Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(283)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/client/setuid_sandbox_client.cc

Issue 10837081: Revert 149692 - Create a LinuxSandbox class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sys/types.h> 5 #include <sys/types.h>
6 #include <sys/wait.h> 6 #include <sys/wait.h>
7 #include <unistd.h> 7 #include <unistd.h>
8 8
9 #include "base/eintr_wrapper.h" 9 #include "base/eintr_wrapper.h"
10 #include "base/environment.h" 10 #include "base/environment.h"
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 96
97 SetuidSandboxClient* SetuidSandboxClient::Create() { 97 SetuidSandboxClient* SetuidSandboxClient::Create() {
98 base::Environment* environment(base::Environment::Create()); 98 base::Environment* environment(base::Environment::Create());
99 SetuidSandboxClient* sandbox_client(new(SetuidSandboxClient)); 99 SetuidSandboxClient* sandbox_client(new(SetuidSandboxClient));
100 100
101 CHECK(environment); 101 CHECK(environment);
102 sandbox_client->env_ = environment; 102 sandbox_client->env_ = environment;
103 return sandbox_client; 103 return sandbox_client;
104 } 104 }
105 105
106 SetuidSandboxClient::SetuidSandboxClient() 106 SetuidSandboxClient::SetuidSandboxClient() {
107 : env_(NULL), 107 env_ = NULL;
108 sandboxed_(false) {
109 } 108 }
110 109
111 SetuidSandboxClient::~SetuidSandboxClient() { 110 SetuidSandboxClient::~SetuidSandboxClient() {
112 delete env_; 111 delete env_;
113 } 112 }
114 113
115 bool SetuidSandboxClient::ChrootMe() { 114 bool SetuidSandboxClient::ChrootMe() {
116 int fd = GetIPCDescriptor(env_); 115 int fd = GetIPCDescriptor(env_);
117 116
118 if (fd < 0) { 117 if (fd < 0) {
(...skipping 17 matching lines...) Expand all
136 char reply; 135 char reply;
137 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) { 136 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) {
138 PLOG(ERROR) << "Failed to read from chroot pipe"; 137 PLOG(ERROR) << "Failed to read from chroot pipe";
139 return false; 138 return false;
140 } 139 }
141 140
142 if (reply != kMsgChrootSuccessful) { 141 if (reply != kMsgChrootSuccessful) {
143 LOG(ERROR) << "Error code reply from chroot helper"; 142 LOG(ERROR) << "Error code reply from chroot helper";
144 return false; 143 return false;
145 } 144 }
146
147 // We now consider ourselves "fully sandboxed" as far as the
148 // setuid sandbox is concerned.
149 sandboxed_ = true;
150 return true; 145 return true;
151 } 146 }
152 147
153 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const { 148 bool SetuidSandboxClient::IsSuidSandboxUpToDate() const {
154 return GetHelperApi(env_) == kSUIDSandboxApiNumber; 149 return GetHelperApi(env_) == kSUIDSandboxApiNumber;
155 } 150 }
156 151
157 bool SetuidSandboxClient::IsSuidSandboxChild() const { 152 bool SetuidSandboxClient::IsSuidSandboxChild() const {
158 return GetIPCDescriptor(env_) >= 0; 153 return GetIPCDescriptor(env_) >= 0;
159 } 154 }
160 155
161 bool SetuidSandboxClient::IsInNewPIDNamespace() const { 156 bool SetuidSandboxClient::IsInNewPIDNamespace() const {
162 return env_->HasVar(kSandboxPIDNSEnvironmentVarName); 157 return env_->HasVar(kSandboxPIDNSEnvironmentVarName);
163 } 158 }
164 159
165 bool SetuidSandboxClient::IsInNewNETNamespace() const { 160 bool SetuidSandboxClient::IsInNewNETNamespace() const {
166 return env_->HasVar(kSandboxNETNSEnvironmentVarName); 161 return env_->HasVar(kSandboxNETNSEnvironmentVarName);
167 } 162 }
168 163
169 bool SetuidSandboxClient::IsSandboxed() const {
170 return sandboxed_;
171 }
172
173 void SetuidSandboxClient::SetupLaunchEnvironment() { 164 void SetuidSandboxClient::SetupLaunchEnvironment() {
174 SaveSUIDUnsafeEnvironmentVariables(env_); 165 SaveSUIDUnsafeEnvironmentVariables(env_);
175 SetSandboxAPIEnvironmentVariable(env_); 166 SetSandboxAPIEnvironmentVariable(env_);
176 } 167 }
177 168
178 } // namespace sandbox 169 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/linux/suid/client/setuid_sandbox_client.h ('k') | sandbox/linux/suid/client/setuid_sandbox_client_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698