Index: sandbox/linux/services/credentials.h |
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h |
index 83f2c7084e51a35b99fad33d3b71d31391056824..bc93311c33166a141441a81a48ef7de9932979f0 100644 |
--- a/sandbox/linux/services/credentials.h |
+++ b/sandbox/linux/services/credentials.h |
@@ -22,18 +22,18 @@ |
namespace sandbox { |
-// For brevity, we only expose enums for the subset of capabilities we use. |
-// This can be expanded as the need arises. |
-enum class LinuxCapability { |
- kCapSysChroot, |
- kCapSysAdmin, |
-}; |
- |
// This class should be used to manipulate the current process' credentials. |
// It is currently a stub used to manipulate POSIX.1e capabilities as |
// implemented by the Linux kernel. |
class SANDBOX_EXPORT Credentials { |
public: |
+ // For brevity, we only expose enums for the subset of capabilities we use. |
+ // This can be expanded as the need arises. |
+ enum class Capability { |
+ kCapSysChroot, |
jln (very slow on Chromium)
2015/03/26 22:01:33
Nit: you could drop the "Cap", now that it's quali
mdempsky
2015/03/27 20:32:11
Also, Chromium style is to use SHOUTY_CASE for enu
rickyz (no longer on Chrome)
2015/03/27 21:08:02
Oop, missed that, changed it as well, but let me k
|
+ kCapSysAdmin, |
+ }; |
+ |
// Drop all capabilities in the effective, inheritable and permitted sets for |
// the current thread. For security reasons, since capabilities are |
// per-thread, the caller is responsible for ensuring it is single-threaded |
@@ -46,12 +46,19 @@ class SANDBOX_EXPORT Credentials { |
// Sets the effective and permitted capability sets for the current thread to |
// the list of capabiltiies in |caps|. All other capability flags are cleared. |
static bool SetCapabilities(int proc_fd, |
- const std::vector<LinuxCapability>& caps) |
+ const std::vector<Capability>& caps) |
WARN_UNUSED_RESULT; |
+ // Versions of the above functions which do not check that the process is |
+ // single-threaded. After calling these functions, capabilities of other |
+ // threads will not be changed. |
jln (very slow on Chromium)
2015/03/26 22:01:33
Maybe add something along the lines "This is dange
rickyz (no longer on Chrome)
2015/03/27 21:08:02
Heh, sure, done
|
+ static bool DropAllCapabilitiesOnCurrentThread() WARN_UNUSED_RESULT; |
+ static bool SetCapabilitiesOnCurrentThread( |
+ const std::vector<Capability>& caps) WARN_UNUSED_RESULT; |
+ |
// Returns true if the current thread has either the effective, permitted, or |
// inheritable flag set for the given capability. |
- static bool HasCapability(LinuxCapability cap); |
+ static bool HasCapability(Capability cap); |
// Return true iff there is any capability in any of the capabilities sets |
// of the current thread. |