OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox | 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox |
6 | 6 |
7 #include "sandbox.h" | 7 #include "sandbox.h" |
8 | 8 |
9 #define _GNU_SOURCE | 9 #define _GNU_SOURCE |
10 #include <asm/unistd.h> | 10 #include <asm/unistd.h> |
(...skipping 26 matching lines...) Expand all Loading... |
37 #define CLONE_NEWPID 0x20000000 | 37 #define CLONE_NEWPID 0x20000000 |
38 #endif | 38 #endif |
39 #if !defined(CLONE_NEWNET) | 39 #if !defined(CLONE_NEWNET) |
40 #define CLONE_NEWNET 0x40000000 | 40 #define CLONE_NEWNET 0x40000000 |
41 #endif | 41 #endif |
42 | 42 |
43 static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; | 43 static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; |
44 static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID"; | 44 static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID"; |
45 | 45 |
46 // Should be kept in sync with base/linux_util.h | 46 // Should be kept in sync with base/linux_util.h |
47 static const long kSUIDSandboxApiNumber = 0; | 47 static const long kSUIDSandboxApiNumber = 1; |
48 static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ"; | 48 static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ"; |
49 static const char kSandboxEnvironmentApiProvides[] = "SBX_CHROME_API_PRV"; | 49 static const char kSandboxEnvironmentApiProvides[] = "SBX_CHROME_API_PRV"; |
50 | 50 |
51 // This number must be kept in sync with common/zygote_commands_linux.h | 51 // This number must be kept in sync with common/zygote_commands_linux.h |
52 static const int kZygoteIdFd = 7; | 52 static const int kZygoteIdFd = 7; |
53 | 53 |
54 // These are the magic byte values which the sandboxed process uses to request | 54 // These are the magic byte values which the sandboxed process uses to request |
55 // that it be chrooted. | 55 // that it be chrooted. |
56 static const char kMsgChrootMe = 'C'; | 56 static const char kMsgChrootMe = 'C'; |
57 static const char kMsgChrootSuccessful = 'O'; | 57 static const char kMsgChrootSuccessful = 'O'; |
(...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
489 if (!DropRoot()) | 489 if (!DropRoot()) |
490 return 1; | 490 return 1; |
491 if (!SetupChildEnvironment()) | 491 if (!SetupChildEnvironment()) |
492 return 1; | 492 return 1; |
493 | 493 |
494 execv(argv[1], &argv[1]); | 494 execv(argv[1], &argv[1]); |
495 FatalError("execv failed"); | 495 FatalError("execv failed"); |
496 | 496 |
497 return 1; | 497 return 1; |
498 } | 498 } |
OLD | NEW |