| Index: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
|
| diff --git a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
|
| index dfe177c8a0e02d89af96a4c2baf83f71287a30cd..9fd81bcfae958dd44beee4ba363bbb604060917e 100644
|
| --- a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
|
| +++ b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc
|
| @@ -48,15 +48,6 @@ bool IsSandboxed() {
|
| return true;
|
| }
|
|
|
| -// Open a new file descriptor to /proc/self/task/ by using
|
| -// |proc_fd|.
|
| -base::ScopedFD GetProcSelfTask(int proc_fd) {
|
| - base::ScopedFD proc_self_task(HANDLE_EINTR(
|
| - openat(proc_fd, "self/task/", O_RDONLY | O_DIRECTORY | O_CLOEXEC)));
|
| - PCHECK(proc_self_task.is_valid());
|
| - return proc_self_task.Pass();
|
| -}
|
| -
|
| bool MaybeSetProcessNonDumpable() {
|
| const base::CommandLine& command_line =
|
| *base::CommandLine::ForCurrentProcess();
|
| @@ -122,8 +113,7 @@ NaClSandbox::~NaClSandbox() {
|
|
|
| bool NaClSandbox::IsSingleThreaded() {
|
| CHECK(proc_fd_.is_valid());
|
| - base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get()));
|
| - return sandbox::ThreadHelpers::IsSingleThreaded(proc_self_task.get());
|
| + return sandbox::ThreadHelpers::IsSingleThreaded(proc_fd_.get());
|
| }
|
|
|
| bool NaClSandbox::HasOpenDirectory() {
|
| @@ -149,11 +139,10 @@ void NaClSandbox::InitializeLayerOneSandbox() {
|
| layer_one_enabled_ = true;
|
| } else if (sandbox::NamespaceSandbox::InNewUserNamespace()) {
|
| CHECK(sandbox::Credentials::MoveToNewUserNS());
|
| - // This relies on SealLayerOneSandbox() to be called later.
|
| - CHECK(!HasOpenDirectory());
|
| - CHECK(sandbox::Credentials::DropFileSystemAccess());
|
| - CHECK(IsSingleThreaded());
|
| - CHECK(sandbox::Credentials::DropAllCapabilities());
|
| + // This relies on SealLayerOneSandbox() to be called later since this
|
| + // class is keeping a file descriptor to /proc/.
|
| + CHECK(sandbox::Credentials::DropFileSystemAccess(proc_fd_.get()));
|
| + CHECK(sandbox::Credentials::DropAllCapabilities(proc_fd_.get()));
|
| CHECK(IsSandboxed());
|
| layer_one_enabled_ = true;
|
| }
|
| @@ -189,19 +178,19 @@ void NaClSandbox::InitializeLayerTwoSandbox(bool uses_nonsfi_mode) {
|
|
|
| RestrictAddressSpaceUsage();
|
|
|
| - base::ScopedFD proc_self_task(GetProcSelfTask(proc_fd_.get()));
|
| -
|
| + // Pass proc_fd_ ownership to the BPF sandbox, which guarantees it will
|
| + // be closed. There is no point in keeping it around since the BPF policy
|
| + // will prevent its usage.
|
| if (uses_nonsfi_mode) {
|
| - layer_two_enabled_ =
|
| - nacl::nonsfi::InitializeBPFSandbox(proc_self_task.Pass());
|
| + layer_two_enabled_ = nacl::nonsfi::InitializeBPFSandbox(proc_fd_.Pass());
|
| layer_two_is_nonsfi_ = true;
|
| } else {
|
| - layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_self_task.Pass());
|
| + layer_two_enabled_ = nacl::InitializeBPFSandbox(proc_fd_.Pass());
|
| }
|
| }
|
|
|
| void NaClSandbox::SealLayerOneSandbox() {
|
| - if (!layer_two_enabled_) {
|
| + if (proc_fd_.is_valid() && !layer_two_enabled_) {
|
| // If nothing prevents us, check that there is no superfluous directory
|
| // open.
|
| CHECK(!HasOpenDirectory());
|
|
|
Chromium Code Reviews
Issue 938223004:
Linux sandbox: better APIs with /proc/ arguments (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master