| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" | 5 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sched.h> | 10 #include <sched.h> |
| (...skipping 737 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 748 | 748 |
| 749 bool NoOpCallback() { | 749 bool NoOpCallback() { |
| 750 return true; | 750 return true; |
| 751 } | 751 } |
| 752 | 752 |
| 753 // Test a trap handler that makes use of a broker process to open(). | 753 // Test a trap handler that makes use of a broker process to open(). |
| 754 | 754 |
| 755 class InitializedOpenBroker { | 755 class InitializedOpenBroker { |
| 756 public: | 756 public: |
| 757 InitializedOpenBroker() : initialized_(false) { | 757 InitializedOpenBroker() : initialized_(false) { |
| 758 std::vector<std::string> allowed_files; | 758 std::vector<syscall_broker::BrokerFilePermission> permissions; |
| 759 allowed_files.push_back("/proc/allowed"); | 759 permissions.push_back( |
| 760 allowed_files.push_back("/proc/cpuinfo"); | 760 syscall_broker::BrokerFilePermission::ReadOnly("/proc/allowed")); |
| 761 permissions.push_back( |
| 762 syscall_broker::BrokerFilePermission::ReadOnly("/proc/cpuinfo")); |
| 761 | 763 |
| 762 broker_process_.reset(new syscall_broker::BrokerProcess( | 764 broker_process_.reset( |
| 763 EPERM, allowed_files, std::vector<std::string>())); | 765 new syscall_broker::BrokerProcess(EPERM, permissions)); |
| 764 BPF_ASSERT(broker_process() != NULL); | 766 BPF_ASSERT(broker_process() != NULL); |
| 765 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); | 767 BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback))); |
| 766 | 768 |
| 767 initialized_ = true; | 769 initialized_ = true; |
| 768 } | 770 } |
| 769 bool initialized() { return initialized_; } | 771 bool initialized() { return initialized_; } |
| 770 class syscall_broker::BrokerProcess* broker_process() { | 772 class syscall_broker::BrokerProcess* broker_process() { |
| 771 return broker_process_.get(); | 773 return broker_process_.get(); |
| 772 } | 774 } |
| 773 | 775 |
| (...skipping 1619 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2393 BPF_ASSERT_EQ(ENOSYS, errno); | 2395 BPF_ASSERT_EQ(ENOSYS, errno); |
| 2394 | 2396 |
| 2395 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); | 2397 BPF_ASSERT_EQ(-1, syscall(__NR_setgid, 300)); |
| 2396 BPF_ASSERT_EQ(EPERM, errno); | 2398 BPF_ASSERT_EQ(EPERM, errno); |
| 2397 } | 2399 } |
| 2398 | 2400 |
| 2399 } // namespace | 2401 } // namespace |
| 2400 | 2402 |
| 2401 } // namespace bpf_dsl | 2403 } // namespace bpf_dsl |
| 2402 } // namespace sandbox | 2404 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 721553002:
sandbox: Extend BrokerPolicy to support file creation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master