OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
11 #include <sys/syscall.h> | 11 #include <sys/syscall.h> |
12 #include <sys/types.h> | 12 #include <sys/types.h> |
13 #include <sys/wait.h> | 13 #include <sys/wait.h> |
14 #include <unistd.h> | 14 #include <unistd.h> |
15 | 15 |
16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
17 #include "base/bind.h" | 17 #include "base/bind.h" |
18 #include "base/files/file_path.h" | 18 #include "base/files/file_path.h" |
19 #include "base/files/file_util.h" | 19 #include "base/files/file_util.h" |
20 #include "base/logging.h" | 20 #include "base/logging.h" |
21 #include "base/posix/eintr_wrapper.h" | 21 #include "base/posix/eintr_wrapper.h" |
22 #include "base/process/launch.h" | 22 #include "base/process/launch.h" |
23 #include "base/template_util.h" | 23 #include "base/template_util.h" |
24 #include "base/third_party/valgrind/valgrind.h" | 24 #include "base/third_party/valgrind/valgrind.h" |
25 #include "sandbox/linux/services/namespace_utils.h" | 25 #include "sandbox/linux/services/namespace_utils.h" |
| 26 #include "sandbox/linux/services/proc_util.h" |
26 #include "sandbox/linux/services/syscall_wrappers.h" | 27 #include "sandbox/linux/services/syscall_wrappers.h" |
| 28 #include "sandbox/linux/services/thread_helpers.h" |
27 | 29 |
28 namespace sandbox { | 30 namespace sandbox { |
29 | 31 |
30 namespace { | 32 namespace { |
31 | 33 |
32 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } | 34 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } |
33 | 35 |
34 struct CapFreeDeleter { | 36 struct CapFreeDeleter { |
35 inline void operator()(cap_t cap) const { | 37 inline void operator()(cap_t cap) const { |
36 int ret = cap_free(cap); | 38 int ret = cap_free(cap); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 void CheckCloneNewUserErrno(int error) { | 124 void CheckCloneNewUserErrno(int error) { |
123 // EPERM can happen if already in a chroot. EUSERS if too many nested | 125 // EPERM can happen if already in a chroot. EUSERS if too many nested |
124 // namespaces are used. EINVAL for kernels that don't support the feature. | 126 // namespaces are used. EINVAL for kernels that don't support the feature. |
125 // Valgrind will ENOSYS unshare(). | 127 // Valgrind will ENOSYS unshare(). |
126 PCHECK(error == EPERM || error == EUSERS || error == EINVAL || | 128 PCHECK(error == EPERM || error == EUSERS || error == EINVAL || |
127 error == ENOSYS); | 129 error == ENOSYS); |
128 } | 130 } |
129 | 131 |
130 } // namespace. | 132 } // namespace. |
131 | 133 |
132 bool Credentials::DropAllCapabilities() { | 134 bool Credentials::DropAllCapabilities(int proc_fd) { |
| 135 DCHECK_LE(0, proc_fd); |
| 136 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
| 137 |
133 ScopedCap cap(cap_init()); | 138 ScopedCap cap(cap_init()); |
134 CHECK(cap); | 139 CHECK(cap); |
135 PCHECK(0 == cap_set_proc(cap.get())); | 140 PCHECK(0 == cap_set_proc(cap.get())); |
136 CHECK(!HasAnyCapability()); | 141 CHECK(!HasAnyCapability()); |
137 // We never let this function fail. | 142 // We never let this function fail. |
138 return true; | 143 return true; |
139 } | 144 } |
140 | 145 |
| 146 bool Credentials::DropAllCapabilities() { |
| 147 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
| 148 return Credentials::DropAllCapabilities(proc_fd.get()); |
| 149 } |
| 150 |
141 bool Credentials::HasAnyCapability() { | 151 bool Credentials::HasAnyCapability() { |
142 ScopedCap current_cap(cap_get_proc()); | 152 ScopedCap current_cap(cap_get_proc()); |
143 CHECK(current_cap); | 153 CHECK(current_cap); |
144 ScopedCap empty_cap(cap_init()); | 154 ScopedCap empty_cap(cap_init()); |
145 CHECK(empty_cap); | 155 CHECK(empty_cap); |
146 return cap_compare(current_cap.get(), empty_cap.get()) != 0; | 156 return cap_compare(current_cap.get(), empty_cap.get()) != 0; |
147 } | 157 } |
148 | 158 |
149 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 159 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
150 ScopedCap current_cap(cap_get_proc()); | 160 ScopedCap current_cap(cap_get_proc()); |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
213 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. | 223 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. |
214 DCHECK(GetRESIds(NULL, NULL)); | 224 DCHECK(GetRESIds(NULL, NULL)); |
215 const char kGidMapFile[] = "/proc/self/gid_map"; | 225 const char kGidMapFile[] = "/proc/self/gid_map"; |
216 const char kUidMapFile[] = "/proc/self/uid_map"; | 226 const char kUidMapFile[] = "/proc/self/uid_map"; |
217 PCHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid)); | 227 PCHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid)); |
218 PCHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid)); | 228 PCHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid)); |
219 DCHECK(GetRESIds(NULL, NULL)); | 229 DCHECK(GetRESIds(NULL, NULL)); |
220 return true; | 230 return true; |
221 } | 231 } |
222 | 232 |
223 bool Credentials::DropFileSystemAccess() { | 233 bool Credentials::DropFileSystemAccess(int proc_fd) { |
| 234 CHECK_LE(0, proc_fd); |
| 235 |
224 CHECK(ChrootToSafeEmptyDir()); | 236 CHECK(ChrootToSafeEmptyDir()); |
225 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 237 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 238 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); |
226 // We never let this function fail. | 239 // We never let this function fail. |
227 return true; | 240 return true; |
228 } | 241 } |
229 | 242 |
230 } // namespace sandbox. | 243 } // namespace sandbox. |
OLD | NEW |