Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(49)

Unified Diff: sandbox/linux/services/credentials.cc

Issue 997463002: Add SetCapabilities for setting capabilities to an exact set. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Respond to comments. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/services/credentials.cc
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index 6f84a66b7a60f2877a7dc2d85ab7a1d31983c27b..8a9fe5d4bf1958e91d47c23b67a3ef44af16ad5a 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -153,6 +153,26 @@ bool Credentials::DropAllCapabilities() {
return Credentials::DropAllCapabilities(proc_fd.get());
}
+// static
+bool Credentials::SetCapabilities(int proc_fd,
+ const std::vector<cap_value_t>& caps) {
+ DCHECK_LE(0, proc_fd);
+ CHECK(ThreadHelpers::IsSingleThreaded(proc_fd));
jln (very slow on Chromium) 2015/03/10 22:14:22 #if !defined(THREAD_SANITIZER)
rickyz (no longer on Chrome) 2015/03/10 22:22:14 Done.
+
+ sandbox::ScopedCap cap(cap_init());
+ PCHECK(cap != nullptr);
+
+ if (!caps.empty()) {
+ const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED};
+ for (const cap_flag_t flag : flags) {
+ PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps.at(0), CAP_SET) ==
+ 0);
+ }
+ }
+
+ return cap_set_proc(cap.get()) == 0;
+}
+
bool Credentials::HasAnyCapability() {
ScopedCap current_cap(cap_get_proc());
CHECK(current_cap);
@@ -161,6 +181,21 @@ bool Credentials::HasAnyCapability() {
return cap_compare(current_cap.get(), empty_cap.get()) != 0;
}
+bool Credentials::HasCapability(cap_value_t cap) {
+ ScopedCap current_cap(cap_get_proc());
+ PCHECK(current_cap);
+
+ cap_flag_value_t value;
+ const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED};
+ for (const cap_flag_t flag : flags) {
+ PCHECK(cap_get_flag(current_cap.get(), cap, flag, &value) == 0);
+ if (value == CAP_SET) {
+ return true;
+ }
+ }
+ return false;
+}
+
scoped_ptr<std::string> Credentials::GetCurrentCapString() {
ScopedCap current_cap(cap_get_proc());
CHECK(current_cap);
« no previous file with comments | « sandbox/linux/services/credentials.h ('k') | sandbox/linux/services/credentials_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698