Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(378)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 10826093: Create a LinuxSandbox class (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Only include the sandbox_bpf.h header on supported architectures. Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sys/types.h> 5 #include <sys/types.h>
6 #include <sys/wait.h> 6 #include <sys/wait.h>
7 #include <unistd.h> 7 #include <unistd.h>
8 8
9 #include "base/eintr_wrapper.h" 9 #include "base/eintr_wrapper.h"
10 #include "base/environment.h" 10 #include "base/environment.h"
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 96
97 SetuidSandboxClient* SetuidSandboxClient::Create() { 97 SetuidSandboxClient* SetuidSandboxClient::Create() {
98 base::Environment* environment(base::Environment::Create()); 98 base::Environment* environment(base::Environment::Create());
99 SetuidSandboxClient* sandbox_client(new(SetuidSandboxClient)); 99 SetuidSandboxClient* sandbox_client(new(SetuidSandboxClient));
100 100
101 CHECK(environment); 101 CHECK(environment);
102 sandbox_client->env_ = environment; 102 sandbox_client->env_ = environment;
103 return sandbox_client; 103 return sandbox_client;
104 } 104 }
105 105
106 SetuidSandboxClient::SetuidSandboxClient() { 106 SetuidSandboxClient::SetuidSandboxClient()
107 env_ = NULL; 107 : env_(NULL),
108 sandboxed_(false) {
108 } 109 }
109 110
110 SetuidSandboxClient::~SetuidSandboxClient() { 111 SetuidSandboxClient::~SetuidSandboxClient() {
111 delete env_; 112 delete env_;
112 } 113 }
113 114
114 bool SetuidSandboxClient::ChrootMe() { 115 bool SetuidSandboxClient::ChrootMe() {
115 int fd = GetIPCDescriptor(env_); 116 int fd = GetIPCDescriptor(env_);
116 117
117 if (fd < 0) { 118 if (fd < 0) {
(...skipping 17 matching lines...) Expand all
135 char reply; 136 char reply;
136 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) { 137 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) {
137 PLOG(ERROR) << "Failed to read from chroot pipe"; 138 PLOG(ERROR) << "Failed to read from chroot pipe";
138 return false; 139 return false;
139 } 140 }
140 141
141 if (reply != kMsgChrootSuccessful) { 142 if (reply != kMsgChrootSuccessful) {
142 LOG(ERROR) << "Error code reply from chroot helper"; 143 LOG(ERROR) << "Error code reply from chroot helper";
143 return false; 144 return false;
144 } 145 }
146
147 // We now consider ourselves "fully sandboxed" as far as the
148 // setuid sandbox is concerned.
149 sandboxed_ = true;
145 return true; 150 return true;
146 } 151 }
147 152
148 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { 153 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
149 return GetHelperApi(env_) == kSUIDSandboxApiNumber; 154 return GetHelperApi(env_) == kSUIDSandboxApiNumber;
150 } 155 }
151 156
152 bool SetuidSandboxClient::IsSuidSandboxChild() const { 157 bool SetuidSandboxClient::IsSuidSandboxChild() const {
153 return GetIPCDescriptor(env_) >= 0; 158 return GetIPCDescriptor(env_) >= 0;
154 } 159 }
155 160
156 bool SetuidSandboxClient::IsInNewPIDNamespace() const { 161 bool SetuidSandboxClient::IsInNewPIDNamespace() const {
157 return env_->HasVar(kSandboxPIDNSEnvironmentVarName); 162 return env_->HasVar(kSandboxPIDNSEnvironmentVarName);
158 } 163 }
159 164
160 bool SetuidSandboxClient::IsInNewNETNamespace() const { 165 bool SetuidSandboxClient::IsInNewNETNamespace() const {
161 return env_->HasVar(kSandboxNETNSEnvironmentVarName); 166 return env_->HasVar(kSandboxNETNSEnvironmentVarName);
162 } 167 }
163 168
169 bool SetuidSandboxClient::IsSandboxed() const {
170 return sandboxed_;
171 }
172
164 void SetuidSandboxClient::SetupLaunchEnvironment() { 173 void SetuidSandboxClient::SetupLaunchEnvironment() {
165 SaveSUIDUnsafeEnvironmentVariables(env_); 174 SaveSUIDUnsafeEnvironmentVariables(env_);
166 SetSandboxAPIEnvironmentVariable(env_); 175 SetSandboxAPIEnvironmentVariable(env_);
167 } 176 }
168 177
169 } // namespace sandbox 178 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698