OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 5 #ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 6 #define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
7 | 7 |
8 #include "build/build_config.h" | 8 #include "build/build_config.h" |
9 // Link errors are tedious to track, raise a compile-time error instead. | 9 // Link errors are tedious to track, raise a compile-time error instead. |
10 #if defined(OS_ANDROID) | 10 #if defined(OS_ANDROID) |
(...skipping 10 matching lines...) Expand all Loading... | |
21 // This class should be used to manipulate the current process' credentials. | 21 // This class should be used to manipulate the current process' credentials. |
22 // It is currently a stub used to manipulate POSIX.1e capabilities as | 22 // It is currently a stub used to manipulate POSIX.1e capabilities as |
23 // implemented by the Linux kernel. | 23 // implemented by the Linux kernel. |
24 class Credentials { | 24 class Credentials { |
25 public: | 25 public: |
26 Credentials(); | 26 Credentials(); |
27 ~Credentials(); | 27 ~Credentials(); |
28 | 28 |
29 // Drop all capabilities in the effective, inheritable and permitted sets for | 29 // Drop all capabilities in the effective, inheritable and permitted sets for |
30 // the current process. | 30 // the current process. |
31 void DropAllCapabilities(); | 31 bool DropAllCapabilities(); |
32 // Return true iff there is any capability in any of the capabilities sets | 32 // Return true iff there is any capability in any of the capabilities sets |
33 // of the current process. | 33 // of the current process. |
34 bool HasAnyCapability(); | 34 bool HasAnyCapability() const; |
35 // Returns the capabilities of the current process in textual form, as | 35 // Returns the capabilities of the current process in textual form, as |
36 // documented in libcap2's cap_to_text(3). This is mostly useful for | 36 // documented in libcap2's cap_to_text(3). This is mostly useful for |
37 // debugging and tests. | 37 // debugging and tests. |
38 scoped_ptr<std::string> GetCurrentCapString(); | 38 scoped_ptr<std::string> GetCurrentCapString() const; |
39 | |
40 // Move the current process to a new "user namespace" as supported by Linux | |
41 // 3.8+ (CLONE_NEWUSER). | |
42 // The uid map will be set-up so that the perceived uid and gid will not | |
43 // change. | |
44 // If this call succeeds, the current process will be granted a full set of | |
45 // capabilities in the new namespace. | |
46 bool MoveToNewUserNS(); | |
47 | |
48 // Remove the ability of the process to access the file system. File | |
49 // descriptors which are already open prior to calling this API remain | |
50 // available. | |
51 // The implementation currently uses chroot(2) and requires CAP_SYS_CHROOT. | |
52 // CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API. | |
53 // Make sure to call DropAllCapabilities() after this call to prevent | |
54 // escapes. | |
55 // To be secure, it's very important that this API is not called with any | |
Jorge Lucangeli Obes
2013/11/05 00:44:51
.. very important for this API not to be called...
jln (very slow on Chromium)
2013/11/05 00:54:42
Done.
| |
56 // directory file descriptor present. TODO(jln): integrate with | |
Jorge Lucangeli Obes
2013/11/05 00:44:51
descriptors.
jln (very slow on Chromium)
2013/11/05 00:54:42
palmer@ says that singular is "more common". Keepi
| |
57 // crbug.com/269806 when available. | |
58 bool DropFileSystemAccess(); | |
39 | 59 |
40 private: | 60 private: |
41 DISALLOW_COPY_AND_ASSIGN(Credentials); | 61 DISALLOW_COPY_AND_ASSIGN(Credentials); |
42 }; | 62 }; |
43 | 63 |
44 } // namespace sandbox. | 64 } // namespace sandbox. |
45 | 65 |
46 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ | 66 #endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ |
OLD | NEW |