| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/syscall_broker/broker_host.h" | 5 #include "sandbox/linux/syscall_broker/broker_host.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 int access_errno = errno; | 103 int access_errno = errno; |
| 104 if (!access_ret) | 104 if (!access_ret) |
| 105 write_pickle->WriteInt(0); | 105 write_pickle->WriteInt(0); |
| 106 else | 106 else |
| 107 write_pickle->WriteInt(-access_errno); | 107 write_pickle->WriteInt(-access_errno); |
| 108 } else { | 108 } else { |
| 109 write_pickle->WriteInt(-policy.denied_errno()); | 109 write_pickle->WriteInt(-policy.denied_errno()); |
| 110 } | 110 } |
| 111 } | 111 } |
| 112 | 112 |
| 113 // Handle a |command_type| request contained in |read_pickle| and send the reply | 113 // Handle a |command_type| request contained in |iter| and send the reply |
| 114 // on |reply_ipc|. | 114 // on |reply_ipc|. |
| 115 // Currently COMMAND_OPEN and COMMAND_ACCESS are supported. | 115 // Currently COMMAND_OPEN and COMMAND_ACCESS are supported. |
| 116 bool HandleRemoteCommand(const BrokerPolicy& policy, | 116 bool HandleRemoteCommand(const BrokerPolicy& policy, |
| 117 IPCCommand command_type, | 117 IPCCommand command_type, |
| 118 int reply_ipc, | 118 int reply_ipc, |
| 119 const Pickle& read_pickle, | |
| 120 PickleIterator iter) { | 119 PickleIterator iter) { |
| 121 // Currently all commands have two arguments: filename and flags. | 120 // Currently all commands have two arguments: filename and flags. |
| 122 std::string requested_filename; | 121 std::string requested_filename; |
| 123 int flags = 0; | 122 int flags = 0; |
| 124 if (!read_pickle.ReadString(&iter, &requested_filename) || | 123 if (!iter.ReadString(&requested_filename) || !iter.ReadInt(&flags)) |
| 125 !read_pickle.ReadInt(&iter, &flags)) { | |
| 126 return false; | 124 return false; |
| 127 } | |
| 128 | 125 |
| 129 Pickle write_pickle; | 126 Pickle write_pickle; |
| 130 std::vector<int> opened_files; | 127 std::vector<int> opened_files; |
| 131 | 128 |
| 132 switch (command_type) { | 129 switch (command_type) { |
| 133 case COMMAND_ACCESS: | 130 case COMMAND_ACCESS: |
| 134 AccessFileForIPC(policy, requested_filename, flags, &write_pickle); | 131 AccessFileForIPC(policy, requested_filename, flags, &write_pickle); |
| 135 break; | 132 break; |
| 136 case COMMAND_OPEN: | 133 case COMMAND_OPEN: |
| 137 OpenFileForIPC( | 134 OpenFileForIPC( |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 193 if (msg_len < 0 || fds.size() != 1 || fds[0]->get() < 0) { | 190 if (msg_len < 0 || fds.size() != 1 || fds[0]->get() < 0) { |
| 194 PLOG(ERROR) << "Error reading message from the client"; | 191 PLOG(ERROR) << "Error reading message from the client"; |
| 195 return RequestStatus::FAILURE; | 192 return RequestStatus::FAILURE; |
| 196 } | 193 } |
| 197 | 194 |
| 198 base::ScopedFD temporary_ipc(fds[0]->Pass()); | 195 base::ScopedFD temporary_ipc(fds[0]->Pass()); |
| 199 | 196 |
| 200 Pickle pickle(buf, msg_len); | 197 Pickle pickle(buf, msg_len); |
| 201 PickleIterator iter(pickle); | 198 PickleIterator iter(pickle); |
| 202 int command_type; | 199 int command_type; |
| 203 if (pickle.ReadInt(&iter, &command_type)) { | 200 if (iter.ReadInt(&command_type)) { |
| 204 bool command_handled = false; | 201 bool command_handled = false; |
| 205 // Go through all the possible IPC messages. | 202 // Go through all the possible IPC messages. |
| 206 switch (command_type) { | 203 switch (command_type) { |
| 207 case COMMAND_ACCESS: | 204 case COMMAND_ACCESS: |
| 208 case COMMAND_OPEN: | 205 case COMMAND_OPEN: |
| 209 // We reply on the file descriptor sent to us via the IPC channel. | 206 // We reply on the file descriptor sent to us via the IPC channel. |
| 210 command_handled = HandleRemoteCommand( | 207 command_handled = HandleRemoteCommand( |
| 211 broker_policy_, static_cast<IPCCommand>(command_type), | 208 broker_policy_, static_cast<IPCCommand>(command_type), |
| 212 temporary_ipc.get(), pickle, iter); | 209 temporary_ipc.get(), iter); |
| 213 break; | 210 break; |
| 214 default: | 211 default: |
| 215 NOTREACHED(); | 212 NOTREACHED(); |
| 216 break; | 213 break; |
| 217 } | 214 } |
| 218 | 215 |
| 219 if (command_handled) { | 216 if (command_handled) { |
| 220 return RequestStatus::SUCCESS; | 217 return RequestStatus::SUCCESS; |
| 221 } else { | 218 } else { |
| 222 return RequestStatus::FAILURE; | 219 return RequestStatus::FAILURE; |
| 223 } | 220 } |
| 224 | 221 |
| 225 NOTREACHED(); | 222 NOTREACHED(); |
| 226 } | 223 } |
| 227 | 224 |
| 228 LOG(ERROR) << "Error parsing IPC request"; | 225 LOG(ERROR) << "Error parsing IPC request"; |
| 229 return RequestStatus::FAILURE; | 226 return RequestStatus::FAILURE; |
| 230 } | 227 } |
| 231 | 228 |
| 232 } // namespace syscall_broker | 229 } // namespace syscall_broker |
| 233 | 230 |
| 234 } // namespace sandbox | 231 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 817653003:
Update from https://crrev.com/309717 (Closed)
Base URL: git@github.com:domokit/mojo.git@master