Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/credentials.cc

Issue 938223004: Linux sandbox: better APIs with /proc/ arguments (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix invalid proc_fd_ usage. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/credentials.h" 5 #include "sandbox/linux/services/credentials.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <signal.h> 8 #include <signal.h>
9 #include <stdio.h> 9 #include <stdio.h>
10 #include <sys/capability.h> 10 #include <sys/capability.h>
11 #include <sys/syscall.h> 11 #include <sys/syscall.h>
12 #include <sys/types.h> 12 #include <sys/types.h>
13 #include <sys/wait.h> 13 #include <sys/wait.h>
14 #include <unistd.h> 14 #include <unistd.h>
15 15
16 #include "base/basictypes.h" 16 #include "base/basictypes.h"
17 #include "base/bind.h" 17 #include "base/bind.h"
18 #include "base/files/file_path.h" 18 #include "base/files/file_path.h"
19 #include "base/files/file_util.h" 19 #include "base/files/file_util.h"
20 #include "base/logging.h" 20 #include "base/logging.h"
21 #include "base/posix/eintr_wrapper.h" 21 #include "base/posix/eintr_wrapper.h"
22 #include "base/process/launch.h" 22 #include "base/process/launch.h"
23 #include "base/template_util.h" 23 #include "base/template_util.h"
24 #include "base/third_party/valgrind/valgrind.h" 24 #include "base/third_party/valgrind/valgrind.h"
25 #include "sandbox/linux/services/namespace_utils.h" 25 #include "sandbox/linux/services/namespace_utils.h"
26 #include "sandbox/linux/services/proc_util.h"
26 #include "sandbox/linux/services/syscall_wrappers.h" 27 #include "sandbox/linux/services/syscall_wrappers.h"
28 #include "sandbox/linux/services/thread_helpers.h"
27 29
28 namespace sandbox { 30 namespace sandbox {
29 31
30 namespace { 32 namespace {
31 33
32 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; } 34 bool IsRunningOnValgrind() { return RUNNING_ON_VALGRIND; }
33 35
34 struct CapFreeDeleter { 36 struct CapFreeDeleter {
35 inline void operator()(cap_t cap) const { 37 inline void operator()(cap_t cap) const {
36 int ret = cap_free(cap); 38 int ret = cap_free(cap);
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 void CheckCloneNewUserErrno(int error) { 124 void CheckCloneNewUserErrno(int error) {
123 // EPERM can happen if already in a chroot. EUSERS if too many nested 125 // EPERM can happen if already in a chroot. EUSERS if too many nested
124 // namespaces are used. EINVAL for kernels that don't support the feature. 126 // namespaces are used. EINVAL for kernels that don't support the feature.
125 // Valgrind will ENOSYS unshare(). 127 // Valgrind will ENOSYS unshare().
126 PCHECK(error == EPERM || error == EUSERS || error == EINVAL || 128 PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
127 error == ENOSYS); 129 error == ENOSYS);
128 } 130 }
129 131
130 } // namespace. 132 } // namespace.
131 133
132 bool Credentials::DropAllCapabilities() { 134 bool Credentials::DropAllCapabilities(int proc_fd) {
135 DCHECK_LE(0, proc_fd);
136 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd));
137
133 ScopedCap cap(cap_init()); 138 ScopedCap cap(cap_init());
134 CHECK(cap); 139 CHECK(cap);
135 PCHECK(0 == cap_set_proc(cap.get())); 140 PCHECK(0 == cap_set_proc(cap.get()));
136 CHECK(!HasAnyCapability()); 141 CHECK(!HasAnyCapability());
137 // We never let this function fail. 142 // We never let this function fail.
138 return true; 143 return true;
139 } 144 }
140 145
146 bool Credentials::DropAllCapabilities() {
147 base::ScopedFD proc_fd(ProcUtil::OpenProc());
148 return Credentials::DropAllCapabilities(proc_fd.get());
149 }
150
141 bool Credentials::HasAnyCapability() { 151 bool Credentials::HasAnyCapability() {
142 ScopedCap current_cap(cap_get_proc()); 152 ScopedCap current_cap(cap_get_proc());
143 CHECK(current_cap); 153 CHECK(current_cap);
144 ScopedCap empty_cap(cap_init()); 154 ScopedCap empty_cap(cap_init());
145 CHECK(empty_cap); 155 CHECK(empty_cap);
146 return cap_compare(current_cap.get(), empty_cap.get()) != 0; 156 return cap_compare(current_cap.get(), empty_cap.get()) != 0;
147 } 157 }
148 158
149 scoped_ptr<std::string> Credentials::GetCurrentCapString() { 159 scoped_ptr<std::string> Credentials::GetCurrentCapString() {
150 ScopedCap current_cap(cap_get_proc()); 160 ScopedCap current_cap(cap_get_proc());
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps. 223 // /proc/sys/kernel/overflowuid). Setup the uid and gid maps.
214 DCHECK(GetRESIds(NULL, NULL)); 224 DCHECK(GetRESIds(NULL, NULL));
215 const char kGidMapFile[] = "/proc/self/gid_map"; 225 const char kGidMapFile[] = "/proc/self/gid_map";
216 const char kUidMapFile[] = "/proc/self/uid_map"; 226 const char kUidMapFile[] = "/proc/self/uid_map";
217 PCHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid)); 227 PCHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid));
218 PCHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid)); 228 PCHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid));
219 DCHECK(GetRESIds(NULL, NULL)); 229 DCHECK(GetRESIds(NULL, NULL));
220 return true; 230 return true;
221 } 231 }
222 232
223 bool Credentials::DropFileSystemAccess() { 233 bool Credentials::DropFileSystemAccess(int proc_fd) {
234 CHECK_LE(0, proc_fd);
235
224 CHECK(ChrootToSafeEmptyDir()); 236 CHECK(ChrootToSafeEmptyDir());
225 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); 237 CHECK(!base::DirectoryExists(base::FilePath("/proc")));
238 CHECK(!ProcUtil::HasOpenDirectory(proc_fd));
226 // We never let this function fail. 239 // We never let this function fail.
227 return true; 240 return true;
228 } 241 }
229 242
230 } // namespace sandbox. 243 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698