| Index: sandbox/linux/suid/client/setuid_sandbox_host.h
|
| diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_host.h
|
| similarity index 48%
|
| copy from sandbox/linux/suid/client/setuid_sandbox_client.h
|
| copy to sandbox/linux/suid/client/setuid_sandbox_host.h
|
| index b24eb4c5fff9926e9da3df693d88d5eb4140ac4e..6788892441003ca2c27a2931225078ec7f4b7934 100644
|
| --- a/sandbox/linux/suid/client/setuid_sandbox_client.h
|
| +++ b/sandbox/linux/suid/client/setuid_sandbox_host.h
|
| @@ -1,69 +1,38 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_
|
| -#define SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_
|
| +#ifndef SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_
|
| +#define SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_
|
|
|
| -#include "base/basictypes.h"
|
| -#include "base/command_line.h"
|
| -#include "base/environment.h"
|
| #include "base/files/file_path.h"
|
| #include "base/files/scoped_file.h"
|
| +#include "base/macros.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| #include "base/process/launch.h"
|
| #include "sandbox/sandbox_export.h"
|
|
|
| namespace sandbox {
|
|
|
| -// Helper class to use the setuid sandbox. This class is to be used both
|
| -// before launching the setuid helper and after being executed through the
|
| -// setuid helper.
|
| +// Helper class to use the setuid sandbox. This class is to be used
|
| +// before launching the setuid helper.
|
| // This class is difficult to use. It has been created by refactoring very old
|
| // code scathered through the Chromium code base.
|
| //
|
| // A typical use for "A" launching a sandboxed process "B" would be:
|
| // 1. A calls SetupLaunchEnvironment()
|
| -// 2. A sets up a CommandLine and then amends it with
|
| +// 2. A sets up a base::CommandLine and then amends it with
|
| // PrependWrapper() (or manually, by relying on GetSandboxBinaryPath()).
|
| // 3. A uses SetupLaunchOptions() to arrange for a dummy descriptor for the
|
| // setuid sandbox ABI.
|
| -// 4. A launches B with base::LaunchProcess, using the amended CommandLine.
|
| -// 5. B uses CloseDummyFile() to close the dummy file descriptor.
|
| -// 6. B performs various initializations that require access to the file
|
| -// system.
|
| -// 6.b (optional) B uses sandbox::Credentials::HasOpenDirectory() to verify
|
| -// that no directory is kept open (which would allow bypassing the setuid
|
| -// sandbox).
|
| -// 7. B should be prepared to assume the role of init(1). In particular, B
|
| -// cannot receive any signal from any other process, excluding SIGKILL.
|
| -// If B dies, all the processes in the namespace will die.
|
| -// B can fork() and the parent can assume the role of init(1), by using
|
| -// CreateInitProcessReaper().
|
| -// 8. B requests being chroot-ed through ChrootMe() and
|
| -// requests other sandboxing status via the status functions.
|
| -class SANDBOX_EXPORT SetuidSandboxClient {
|
| +// 4. A launches B with base::LaunchProcess, using the amended
|
| +// base::CommandLine.
|
| +// (The remaining steps are described within setuid_sandbox_client.h.)
|
| +class SANDBOX_EXPORT SetuidSandboxHost {
|
| public:
|
| // All instantation should go through this factory method.
|
| - static class SetuidSandboxClient* Create();
|
| - ~SetuidSandboxClient();
|
| -
|
| - // Close the dummy file descriptor leftover from the sandbox ABI.
|
| - void CloseDummyFile();
|
| - // Ask the setuid helper over the setuid sandbox IPC channel to chroot() us
|
| - // to an empty directory.
|
| - // Will only work if we have been launched through the setuid helper.
|
| - bool ChrootMe();
|
| -
|
| - // Did we get launched through an up to date setuid binary ?
|
| - bool IsSuidSandboxUpToDate() const;
|
| - // Did we get launched through the setuid helper ?
|
| - bool IsSuidSandboxChild() const;
|
| - // Did the setuid helper create a new PID namespace ?
|
| - bool IsInNewPIDNamespace() const;
|
| - // Did the setuid helper create a new network namespace ?
|
| - bool IsInNewNETNamespace() const;
|
| - // Are we done and fully sandboxed ?
|
| - bool IsSandboxed() const;
|
| + static SetuidSandboxHost* Create();
|
| + ~SetuidSandboxHost();
|
|
|
| // The setuid sandbox may still be disabled via the environment.
|
| // This is tracked in crbug.com/245376.
|
| @@ -88,15 +57,14 @@ class SANDBOX_EXPORT SetuidSandboxClient {
|
| void SetupLaunchEnvironment();
|
|
|
| private:
|
| - SetuidSandboxClient();
|
| + explicit SetuidSandboxHost(base::Environment* env);
|
|
|
| // Holds the environment. Will never be NULL.
|
| - base::Environment* env_;
|
| - bool sandboxed_;
|
| + scoped_ptr<base::Environment> env_;
|
|
|
| - DISALLOW_COPY_AND_ASSIGN(SetuidSandboxClient);
|
| + DISALLOW_COPY_AND_ASSIGN(SetuidSandboxHost);
|
| };
|
|
|
| } // namespace sandbox
|
|
|
| -#endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_CLIENT_H_
|
| +#endif // SANDBOX_LINUX_SUID_SETUID_SANDBOX_HOST_H_
|
|
|
Chromium Code Reviews
Issue 877153005:
sandbox: extract SetuidSandboxHost code from SetuidSandboxClient (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master