Refactor the setuid sandbox client code to its own class.

content/zygote/zygote_main_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <dlfcn.h>
 #include <fcntl.h>
 #include <pthread.h>
 #include <stdio.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ skipping 19 matching lines @@
 #include "content/common/pepper_plugin_registry.h"
 #include "content/common/sandbox_methods_linux.h"
 #include "content/common/seccomp_sandbox.h"
 #include "content/common/zygote_commands_linux.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/main_function_params.h"
 #include "content/public/common/sandbox_linux.h"
 #include "content/public/common/zygote_fork_delegate_linux.h"
 #include "content/zygote/zygote_linux.h"
 #include "sandbox/linux/services/libc_urandom_override.h"
+#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
 #include "skia/ext/SkFontHost_fontconfig_control.h"
 #include "unicode/timezone.h"
 
 #if defined(OS_LINUX)
 #include <sys/epoll.h>
 #include <sys/prctl.h>
 #include <sys/signal.h>
 #else
 #include <signal.h>
 #endif
 
 namespace content {
 
 // See http://code.google.com/p/chromium/wiki/LinuxZygote
 
-// The SUID sandbox sets this environment variable to a file descriptor
-// over which we can signal that we have completed our startup and can be
-// chrooted.
-static const char kSUIDSandboxVar[] = "SBX_D";
-
 // With SELinux we can carve out a precise sandbox, so we don't have to play
 // with intercepting libc calls.
 #if !defined(CHROMIUM_SELINUX)
 
 static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output,
                                         char* timezone_out,
                                         size_t timezone_out_len) {
   Pickle request;
   request.WriteInt(LinuxSandbox::METHOD_LOCALTIME);
   request.WriteString(
@@ skipping 287 matching lines @@
     (void) HANDLE_EINTR(close(sync_fds[0]));
     if (read_ret == 1)
       return true;
     else
       return false;
   }
 }
 
 // This will set the *using_suid_sandbox variable to true if the SUID sandbox
 // is enabled. This does not necessarily exclude other types of sandboxing.
-static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) {
+static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
+                         bool* using_suid_sandbox, bool* has_started_new_init) {
   *using_suid_sandbox = false;
   *has_started_new_init = false;
+  if (!setuid_sandbox)
+    return false;
 
   PreSandboxInit();
   SkiaFontConfigSetImplementation(
       new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor));
 
-  const char* const sandbox_fd_string = getenv(kSUIDSandboxVar);
-  if (sandbox_fd_string) {
-    char* endptr;
+  if (setuid_sandbox->IsSuidSandboxChild()) {
     // Use the SUID sandbox.  This still allows the seccomp sandbox to
     // be enabled by the process later.
     *using_suid_sandbox = true;
 
-    // Check if the SUID sandbox provides the correct API version.
-    const char* const sandbox_api_string =
-                        getenv(base::kSandboxEnvironmentApiProvides);
-    // Assume API version 0 if no environment was found
-    long sandbox_api_num = 0;
-    if (sandbox_api_string) {
-      errno = 0;
-      sandbox_api_num = strtol(sandbox_api_string, &endptr, 10);
-      if (errno || *endptr) {
-        return false;
-      }
-    }
-
-    if (sandbox_api_num != base::kSUIDSandboxApiNumber) {
+    if (!setuid_sandbox->IsSuidSandboxUpToDate()) {
       LOG(WARNING) << "You are using a wrong version of the setuid binary!\n"
        "Please read "
        "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment."
        "\n\n";
     }
 
-    // Get the file descriptor to signal the chroot helper.
-    errno = 0;
-    const long fd_long = strtol(sandbox_fd_string, &endptr, 10);
-    if (errno || !*sandbox_fd_string || *endptr || fd_long < 0 ||
-        fd_long > INT_MAX) {
+    if (!setuid_sandbox->ChrootMe())
       return false;
-    }
-    const int fd = fd_long;
-
-    static const char kMsgChrootMe = 'C';
-    static const char kMsgChrootSuccessful = 'O';
-
-    if (HANDLE_EINTR(write(fd, &kMsgChrootMe, 1)) != 1) {
-      LOG(ERROR) << "Failed to write to chroot pipe: " << errno;
-      return false;
-    }
-
-    // We need to reap the chroot helper process in any event:
-    wait(NULL);
-
-    char reply;
-    if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) {
-      LOG(ERROR) << "Failed to read from chroot pipe: " << errno;
-      return false;
-    }
-
-    if (reply != kMsgChrootSuccessful) {
-      LOG(ERROR) << "Error code reply from chroot helper";
-      return false;
-    }
 
