| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
| 11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
| 12 #include <sys/types.h> | 12 #include <sys/types.h> |
| 13 #include <sys/wait.h> | 13 #include <sys/wait.h> |
| 14 #include <unistd.h> | 14 #include <unistd.h> |
| 15 | 15 |
| 16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
| 17 #include "base/bind.h" | 17 #include "base/bind.h" |
| 18 #include "base/files/file_path.h" | 18 #include "base/files/file_path.h" |
| 19 #include "base/files/file_util.h" | 19 #include "base/files/file_util.h" |
| 20 #include "base/logging.h" | 20 #include "base/logging.h" |
| 21 #include "base/posix/eintr_wrapper.h" | 21 #include "base/posix/eintr_wrapper.h" |
| 22 #include "base/process/launch.h" | 22 #include "base/process/launch.h" |
| 23 #include "base/template_util.h" | 23 #include "base/template_util.h" |
| 24 #include "base/third_party/valgrind/valgrind.h" | 24 #include "base/third_party/valgrind/valgrind.h" |
| 25 #include "sandbox/linux/services/namespace_utils.h" |
| 25 #include "sandbox/linux/services/syscall_wrappers.h" | 26 #include "sandbox/linux/services/syscall_wrappers.h" |
| 26 | 27 |
| 27 namespace sandbox { | 28 namespace sandbox { |
| 28 | 29 |
| 29 namespace { | 30 namespace { |
| 30 | 31 |
| 31 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } | 32 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } |
| 32 | 33 |
| 33 struct CapFreeDeleter { | 34 struct CapFreeDeleter { |
| 34 inline void operator()(cap_t cap) const { | 35 inline void operator()(cap_t cap) const { |
| 35 int ret = cap_free(cap); | 36 int ret = cap_free(cap); |
| 36 CHECK_EQ(0, ret); | 37 CHECK_EQ(0, ret); |
| 37 } | 38 } |
| 38 }; | 39 }; |
| 39 | 40 |
| 40 // Wrapper to manage libcap2's cap_t type. | 41 // Wrapper to manage libcap2's cap_t type. |
| 41 typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; | 42 typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; |
| 42 | 43 |
| 43 struct CapTextFreeDeleter { | 44 struct CapTextFreeDeleter { |
| 44 inline void operator()(char* cap_text) const { | 45 inline void operator()(char* cap_text) const { |
| 45 int ret = cap_free(cap_text); | 46 int ret = cap_free(cap_text); |
| 46 CHECK_EQ(0, ret); | 47 CHECK_EQ(0, ret); |
| 47 } | 48 } |
| 48 }; | 49 }; |
| 49 | 50 |
| 50 // Wrapper to manage the result from libcap2's cap_from_text(). | 51 // Wrapper to manage the result from libcap2's cap_from_text(). |
| 51 typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; | 52 typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; |
| 52 | 53 |
| 53 struct FILECloser { | |
| 54 inline void operator()(FILE* f) const { | |
| 55 DCHECK(f); | |
| 56 PCHECK(0 == fclose(f)); | |
| 57 } | |
| 58 }; | |
| 59 | |
| 60 // Don't use ScopedFILE in base since it doesn't check fclose(). | |
| 61 // TODO(jln): fix base/. | |
| 62 typedef scoped_ptr<FILE, FILECloser> ScopedFILE; | |
| 63 | |
| 64 static_assert((base::is_same<uid_t, gid_t>::value), | |
| 65 "uid_t and gid_t should be the same type"); | |
| 66 // generic_id_t can be used for either uid_t or gid_t. | |
| 67 typedef uid_t generic_id_t; | |
| 68 | |
| 69 // Write a uid or gid mapping from |id| to |id| in |map_file|. | |
| 70 bool WriteToIdMapFile(const char* map_file, generic_id_t id) { | |
| 71 ScopedFILE f(fopen(map_file, "w")); | |
| 72 PCHECK(f); | |
| 73 const uid_t inside_id = id; | |
| 74 const uid_t outside_id = id; | |
| 75 int num = fprintf(f.get(), "%d %d 1\n", inside_id, outside_id); | |
| 76 if (num < 0) return false; | |
| 77 // Manually call fflush() to catch permission failures. | |
| 78 int ret = fflush(f.get()); | |
| 79 if (ret) { | |
| 80 VLOG(1) << "Could not write to id map file"; | |
| 81 return false; | |
| 82 } | |
| 83 return true; | |
| 84 } | |
| 85 | |
| 86 // Checks that the set of RES-uids and the set of RES-gids have | 54 // Checks that the set of RES-uids and the set of RES-gids have |
| 87 // one element each and return that element in |resuid| and |resgid| | 55 // one element each and return that element in |resuid| and |resgid| |
