Index: sandbox/linux/services/credentials.cc |
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc |
index 2e66d97cf53a45895d0ea7caeb1e8315f0a510a8..4a606db6432175aa90f2c40169b43f7e05345ece 100644 |
--- a/sandbox/linux/services/credentials.cc |
+++ b/sandbox/linux/services/credentials.cc |
@@ -125,6 +125,7 @@ int LinuxCapabilityToKernelValue(LinuxCapability cap) { |
} // namespace. |
+// static |
bool Credentials::DropAllCapabilities(int proc_fd) { |
if (!SetCapabilities(proc_fd, std::vector<LinuxCapability>())) { |
return false; |
@@ -134,22 +135,20 @@ bool Credentials::DropAllCapabilities(int proc_fd) { |
return true; |
} |
+// static |
bool Credentials::DropAllCapabilities() { |
base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
return Credentials::DropAllCapabilities(proc_fd.get()); |
} |
// static |
-bool Credentials::SetCapabilities(int proc_fd, |
- const std::vector<LinuxCapability>& caps) { |
- DCHECK_LE(0, proc_fd); |
- |
-#if !defined(THREAD_SANITIZER) |
- // With TSAN, accept to break the security model as it is a testing |
- // configuration. |
- CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
-#endif |
+bool Credentials::DropAllCapabilitiesOnCurrentThread() { |
+ return SetCapabilitiesOnCurrentThread(std::vector<LinuxCapability>()); |
+} |
+// static |
+bool Credentials::SetCapabilitiesOnCurrentThread( |
+ const std::vector<LinuxCapability>& caps) { |
struct cap_hdr hdr = {}; |
hdr.version = _LINUX_CAPABILITY_VERSION_3; |
struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {{}}; |
@@ -167,6 +166,20 @@ bool Credentials::SetCapabilities(int proc_fd, |
return sys_capset(&hdr, data) == 0; |
} |
+// static |
+bool Credentials::SetCapabilities(int proc_fd, |
+ const std::vector<LinuxCapability>& caps) { |
+ DCHECK_LE(0, proc_fd); |
+ |
+#if !defined(THREAD_SANITIZER) |
+ // With TSAN, accept to break the security model as it is a testing |
+ // configuration. |
+ CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
+#endif |
+ |
+ return SetCapabilitiesOnCurrentThread(caps); |
+} |
+ |
bool Credentials::HasAnyCapability() { |
struct cap_hdr hdr = {}; |
hdr.version = _LINUX_CAPABILITY_VERSION_3; |