Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(576)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux.cc

Issue 88243003: Linux sandbox: move CurrentProcessHasOpenDirectories (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/installer/linux/rpm/expected_deps_x86_64 ('k') | sandbox/linux/services/credentials.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux.cc
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
index 6589682f49db0fb7d64f34550f43d134d03d3e83..b9cfe0e2fb9ab9b4d42d4712f79cbce2a7a26746 100644
--- a/content/common/sandbox_linux.cc
+++ b/content/common/sandbox_linux.cc
@@ -23,6 +23,7 @@
#include "content/common/sandbox_seccomp_bpf_linux.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/sandbox_linux.h"
+#include "sandbox/linux/services/credentials.h"
#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
namespace {
@@ -62,61 +63,6 @@ bool IsRunningTSAN() {
#endif
}
-struct DIRDeleter {
- void operator()(DIR* d) {
- PCHECK(closedir(d) == 0);
- }
-};
-
-// |proc_fd| should be a file descriptor to /proc (useful if the process
-// is sandboxed) or -1.
-// If |proc_fd| is -1, this function will return false if /proc/self/fd
-// cannot be opened.
-bool CurrentProcessHasOpenDirectories(int proc_fd) {
- int proc_self_fd = -1;
- if (proc_fd >= 0) {
- proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY);
- } else {
- proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY);
- if (proc_self_fd < 0) {
- // If not available, guess false.
- // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what
- // other situations are here. http://crbug.com/314985
- return false;
- }
- }
- CHECK_GE(proc_self_fd, 0);
-
- // Ownership of proc_self_fd is transferred here, it must not be closed
- // or modified afterwards except via dir.
- scoped_ptr<DIR, DIRDeleter> dir(fdopendir(proc_self_fd));
- CHECK(dir);
-
- struct dirent e;
- struct dirent* de;
- while (!readdir_r(dir.get(), &e, &de) && de) {
- if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) {
- continue;
- }
-
- int fd_num;
- CHECK(base::StringToInt(e.d_name, &fd_num));
- if (fd_num == proc_fd || fd_num == proc_self_fd) {
- continue;
- }
-
- struct stat s;
- // It's OK to use proc_self_fd here, fstatat won't modify it.
- CHECK(fstatat(proc_self_fd, e.d_name, &s, 0) == 0);
- if (S_ISDIR(s.st_mode)) {
- return true;
- }
- }
-
- // No open unmanaged directories found.
- return false;
-}
-
} // namespace
namespace content {
@@ -338,7 +284,7 @@ bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) {
}
bool LinuxSandbox::HasOpenDirectories() {
- return CurrentProcessHasOpenDirectories(proc_fd_);
+ return sandbox::Credentials().HasOpenDirectory(proc_fd_);
}
void LinuxSandbox::SealSandbox() {
« no previous file with comments | « chrome/installer/linux/rpm/expected_deps_x86_64 ('k') | sandbox/linux/services/credentials.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698