OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <unistd.h> | 12 #include <unistd.h> |
13 | 13 |
14 #include <vector> | |
15 | |
14 #include "base/files/file_path.h" | 16 #include "base/files/file_path.h" |
15 #include "base/files/file_util.h" | 17 #include "base/files/file_util.h" |
16 #include "base/files/scoped_file.h" | 18 #include "base/files/scoped_file.h" |
17 #include "base/logging.h" | 19 #include "base/logging.h" |
18 #include "base/memory/scoped_ptr.h" | 20 #include "base/memory/scoped_ptr.h" |
19 #include "sandbox/linux/services/proc_util.h" | 21 #include "sandbox/linux/services/proc_util.h" |
22 #include "sandbox/linux/services/syscall_wrappers.h" | |
23 #include "sandbox/linux/system_headers/capability.h" | |
20 #include "sandbox/linux/tests/unit_tests.h" | 24 #include "sandbox/linux/tests/unit_tests.h" |
21 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
22 | 26 |
23 namespace sandbox { | 27 namespace sandbox { |
24 | 28 |
25 namespace { | 29 namespace { |
26 | 30 |
27 bool WorkingDirectoryIsRoot() { | 31 bool WorkingDirectoryIsRoot() { |
28 char current_dir[PATH_MAX]; | 32 char current_dir[PATH_MAX]; |
29 char* cwd = getcwd(current_dir, sizeof(current_dir)); | 33 char* cwd = getcwd(current_dir, sizeof(current_dir)); |
(...skipping 11 matching lines...) Expand all Loading... | |
41 CHECK_EQ(current.st_uid, parrent.st_uid); | 45 CHECK_EQ(current.st_uid, parrent.st_uid); |
42 CHECK_EQ(current.st_gid, parrent.st_gid); | 46 CHECK_EQ(current.st_gid, parrent.st_gid); |
43 return true; | 47 return true; |
44 } | 48 } |
45 | 49 |
46 SANDBOX_TEST(Credentials, DropAllCaps) { | 50 SANDBOX_TEST(Credentials, DropAllCaps) { |
47 CHECK(Credentials::DropAllCapabilities()); | 51 CHECK(Credentials::DropAllCapabilities()); |
48 CHECK(!Credentials::HasAnyCapability()); | 52 CHECK(!Credentials::HasAnyCapability()); |
49 } | 53 } |
50 | 54 |
51 SANDBOX_TEST(Credentials, GetCurrentCapString) { | |
52 CHECK(Credentials::DropAllCapabilities()); | |
53 const char kNoCapabilityText[] = "="; | |
54 CHECK(*Credentials::GetCurrentCapString() == kNoCapabilityText); | |
55 } | |
56 | |
57 SANDBOX_TEST(Credentials, MoveToNewUserNS) { | 55 SANDBOX_TEST(Credentials, MoveToNewUserNS) { |
58 CHECK(Credentials::DropAllCapabilities()); | 56 CHECK(Credentials::DropAllCapabilities()); |
59 bool moved_to_new_ns = Credentials::MoveToNewUserNS(); | 57 bool moved_to_new_ns = Credentials::MoveToNewUserNS(); |
60 fprintf(stdout, | 58 fprintf(stdout, |
61 "Unprivileged CLONE_NEWUSER supported: %s\n", | 59 "Unprivileged CLONE_NEWUSER supported: %s\n", |
62 moved_to_new_ns ? "true." : "false."); | 60 moved_to_new_ns ? "true." : "false."); |
63 fflush(stdout); | 61 fflush(stdout); |
64 if (!moved_to_new_ns) { | 62 if (!moved_to_new_ns) { |
65 fprintf(stdout, "This kernel does not support unprivileged namespaces. " | 63 fprintf(stdout, "This kernel does not support unprivileged namespaces. " |
66 "USERNS tests will succeed without running.\n"); | 64 "USERNS tests will succeed without running.\n"); |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
154 if (!Credentials::MoveToNewUserNS()) return; | 152 if (!Credentials::MoveToNewUserNS()) return; |
155 CHECK(Credentials::DropFileSystemAccess(proc_fd.get())); | 153 CHECK(Credentials::DropFileSystemAccess(proc_fd.get())); |
156 CHECK(Credentials::DropAllCapabilities(proc_fd.get())); | 154 CHECK(Credentials::DropAllCapabilities(proc_fd.get())); |
157 | 155 |
158 // The kernel should now prevent us from regaining capabilities because we | 156 // The kernel should now prevent us from regaining capabilities because we |
159 // are in a chroot. | 157 // are in a chroot. |
160 CHECK(!Credentials::CanCreateProcessInNewUserNS()); | 158 CHECK(!Credentials::CanCreateProcessInNewUserNS()); |
161 CHECK(!Credentials::MoveToNewUserNS()); | 159 CHECK(!Credentials::MoveToNewUserNS()); |
162 } | 160 } |
163 | 161 |
162 SANDBOX_TEST(Credentials, SetCapabilities) { | |
jln (very slow on Chromium)
2015/03/12 19:24:15
This test is very limited since we're only testing
rickyz (no longer on Chrome)
2015/03/12 23:36:01
Done.
| |
163 // Probably missing kernel support. | |
164 if (!Credentials::MoveToNewUserNS()) return; | |
165 | |
166 base::ScopedFD proc_fd(ProcUtil::OpenProc()); | |
167 | |
168 CHECK(Credentials::HasCapability(CAP_SYS_ADMIN)); | |
169 CHECK(Credentials::HasCapability(CAP_SYS_CHROOT)); | |
170 | |
171 const std::vector<int> caps = {CAP_SYS_CHROOT}; | |
172 CHECK(Credentials::SetCapabilities(proc_fd.get(), caps)); | |
173 | |
174 CHECK(!Credentials::HasCapability(CAP_SYS_ADMIN)); | |
175 CHECK(Credentials::HasCapability(CAP_SYS_CHROOT)); | |
176 | |
177 const std::vector<int> no_caps; | |
178 CHECK(Credentials::SetCapabilities(proc_fd.get(), no_caps)); | |
179 CHECK(!Credentials::HasAnyCapability()); | |
180 } | |
181 | |
164 } // namespace. | 182 } // namespace. |
jln (very slow on Chromium)
2015/03/12 19:24:15
For paranoia, what would you think of keeping libc
rickyz (no longer on Chrome)
2015/03/12 23:36:01
Good idea, done.
| |
165 | 183 |
166 } // namespace sandbox. | 184 } // namespace sandbox. |
OLD | NEW |