Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(134)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 90243002: Extract CreateInitProcessReaper() from the Zygote. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address comments. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sys/types.h> 5 #include <sys/types.h>
6 #include <sys/wait.h> 6 #include <sys/wait.h>
7 #include <unistd.h> 7 #include <unistd.h>
8 8
9 #include "base/environment.h" 9 #include "base/environment.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/memory/scoped_ptr.h" 11 #include "base/memory/scoped_ptr.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "base/strings/string_number_conversions.h" 13 #include "base/strings/string_number_conversions.h"
14 14
15 #include "sandbox/linux/services/init_process_reaper.h"
15 #include "sandbox/linux/suid/common/sandbox.h" 16 #include "sandbox/linux/suid/common/sandbox.h"
16 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" 17 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
17 #include "setuid_sandbox_client.h" 18 #include "setuid_sandbox_client.h"
18 19
19 namespace { 20 namespace {
20 21
21 // Set an environment variable that reflects the API version we expect from the 22 // Set an environment variable that reflects the API version we expect from the
22 // setuid sandbox. Old versions of the sandbox will ignore this. 23 // setuid sandbox. Old versions of the sandbox will ignore this.
23 void SetSandboxAPIEnvironmentVariable(base::Environment* env) { 24 void SetSandboxAPIEnvironmentVariable(base::Environment* env) {
24 env->SetVar(sandbox::kSandboxEnvironmentApiRequest, 25 env->SetVar(sandbox::kSandboxEnvironmentApiRequest,
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after
143 LOG(ERROR) << "Error code reply from chroot helper"; 144 LOG(ERROR) << "Error code reply from chroot helper";
144 return false; 145 return false;
145 } 146 }
146 147
147 // We now consider ourselves "fully sandboxed" as far as the 148 // We now consider ourselves "fully sandboxed" as far as the
148 // setuid sandbox is concerned. 149 // setuid sandbox is concerned.
149 sandboxed_ = true; 150 sandboxed_ = true;
150 return true; 151 return true;
151 } 152 }
152 153
154 bool SetuidSandboxClient::CreateInitProcessReaper(
155 base::Closure* post_fork_parent_callback) {
156 return sandbox::CreateInitProcessReaper(post_fork_parent_callback);
157 }
158
153 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { 159 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
154 return GetHelperApi(env_) == kSUIDSandboxApiNumber; 160 return GetHelperApi(env_) == kSUIDSandboxApiNumber;
155 } 161 }
156 162
157 bool SetuidSandboxClient::IsSuidSandboxChild() const { 163 bool SetuidSandboxClient::IsSuidSandboxChild() const {
158 return GetIPCDescriptor(env_) >= 0; 164 return GetIPCDescriptor(env_) >= 0;
159 } 165 }
160 166
161 bool SetuidSandboxClient::IsInNewPIDNamespace() const { 167 bool SetuidSandboxClient::IsInNewPIDNamespace() const {
162 return env_->HasVar(kSandboxPIDNSEnvironmentVarName); 168 return env_->HasVar(kSandboxPIDNSEnvironmentVarName);
163 } 169 }
164 170
165 bool SetuidSandboxClient::IsInNewNETNamespace() const { 171 bool SetuidSandboxClient::IsInNewNETNamespace() const {
166 return env_->HasVar(kSandboxNETNSEnvironmentVarName); 172 return env_->HasVar(kSandboxNETNSEnvironmentVarName);
167 } 173 }
168 174
169 bool SetuidSandboxClient::IsSandboxed() const { 175 bool SetuidSandboxClient::IsSandboxed() const {
170 return sandboxed_; 176 return sandboxed_;
171 } 177 }
172 178
173 void SetuidSandboxClient::SetupLaunchEnvironment() { 179 void SetuidSandboxClient::SetupLaunchEnvironment() {
174 SaveSUIDUnsafeEnvironmentVariables(env_); 180 SaveSUIDUnsafeEnvironmentVariables(env_);
175 SetSandboxAPIEnvironmentVariable(env_); 181 SetSandboxAPIEnvironmentVariable(env_);
176 } 182 }
177 183
178 } // namespace sandbox 184 } // namespace sandbox
179 185
OLDNEW
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698