| Index: sandbox/linux/suid/client/setuid_sandbox_host.cc
|
| diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_host.cc
|
| similarity index 58%
|
| copy from sandbox/linux/suid/client/setuid_sandbox_client.cc
|
| copy to sandbox/linux/suid/client/setuid_sandbox_host.cc
|
| index f0b5cef1e0068ef9c0ddc1deccf46786ade54a4a..71171ebd4fe32b415743bf7c8a54524367c666fe 100644
|
| --- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
|
| +++ b/sandbox/linux/suid/client/setuid_sandbox_host.cc
|
| @@ -1,41 +1,34 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
|
| +#include "sandbox/linux/suid/client/setuid_sandbox_host.h"
|
|
|
| #include <fcntl.h>
|
| #include <stdlib.h>
|
| -#include <sys/socket.h>
|
| #include <sys/stat.h>
|
| -#include <sys/types.h>
|
| -#include <sys/wait.h>
|
| #include <unistd.h>
|
|
|
| +#include <string>
|
| +#include <utility>
|
| +
|
| #include "base/command_line.h"
|
| #include "base/environment.h"
|
| #include "base/files/file_path.h"
|
| #include "base/files/file_util.h"
|
| #include "base/files/scoped_file.h"
|
| #include "base/logging.h"
|
| -#include "base/macros.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/path_service.h"
|
| #include "base/posix/eintr_wrapper.h"
|
| #include "base/process/launch.h"
|
| #include "base/process/process_metrics.h"
|
| #include "base/strings/string_number_conversions.h"
|
| -#include "sandbox/linux/services/init_process_reaper.h"
|
| #include "sandbox/linux/suid/common/sandbox.h"
|
| #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
|
|
|
| namespace {
|
|
|
| -bool IsFileSystemAccessDenied() {
|
| - base::ScopedFD self_exe(HANDLE_EINTR(open(base::kProcSelfExe, O_RDONLY)));
|
| - return !self_exe.is_valid();
|
| -}
|
| -
|
| // Set an environment variable that reflects the API version we expect from the
|
| // setuid sandbox. Old versions of the sandbox will ignore this.
|
| void SetSandboxAPIEnvironmentVariable(base::Environment* env) {
|
| @@ -96,38 +89,6 @@ void SaveSUIDUnsafeEnvironmentVariables(base::Environment* env) {
|
| }
|
| }
|
|
|
| -int GetHelperApi(base::Environment* env) {
|
| - std::string api_string;
|
| - int api_number = 0; // Assume API version 0 if no environment was found.
|
| - if (env->GetVar(sandbox::kSandboxEnvironmentApiProvides, &api_string) &&
|
| - !base::StringToInt(api_string, &api_number)) {
|
| - // It's an error if we could not convert the API number.
|
| - api_number = -1;
|
| - }
|
| - return api_number;
|
| -}
|
| -
|
| -// Convert |var_name| from the environment |env| to an int.
|
| -// Return -1 if the variable does not exist or the value cannot be converted.
|
| -int EnvToInt(base::Environment* env, const char* var_name) {
|
| - std::string var_string;
|
| - int var_value = -1;
|
| - if (env->GetVar(var_name, &var_string) &&
|
| - !base::StringToInt(var_string, &var_value)) {
|
| - var_value = -1;
|
| - }
|
| - return var_value;
|
| -}
|
| -
|
| -pid_t GetHelperPID(base::Environment* env) {
|
| - return EnvToInt(env, sandbox::kSandboxHelperPidEnvironmentVarName);
|
| -}
|
| -
|
| -// Get the IPC file descriptor used to communicate with the setuid helper.
