| Index: sandbox/linux/suid/client/setuid_sandbox_client.h
|
| diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_client.h
|
| index b24eb4c5fff9926e9da3df693d88d5eb4140ac4e..cef7405ec14b4b909f71be6d516a5597c6cfa193 100644
|
| --- a/sandbox/linux/suid/client/setuid_sandbox_client.h
|
| +++ b/sandbox/linux/suid/client/setuid_sandbox_client.h
|
| @@ -5,29 +5,18 @@
|
| #ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_
|
| #define SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_
|
|
|
| -#include "base/basictypes.h"
|
| -#include "base/command_line.h"
|
| #include "base/environment.h"
|
| -#include "base/files/file_path.h"
|
| -#include "base/files/scoped_file.h"
|
| -#include "base/process/launch.h"
|
| #include "sandbox/sandbox_export.h"
|
|
|
| namespace sandbox {
|
|
|
| -// Helper class to use the setuid sandbox. This class is to be used both
|
| -// before launching the setuid helper and after being executed through the
|
| -// setuid helper.
|
| +// Helper class to use the setuid sandbox. This class is to be used
|
| +// after being executed through the setuid helper.
|
| // This class is difficult to use. It has been created by refactoring very old
|
| // code scathered through the Chromium code base.
|
| //
|
| // A typical use for "A" launching a sandboxed process "B" would be:
|
| -// 1. A calls SetupLaunchEnvironment()
|
| -// 2. A sets up a CommandLine and then amends it with
|
| -// PrependWrapper() (or manually, by relying on GetSandboxBinaryPath()).
|
| -// 3. A uses SetupLaunchOptions() to arrange for a dummy descriptor for the
|
| -// setuid sandbox ABI.
|
| -// 4. A launches B with base::LaunchProcess, using the amended CommandLine.
|
| +// (Steps 1 through 4 are described in setuid_sandbox_host.h.)
|
| // 5. B uses CloseDummyFile() to close the dummy file descriptor.
|
| // 6. B performs various initializations that require access to the file
|
| // system.
|
| @@ -65,28 +54,6 @@ class SANDBOX_EXPORT SetuidSandboxClient {
|
| // Are we done and fully sandboxed ?
|
| bool IsSandboxed() const;
|
|
|
| - // The setuid sandbox may still be disabled via the environment.
|
| - // This is tracked in crbug.com/245376.
|
| - bool IsDisabledViaEnvironment();
|
| - // Get the sandbox binary path. This method knows about the
|
| - // CHROME_DEVEL_SANDBOX environment variable used for user-managed builds. If
|
| - // the sandbox binary cannot be found, it will return an empty FilePath.
|
| - base::FilePath GetSandboxBinaryPath();
|
| - // Modify |cmd_line| to launch via the setuid sandbox. Crash if the setuid
|
| - // sandbox binary cannot be found. |cmd_line| must not be NULL.
|
| - void PrependWrapper(base::CommandLine* cmd_line);
|
| - // Set-up the launch options for launching via the setuid sandbox. Caller is
|
| - // responsible for keeping |dummy_fd| alive until LaunchProcess() completes.
|
| - // |options| and |fds_to_remap| must not be NULL.
|
| - // (Keeping |dummy_fd| alive is an unfortunate historical artifact of the
|
| - // chrome-sandbox ABI.)
|
| - void SetupLaunchOptions(base::LaunchOptions* options,
|
| - base::FileHandleMappingVector* fds_to_remap,
|
| - base::ScopedFD* dummy_fd);
|
| - // Set-up the environment. This should be done prior to launching the setuid
|
| - // helper.
|
| - void SetupLaunchEnvironment();
|
| -
|
| private:
|
| SetuidSandboxClient();
|
|
|
|
|
Chromium Code Reviews
Issue 877153005:
sandbox: extract SetuidSandboxHost code from SetuidSandboxClient (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master