| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/types.h> | 12 #include <sys/types.h> |
| 13 #include <sys/wait.h> | 13 #include <sys/wait.h> |
| 14 #include <unistd.h> | 14 #include <unistd.h> |
| 15 | 15 |
| 16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
| 17 #include "base/bind.h" | 17 #include "base/bind.h" |
| 18 #include "base/files/file_path.h" | 18 #include "base/files/file_path.h" |
| 19 #include "base/files/file_util.h" | 19 #include "base/files/file_util.h" |
| 20 #include "base/logging.h" | 20 #include "base/logging.h" |
| 21 #include "base/posix/eintr_wrapper.h" | 21 #include "base/posix/eintr_wrapper.h" |
| 22 #include "base/process/launch.h" | 22 #include "base/process/launch.h" |
| 23 #include "base/template_util.h" | 23 #include "base/template_util.h" |
| 24 #include "base/third_party/valgrind/valgrind.h" | 24 #include "base/third_party/valgrind/valgrind.h" |
| 25 #include "sandbox/linux/services/namespace_utils.h" |
| 25 #include "sandbox/linux/services/syscall_wrappers.h" | 26 #include "sandbox/linux/services/syscall_wrappers.h" |
| 26 | 27 |
| 27 namespace { | 28 namespace { |
| 28 | 29 |
| 29 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } | 30 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } |
| 30 | 31 |
| 31 struct CapFreeDeleter { | 32 struct CapFreeDeleter { |
| 32 inline void operator()(cap_t cap) const { | 33 inline void operator()(cap_t cap) const { |
| 33 int ret = cap_free(cap); | 34 int ret = cap_free(cap); |
| 34 CHECK_EQ(0, ret); | 35 CHECK_EQ(0, ret); |
| 35 } | 36 } |
| 36 }; | 37 }; |
| 37 | 38 |
| 38 // Wrapper to manage libcap2's cap_t type. | 39 // Wrapper to manage libcap2's cap_t type. |
| 39 typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; | 40 typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; |
| 40 | 41 |
| 41 struct CapTextFreeDeleter { | 42 struct CapTextFreeDeleter { |
| 42 inline void operator()(char* cap_text) const { | 43 inline void operator()(char* cap_text) const { |
| 43 int ret = cap_free(cap_text); | 44 int ret = cap_free(cap_text); |
| 44 CHECK_EQ(0, ret); | 45 CHECK_EQ(0, ret); |
| 45 } | 46 } |
| 46 }; | 47 }; |
| 47 | 48 |
| 48 // Wrapper to manage the result from libcap2's cap_from_text(). | 49 // Wrapper to manage the result from libcap2's cap_from_text(). |
| 49 typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; | 50 typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; |
| 50 | 51 |
| 51 struct FILECloser { | |
| 52 inline void operator()(FILE* f) const { | |
| 53 DCHECK(f); | |
| 54 PCHECK(0 == fclose(f)); | |
| 55 } | |
| 56 }; | |
| 57 | |
| 58 // Don't use ScopedFILE in base since it doesn't check fclose(). | |
| 59 // TODO(jln): fix base/. | |
| 60 typedef scoped_ptr<FILE, FILECloser> ScopedFILE; | |
| 61 | |
| 62 static_assert((base::is_same<uid_t, gid_t>::value), | |
| 63 "uid_t and gid_t should be the same type"); | |
| 64 // generic_id_t can be used for either uid_t or gid_t. | |
| 65 typedef uid_t generic_id_t; | |
| 66 | |
| 67 // Write a uid or gid mapping from |id| to |id| in |map_file|. | |
| 68 bool WriteToIdMapFile(const char* map_file, generic_id_t id) { | |
| 69 ScopedFILE f(fopen(map_file, "w")); | |
| 70 PCHECK(f); | |
| 71 const uid_t inside_id = id; | |
| 72 const uid_t outside_id = id; | |
| 73 int num = fprintf(f.get(), "%d %d 1\n", inside_id, outside_id); | |
| 74 if (num < 0) return false; | |
| 75 // Manually call fflush() to catch permission failures. | |
| 76 int ret = fflush(f.get()); | |
| 77 if (ret) { | |
| 78 VLOG(1) << "Could not write to id map file"; | |
| 79 return false; | |
| 80 } | |
| 81 return true; | |
| 82 } | |
| 83 | |
| 84 // Checks that the set of RES-uids and the set of RES-gids have | 52 // Checks that the set of RES-uids and the set of RES-gids have |
| 85 // one element each and return that element in |resuid| and |resgid| | 53 // one element each and return that element in |resuid| and |resgid| |
| 86 // respectively. It's ok to pass NULL as one or both of the ids. | 54 // respectively. It's ok to pass NULL as one or both of the ids. |
