Revert 149692 - Create a LinuxSandbox class.

content/common/sandbox_linux.cc

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include "base/command_line.h"
-#include "base/eintr_wrapper.h"
-#include "base/logging.h"
-#include "base/memory/singleton.h"
-#include "content/common/sandbox_linux.h"
-#include "content/common/seccomp_sandbox.h"
-#include "content/public/common/content_switches.h"
-#include "content/public/common/sandbox_linux.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
-#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
-
-namespace {
-
-// Implement the command line enabling logic for seccomp-legacy.
-bool IsSeccompLegacyDesired() {
-#if defined(SECCOMP_SANDBOX)
-#if defined(NDEBUG)
-  // Off by default; allow turning on with a switch.
-  return CommandLine::ForCurrentProcess()->HasSwitch(
-      switches::kEnableSeccompSandbox);
-#else
-  // On by default; allow turning off with a switch.
-  return !CommandLine::ForCurrentProcess()->HasSwitch(
-      switches::kDisableSeccompSandbox);
-#endif  // NDEBUG
-#endif  // SECCOMP_SANDBOX
-  return false;
-}
-
-}  // namespace
-
-namespace content {
-
-LinuxSandbox::LinuxSandbox()
-    : proc_fd_(-1),
-      pre_initialized_(false),
-      seccomp_legacy_supported_(false),
-      setuid_sandbox_client_(sandbox::SetuidSandboxClient::Create()) {
-  if (setuid_sandbox_client_ == NULL) {
-    LOG(FATAL) << "Failed to instantiate the setuid sandbox client.";
-  }
-}
-
-LinuxSandbox::~LinuxSandbox() {
-}
-
-LinuxSandbox* LinuxSandbox::GetInstance() {
-  LinuxSandbox* instance = Singleton<LinuxSandbox>::get();
-  CHECK(instance);
-  return instance;
-}
-
-void LinuxSandbox::PreinitializeSandboxBegin() {
-  CHECK(!pre_initialized_);
-  seccomp_legacy_supported_ = false;
-#if defined(SECCOMP_SANDBOX)
-  if (IsSeccompLegacyDesired()) {
-    proc_fd_ = open("/proc", O_DIRECTORY | O_RDONLY);
-    if (proc_fd_ < 0) {
-      LOG(ERROR) << "Cannot access \"/proc\". Disabling seccomp-legacy "
-                    "sandboxing.";
-      // Now is a good time to figure out if we can support seccomp sandboxing
-      // at all. We will call SupportsSeccompSandbox again later, when actually
-      // enabling it, but we allow the implementation to cache some information.
-      // This is the only place where we will log full lack of seccomp-legacy
-      // support.
-    } else if (!SupportsSeccompSandbox(proc_fd_)) {
-      VLOG(1) << "Lacking support for seccomp-legacy sandbox.";
-      CHECK_EQ(HANDLE_EINTR(close(proc_fd_)), 0);
-      proc_fd_ = -1;
-    } else {
-      seccomp_legacy_supported_ = true;
-    }
-  }
-#endif  // SECCOMP_SANDBOX
-#if defined(SECCOMP_BPF_SANDBOX)
-  // Similarly, we "pre-warm" the code that detects supports for seccomp BPF.
-  // TODO(jln): Use proc_fd_ here too once we're comfortable it does not create
-  // an additional security risk.
-  if (playground2::Sandbox::supportsSeccompSandbox(-1) !=
-      playground2::Sandbox::STATUS_AVAILABLE) {
-    VLOG(1) << "Lacking support for seccomp-bpf sandbox.";
-  }
-#endif  // SECCOMP_BPF_SANDBOX
-  pre_initialized_ = true;
-}
-
-// Once we finally know our process type, we can cleanup proc_fd_
-// or pass it to seccomp-legacy.
-void LinuxSandbox::PreinitializeSandboxFinish(
-    const std::string& process_type) {
-  CHECK(pre_initialized_);
-  if (proc_fd_ >= 0) {
-    if (ShouldEnableSeccompLegacy(process_type)) {
-#if defined(SECCOMP_SANDBOX)
-      SeccompSandboxSetProcFd(proc_fd_);
-#endif
-    } else {
-      DCHECK_GE(proc_fd_, 0);
-      CHECK_EQ(HANDLE_EINTR(close(proc_fd_)), 0);
-    }
-    proc_fd_ = -1;
-  }
-}
-
-void LinuxSandbox::PreinitializeSandbox(const std::string& process_type) {
-  PreinitializeSandboxBegin();
-  PreinitializeSandboxFinish(process_type);
-}
-
-int LinuxSandbox::GetStatus() {
-  CHECK(pre_initialized_);
-  int sandbox_flags = 0;
-  if (setuid_sandbox_client_->IsSandboxed()) {
-    sandbox_flags |= kSandboxLinuxSUID;
-    if (setuid_sandbox_client_->IsInNewPIDNamespace())
-      sandbox_flags |= kSandboxLinuxPIDNS;
-    if (setuid_sandbox_client_->IsInNewNETNamespace())
-      sandbox_flags |= kSandboxLinuxNetNS;
-  }
-  if (seccomp_legacy_supported_) {
-    sandbox_flags |= kSandboxLinuxSeccomp;
-  }
-  return sandbox_flags;
-}
-
-sandbox::SetuidSandboxClient*
-    LinuxSandbox::setuid_sandbox_client() const {
-  return setuid_sandbox_client_.get();
-}
-
-// For seccomp-legacy, we implement the policy inline, here.
-bool LinuxSandbox::StartSeccompLegacy(const std::string& process_type) {
-  if (!pre_initialized_)
-    PreinitializeSandbox(process_type);
-  if (ShouldEnableSeccompLegacy(process_type)) {
-    // SupportsSeccompSandbox() returns a cached result, as we already
-    // called it earlier in the PreinitializeSandbox(). Thus, it is OK for us
-    // to not pass in a file descriptor for "/proc".
-#if defined(SECCOMP_SANDBOX)
-    if (SupportsSeccompSandbox(-1)) {
-      StartSeccompSandbox();
-      return true;
-    }
-#endif
-  }
-  return false;
-}
-
-// For seccomp-bpf, we will use the seccomp-bpf policy class.
-// TODO(jln): implement this.
-bool LinuxSandbox::StartSeccompBpf(const std::string& process_type) {
-  CHECK(pre_initialized_);
-  NOTREACHED();
-  return false;
-}
-
-// Our "policy" on whether or not to enable seccomp-legacy. Only renderers are
-// supported.
-bool LinuxSandbox::ShouldEnableSeccompLegacy(
-    const std::string& process_type) {
-  CHECK(pre_initialized_);
-  if (IsSeccompLegacyDesired() &&
-      seccomp_legacy_supported_ &&
-      process_type == switches::kRendererProcess) {
-    return true;
-  } else {
-    return false;
-  }
-}
-
-}  // namespace content
-