Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(201)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.cc

Issue 851503003: Update from https://crrev.com/311076 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <stdio.h> 9 #include <stdio.h>
10 #include <sys/capability.h> 10 #include <sys/capability.h>
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after
150 // namespaces are used. EINVAL for kernels that don't support the feature. 150 // namespaces are used. EINVAL for kernels that don't support the feature.
151 // Valgrind will ENOSYS unshare(). 151 // Valgrind will ENOSYS unshare().
152 PCHECK(error == EPERM || error == EUSERS || error == EINVAL || 152 PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
153 error == ENOSYS); 153 error == ENOSYS);
154 } 154 }
155 155
156 } // namespace. 156 } // namespace.
157 157
158 namespace sandbox { 158 namespace sandbox {
159 159
160 Credentials::Credentials() {
161 }
162
163 Credentials::~Credentials() {
164 }
165
166 bool Credentials::DropAllCapabilities() { 160 bool Credentials::DropAllCapabilities() {
167 ScopedCap cap(cap_init()); 161 ScopedCap cap(cap_init());
168 CHECK(cap); 162 CHECK(cap);
169 PCHECK(0 == cap_set_proc(cap.get())); 163 PCHECK(0 == cap_set_proc(cap.get()));
164 CHECK(!HasAnyCapability());
170 // We never let this function fail. 165 // We never let this function fail.
171 return true; 166 return true;
172 } 167 }
173 168
174 bool Credentials::HasAnyCapability() const { 169 bool Credentials::HasAnyCapability() {
175 ScopedCap current_cap(cap_get_proc()); 170 ScopedCap current_cap(cap_get_proc());
176 CHECK(current_cap); 171 CHECK(current_cap);
177 ScopedCap empty_cap(cap_init()); 172 ScopedCap empty_cap(cap_init());
178 CHECK(empty_cap); 173 CHECK(empty_cap);
179 return cap_compare(current_cap.get(), empty_cap.get()) != 0; 174 return cap_compare(current_cap.get(), empty_cap.get()) != 0;
180 } 175 }
181 176
182 scoped_ptr<std::string> Credentials::GetCurrentCapString() const { 177 scoped_ptr<std::string> Credentials::GetCurrentCapString() {
183 ScopedCap current_cap(cap_get_proc()); 178 ScopedCap current_cap(cap_get_proc());
184 CHECK(current_cap); 179 CHECK(current_cap);
185 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); 180 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL));
186 CHECK(cap_text); 181 CHECK(cap_text);
187 return scoped_ptr<std::string> (new std::string(cap_text.get())); 182 return scoped_ptr<std::string> (new std::string(cap_text.get()));
188 } 183 }
189 184
190 // static 185 // static
191 bool Credentials::SupportsNewUserNS() { 186 bool Credentials::SupportsNewUserNS() {
192 // Valgrind will let clone(2) pass-through, but doesn't support unshare(), 187 // Valgrind will let clone(2) pass-through, but doesn't support unshare(),
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 CHECK(WriteToIdMapFile(kUidMapFile, uid)); 240 CHECK(WriteToIdMapFile(kUidMapFile, uid));
246 DCHECK(GetRESIds(NULL, NULL)); 241 DCHECK(GetRESIds(NULL, NULL));
247 return true; 242 return true;
248 } 243 }
249 244
250 bool Credentials::DropFileSystemAccess() { 245 bool Credentials::DropFileSystemAccess() {
251 return ChrootToSafeEmptyDir(); 246 return ChrootToSafeEmptyDir();
252 } 247 }
253 248
254 } // namespace sandbox. 249 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698