OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <unistd.h> | 12 #include <unistd.h> |
13 | 13 |
| 14 #include "base/files/file_path.h" |
14 #include "base/files/file_util.h" | 15 #include "base/files/file_util.h" |
15 #include "base/files/scoped_file.h" | 16 #include "base/files/scoped_file.h" |
16 #include "base/logging.h" | 17 #include "base/logging.h" |
17 #include "base/memory/scoped_ptr.h" | 18 #include "base/memory/scoped_ptr.h" |
18 #include "sandbox/linux/tests/unit_tests.h" | 19 #include "sandbox/linux/tests/unit_tests.h" |
19 #include "testing/gtest/include/gtest/gtest.h" | 20 #include "testing/gtest/include/gtest/gtest.h" |
20 | 21 |
21 namespace sandbox { | 22 namespace sandbox { |
22 | 23 |
23 namespace { | 24 namespace { |
24 | 25 |
25 bool DirectoryExists(const char* path) { | |
26 struct stat dir; | |
27 errno = 0; | |
28 int ret = stat(path, &dir); | |
29 return -1 != ret || ENOENT != errno; | |
30 } | |
31 | |
32 bool WorkingDirectoryIsRoot() { | 26 bool WorkingDirectoryIsRoot() { |
33 char current_dir[PATH_MAX]; | 27 char current_dir[PATH_MAX]; |
34 char* cwd = getcwd(current_dir, sizeof(current_dir)); | 28 char* cwd = getcwd(current_dir, sizeof(current_dir)); |
35 PCHECK(cwd); | 29 PCHECK(cwd); |
36 if (strcmp("/", cwd)) return false; | 30 if (strcmp("/", cwd)) return false; |
37 | 31 |
38 // The current directory is the root. Add a few paranoid checks. | 32 // The current directory is the root. Add a few paranoid checks. |
39 struct stat current; | 33 struct stat current; |
40 CHECK_EQ(0, stat(".", ¤t)); | 34 CHECK_EQ(0, stat(".", ¤t)); |
41 struct stat parrent; | 35 struct stat parrent; |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
134 ASSERT_FALSE(WorkingDirectoryIsRoot()); | 128 ASSERT_FALSE(WorkingDirectoryIsRoot()); |
135 ASSERT_EQ(0, chdir("/")); | 129 ASSERT_EQ(0, chdir("/")); |
136 ASSERT_TRUE(WorkingDirectoryIsRoot()); | 130 ASSERT_TRUE(WorkingDirectoryIsRoot()); |
137 } | 131 } |
138 | 132 |
139 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { | 133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { |
140 CHECK(Credentials::DropAllCapabilities()); | 134 CHECK(Credentials::DropAllCapabilities()); |
141 // Probably missing kernel support. | 135 // Probably missing kernel support. |
142 if (!Credentials::MoveToNewUserNS()) return; | 136 if (!Credentials::MoveToNewUserNS()) return; |
143 CHECK(Credentials::DropFileSystemAccess()); | 137 CHECK(Credentials::DropFileSystemAccess()); |
144 CHECK(!DirectoryExists("/proc")); | 138 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
145 CHECK(WorkingDirectoryIsRoot()); | 139 CHECK(WorkingDirectoryIsRoot()); |
146 // We want the chroot to never have a subdirectory. A subdirectory | 140 // We want the chroot to never have a subdirectory. A subdirectory |
147 // could allow a chroot escape. | 141 // could allow a chroot escape. |
148 CHECK_NE(0, mkdir("/test", 0700)); | 142 CHECK_NE(0, mkdir("/test", 0700)); |
149 } | 143 } |
150 | 144 |
151 // Check that after dropping filesystem access and dropping privileges | 145 // Check that after dropping filesystem access and dropping privileges |
152 // it is not possible to regain capabilities. | 146 // it is not possible to regain capabilities. |
153 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { | 147 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { |
154 CHECK(Credentials::DropAllCapabilities()); | 148 CHECK(Credentials::DropAllCapabilities()); |
155 // Probably missing kernel support. | 149 // Probably missing kernel support. |
156 if (!Credentials::MoveToNewUserNS()) return; | 150 if (!Credentials::MoveToNewUserNS()) return; |
157 CHECK(Credentials::DropFileSystemAccess()); | 151 CHECK(Credentials::DropFileSystemAccess()); |
158 CHECK(Credentials::DropAllCapabilities()); | 152 CHECK(Credentials::DropAllCapabilities()); |
159 | 153 |
160 // The kernel should now prevent us from regaining capabilities because we | 154 // The kernel should now prevent us from regaining capabilities because we |
161 // are in a chroot. | 155 // are in a chroot. |
162 CHECK(!Credentials::SupportsNewUserNS()); | 156 CHECK(!Credentials::SupportsNewUserNS()); |
163 CHECK(!Credentials::MoveToNewUserNS()); | 157 CHECK(!Credentials::MoveToNewUserNS()); |
164 } | 158 } |
165 | 159 |
166 } // namespace. | 160 } // namespace. |
167 | 161 |
168 } // namespace sandbox. | 162 } // namespace sandbox. |
OLD | NEW |