OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <signal.h> | 8 #include <signal.h> |
9 #include <stdio.h> | 9 #include <stdio.h> |
10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
135 bool Credentials::DropAllCapabilities(int proc_fd) { | 135 bool Credentials::DropAllCapabilities(int proc_fd) { |
136 DCHECK_LE(0, proc_fd); | 136 DCHECK_LE(0, proc_fd); |
137 #if !defined(THREAD_SANITIZER) | 137 #if !defined(THREAD_SANITIZER) |
138 // With TSAN, accept to break the security model as it is a testing | 138 // With TSAN, accept to break the security model as it is a testing |
139 // configuration. | 139 // configuration. |
140 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | 140 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
141 #endif | 141 #endif |
142 | 142 |
143 ScopedCap cap(cap_init()); | 143 ScopedCap cap(cap_init()); |
144 CHECK(cap); | 144 CHECK(cap); |
145 PCHECK(0 == cap_set_proc(cap.get())); | 145 PCHECK(0 == cap_set_proc(cap.get())); |
jln (very slow on Chromium)
2015/03/10 22:14:22
We should probably just call Credentials::SetCapab
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Ah, good point, done.
| |
146 CHECK(!HasAnyCapability()); | 146 CHECK(!HasAnyCapability()); |
147 // We never let this function fail. | 147 // We never let this function fail. |
148 return true; | 148 return true; |
149 } | 149 } |
150 | 150 |
151 bool Credentials::DropAllCapabilities() { | 151 bool Credentials::DropAllCapabilities() { |
152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); | 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
153 return Credentials::DropAllCapabilities(proc_fd.get()); | 153 return Credentials::DropAllCapabilities(proc_fd.get()); |
154 } | 154 } |
155 | 155 |
156 // static | |
157 bool Credentials::SetCapabilities(int proc_fd, | |
158 const std::vector<cap_value_t>& caps) { | |
159 DCHECK_LE(0, proc_fd); | |
160 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | |
jln (very slow on Chromium)
2015/03/10 22:14:22
#if !defined(THREAD_SANITIZER)
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Done.
| |
161 | |
162 sandbox::ScopedCap cap(cap_init()); | |
163 PCHECK(cap != nullptr); | |
164 | |
165 if (!caps.empty()) { | |
166 const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
167 for (const cap_flag_t flag : flags) { | |
168 PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps.at(0), CAP_SET) == | |
169 0); | |
170 } | |
171 } | |
172 | |
173 return cap_set_proc(cap.get()) == 0; | |
174 } | |
175 | |
156 bool Credentials::HasAnyCapability() { | 176 bool Credentials::HasAnyCapability() { |
157 ScopedCap current_cap(cap_get_proc()); | 177 ScopedCap current_cap(cap_get_proc()); |
158 CHECK(current_cap); | 178 CHECK(current_cap); |
159 ScopedCap empty_cap(cap_init()); | 179 ScopedCap empty_cap(cap_init()); |
160 CHECK(empty_cap); | 180 CHECK(empty_cap); |
161 return cap_compare(current_cap.get(), empty_cap.get()) != 0; | 181 return cap_compare(current_cap.get(), empty_cap.get()) != 0; |
162 } | 182 } |
163 | 183 |
184 bool Credentials::HasCapability(cap_value_t cap) { | |
185 ScopedCap current_cap(cap_get_proc()); | |
186 PCHECK(current_cap); | |
187 | |
188 cap_flag_value_t value; | |
189 const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
190 for (const cap_flag_t flag : flags) { | |
191 PCHECK(cap_get_flag(current_cap.get(), cap, flag, &value) == 0); | |
192 if (value == CAP_SET) { | |
193 return true; | |
194 } | |
195 } | |
196 return false; | |
197 } | |
198 | |
164 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 199 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
165 ScopedCap current_cap(cap_get_proc()); | 200 ScopedCap current_cap(cap_get_proc()); |
166 CHECK(current_cap); | 201 CHECK(current_cap); |
167 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 202 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
168 CHECK(cap_text); | 203 CHECK(cap_text); |
169 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 204 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
170 } | 205 } |
171 | 206 |
172 // static | 207 // static |
173 bool Credentials::CanCreateProcessInNewUserNS() { | 208 bool Credentials::CanCreateProcessInNewUserNS() { |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
245 CHECK_LE(0, proc_fd); | 280 CHECK_LE(0, proc_fd); |
246 | 281 |
247 CHECK(ChrootToSafeEmptyDir()); | 282 CHECK(ChrootToSafeEmptyDir()); |
248 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 283 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
249 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 284 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); |
250 // We never let this function fail. | 285 // We never let this function fail. |
251 return true; | 286 return true; |
252 } | 287 } |
253 | 288 |
254 } // namespace sandbox. | 289 } // namespace sandbox. |
OLD | NEW |