OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
146 CHECK(!HasAnyCapability()); | 146 CHECK(!HasAnyCapability()); |
147 // We never let this function fail. | 147 // We never let this function fail. |
148 return true; | 148 return true; |
149 } | 149 } |
150 | 150 |
151 bool Credentials::DropAllCapabilities() { | 151 bool Credentials::DropAllCapabilities() { |
152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); | 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
153 return Credentials::DropAllCapabilities(proc_fd.get()); | 153 return Credentials::DropAllCapabilities(proc_fd.get()); |
154 } | 154 } |
155 | 155 |
156 // static | |
157 bool Credentials::SetCapabilities(int proc_fd, | |
158 const std::vector<cap_value_t>& caps) { | |
159 DCHECK_LE(0, proc_fd); | |
jln (very slow on Chromium)
2015/03/10 17:03:34
if (caps.size <= 0) return false;
jln (very slow on Chromium)
2015/03/10 17:03:34
if (caps.size <= 0) return false;
rickyz (no longer on Chrome)
2015/03/10 20:22:13
Oops, that's embarrassing - I placed the cap_set_f
| |
160 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | |
161 | |
162 sandbox::ScopedCap cap(cap_init()); | |
163 PCHECK(cap != nullptr); | |
164 cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
jln (very slow on Chromium)
2015/03/10 17:03:34
Why not include CAP_INHERITABLE ? It seems much sa
rickyz (no longer on Chrome)
2015/03/10 20:22:13
Isn't not including CAP_INHERITABLE slightly more
jln (very slow on Chromium)
2015/03/10 22:12:11
You're right that we don't want to set any cap in
jln (very slow on Chromium)
2015/03/10 22:18:40
Ok, forget that: of course CAP_INHERITABLE is *alr
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Done.
| |
165 for (const cap_flag_t flag : flags) { | |
166 PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps[0], CAP_SET) == 0); | |
jln (very slow on Chromium)
2015/03/10 17:03:35
caps.at(0) instead of caps[0] for good measure?
rickyz (no longer on Chrome)
2015/03/10 20:22:14
Done.
| |
167 } | |
168 return cap_set_proc(cap.get()) == 0; | |
169 } | |
170 | |
156 bool Credentials::HasAnyCapability() { | 171 bool Credentials::HasAnyCapability() { |
157 ScopedCap current_cap(cap_get_proc()); | 172 ScopedCap current_cap(cap_get_proc()); |
158 CHECK(current_cap); | 173 CHECK(current_cap); |
159 ScopedCap empty_cap(cap_init()); | 174 ScopedCap empty_cap(cap_init()); |
160 CHECK(empty_cap); | 175 CHECK(empty_cap); |
161 return cap_compare(current_cap.get(), empty_cap.get()) != 0; | 176 return cap_compare(current_cap.get(), empty_cap.get()) != 0; |
162 } | 177 } |
163 | 178 |
179 bool Credentials::HasCapability(cap_value_t cap) { | |
180 ScopedCap current_cap(cap_get_proc()); | |
181 PCHECK(current_cap); | |
182 | |
183 cap_flag_value_t value; | |
184 PCHECK(cap_get_flag(current_cap.get(), cap, CAP_EFFECTIVE, &value) == 0); | |
jln (very slow on Chromium)
2015/03/10 17:03:34
Let's do a for() loop like above instead? It's mor
rickyz (no longer on Chrome)
2015/03/10 20:22:14
Done.
| |
185 if (value != CAP_SET) { | |
186 PCHECK(cap_get_flag(current_cap.get(), cap, CAP_PERMITTED, &value) == 0); | |
187 } | |
188 | |
189 return value == CAP_SET; | |
190 } | |
191 | |
164 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 192 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
165 ScopedCap current_cap(cap_get_proc()); | 193 ScopedCap current_cap(cap_get_proc()); |
166 CHECK(current_cap); | 194 CHECK(current_cap); |
167 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 195 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
168 CHECK(cap_text); | 196 CHECK(cap_text); |
169 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 197 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
170 } | 198 } |
171 | 199 |
172 // static | 200 // static |
173 bool Credentials::CanCreateProcessInNewUserNS() { | 201 bool Credentials::CanCreateProcessInNewUserNS() { |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
245 CHECK_LE(0, proc_fd); | 273 CHECK_LE(0, proc_fd); |
246 | 274 |
247 CHECK(ChrootToSafeEmptyDir()); | 275 CHECK(ChrootToSafeEmptyDir()); |
248 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 276 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
249 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 277 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); |
250 // We never let this function fail. | 278 // We never let this function fail. |
251 return true; | 279 return true; |
252 } | 280 } |
253 | 281 |
254 } // namespace sandbox. | 282 } // namespace sandbox. |
OLD | NEW |