OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <unistd.h> | 12 #include <unistd.h> |
13 | 13 |
14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
15 #include "base/files/file_util.h" | 15 #include "base/files/file_util.h" |
16 #include "base/files/scoped_file.h" | 16 #include "base/files/scoped_file.h" |
17 #include "base/logging.h" | 17 #include "base/logging.h" |
18 #include "base/memory/scoped_ptr.h" | 18 #include "base/memory/scoped_ptr.h" |
| 19 #include "sandbox/linux/services/proc_util.h" |
19 #include "sandbox/linux/tests/unit_tests.h" | 20 #include "sandbox/linux/tests/unit_tests.h" |
20 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
21 | 22 |
22 namespace sandbox { | 23 namespace sandbox { |
23 | 24 |
24 namespace { | 25 namespace { |
25 | 26 |
26 bool WorkingDirectoryIsRoot() { | 27 bool WorkingDirectoryIsRoot() { |
27 char current_dir[PATH_MAX]; | 28 char current_dir[PATH_MAX]; |
28 char* cwd = getcwd(current_dir, sizeof(current_dir)); | 29 char* cwd = getcwd(current_dir, sizeof(current_dir)); |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
128 CHECK(!WorkingDirectoryIsRoot()); | 129 CHECK(!WorkingDirectoryIsRoot()); |
129 PCHECK(0 == chdir("/")); | 130 PCHECK(0 == chdir("/")); |
130 CHECK(WorkingDirectoryIsRoot()); | 131 CHECK(WorkingDirectoryIsRoot()); |
131 } | 132 } |
132 | 133 |
133 // Disabled on ASAN because of crbug.com/451603. | 134 // Disabled on ASAN because of crbug.com/451603. |
134 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) { | 135 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) { |
135 CHECK(Credentials::DropAllCapabilities()); | 136 CHECK(Credentials::DropAllCapabilities()); |
136 // Probably missing kernel support. | 137 // Probably missing kernel support. |
137 if (!Credentials::MoveToNewUserNS()) return; | 138 if (!Credentials::MoveToNewUserNS()) return; |
138 CHECK(Credentials::DropFileSystemAccess()); | 139 CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get())); |
139 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 140 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
140 CHECK(WorkingDirectoryIsRoot()); | 141 CHECK(WorkingDirectoryIsRoot()); |
141 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); | 142 CHECK(base::IsDirectoryEmpty(base::FilePath("/"))); |
142 // We want the chroot to never have a subdirectory. A subdirectory | 143 // We want the chroot to never have a subdirectory. A subdirectory |
143 // could allow a chroot escape. | 144 // could allow a chroot escape. |
144 CHECK_NE(0, mkdir("/test", 0700)); | 145 CHECK_NE(0, mkdir("/test", 0700)); |
145 } | 146 } |
146 | 147 |
147 // Check that after dropping filesystem access and dropping privileges | 148 // Check that after dropping filesystem access and dropping privileges |
148 // it is not possible to regain capabilities. | 149 // it is not possible to regain capabilities. |
149 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) { | 150 SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) { |
150 CHECK(Credentials::DropAllCapabilities()); | 151 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
| 152 CHECK(Credentials::DropAllCapabilities(proc_fd.get())); |
151 // Probably missing kernel support. | 153 // Probably missing kernel support. |
152 if (!Credentials::MoveToNewUserNS()) return; | 154 if (!Credentials::MoveToNewUserNS()) return; |
153 CHECK(Credentials::DropFileSystemAccess()); | 155 CHECK(Credentials::DropFileSystemAccess(proc_fd.get())); |
154 CHECK(Credentials::DropAllCapabilities()); | 156 CHECK(Credentials::DropAllCapabilities(proc_fd.get())); |
155 | 157 |
156 // The kernel should now prevent us from regaining capabilities because we | 158 // The kernel should now prevent us from regaining capabilities because we |
157 // are in a chroot. | 159 // are in a chroot. |
158 CHECK(!Credentials::CanCreateProcessInNewUserNS()); | 160 CHECK(!Credentials::CanCreateProcessInNewUserNS()); |
159 CHECK(!Credentials::MoveToNewUserNS()); | 161 CHECK(!Credentials::MoveToNewUserNS()); |
160 } | 162 } |
161 | 163 |
162 } // namespace. | 164 } // namespace. |
163 | 165 |
164 } // namespace sandbox. | 166 } // namespace sandbox. |
OLD | NEW |