content/common/sandbox_linux/sandbox_linux.h - Issue 733303004: Linux sandbox: change API to start the sandbox

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux/sandbox_linux.h

Issue 733303004: Linux sandbox: change API to start the sandbox (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Address nits from Jorge. Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/common/sandbox_linux/sandbox_linux.h

diff --git a/content/common/sandbox_linux/sandbox_linux.h b/content/common/sandbox_linux/sandbox_linux.h

index a5a232277e9f87843da45b7f001a6fabef45578c..0ad0ed4476219aba3af13741de4d308e4bd82f60 100644

--- a/content/common/sandbox_linux/sandbox_linux.h

+++ b/content/common/sandbox_linux/sandbox_linux.h

@@ -6,6 +6,7 @@

#define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_

#include <string>

+#include <vector>

#include "base/basictypes.h"

#include "base/memory/scoped_ptr.h"

@@ -49,8 +50,19 @@ class LinuxSandbox {

// Do some initialization that can only be done before any of the sandboxes

// are enabled. If using the setuid sandbox, this should be called manually

// before the setuid sandbox is engaged.

+ // Security: When this runs, it is imperative that either InitializeSandbox()

+ // runs as well or that all file descriptors returned in

+ // GetFileDescriptorsToClose() get closed.

+ // Otherwise file descriptors that bypass the security of the setuid sandbox

+ // would be kept open. One must be particularly careful if a process performs

+ // a fork().

void PreinitializeSandbox();

+ // Return a list of file descriptors to close if PreinitializeSandbox() ran

+ // but InitializeSandbox() won't. Avoid using.

+ // TODO(jln): get rid of this hack.

+ std::vector<int> GetFileDescriptorsToClose();

// Initialize the sandbox with the given pre-built configuration. Currently

// seccomp-bpf and address space limitations (the setuid sandbox works

// differently and is set-up in the Zygote). This will instantiate the

@@ -132,6 +144,7 @@ class LinuxSandbox {

bool pre_initialized_;

bool seccomp_bpf_supported_; // Accurate if pre_initialized_.

bool yama_is_enforcing_; // Accurate if pre_initialized_.

+ bool initialize_sandbox_ran_; // InitializeSandbox() was called.

scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;

#if defined(ANY_OF_AMTLU_SANITIZER)

scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;