Minor refactoring of setuid_sandbox_client.

sandbox/linux/suid/client/setuid_sandbox_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/suid/client/setuid_sandbox_client.h"
 
 #include <fcntl.h>
 #include <stdlib.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #include "base/command_line.h"
 #include "base/environment.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/files/scoped_file.h"
 #include "base/logging.h"
-#include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/process/launch.h"
 #include "base/process/process_metrics.h"
 #include "base/strings/string_number_conversions.h"
 #include "sandbox/linux/services/init_process_reaper.h"
 #include "sandbox/linux/suid/common/sandbox.h"
 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
 
 namespace {
 
 bool IsFileSystemAccessDenied() {
-  base::ScopedFD self_exe(HANDLE_EINTR(open(base::kProcSelfExe, O_RDONLY)));
+  base::ScopedFD self_exe(HANDLE_EINTR(open("/", O_RDONLY)));

[jln (very slow on Chromium), 2015/02/05 00:12:52]

This seems like it could easily regress. What was the reason for this?

It's kind of a "small trick" that the setuid sandbox currently doesn't even let
access /. But we would consider the process sandboxed even if it was in an empty
chroot instead.

[mdempsky, 2015/02/05 01:41:19]

Removing base::kProcSelfExe was so this function could compile without dragging
in base/process/process_metrics_linux.cc and its transitive dependencies.

Changing from "/proc/self/exe" to "/" was my suggestion, because I think it's a
stronger test that we've actually dropped filesystem access.  Agreed that we
might in the future want to relax this and allow *some* filesystem access, but I
think it'll be easy enough to tweak this test again if/when necessary.

   return !self_exe.is_valid();
 }
 
 // Set an environment variable that reflects the API version we expect from the
 // setuid sandbox. Old versions of the sandbox will ignore this.
 void SetSandboxAPIEnvironmentVariable(base::Environment* env) {
   env->SetVar(sandbox::kSandboxEnvironmentApiRequest,
               base::IntToString(sandbox::kSUIDSandboxApiNumber));
 }
 
@@ skipping 155 matching lines @@
     return false;
   }
 
   // We now consider ourselves "fully sandboxed" as far as the
   // setuid sandbox is concerned.
   CHECK(IsFileSystemAccessDenied());
   sandboxed_ = true;
   return true;
 }
 
-bool SetuidSandboxClient::CreateInitProcessReaper(
-    base::Closure* post_fork_parent_callback) {
-  return sandbox::CreateInitProcessReaper(post_fork_parent_callback);
-}
-
 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
   return GetHelperApi(env_) == kSUIDSandboxApiNumber;
 }
 
 bool SetuidSandboxClient::IsSuidSandboxChild() const {
   return GetIPCDescriptor(env_) >= 0;
 }
 
 bool SetuidSandboxClient::IsInNewPIDNamespace() const {
   return env_->HasVar(kSandboxPIDNSEnvironmentVarName);
@@ skipping 84 matching lines @@
   // kZygoteIdFd. Fixing this requires a sandbox API change. :(
   fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd));
 }
 
 void SetuidSandboxClient::SetupLaunchEnvironment() {
   SaveSUIDUnsafeEnvironmentVariables(env_);
   SetSandboxAPIEnvironmentVariable(env_);
 }
 
 }  // namespace sandbox