|
| -int GetIPCDescriptor(base::Environment* env) {
|
| - return EnvToInt(env, sandbox::kSandboxDescriptorEnvironmentVarName);
|
| -}
|
| -
|
| const char* GetDevelSandboxPath() {
|
| return getenv("CHROME_DEVEL_SANDBOX");
|
| }
|
| @@ -136,106 +97,21 @@ const char* GetDevelSandboxPath() {
|
|
|
| namespace sandbox {
|
|
|
| -SetuidSandboxClient* SetuidSandboxClient::Create() {
|
| +SetuidSandboxHost* SetuidSandboxHost::Create() {
|
| base::Environment* environment(base::Environment::Create());
|
| - SetuidSandboxClient* sandbox_client(new SetuidSandboxClient);
|
| -
|
| CHECK(environment);
|
| - sandbox_client->env_ = environment;
|
| - return sandbox_client;
|
| -}
|
| -
|
| -SetuidSandboxClient::SetuidSandboxClient()
|
| - : env_(NULL),
|
| - sandboxed_(false) {
|
| -}
|
| -
|
| -SetuidSandboxClient::~SetuidSandboxClient() {
|
| - delete env_;
|
| -}
|
| -
|
| -void SetuidSandboxClient::CloseDummyFile() {
|
| - // When we're launched through the setuid sandbox, SetupLaunchOptions
|
| - // arranges for kZygoteIdFd to be a dummy file descriptor to satisfy an
|
| - // ancient setuid sandbox ABI requirement. However, the descriptor is no
|
| - // longer needed, so we can simply close it right away now.
|
| - CHECK(IsSuidSandboxChild());
|
| -
|
| - // Sanity check that kZygoteIdFd refers to a pipe.
|
| - struct stat st;
|
| - PCHECK(0 == fstat(kZygoteIdFd, &st));
|
| - CHECK(S_ISFIFO(st.st_mode));
|
| -
|
| - PCHECK(0 == IGNORE_EINTR(close(kZygoteIdFd)));
|
| -}
|
| -
|
| -bool SetuidSandboxClient::ChrootMe() {
|
| - int ipc_fd = GetIPCDescriptor(env_);
|
| -
|
| - if (ipc_fd < 0) {
|
| - LOG(ERROR) << "Failed to obtain the sandbox IPC descriptor";
|
| - return false;
|
| - }
|
| -
|
| - if (HANDLE_EINTR(write(ipc_fd, &kMsgChrootMe, 1)) != 1) {
|
| - PLOG(ERROR) << "Failed to write to chroot pipe";
|
| - return false;
|
| - }
|
| -
|
| - // We need to reap the chroot helper process in any event.
|
| - pid_t helper_pid = GetHelperPID(env_);
|
| - // If helper_pid is -1 we wait for any child.
|
| - if (HANDLE_EINTR(waitpid(helper_pid, NULL, 0)) < 0) {
|
| - PLOG(ERROR) << "Failed to wait for setuid helper to die";
|
| - return false;
|
| - }
|
| -
|
| - char reply;
|
| - if (HANDLE_EINTR(read(ipc_fd, &reply, 1)) != 1) {
|
| - PLOG(ERROR) << "Failed to read from chroot pipe";
|
| - return false;
|
| - }
|
| -
|
| - if (reply != kMsgChrootSuccessful) {
|
| - LOG(ERROR) << "Error code reply from chroot helper";
|
| - return false;
|
| - }
|
| -
|
| - // We now consider ourselves "fully sandboxed" as far as the
|
| - // setuid sandbox is concerned.
