Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/services/credentials.cc

Issue 761903003: Update from https://crrev.com/306655 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/services/credentials.cc
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index a745220bb5a37e7403b2cf54b768a788fb5877ae..f926ce8e85dcc117dabf85ece4f8581c728b94f7 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -4,13 +4,10 @@
#include "sandbox/linux/services/credentials.h"
-#include <dirent.h>
#include <errno.h>
-#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <sys/capability.h>
-#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
@@ -24,6 +21,7 @@
#include "base/template_util.h"
#include "base/third_party/valgrind/valgrind.h"
#include "base/threading/thread.h"
+#include "sandbox/linux/services/proc_util.h"
#include "sandbox/linux/services/syscall_wrappers.h"
namespace {
@@ -61,15 +59,6 @@ struct FILECloser {
// TODO(jln): fix base/.
typedef scoped_ptr<FILE, FILECloser> ScopedFILE;
-struct DIRCloser {
- void operator()(DIR* d) const {
- DCHECK(d);
- PCHECK(0 == closedir(d));
- }
-};
-
-typedef scoped_ptr<DIR, DIRCloser> ScopedDIR;
-
COMPILE_ASSERT((base::is_same<uid_t, gid_t>::value), UidAndGidAreSameType);
// generic_id_t can be used for either uid_t or gid_t.
typedef uid_t generic_id_t;
@@ -174,86 +163,6 @@ Credentials::Credentials() {
Credentials::~Credentials() {
}
-int Credentials::CountOpenFds(int proc_fd) {
- DCHECK_LE(0, proc_fd);
- int proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY);
- PCHECK(0 <= proc_self_fd);
-
- // Ownership of proc_self_fd is transferred here, it must not be closed
- // or modified afterwards except via dir.
- ScopedDIR dir(fdopendir(proc_self_fd));
- CHECK(dir);
-
- int count = 0;
- struct dirent e;
- struct dirent* de;
- while (!readdir_r(dir.get(), &e, &de) && de) {
- if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) {
- continue;
- }
-
- int fd_num;
- CHECK(base::StringToInt(e.d_name, &fd_num));
- if (fd_num == proc_fd || fd_num == proc_self_fd) {
- continue;
- }
-
- ++count;
- }
- return count;
-}
-
-bool Credentials::HasOpenDirectory(int proc_fd) {
- int proc_self_fd = -1;
- if (proc_fd >= 0) {
- proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY);
- } else {
- proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY);
- if (proc_self_fd < 0) {
- // If this process has been chrooted (eg into /proc/self/fdinfo) then
- // the new root dir will not have directory listing permissions for us
- // (hence EACCES). And if we do have this permission, then /proc won't
- // exist anyway (hence ENOENT).
- DPCHECK(errno == EACCES || errno == ENOENT)
- << "Unexpected failure when trying to open /proc/self/fd: ("
- << errno << ") " << strerror(errno);
-
- // If not available, guess false.
- return false;
- }
- }
- PCHECK(0 <= proc_self_fd);
-
- // Ownership of proc_self_fd is transferred here, it must not be closed
- // or modified afterwards except via dir.
- ScopedDIR dir(fdopendir(proc_self_fd));
- CHECK(dir);
-
- struct dirent e;
- struct dirent* de;
- while (!readdir_r(dir.get(), &e, &de) && de) {
- if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) {
- continue;
- }
-
- int fd_num;
- CHECK(base::StringToInt(e.d_name, &fd_num));
- if (fd_num == proc_fd || fd_num == proc_self_fd) {
- continue;
- }
-
- struct stat s;
- // It's OK to use proc_self_fd here, fstatat won't modify it.
- CHECK(fstatat(proc_self_fd, e.d_name, &s, 0) == 0);
- if (S_ISDIR(s.st_mode)) {
- return true;
- }
- }
-
- // No open unmanaged directories found.
- return false;
-}
-
bool Credentials::DropAllCapabilities() {
ScopedCap cap(cap_init());
CHECK(cap);
@@ -341,7 +250,7 @@ bool Credentials::MoveToNewUserNS() {
bool Credentials::DropFileSystemAccess() {
// Chrooting to a safe empty dir will only be safe if no directory file
// descriptor is available to the process.
- DCHECK(!HasOpenDirectory(-1));
+ DCHECK(!ProcUtil::HasOpenDirectory(-1));
return ChrootToSafeEmptyDir();
}
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698