Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(584)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/suid/client/setuid_sandbox_client.h

Issue 10807059: Refactor the setuid sandbox client code to its own class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/sandbox_linux.gypi ('k') | sandbox/linux/suid/client/setuid_sandbox_client.cc » ('j') | sandbox/linux/suid/client/setuid_sandbox_client.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/suid/client/setuid_sandbox_client.h
diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_client.h
new file mode 100644
index 0000000000000000000000000000000000000000..bf255b9132b8f4d6471f61ee3483b26ef5eaa8a1
--- /dev/null
+++ b/sandbox/linux/suid/client/setuid_sandbox_client.h
@@ -0,0 +1,53 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SUID_SUID_CLIENT_H_
+#define SANDBOX_LINUX_SUID_SUID_CLIENT_H_
+
+#include "base/basictypes.h"
+#include "base/environment.h"
+
+namespace sandbox {
+
+// Helper class to use the setuid sandbox. This class is to be used both
+// before launching the setuid helper and after being executed through the
+// setuid helper.
+//
+// A typical use would be:
+// 1. The browser calls SetupLaunchEnvironment()
+// 2. The browser launches a renderer through the setuid sandbox.
+// 3. The renderer requests being chroot-ed through ChrootMe() and
+// requests other sandboxing status via the status functions.
+class SetuidSandboxClient {
+ public:
+ // All instantation should go through this factory method.
+ static class SetuidSandboxClient* Create();
+ ~SetuidSandboxClient();
+
+ // Ask the setuid helper over the setuid sandbox IPC channel to chroot() us
+ // to an empty directory.
+ // Will only work if we have been launched through the setuid helper.
+ bool ChrootMe();
+ // Did we get launched through an up to date setuid binary ?
Markus (顧孟勤) 2012/07/23 21:06:30 Minor nit. I would put blank lines here to make th
jln (very slow on Chromium) 2012/07/23 21:32:15 Done. I've put one to separate ChrootMe from the I
+ bool IsSuidSandboxUpToDate() const;
+ // Did we get launched through the setuid helper ?
+ bool IsSuidSandboxChild() const;
+ // Did the setuid helper create a new PID namespace ?
+ bool IsInNewPIDNamespace() const;
+ // Did the setuid helper create a new network namespace ?
+ bool IsInNewNETNamespace() const;
+
+ // Set-up the environment. This should be done prior to launching the setuid
+ // helper.
+ void SetupLaunchEnvironment();
+
+ private:
+ // Holds the environment. Will never be NULL.
+ base::Environment* env_;
+ DISALLOW_IMPLICIT_CONSTRUCTORS(SetuidSandboxClient);
+};
+
+} // namespace sandbox
+
+#endif // SANDBOX_LINUX_SUID_SUID_CLIENT_H_
« no previous file with comments | « sandbox/linux/sandbox_linux.gypi ('k') | sandbox/linux/suid/client/setuid_sandbox_client.cc » ('j') | sandbox/linux/suid/client/setuid_sandbox_client.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698