| 88 // respectively. It's ok to pass NULL as one or both of the ids. | 56 // respectively. It's ok to pass NULL as one or both of the ids. |
| 89 bool GetRESIds(uid_t* resuid, gid_t* resgid) { | 57 bool GetRESIds(uid_t* resuid, gid_t* resgid) { |
| 90 uid_t ruid, euid, suid; | 58 uid_t ruid, euid, suid; |
| 91 gid_t rgid, egid, sgid; | 59 gid_t rgid, egid, sgid; |
| 92 PCHECK(getresuid(&ruid, &euid, &suid) == 0); | 60 PCHECK(getresuid(&ruid, &euid, &suid) == 0); |
| 93 PCHECK(getresgid(&rgid, &egid, &sgid) == 0); | 61 PCHECK(getresgid(&rgid, &egid, &sgid) == 0); |
| 94 const bool uids_are_equal = (ruid == euid) && (ruid == suid); | 62 const bool uids_are_equal = (ruid == euid) && (ruid == suid); |
| 95 const bool gids_are_equal = (rgid == egid) && (rgid == sgid); | 63 const bool gids_are_equal = (rgid == egid) && (rgid == sgid); |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 180 | 148 |
| 181 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 149 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
| 182 ScopedCap current_cap(cap_get_proc()); | 150 ScopedCap current_cap(cap_get_proc()); |
| 183 CHECK(current_cap); | 151 CHECK(current_cap); |
| 184 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 152 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
| 185 CHECK(cap_text); | 153 CHECK(cap_text); |
| 186 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 154 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
| 187 } | 155 } |
| 188 | 156 |
| 189 // static | 157 // static |
| 190 bool Credentials::SupportsNewUserNS() { | 158 bool Credentials::CanCreateProcessInNewUserNS() { |
| 191 // Valgrind will let clone(2) pass-through, but doesn't support unshare(), | 159 // Valgrind will let clone(2) pass-through, but doesn't support unshare(), |
| 192 // so always consider UserNS unsupported there. | 160 // so always consider UserNS unsupported there. |
| 193 if (IsRunningOnValgrind()) { | 161 if (IsRunningOnValgrind()) { |
| 194 return false; | 162 return false; |
| 195 } | 163 } |
| 196 | 164 |
| 197 // This is roughly a fork(). | 165 // This is roughly a fork(). |
| 198 const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0); | 166 const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0); |
| 199 | 167 |
| 200 if (pid == -1) { | 168 if (pid == -1) { |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 233 << "on this kernel."; | 201 << "on this kernel."; |
| 234 CheckCloneNewUserErrno(unshare_errno); | 202 CheckCloneNewUserErrno(unshare_errno); |
| 235 return false; | 203 return false; |
| 236 } | 204 } |
| 237 | 205 |
| 238 // The current {r,e,s}{u,g}id is now an overflow id (c.f. | 206 // The current {r,e,s}{u,g}id is now an overflow id (c.f. |
| 239 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. | 207 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. |
| 240 DCHECK(GetRESIds(NULL, NULL)); | 208 DCHECK(GetRESIds(NULL, NULL)); |
| 241 const char kGidMapFile[] = "/proc/self/gid_map"; | 209 const char kGidMapFile[] = "/proc/self/gid_map"; |
| 242 const char kUidMapFile[] = "/proc/self/uid_map"; | 210 const char kUidMapFile[] = "/proc/self/uid_map"; |
| 243 CHECK(WriteToIdMapFile(kGidMapFile, gid)); | 211 CHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid)); |
| 244 CHECK(WriteToIdMapFile(kUidMapFile, uid)); | 212 CHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid)); |
| 245 DCHECK(GetRESIds(NULL, NULL)); | 213 DCHECK(GetRESIds(NULL, NULL)); |
| 246 return true; | 214 return true; |
| 247 } | 215 } |
| 248 | 216 |
| 249 bool Credentials::DropFileSystemAccess() { | 217 bool Credentials::DropFileSystemAccess() { |
| 250 CHECK(ChrootToSafeEmptyDir()); | 218 CHECK(ChrootToSafeEmptyDir()); |
| 251 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 219 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 252 // We never let this function fail. | 220 // We never let this function fail. |
| 253 return true; | 221 return true; |
| 254 } | 222 } |
| 255 | 223 |
| 256 } // namespace sandbox. | 224 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 849893004:
Move a couple of utility functions to a new namespace_utils class. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master