| 87 bool GetRESIds(uid_t* resuid, gid_t* resgid) { | 55 bool GetRESIds(uid_t* resuid, gid_t* resgid) { |
| 88 uid_t ruid, euid, suid; | 56 uid_t ruid, euid, suid; |
| 89 gid_t rgid, egid, sgid; | 57 gid_t rgid, egid, sgid; |
| 90 PCHECK(getresuid(&ruid, &euid, &suid) == 0); | 58 PCHECK(getresuid(&ruid, &euid, &suid) == 0); |
| 91 PCHECK(getresgid(&rgid, &egid, &sgid) == 0); | 59 PCHECK(getresgid(&rgid, &egid, &sgid) == 0); |
| 92 const bool uids_are_equal = (ruid == euid) && (ruid == suid); | 60 const bool uids_are_equal = (ruid == euid) && (ruid == suid); |
| 93 const bool gids_are_equal = (rgid == egid) && (rgid == sgid); | 61 const bool gids_are_equal = (rgid == egid) && (rgid == sgid); |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 162 | 130 |
| 163 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 131 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
| 164 ScopedCap current_cap(cap_get_proc()); | 132 ScopedCap current_cap(cap_get_proc()); |
| 165 CHECK(current_cap); | 133 CHECK(current_cap); |
| 166 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 134 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
| 167 CHECK(cap_text); | 135 CHECK(cap_text); |
| 168 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 136 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
| 169 } | 137 } |
| 170 | 138 |
| 171 // static | 139 // static |
| 172 bool Credentials::SupportsNewUserNS() { | 140 bool Credentials::CanCreateProcessInNewUserNS() { |
| 173 // Valgrind will let clone(2) pass-through, but doesn't support unshare(), | 141 // Valgrind will let clone(2) pass-through, but doesn't support unshare(), |
| 174 // so always consider UserNS unsupported there. | 142 // so always consider UserNS unsupported there. |
| 175 if (IsRunningOnValgrind()) { | 143 if (IsRunningOnValgrind()) { |
| 176 return false; | 144 return false; |
| 177 } | 145 } |
| 178 | 146 |
| 179 // This is roughly a fork(). | 147 // This is roughly a fork(). |
| 180 const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0); | 148 const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0); |
| 181 | 149 |
| 182 if (pid == -1) { | 150 if (pid == -1) { |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 << "on this kernel."; | 183 << "on this kernel."; |
| 216 CheckCloneNewUserErrno(unshare_errno); | 184 CheckCloneNewUserErrno(unshare_errno); |
| 217 return false; | 185 return false; |
| 218 } | 186 } |
| 219 | 187 |
| 220 // The current {r,e,s}{u,g}id is now an overflow id (c.f. | 188 // The current {r,e,s}{u,g}id is now an overflow id (c.f. |
| 221 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. | 189 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. |
| 222 DCHECK(GetRESIds(NULL, NULL)); | 190 DCHECK(GetRESIds(NULL, NULL)); |
| 223 const char kGidMapFile[] = "/proc/self/gid_map"; | 191 const char kGidMapFile[] = "/proc/self/gid_map"; |
| 224 const char kUidMapFile[] = "/proc/self/uid_map"; | 192 const char kUidMapFile[] = "/proc/self/uid_map"; |
| 225 CHECK(WriteToIdMapFile(kGidMapFile, gid)); | 193 CHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid)); |
| 226 CHECK(WriteToIdMapFile(kUidMapFile, uid)); | 194 CHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid)); |
| 227 DCHECK(GetRESIds(NULL, NULL)); | 195 DCHECK(GetRESIds(NULL, NULL)); |
| 228 return true; | 196 return true; |
| 229 } | 197 } |
| 230 | 198 |
| 231 bool Credentials::DropFileSystemAccess() { | 199 bool Credentials::DropFileSystemAccess() { |
| 232 CHECK(ChrootToSafeEmptyDir()); | 200 CHECK(ChrootToSafeEmptyDir()); |
| 233 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 201 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 234 // We never let this function fail. | 202 // We never let this function fail. |
| 235 return true; | 203 return true; |
| 236 } | 204 } |
| 237 | 205 |
| 238 } // namespace sandbox. | 206 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 849893004:
Move a couple of utility functions to a new namespace_utils class. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master