Chromium Code Reviews Chromium Code Reviews
Issue 877153005:
sandbox: extract SetuidSandboxHost code from SetuidSandboxClient (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: sandbox/linux/suid/client/setuid_sandbox_host.h |
| diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_host.h |
| similarity index 53% |
| copy from sandbox/linux/suid/client/setuid_sandbox_client.h |
| copy to sandbox/linux/suid/client/setuid_sandbox_host.h |
| index b24eb4c5fff9926e9da3df693d88d5eb4140ac4e..43dc20e3c5c783af5a8d33c7ec48cd5bb916be81 100644 |
| --- a/sandbox/linux/suid/client/setuid_sandbox_client.h |
| +++ b/sandbox/linux/suid/client/setuid_sandbox_host.h |
| @@ -2,12 +2,10 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| -#define SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| +#ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_ |
| +#define SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_ |
| #include "base/basictypes.h" |
| -#include "base/command_line.h" |
| -#include "base/environment.h" |
| #include "base/files/file_path.h" |
| #include "base/files/scoped_file.h" |
| #include "base/process/launch.h" |
| @@ -15,9 +13,8 @@ |
| namespace sandbox { |
| -// Helper class to use the setuid sandbox. This class is to be used both |
| -// before launching the setuid helper and after being executed through the |
| -// setuid helper. |
| +// Helper class to use the setuid sandbox. This class is to be used |
| +// before launching the setuid helper. |
| // This class is difficult to use. It has been created by refactoring very old |
| // code scathered through the Chromium code base. |
| // |
| @@ -28,42 +25,12 @@ namespace sandbox { |
| // 3. A uses SetupLaunchOptions() to arrange for a dummy descriptor for the |
| // setuid sandbox ABI. |
| // 4. A launches B with base::LaunchProcess, using the amended CommandLine. |
| -// 5. B uses CloseDummyFile() to close the dummy file descriptor. |
| -// 6. B performs various initializations that require access to the file |
| -// system. |
| -// 6.b (optional) B uses sandbox::Credentials::HasOpenDirectory() to verify |
| -// that no directory is kept open (which would allow bypassing the setuid |
| -// sandbox). |
| -// 7. B should be prepared to assume the role of init(1). In particular, B |
| -// cannot receive any signal from any other process, excluding SIGKILL. |
| -// If B dies, all the processes in the namespace will die. |
| -// B can fork() and the parent can assume the role of init(1), by using |
| -// CreateInitProcessReaper(). |
| -// 8. B requests being chroot-ed through ChrootMe() and |
| -// requests other sandboxing status via the status functions. |
| -class SANDBOX_EXPORT SetuidSandboxClient { |
| +// (The remaining steps are described within SetuidSandboxClient.) |
|
rickyz (no longer on Chrome)
2015/02/04 10:46:00
nit: The comment in setuid_sandbox_host.h points t
mdempsky
2015/02/04 10:53:29
Done: both now use file name.
|
| +class SANDBOX_EXPORT SetuidSandboxHost { |
| public: |
| // All instantation should go through this factory method. |
| - static class SetuidSandboxClient* Create(); |
| - ~SetuidSandboxClient(); |
| - |
| - // Close the dummy file descriptor leftover from the sandbox ABI. |
| - void CloseDummyFile(); |
| - // Ask the setuid helper over the setuid sandbox IPC channel to chroot() us |
| - // to an empty directory. |
| - // Will only work if we have been launched through the setuid helper. |
| - bool ChrootMe(); |
| - |
| - // Did we get launched through an up to date setuid binary ? |
| - bool IsSuidSandboxUpToDate() const; |
| - // Did we get launched through the setuid helper ? |
| - bool IsSuidSandboxChild() const; |
| - // Did the setuid helper create a new PID namespace ? |
| - bool IsInNewPIDNamespace() const; |
| - // Did the setuid helper create a new network namespace ? |
| - bool IsInNewNETNamespace() const; |
| - // Are we done and fully sandboxed ? |
| - bool IsSandboxed() const; |
| + static class SetuidSandboxHost* Create(); |
|
rickyz (no longer on Chrome)
2015/02/04 10:46:00
nit: Remove the class
mdempsky
2015/02/04 10:53:29
Done.
|
| + ~SetuidSandboxHost(); |
| // The setuid sandbox may still be disabled via the environment. |
| // This is tracked in crbug.com/245376. |
| @@ -88,15 +55,14 @@ class SANDBOX_EXPORT SetuidSandboxClient { |
| void SetupLaunchEnvironment(); |
| private: |
| - SetuidSandboxClient(); |
| + SetuidSandboxHost(); |
| // Holds the environment. Will never be NULL. |
| base::Environment* env_; |
| - bool sandboxed_; |
| - DISALLOW_COPY_AND_ASSIGN(SetuidSandboxClient); |
| + DISALLOW_COPY_AND_ASSIGN(SetuidSandboxHost); |
| }; |
| } // namespace sandbox |
| -#endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_ |
| +#endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_ |
