| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ | 5 #ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| 6 #define SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ | 6 #define SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/callback_forward.h" | 9 #include "base/callback_forward.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 // 6. B performs various initializations that require access to the file | 31 // 6. B performs various initializations that require access to the file |
| 32 // system. | 32 // system. |
| 33 // 6.b (optional) B uses sandbox::Credentials::HasOpenDirectory() to verify | 33 // 6.b (optional) B uses sandbox::Credentials::HasOpenDirectory() to verify |
| 34 // that no directory is kept open (which would allow bypassing the setuid | 34 // that no directory is kept open (which would allow bypassing the setuid |
| 35 // sandbox). | 35 // sandbox). |
| 36 // 7. B should be prepared to assume the role of init(1). In particular, B | 36 // 7. B should be prepared to assume the role of init(1). In particular, B |
| 37 // cannot receive any signal from any other process, excluding SIGKILL. | 37 // cannot receive any signal from any other process, excluding SIGKILL. |
| 38 // If B dies, all the processes in the namespace will die. | 38 // If B dies, all the processes in the namespace will die. |
| 39 // B can fork() and the parent can assume the role of init(1), by using | 39 // B can fork() and the parent can assume the role of init(1), by using |
| 40 // CreateInitProcessReaper(). | 40 // CreateInitProcessReaper(). |
| 41 // 8. B requests being chroot-ed through ChrootMe() and | 41 // 8. B uses CreateNewSession() to move to a new session ID and process group. |
| 42 // This prevents a sandboxed process from signaling its process group and |
| 43 // get signals delivered across the PID namespace boundary. |
| 44 // 9. B requests being chroot-ed through ChrootMe() and |
| 42 // requests other sandboxing status via the status functions. | 45 // requests other sandboxing status via the status functions. |
| 43 class SANDBOX_EXPORT SetuidSandboxClient { | 46 class SANDBOX_EXPORT SetuidSandboxClient { |
| 44 public: | 47 public: |
| 45 // All instantation should go through this factory method. | 48 // All instantation should go through this factory method. |
| 46 static class SetuidSandboxClient* Create(); | 49 static class SetuidSandboxClient* Create(); |
| 47 ~SetuidSandboxClient(); | 50 ~SetuidSandboxClient(); |
| 48 | 51 |
| 49 // Close the dummy file descriptor leftover from the sandbox ABI. | 52 // Close the dummy file descriptor leftover from the sandbox ABI. |
| 50 void CloseDummyFile(); | 53 void CloseDummyFile(); |
| 51 // Ask the setuid helper over the setuid sandbox IPC channel to chroot() us | 54 // Ask the setuid helper over the setuid sandbox IPC channel to chroot() us |
| 52 // to an empty directory. | 55 // to an empty directory. |
| 53 // Will only work if we have been launched through the setuid helper. | 56 // Will only work if we have been launched through the setuid helper. |
| 54 bool ChrootMe(); | 57 bool ChrootMe(); |
| 58 // Create a new session and a new process group. This helps isolate processes |
| 59 // outside of the sandbox from processes inside. |
| 60 bool CreateNewSession(); |
| 55 // When a new PID namespace is created, the process with pid == 1 should | 61 // When a new PID namespace is created, the process with pid == 1 should |
| 56 // assume the role of init. | 62 // assume the role of init. |
| 57 // See sandbox/linux/services/init_process_reaper.h for more information | 63 // See sandbox/linux/services/init_process_reaper.h for more information |
| 58 // on this API. | 64 // on this API. |
| 59 bool CreateInitProcessReaper(base::Closure* post_fork_parent_callback); | 65 bool CreateInitProcessReaper(base::Closure* post_fork_parent_callback); |
| 60 | 66 |
| 61 // Did we get launched through an up to date setuid binary ? | 67 // Did we get launched through an up to date setuid binary ? |
| 62 bool IsSuidSandboxUpToDate() const; | 68 bool IsSuidSandboxUpToDate() const; |
| 63 // Did we get launched through the setuid helper ? | 69 // Did we get launched through the setuid helper ? |
| 64 bool IsSuidSandboxChild() const; | 70 bool IsSuidSandboxChild() const; |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 // Holds the environment. Will never be NULL. | 103 // Holds the environment. Will never be NULL. |
| 98 base::Environment* env_; | 104 base::Environment* env_; |
| 99 bool sandboxed_; | 105 bool sandboxed_; |
| 100 | 106 |
| 101 DISALLOW_COPY_AND_ASSIGN(SetuidSandboxClient); | 107 DISALLOW_COPY_AND_ASSIGN(SetuidSandboxClient); |
| 102 }; | 108 }; |
| 103 | 109 |
| 104 } // namespace sandbox | 110 } // namespace sandbox |
| 105 | 111 |
| 106 #endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ | 112 #endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
