Chromium Code Reviews Chromium Code Reviews
Issue 997463002:
Add SetCapabilities for setting capabilities to an exact set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 146 CHECK(!HasAnyCapability()); | 146 CHECK(!HasAnyCapability()); |
| 147 // We never let this function fail. | 147 // We never let this function fail. |
| 148 return true; | 148 return true; |
| 149 } | 149 } |
| 150 | 150 |
| 151 bool Credentials::DropAllCapabilities() { | 151 bool Credentials::DropAllCapabilities() { |
| 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); | 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
| 153 return Credentials::DropAllCapabilities(proc_fd.get()); | 153 return Credentials::DropAllCapabilities(proc_fd.get()); |
| 154 } | 154 } |
| 155 | 155 |
| 156 // static | |
| 157 bool Credentials::SetCapabilities(int proc_fd, | |
| 158 const std::vector<cap_value_t>& caps) { | |
| 159 DCHECK_LE(0, proc_fd); | |
|
jln (very slow on Chromium)
2015/03/10 17:03:34
if (caps.size <= 0) return false;
jln (very slow on Chromium)
2015/03/10 17:03:34
if (caps.size <= 0) return false;
rickyz (no longer on Chrome)
2015/03/10 20:22:13
Oops, that's embarrassing - I placed the cap_set_f
| |
| 160 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | |
| 161 | |
| 162 sandbox::ScopedCap cap(cap_init()); | |
| 163 PCHECK(cap != nullptr); | |
| 164 cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
|
jln (very slow on Chromium)
2015/03/10 17:03:34
Why not include CAP_INHERITABLE ? It seems much sa
rickyz (no longer on Chrome)
2015/03/10 20:22:13
Isn't not including CAP_INHERITABLE slightly more
jln (very slow on Chromium)
2015/03/10 22:12:11
You're right that we don't want to set any cap in
jln (very slow on Chromium)
2015/03/10 22:18:40
Ok, forget that: of course CAP_INHERITABLE is *alr
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Done.
| |
| 165 for (const cap_flag_t flag : flags) { | |
| 166 PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps[0], CAP_SET) == 0); | |
|
jln (very slow on Chromium)
2015/03/10 17:03:35
caps.at(0) instead of caps[0] for good measure?
rickyz (no longer on Chrome)
2015/03/10 20:22:14
Done.
| |
| 167 } | |
| 168 return cap_set_proc(cap.get()) == 0; | |
| 169 } | |
| 170 | |
| 156 bool Credentials::HasAnyCapability() { | 171 bool Credentials::HasAnyCapability() { |
| 157 ScopedCap current_cap(cap_get_proc()); | 172 ScopedCap current_cap(cap_get_proc()); |
| 158 CHECK(current_cap); | 173 CHECK(current_cap); |
| 159 ScopedCap empty_cap(cap_init()); | 174 ScopedCap empty_cap(cap_init()); |
| 160 CHECK(empty_cap); | 175 CHECK(empty_cap); |
| 161 return cap_compare(current_cap.get(), empty_cap.get()) != 0; | 176 return cap_compare(current_cap.get(), empty_cap.get()) != 0; |
| 162 } | 177 } |
| 163 | 178 |
| 179 bool Credentials::HasCapability(cap_value_t cap) { | |
| 180 ScopedCap current_cap(cap_get_proc()); | |
| 181 PCHECK(current_cap); | |
| 182 | |
| 183 cap_flag_value_t value; | |
| 184 PCHECK(cap_get_flag(current_cap.get(), cap, CAP_EFFECTIVE, &value) == 0); | |
|
jln (very slow on Chromium)
2015/03/10 17:03:34
Let's do a for() loop like above instead? It's mor
rickyz (no longer on Chrome)
2015/03/10 20:22:14
Done.
| |
| 185 if (value != CAP_SET) { | |
| 186 PCHECK(cap_get_flag(current_cap.get(), cap, CAP_PERMITTED, &value) == 0); | |
| 187 } | |
| 188 | |
| 189 return value == CAP_SET; | |
| 190 } | |
| 191 | |
| 164 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 192 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
| 165 ScopedCap current_cap(cap_get_proc()); | 193 ScopedCap current_cap(cap_get_proc()); |
| 166 CHECK(current_cap); | 194 CHECK(current_cap); |
| 167 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 195 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
| 168 CHECK(cap_text); | 196 CHECK(cap_text); |
| 169 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 197 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
| 170 } | 198 } |
| 171 | 199 |
| 172 // static | 200 // static |
| 173 bool Credentials::CanCreateProcessInNewUserNS() { | 201 bool Credentials::CanCreateProcessInNewUserNS() { |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 245 CHECK_LE(0, proc_fd); | 273 CHECK_LE(0, proc_fd); |
| 246 | 274 |
| 247 CHECK(ChrootToSafeEmptyDir()); | 275 CHECK(ChrootToSafeEmptyDir()); |
| 248 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 276 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 249 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 277 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); |
| 250 // We never let this function fail. | 278 // We never let this function fail. |
| 251 return true; | 279 return true; |
| 252 } | 280 } |
| 253 | 281 |
| 254 } // namespace sandbox. | 282 } // namespace sandbox. |
| OLD | NEW |