|
| - CHECK(IsFileSystemAccessDenied());
|
| - sandboxed_ = true;
|
| - return true;
|
| -}
|
| -
|
| -bool SetuidSandboxClient::CreateInitProcessReaper(
|
| - base::Closure* post_fork_parent_callback) {
|
| - return sandbox::CreateInitProcessReaper(post_fork_parent_callback);
|
| -}
|
| -
|
| -bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
|
| - return GetHelperApi(env_) == kSUIDSandboxApiNumber;
|
| -}
|
| -
|
| -bool SetuidSandboxClient::IsSuidSandboxChild() const {
|
| - return GetIPCDescriptor(env_) >= 0;
|
| -}
|
| -
|
| -bool SetuidSandboxClient::IsInNewPIDNamespace() const {
|
| - return env_->HasVar(kSandboxPIDNSEnvironmentVarName);
|
| + return new SetuidSandboxHost(environment);
|
| }
|
|
|
| -bool SetuidSandboxClient::IsInNewNETNamespace() const {
|
| - return env_->HasVar(kSandboxNETNSEnvironmentVarName);
|
| +SetuidSandboxHost::SetuidSandboxHost(base::Environment* env) : env_(env) {
|
| }
|
|
|
| -bool SetuidSandboxClient::IsSandboxed() const {
|
| - return sandboxed_;
|
| +SetuidSandboxHost::~SetuidSandboxHost() {
|
| }
|
|
|
| // Check if CHROME_DEVEL_SANDBOX is set but empty. This currently disables
|
| // the setuid sandbox. TODO(jln): fix this (crbug.com/245376).
|
| -bool SetuidSandboxClient::IsDisabledViaEnvironment() {
|
| +bool SetuidSandboxHost::IsDisabledViaEnvironment() {
|
| const char* devel_sandbox_path = GetDevelSandboxPath();
|
| if (devel_sandbox_path && '\0' == *devel_sandbox_path) {
|
| return true;
|
| @@ -243,7 +119,7 @@ bool SetuidSandboxClient::IsDisabledViaEnvironment() {
|
| return false;
|
| }
|
|
|
| -base::FilePath SetuidSandboxClient::GetSandboxBinaryPath() {
|
| +base::FilePath SetuidSandboxHost::GetSandboxBinaryPath() {
|
| base::FilePath sandbox_binary;
|
| base::FilePath exe_dir;
|
| if (PathService::Get(base::DIR_EXE, &exe_dir)) {
|
| @@ -267,7 +143,7 @@ base::FilePath SetuidSandboxClient::GetSandboxBinaryPath() {
|
| return sandbox_binary;
|
| }
|
|
|
| -void SetuidSandboxClient::PrependWrapper(base::CommandLine* cmd_line) {
|
| +void SetuidSandboxHost::PrependWrapper(base::CommandLine* cmd_line) {
|
| std::string sandbox_binary(GetSandboxBinaryPath().value());
|
| struct stat st;
|
| if (sandbox_binary.empty() || stat(sandbox_binary.c_str(), &st) != 0) {
|
| @@ -288,7 +164,7 @@ void SetuidSandboxClient::PrependWrapper(base::CommandLine* cmd_line) {
|
| cmd_line->PrependWrapper(sandbox_binary);
|
| }
|
|
|
| -void SetuidSandboxClient::SetupLaunchOptions(
|
| +void SetuidSandboxHost::SetupLaunchOptions(
|
| base::LaunchOptions* options,
|
| base::FileHandleMappingVector* fds_to_remap,
|
| base::ScopedFD* dummy_fd) {
|
| @@ -311,9 +187,9 @@ void SetuidSandboxClient::SetupLaunchOptions(
|
| fds_to_remap->push_back(std::make_pair(dummy_fd->get(), kZygoteIdFd));
|
| }
|
|
|
| -void SetuidSandboxClient::SetupLaunchEnvironment() {
|
| - SaveSUIDUnsafeEnvironmentVariables(env_);
|
| - SetSandboxAPIEnvironmentVariable(env_);
|
| +void SetuidSandboxHost::SetupLaunchEnvironment() {
|
| + SaveSUIDUnsafeEnvironmentVariables(env_.get());
|
| + SetSandboxAPIEnvironmentVariable(env_.get());
|
| }
|
|
|
| } // namespace sandbox
|
|
|
Chromium Code Reviews
Issue 903273002:
Update from https://crrev.com/315085 (Closed)
Base URL: git@github.com:domokit/mojo.git@master