OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <sys/types.h> | 5 #include <sys/types.h> |
6 #include <sys/wait.h> | 6 #include <sys/wait.h> |
7 #include <unistd.h> | 7 #include <unistd.h> |
8 | 8 |
9 #include "base/environment.h" | 9 #include "base/environment.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/posix/eintr_wrapper.h" | 12 #include "base/posix/eintr_wrapper.h" |
13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
14 | 14 |
| 15 #include "sandbox/linux/services/init_process_reaper.h" |
15 #include "sandbox/linux/suid/common/sandbox.h" | 16 #include "sandbox/linux/suid/common/sandbox.h" |
16 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" | 17 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" |
17 #include "setuid_sandbox_client.h" | 18 #include "setuid_sandbox_client.h" |
18 | 19 |
19 namespace { | 20 namespace { |
20 | 21 |
21 // Set an environment variable that reflects the API version we expect from the | 22 // Set an environment variable that reflects the API version we expect from the |
22 // setuid sandbox. Old versions of the sandbox will ignore this. | 23 // setuid sandbox. Old versions of the sandbox will ignore this. |
23 void SetSandboxAPIEnvironmentVariable(base::Environment* env) { | 24 void SetSandboxAPIEnvironmentVariable(base::Environment* env) { |
24 env->SetVar(sandbox::kSandboxEnvironmentApiRequest, | 25 env->SetVar(sandbox::kSandboxEnvironmentApiRequest, |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
143 LOG(ERROR) << "Error code reply from chroot helper"; | 144 LOG(ERROR) << "Error code reply from chroot helper"; |
144 return false; | 145 return false; |
145 } | 146 } |
146 | 147 |
147 // We now consider ourselves "fully sandboxed" as far as the | 148 // We now consider ourselves "fully sandboxed" as far as the |
148 // setuid sandbox is concerned. | 149 // setuid sandbox is concerned. |
149 sandboxed_ = true; | 150 sandboxed_ = true; |
150 return true; | 151 return true; |
151 } | 152 } |
152 | 153 |
| 154 bool SetuidSandboxClient::CreateInitProcessReaper( |
| 155 base::Closure* post_fork_parent_callback) { |
| 156 return sandbox::CreateInitProcessReaper(post_fork_parent_callback); |
| 157 } |
| 158 |
153 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { | 159 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { |
154 return GetHelperApi(env_) == kSUIDSandboxApiNumber; | 160 return GetHelperApi(env_) == kSUIDSandboxApiNumber; |
155 } | 161 } |
156 | 162 |
157 bool SetuidSandboxClient::IsSuidSandboxChild() const { | 163 bool SetuidSandboxClient::IsSuidSandboxChild() const { |
158 return GetIPCDescriptor(env_) >= 0; | 164 return GetIPCDescriptor(env_) >= 0; |
159 } | 165 } |
160 | 166 |
161 bool SetuidSandboxClient::IsInNewPIDNamespace() const { | 167 bool SetuidSandboxClient::IsInNewPIDNamespace() const { |
162 return env_->HasVar(kSandboxPIDNSEnvironmentVarName); | 168 return env_->HasVar(kSandboxPIDNSEnvironmentVarName); |
163 } | 169 } |
164 | 170 |
165 bool SetuidSandboxClient::IsInNewNETNamespace() const { | 171 bool SetuidSandboxClient::IsInNewNETNamespace() const { |
166 return env_->HasVar(kSandboxNETNSEnvironmentVarName); | 172 return env_->HasVar(kSandboxNETNSEnvironmentVarName); |
167 } | 173 } |
168 | 174 |
169 bool SetuidSandboxClient::IsSandboxed() const { | 175 bool SetuidSandboxClient::IsSandboxed() const { |
170 return sandboxed_; | 176 return sandboxed_; |
171 } | 177 } |
172 | 178 |
173 void SetuidSandboxClient::SetupLaunchEnvironment() { | 179 void SetuidSandboxClient::SetupLaunchEnvironment() { |
174 SaveSUIDUnsafeEnvironmentVariables(env_); | 180 SaveSUIDUnsafeEnvironmentVariables(env_); |
175 SetSandboxAPIEnvironmentVariable(env_); | 181 SetSandboxAPIEnvironmentVariable(env_); |
176 } | 182 } |
177 | 183 |
178 } // namespace sandbox | 184 } // namespace sandbox |
179 | 185 |
OLD | NEW |