Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1460)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/services/credentials.cc

Issue 960873002: Update from https://crrev.com/318214 (Closed) Base URL: https://github.com/domokit/mojo.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/services/credentials.cc
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index ed21fd192bd0c7eda1ffaadcbf6583c26f18751d..6f84a66b7a60f2877a7dc2d85ab7a1d31983c27b 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -22,8 +22,11 @@
#include "base/process/launch.h"
#include "base/template_util.h"
#include "base/third_party/valgrind/valgrind.h"
+#include "build/build_config.h"
#include "sandbox/linux/services/namespace_utils.h"
+#include "sandbox/linux/services/proc_util.h"
#include "sandbox/linux/services/syscall_wrappers.h"
+#include "sandbox/linux/services/thread_helpers.h"
namespace sandbox {
@@ -129,7 +132,14 @@ void CheckCloneNewUserErrno(int error) {
} // namespace.
-bool Credentials::DropAllCapabilities() {
+bool Credentials::DropAllCapabilities(int proc_fd) {
+ DCHECK_LE(0, proc_fd);
+#if !defined(THREAD_SANITIZER)
+ // With TSAN, accept to break the security model as it is a testing
+ // configuration.
+ CHECK(ThreadHelpers::IsSingleThreaded(proc_fd));
+#endif
+
ScopedCap cap(cap_init());
CHECK(cap);
PCHECK(0 == cap_set_proc(cap.get()));
@@ -138,6 +148,11 @@ bool Credentials::DropAllCapabilities() {
return true;
}
+bool Credentials::DropAllCapabilities() {
+ base::ScopedFD proc_fd(ProcUtil::OpenProc());
+ return Credentials::DropAllCapabilities(proc_fd.get());
+}
+
bool Credentials::HasAnyCapability() {
ScopedCap current_cap(cap_get_proc());
CHECK(current_cap);
@@ -162,6 +177,12 @@ bool Credentials::CanCreateProcessInNewUserNS() {
return false;
}
+#if defined(THREAD_SANITIZER)
+ // With TSAN, processes will always have threads running and can never
+ // enter a new user namespace with MoveToNewUserNS().
+ return false;
+#endif
+
// This is roughly a fork().
const pid_t pid = sys_clone(CLONE_NEWUSER | SIGCHLD, 0, 0, 0, 0);
@@ -220,9 +241,12 @@ bool Credentials::MoveToNewUserNS() {
return true;
}
-bool Credentials::DropFileSystemAccess() {
+bool Credentials::DropFileSystemAccess(int proc_fd) {
+ CHECK_LE(0, proc_fd);
+
CHECK(ChrootToSafeEmptyDir());
CHECK(!base::DirectoryExists(base::FilePath("/proc")));
+ CHECK(!ProcUtil::HasOpenDirectory(proc_fd));
// We never let this function fail.
return true;
}
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698