     if (getpid() == 1) {
       // The setuid sandbox has created a new PID namespace and we need
       // to assume the role of init.
       if (!CreateInitProcessReaper()) {
         LOG(ERROR) << "Error creating an init process to reap zombies";
         return false;
       }
       *has_started_new_init = true;
     }
@@ skipping 24 matching lines @@
         return false;
       }
     }
 #endif
   }
 
   return true;
 }
 #else  // CHROMIUM_SELINUX
 
-static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) {
+static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
+                         bool* using_suid_sandbox, bool* has_started_new_init) {
   *using_suid_sandbox = false;
   *has_started_new_init = false;
 
+  if (!setuid_sandbox)
+    return false;
+
   PreSandboxInit();
   SkiaFontConfigSetImplementation(
       new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor));
   return true;
 }
 
 #endif  // CHROMIUM_SELINUX
 
 bool ZygoteMain(const MainFunctionParams& params,
                 ZygoteForkDelegate* forkdelegate) {
 #if !defined(CHROMIUM_SELINUX)
   g_am_zygote_or_renderer = true;
   sandbox::InitLibcUrandomOverrides();
 #endif
 
   int proc_fd_for_seccomp = -1;
 #if defined(SECCOMP_SANDBOX)
   if (SeccompSandboxEnabled()) {
     // The seccomp sandbox needs access to files in /proc, which might be denied
     // after one of the other sandboxes have been started. So, obtain a suitable
     // file handle in advance.
     proc_fd_for_seccomp = open("/proc", O_DIRECTORY | O_RDONLY);
     if (proc_fd_for_seccomp < 0) {
       LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp "
           "sandboxing.";
     }
   }
 #endif  // SECCOMP_SANDBOX
 
+  scoped_ptr<sandbox::SetuidSandboxClient>
+      setuid_sandbox(sandbox::SetuidSandboxClient::Create());
+
+  if (setuid_sandbox == NULL) {
+    LOG(FATAL) << "Failed to instantiate the setuid sandbox client.";
+    return false;
+  }
+
   if (forkdelegate != NULL) {
     VLOG(1) << "ZygoteMain: initializing fork delegate";
-    forkdelegate->Init(getenv(kSUIDSandboxVar) != NULL,
+    forkdelegate->Init(setuid_sandbox->IsSuidSandboxChild(),
                        Zygote::kBrowserDescriptor,
                        Zygote::kMagicSandboxIPCDescriptor);
   } else {
     VLOG(1) << "ZygoteMain: fork delegate is NULL";
   }
 
   // Turn on the SELinux or SUID sandbox.
   bool using_suid_sandbox = false;
   bool has_started_new_init = false;
-  if (!EnterSandbox(&using_suid_sandbox, &has_started_new_init)) {
+  if (!EnterSandbox(setuid_sandbox.get(),
+                    &using_suid_sandbox,
+                    &has_started_new_init)) {
     LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: "
                << errno << ")";
     return false;
   }
 
   int sandbox_flags = 0;
   if (using_suid_sandbox) {
     sandbox_flags |= kSandboxLinuxSUID;
-    if (getenv("SBX_PID_NS"))
+    if (setuid_sandbox->IsInNewPIDNamespace())
       sandbox_flags |= kSandboxLinuxPIDNS;
-    if (getenv("SBX_NET_NS"))
+    if (setuid_sandbox->IsInNewNETNamespace())
       sandbox_flags |= kSandboxLinuxNetNS;
   }
 
   if ((sandbox_flags & kSandboxLinuxPIDNS) && !has_started_new_init) {
     LOG(ERROR) << "The SUID sandbox created a new PID namespace but Zygote "
                   "is not the init process. Please, make sure the SUID "
                   "binary is up to date.";
   }
 
 #if defined(SECCOMP_SANDBOX)
@@ skipping 17 matching lines @@
     }
   }
 #endif  // SECCOMP_SANDBOX
 
   Zygote zygote(sandbox_flags, forkdelegate, proc_fd_for_seccomp);
   // This function call can return multiple times, once per fork().
   return zygote.ProcessRequests();
 }
 
 }  // namespace content