Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(330)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

Issue 938223004: Linux sandbox: better APIs with /proc/ arguments (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc ('k') | content/common/sandbox_linux/sandbox_init_linux.cc » ('j') | content/common/sandbox_linux/sandbox_linux.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
diff --git a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
index dfe177c8a0e02d89af96a4c2baf83f71287a30cd..7a782fb53375f34c443b5ed01a99c5f11c0909cb 100644
--- a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
+++ b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
@@ -48,15 +48,6 @@ bool IsSandboxed() {
return true;
}
-// Open a new file descriptor to /proc/self/task/ by using
-// |proc_fd|.
-base::ScopedFD GetProcSelfTask(int proc_fd) {
- base::ScopedFD proc_self_task(HANDLE_EINTR(
- openat(proc_fd, "self/task/", O_RDONLY | O_DIRECTORY | O_CLOEXEC)));
- PCHECK(proc_self_task.is_valid());
- return proc_self_task.Pass();
-}
-
bool MaybeSetProcessNonDumpable() {
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
@@ -122,8 +113,7 @@ NaClSandbox::~NaClSandbox() {
bool NaClSandbox::IsSingleThreaded() {
CHECK(proc_fd_.is_valid());
- base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get()));
- return sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get());
+ return sandbox::ThreadHelpers::IsSingleThreaded(proc_fd_.get());
}
bool NaClSandbox::HasOpenDirectory() {
@@ -149,11 +139,10 @@ void NaClSandbox::InitializeLayerOneSandbox() {
layer_one_enabled_ = true;
} else if (sandbox::NamespaceSandbox::InNewUserNamespace()) {
CHECK(sandbox::Credentials::MoveToNewUserNS());
- // This relies on SealLayerOneSandbox() to be called later.
- CHECK(!HasOpenDirectory());
- CHECK(sandbox::Credentials::DropFileSystemAccess());
- CHECK(IsSingleThreaded());
- CHECK(sandbox::Credentials::DropAllCapabilities());
+ // This relies on SealLayerOneSandbox() to be called later since this
+ // class is keeping a file descriptor to /proc/.
+ CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get()));
+ CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get()));
CHECK(IsSandboxed());
layer_one_enabled_ = true;
}
@@ -189,14 +178,14 @@ void NaClSandbox::InitializeLayerTwoSandbox(bool uses_nonsfi_mode) {
RestrictAddressSpaceUsage();
- base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get()));
-
+ // Pass proc_fd_ ownership to the BPF sandbox, which guarantees it will
+ // be closed. There is no point in keeping it around since the BPF policy
+ // will prevent its usage.
if (uses_nonsfi_mode) {
- layer_two_enabled_ =
- nacl::nonsfi::InitializeBPFSandbox(proc_self_task.Pass());
+ layer_two_enabled_ = nacl::nonsfi::InitializeBPFSandbox(proc_fd_.Pass());
layer_two_is_nonsfi_ = true;
} else {
- layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_self_task.Pass());
+ layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_fd_.Pass());
}
}
« no previous file with comments | « components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc ('k') | content/common/sandbox_linux/sandbox_init_linux.cc » ('j') | content/common/sandbox_linux/sandbox_linux.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698