| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 fprintf(stdout, "This kernel does not support unprivileged namespaces. " | 64 fprintf(stdout, "This kernel does not support unprivileged namespaces. " |
| 65 "USERNS tests will succeed without running.\n"); | 65 "USERNS tests will succeed without running.\n"); |
| 66 fflush(stdout); | 66 fflush(stdout); |
| 67 return; | 67 return; |
| 68 } | 68 } |
| 69 CHECK(Credentials::HasAnyCapability()); | 69 CHECK(Credentials::HasAnyCapability()); |
| 70 CHECK(Credentials::DropAllCapabilities()); | 70 CHECK(Credentials::DropAllCapabilities()); |
| 71 CHECK(!Credentials::HasAnyCapability()); | 71 CHECK(!Credentials::HasAnyCapability()); |
| 72 } | 72 } |
| 73 | 73 |
| 74 SANDBOX_TEST(Credentials, SupportsUserNS) { | 74 SANDBOX_TEST(Credentials, CanCreateProcessInNewUserNS) { |
| 75 CHECK(Credentials::DropAllCapabilities()); | 75 CHECK(Credentials::DropAllCapabilities()); |
| 76 bool user_ns_supported = Credentials::SupportsNewUserNS(); | 76 bool user_ns_supported = Credentials::CanCreateProcessInNewUserNS(); |
| 77 bool moved_to_new_ns = Credentials::MoveToNewUserNS(); | 77 bool moved_to_new_ns = Credentials::MoveToNewUserNS(); |
| 78 CHECK_EQ(user_ns_supported, moved_to_new_ns); | 78 CHECK_EQ(user_ns_supported, moved_to_new_ns); |
| 79 } | 79 } |
| 80 | 80 |
| 81 SANDBOX_TEST(Credentials, UidIsPreserved) { | 81 SANDBOX_TEST(Credentials, UidIsPreserved) { |
| 82 CHECK(Credentials::DropAllCapabilities()); | 82 CHECK(Credentials::DropAllCapabilities()); |
| 83 uid_t old_ruid, old_euid, old_suid; | 83 uid_t old_ruid, old_euid, old_suid; |
| 84 gid_t old_rgid, old_egid, old_sgid; | 84 gid_t old_rgid, old_egid, old_sgid; |
| 85 PCHECK(0 == getresuid(&old_ruid, &old_euid, &old_suid)); | 85 PCHECK(0 == getresuid(&old_ruid, &old_euid, &old_suid)); |
| 86 PCHECK(0 == getresgid(&old_rgid, &old_egid, &old_sgid)); | 86 PCHECK(0 == getresgid(&old_rgid, &old_egid, &old_sgid)); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 ASSERT_TRUE(WorkingDirectoryIsRoot()); | 130 ASSERT_TRUE(WorkingDirectoryIsRoot()); |
| 131 } | 131 } |
| 132 | 132 |
| 133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { | 133 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { |
| 134 CHECK(Credentials::DropAllCapabilities()); | 134 CHECK(Credentials::DropAllCapabilities()); |
| 135 // Probably missing kernel support. | 135 // Probably missing kernel support. |
| 136 if (!Credentials::MoveToNewUserNS()) return; | 136 if (!Credentials::MoveToNewUserNS()) return; |
| 137 CHECK(Credentials::DropFileSystemAccess()); | 137 CHECK(Credentials::DropFileSystemAccess()); |
| 138 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 138 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 139 CHECK(WorkingDirectoryIsRoot()); | 139 CHECK(WorkingDirectoryIsRoot()); |
| 140 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); |
| 140 // We want the chroot to never have a subdirectory. A subdirectory | 141 // We want the chroot to never have a subdirectory. A subdirectory |
| 141 // could allow a chroot escape. | 142 // could allow a chroot escape. |
| 142 CHECK_NE(0, mkdir("/test", 0700)); | 143 CHECK_NE(0, mkdir("/test", 0700)); |
| 143 } | 144 } |
| 144 | 145 |
| 145 // Check that after dropping filesystem access and dropping privileges | 146 // Check that after dropping filesystem access and dropping privileges |
| 146 // it is not possible to regain capabilities. | 147 // it is not possible to regain capabilities. |
| 147 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { | 148 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { |
| 148 CHECK(Credentials::DropAllCapabilities()); | 149 CHECK(Credentials::DropAllCapabilities()); |
| 149 // Probably missing kernel support. | 150 // Probably missing kernel support. |
| 150 if (!Credentials::MoveToNewUserNS()) return; | 151 if (!Credentials::MoveToNewUserNS()) return; |
| 151 CHECK(Credentials::DropFileSystemAccess()); | 152 CHECK(Credentials::DropFileSystemAccess()); |
| 152 CHECK(Credentials::DropAllCapabilities()); | 153 CHECK(Credentials::DropAllCapabilities()); |
| 153 | 154 |
| 154 // The kernel should now prevent us from regaining capabilities because we | 155 // The kernel should now prevent us from regaining capabilities because we |
| 155 // are in a chroot. | 156 // are in a chroot. |
| 156 CHECK(!Credentials::SupportsNewUserNS()); | 157 CHECK(!Credentials::CanCreateProcessInNewUserNS()); |
| 157 CHECK(!Credentials::MoveToNewUserNS()); | 158 CHECK(!Credentials::MoveToNewUserNS()); |
| 158 } | 159 } |
| 159 | 160 |
| 160 } // namespace. | 161 } // namespace. |
| 161 | 162 |
| 162 } // namespace sandbox. | 163 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 885443002:
Roll Chrome into Mojo. (Closed)
Base URL: https://github.com/domokit/mojo.git@master