespace syscall_broker 143 } // namespace syscall_broker
143 144
144 } // namespace sandbox 145 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc ('k') | sandbox/linux/syscall_broker/broker_host.cc » ('j') | sandbox/linux/syscall_broker/broker_policy.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698