sandbox/linux/seccomp-bpf/util.cc - Issue 10878033: Simplified unit testing of sandboxing code.

Side by Side Diff: sandbox/linux/seccomp-bpf/util.cc

Issue 10878033: Simplified unit testing of sandboxing code. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Add missing parameter that suppresses benign error messages Created 8 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <dirent.h>	5 #include <dirent.h>

6 #include <errno.h>	6 #include <errno.h>

7 #include <fcntl.h>	7 #include <fcntl.h>

8 #include <stdarg.h>	8 #include <stdarg.h>

9 #include <stdlib.h>	9 #include <stdlib.h>

10 #include <string.h>	10 #include <string.h>

(...skipping 102 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
113 }	113 }

114 va_end(ap);	114 va_end(ap);

115 return true;	115 return true;

116 }	116 }

117	117

118 void Util::closeAllBut(int fd, ...) {	118 void Util::closeAllBut(int fd, ...) {

119 int proc_fd;	119 int proc_fd;

120 int fdir;	120 int fdir;

121 if ((proc_fd = Sandbox::getProcFd()) < 0 \|\|	121 if ((proc_fd = Sandbox::getProcFd()) < 0 \|\|

122 (fdir = openat(proc_fd, "self/fd", O_RDONLY\|O_DIRECTORY)) < 0) {	122 (fdir = openat(proc_fd, "self/fd", O_RDONLY\|O_DIRECTORY)) < 0) {

123 Sandbox::die("Cannot access \"/proc/self/fd\"");	123 SANDBOX_DIE("Cannot access \"/proc/self/fd\"");

124 }	124 }

125 int dev_null = open("/dev/null", O_RDWR);	125 int dev_null = open("/dev/null", O_RDWR);

126 DIR *dir = fdopendir(fdir);	126 DIR *dir = fdopendir(fdir);

127 struct dirent de, *res;	127 struct dirent de, *res;

128 while (!readdir_r(dir, &de, &res) && res) {	128 while (!readdir_r(dir, &de, &res) && res) {

129 if (res->d_name[0] < '0') {	129 if (res->d_name[0] < '0') {

130 continue;	130 continue;

131 }	131 }

132 int i = atoi(res->d_name);	132 int i = atoi(res->d_name);

133 if (i >= 0 && i != dirfd(dir) && i != dev_null) {	133 if (i >= 0 && i != dirfd(dir) && i != dev_null) {

134 va_list ap;	134 va_list ap;

135 va_start(ap, fd);	135 va_start(ap, fd);

136 for (int f = fd;; f = va_arg(ap, int)) {	136 for (int f = fd;; f = va_arg(ap, int)) {

137 if (f < 0) {	137 if (f < 0) {

138 if (i <= 2) {	138 if (i <= 2) {

139 // Never ever close 0..2. If we cannot redirect to /dev/null,	139 // Never ever close 0..2. If we cannot redirect to /dev/null,

140 // then we are better off leaving the standard descriptors open.	140 // then we are better off leaving the standard descriptors open.

141 if (dev_null >= 0) {	141 if (dev_null >= 0) {

142 if (HANDLE_EINTR(dup2(dev_null, i))) {	142 if (HANDLE_EINTR(dup2(dev_null, i))) {

143 Sandbox::die("Cannot dup2()");	143 SANDBOX_DIE("Cannot dup2()");

144 }	144 }

145 }	145 }

146 } else {	146 } else {

147 if (HANDLE_EINTR(close(i))) { }	147 if (HANDLE_EINTR(close(i))) { }

148 }	148 }

149 break;	149 break;

150 } else if (i == f) {	150 } else if (i == f) {

151 break;	151 break;

152 }	152 }

153 }	153 }

154 va_end(ap);	154 va_end(ap);

155 }	155 }

156 }	156 }

157 closedir(dir);	157 closedir(dir);

158 if (dev_null >= 0) {	158 if (dev_null >= 0) {

159 if (HANDLE_EINTR(close(dev_null))) { }	159 if (HANDLE_EINTR(close(dev_null))) { }

160 }	160 }

161 return;	161 return;

162 }	162 }

163	163

164 } // namespace	164 } // namespace

OLD	NEW

« no previous file with comments | « sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc ('k') | sandbox/linux/tests/main.cc » ('j') | no next file with comments »