Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/syscall_broker/broker_host.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/syscall_broker/broker_file_permission_unittest.cc ('k') | sandbox/linux/syscall_broker/broker_policy.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/syscall_broker/broker_host.h" 5 #include "sandbox/linux/syscall_broker/broker_host.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/socket.h> 8 #include <sys/socket.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <sys/syscall.h> 10 #include <sys/syscall.h>
(...skipping 20 matching lines...) Expand all
31 namespace { 31 namespace {
32 32
33 bool IsRunningOnValgrind() { 33 bool IsRunningOnValgrind() {
34 return RUNNING_ON_VALGRIND; 34 return RUNNING_ON_VALGRIND;
35 } 35 }
36 36
37 // A little open(2) wrapper to handle some oddities for us. In the general case 37 // A little open(2) wrapper to handle some oddities for us. In the general case
38 // make a direct system call since we want to keep in control of the broker 38 // make a direct system call since we want to keep in control of the broker
39 // process' system calls profile to be able to loosely sandbox it. 39 // process' system calls profile to be able to loosely sandbox it.
40 int sys_open(const char* pathname, int flags) { 40 int sys_open(const char* pathname, int flags) {
41 // Always pass a defined |mode| in case flags mistakenly contains O_CREAT. 41 // Hardcode mode to rw------- when creating files.
42 const int mode = 0; 42 int mode;
43 if (flags & O_CREAT) {
44 mode = 0600;
45 } else {
46 mode = 0;
47 }
43 if (IsRunningOnValgrind()) { 48 if (IsRunningOnValgrind()) {
44 // Valgrind does not support AT_FDCWD, just use libc's open() in this case. 49 // Valgrind does not support AT_FDCWD, just use libc's open() in this case.
45 return open(pathname, flags, mode); 50 return open(pathname, flags, mode);
46 } else { 51 } else {
47 return syscall(__NR_openat, AT_FDCWD, pathname, flags, mode); 52 return syscall(__NR_openat, AT_FDCWD, pathname, flags, mode);
48 } 53 }
49 } 54 }
50 55
51 // Open |requested_filename| with |flags| if allowed by our policy. 56 // Open |requested_filename| with |flags| if allowed by our policy.
52 // Write the syscall return value (-errno) to |write_pickle| and append 57 // Write the syscall return value (-errno) to |write_pickle| and append
53 // a file descriptor to |opened_files| if relevant. 58 // a file descriptor to |opened_files| if relevant.
54 void OpenFileForIPC(const BrokerPolicy& policy, 59 void OpenFileForIPC(const BrokerPolicy& policy,
55 const std::string& requested_filename, 60 const std::string& requested_filename,
56 int flags, 61 int flags,
57 Pickle* write_pickle, 62 Pickle* write_pickle,
58 std::vector<int>* opened_files) { 63 std::vector<int>* opened_files) {
59 DCHECK(write_pickle); 64 DCHECK(write_pickle);
60 DCHECK(opened_files); 65 DCHECK(opened_files);
61 const char* file_to_open = NULL; 66 const char* file_to_open = NULL;
67 bool unlink_after_open = false;
62 const bool safe_to_open_file = policy.GetFileNameIfAllowedToOpen( 68 const bool safe_to_open_file = policy.GetFileNameIfAllowedToOpen(
63 requested_filename.c_str(), flags, &file_to_open); 69 requested_filename.c_str(), flags, &file_to_open, &unlink_after_open);
64 70
65 if (safe_to_open_file) { 71 if (safe_to_open_file) {
66 CHECK(file_to_open); 72 CHECK(file_to_open);
67 int opened_fd = sys_open(file_to_open, flags); 73 int opened_fd = sys_open(file_to_open, flags);
68 if (opened_fd < 0) { 74 if (opened_fd < 0) {
69 write_pickle->WriteInt(-errno); 75 write_pickle->WriteInt(-errno);
70 } else { 76 } else {
71 // Success. 77 // Success.
78 if (unlink_after_open) {
79 unlink(file_to_open);
80 }
72 opened_files->push_back(opened_fd); 81 opened_files->push_back(opened_fd);
73 write_pickle->WriteInt(0); 82 write_pickle->WriteInt(0);
74 } 83 }
75 } else { 84 } else {
76 write_pickle->WriteInt(-policy.denied_errno()); 85 write_pickle->WriteInt(-policy.denied_errno());
77 } 86 }
78 } 87 }
79 88
80 // Perform access(2) on |requested_filename| with mode |mode| if allowed by our 89 // Perform access(2) on |requested_filename| with mode |mode| if allowed by our
81 // policy. Write the syscall return value (-errno) to |write_pickle|. 90 // policy. Write the syscall return value (-errno) to |write_pickle|.
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
216 NOTREACHED(); 225 NOTREACHED();
217 } 226 }
218 227
219 LOG(ERROR) << "Error parsing IPC request"; 228 LOG(ERROR) << "Error parsing IPC request";
220 return RequestStatus::FAILURE; 229 return RequestStatus::FAILURE;
221 } 230 }
222 231
223 } // namespace syscall_broker 232 } // namespace syscall_broker
224 233
225 } // namespace sandbox 234 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/syscall_broker/broker_file_permission_unittest.cc ('k') | sandbox/linux/syscall_broker/broker_policy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698