| OLD | NEW | 
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be | 
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. | 
| 4 | 4 | 
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" | 
| 6 | 6 | 
| 7 #include <errno.h> | 7 #include <errno.h> | 
| 8 #include <signal.h> | 8 #include <signal.h> | 
| 9 #include <stdint.h> | 9 #include <stdint.h> | 
| 10 #include <stdio.h> | 10 #include <stdio.h> | 
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after  Loading... | 
| 289 bool Credentials::DropFileSystemAccess(int proc_fd) { | 289 bool Credentials::DropFileSystemAccess(int proc_fd) { | 
| 290   CHECK_LE(0, proc_fd); | 290   CHECK_LE(0, proc_fd); | 
| 291 | 291 | 
| 292   CHECK(ChrootToSafeEmptyDir()); | 292   CHECK(ChrootToSafeEmptyDir()); | 
| 293   CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 293   CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 
| 294   CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 294   CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 
| 295   // We never let this function fail. | 295   // We never let this function fail. | 
| 296   return true; | 296   return true; | 
| 297 } | 297 } | 
| 298 | 298 | 
|  | 299 pid_t Credentials::ForkAndDropCapabilitiesInChild() { | 
|  | 300   pid_t pid = fork(); | 
|  | 301   if (pid != 0) { | 
|  | 302     return pid; | 
|  | 303   } | 
|  | 304 | 
|  | 305   // Since we just forked, we are single threaded. | 
|  | 306   PCHECK(DropAllCapabilitiesOnCurrentThread()); | 
|  | 307   return 0; | 
|  | 308 } | 
|  | 309 | 
| 299 }  // namespace sandbox. | 310 }  // namespace sandbox. | 
| OLD | NEW | 
|---|