Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.cc

Issue 821693003: replace COMPILE_ASSERT with static_assert in sandbox/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase on master Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall_iterator.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <stdio.h> 9 #include <stdio.h>
10 #include <sys/capability.h> 10 #include <sys/capability.h>
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 inline void operator()(FILE* f) const { 52 inline void operator()(FILE* f) const {
53 DCHECK(f); 53 DCHECK(f);
54 PCHECK(0 == fclose(f)); 54 PCHECK(0 == fclose(f));
55 } 55 }
56 }; 56 };
57 57
58 // Don't use ScopedFILE in base since it doesn't check fclose(). 58 // Don't use ScopedFILE in base since it doesn't check fclose().
59 // TODO(jln): fix base/. 59 // TODO(jln): fix base/.
60 typedef scoped_ptr<FILE, FILECloser> ScopedFILE; 60 typedef scoped_ptr<FILE, FILECloser> ScopedFILE;
61 61
62 COMPILE_ASSERT((base::is_same<uid_t, gid_t>::value), UidAndGidAreSameType); 62 static_assert((base::is_same<uid_t, gid_t>::value),
63 "uid_t and gid_t should be the same type");
63 // generic_id_t can be used for either uid_t or gid_t. 64 // generic_id_t can be used for either uid_t or gid_t.
64 typedef uid_t generic_id_t; 65 typedef uid_t generic_id_t;
65 66
66 // Write a uid or gid mapping from |id| to |id| in |map_file|. 67 // Write a uid or gid mapping from |id| to |id| in |map_file|.
67 bool WriteToIdMapFile(const char* map_file, generic_id_t id) { 68 bool WriteToIdMapFile(const char* map_file, generic_id_t id) {
68 ScopedFILE f(fopen(map_file, "w")); 69 ScopedFILE f(fopen(map_file, "w"));
69 PCHECK(f); 70 PCHECK(f);
70 const uid_t inside_id = id; 71 const uid_t inside_id = id;
71 const uid_t outside_id = id; 72 const uid_t outside_id = id;
72 int num = fprintf(f.get(), "%d %d 1\n", inside_id, outside_id); 73 int num = fprintf(f.get(), "%d %d 1\n", inside_id, outside_id);
(...skipping 21 matching lines...) Expand all
94 if (resuid) *resuid = euid; 95 if (resuid) *resuid = euid;
95 if (resgid) *resgid = egid; 96 if (resgid) *resgid = egid;
96 return true; 97 return true;
97 } 98 }
98 99
99 // chroot() and chdir() to /proc/<tid>/fdinfo. 100 // chroot() and chdir() to /proc/<tid>/fdinfo.
100 void ChrootToThreadFdInfo(base::PlatformThreadId tid, bool* result) { 101 void ChrootToThreadFdInfo(base::PlatformThreadId tid, bool* result) {
101 DCHECK(result); 102 DCHECK(result);
102 *result = false; 103 *result = false;
103 104
104 COMPILE_ASSERT((base::is_same<base::PlatformThreadId, int>::value), 105 static_assert((base::is_same<base::PlatformThreadId, int>::value),
105 TidIsAnInt); 106 "platform thread id should be an int");
106 const std::string current_thread_fdinfo = "/proc/" + 107 const std::string current_thread_fdinfo = "/proc/" +
107 base::IntToString(tid) + "/fdinfo/"; 108 base::IntToString(tid) + "/fdinfo/";
108 109
109 // Make extra sure that /proc/<tid>/fdinfo is unique to the thread. 110 // Make extra sure that /proc/<tid>/fdinfo is unique to the thread.
110 CHECK(0 == unshare(CLONE_FILES)); 111 CHECK(0 == unshare(CLONE_FILES));
111 int chroot_ret = chroot(current_thread_fdinfo.c_str()); 112 int chroot_ret = chroot(current_thread_fdinfo.c_str());
112 if (chroot_ret) { 113 if (chroot_ret) {
113 PLOG(ERROR) << "Could not chroot"; 114 PLOG(ERROR) << "Could not chroot";
114 return; 115 return;
115 } 116 }
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
248 } 249 }
249 250
250 bool Credentials::DropFileSystemAccess() { 251 bool Credentials::DropFileSystemAccess() {
251 // Chrooting to a safe empty dir will only be safe if no directory file 252 // Chrooting to a safe empty dir will only be safe if no directory file
252 // descriptor is available to the process. 253 // descriptor is available to the process.
253 DCHECK(!ProcUtil::HasOpenDirectory(-1)); 254 DCHECK(!ProcUtil::HasOpenDirectory(-1));
254 return ChrootToSafeEmptyDir(); 255 return ChrootToSafeEmptyDir();
255 } 256 }
256 257
257 } // namespace sandbox. 258 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf/syscall_iterator.cc ('k') | sandbox/linux/syscall_broker/broker_file_permission_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698