sandbox/linux/syscall_broker/broker_host.cc - Issue 721553002: sandbox: Extend BrokerPolicy to support file creation

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/syscall_broker/broker_host.cc

Issue 721553002: sandbox: Extend BrokerPolicy to support file creation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Adding comments Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« sandbox/linux/syscall_broker/broker_file_permission.cc ('K') | « sandbox/linux/syscall_broker/broker_file_permission.cc ('k') | sandbox/linux/syscall_broker/broker_policy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: sandbox/linux/syscall_broker/broker_host.cc

diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc

index 29300f7e374359ec4038db80c46105de658aa60f..b6d6676025b4f52ddc88b24eba2a763a3920af2c 100644

--- a/sandbox/linux/syscall_broker/broker_host.cc

+++ b/sandbox/linux/syscall_broker/broker_host.cc

@@ -38,8 +38,12 @@ bool IsRunningOnValgrind() {

// make a direct system call since we want to keep in control of the broker

// process' system calls profile to be able to loosely sandbox it.

int sys_open(const char* pathname, int flags) {

- // Always pass a defined |mode| in case flags mistakenly contains O_CREAT.

- const int mode = 0;

+ // Hardcode mode to rw------- when creating files.

+ int mode;

+ if (flags & O_CREAT)

+ mode = 0600;

+ else

+ mode = 0;

if (IsRunningOnValgrind()) {

// Valgrind does not support AT_FDCWD, just use libc's open() in this case.

return open(pathname, flags, mode);

@@ -59,8 +63,9 @@ void OpenFileForIPC(const BrokerPolicy& policy,

DCHECK(write_pickle);

DCHECK(opened_files);

const char* file_to_open = NULL;

+ bool unlink_after_open = false;

const bool safe_to_open_file = policy.GetFileNameIfAllowedToOpen(

- requested_filename.c_str(), flags, &file_to_open);

+ requested_filename.c_str(), flags, &file_to_open, &unlink_after_open);

Jorge Lucangeli Obes 2014/11/14 18:48:07 When do you think we're gonna need this? I thought

leecam 2014/11/18 21:40:54 We do allow unlink but we dont have an IPC for the

if (safe_to_open_file) {

CHECK(file_to_open);

@@ -69,6 +74,9 @@ void OpenFileForIPC(const BrokerPolicy& policy,

write_pickle->WriteInt(-errno);

} else {

// Success.

+ if (unlink_after_open) {

+ unlink(file_to_open);

+ }

opened_files->push_back(opened_fd);

write_pickle->WriteInt(0);

}