Chromium Code Reviews Chromium Code Reviews
Issue 997463002:
Add SetCapabilities for setting capabilities to an exact set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <signal.h> | 8 #include <signal.h> |
| 9 #include <stdio.h> | 9 #include <stdio.h> |
| 10 #include <sys/capability.h> | 10 #include <sys/capability.h> |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 135 bool Credentials::DropAllCapabilities(int proc_fd) { | 135 bool Credentials::DropAllCapabilities(int proc_fd) { |
| 136 DCHECK_LE(0, proc_fd); | 136 DCHECK_LE(0, proc_fd); |
| 137 #if !defined(THREAD_SANITIZER) | 137 #if !defined(THREAD_SANITIZER) |
| 138 // With TSAN, accept to break the security model as it is a testing | 138 // With TSAN, accept to break the security model as it is a testing |
| 139 // configuration. | 139 // configuration. |
| 140 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | 140 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); |
| 141 #endif | 141 #endif |
| 142 | 142 |
| 143 ScopedCap cap(cap_init()); | 143 ScopedCap cap(cap_init()); |
| 144 CHECK(cap); | 144 CHECK(cap); |
| 145 PCHECK(0 == cap_set_proc(cap.get())); | 145 PCHECK(0 == cap_set_proc(cap.get())); |
|
jln (very slow on Chromium)
2015/03/10 22:14:22
We should probably just call Credentials::SetCapab
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Ah, good point, done.
| |
| 146 CHECK(!HasAnyCapability()); | 146 CHECK(!HasAnyCapability()); |
| 147 // We never let this function fail. | 147 // We never let this function fail. |
| 148 return true; | 148 return true; |
| 149 } | 149 } |
| 150 | 150 |
| 151 bool Credentials::DropAllCapabilities() { | 151 bool Credentials::DropAllCapabilities() { |
| 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); | 152 base::ScopedFD proc_fd(ProcUtil::OpenProc()); |
| 153 return Credentials::DropAllCapabilities(proc_fd.get()); | 153 return Credentials::DropAllCapabilities(proc_fd.get()); |
| 154 } | 154 } |
| 155 | 155 |
| 156 // static | |
| 157 bool Credentials::SetCapabilities(int proc_fd, | |
| 158 const std::vector<cap_value_t>& caps) { | |
| 159 DCHECK_LE(0, proc_fd); | |
| 160 CHECK(ThreadHelpers::IsSingleThreaded(proc_fd)); | |
|
jln (very slow on Chromium)
2015/03/10 22:14:22
#if !defined(THREAD_SANITIZER)
rickyz (no longer on Chrome)
2015/03/10 22:22:14
Done.
| |
| 161 | |
| 162 sandbox::ScopedCap cap(cap_init()); | |
| 163 PCHECK(cap != nullptr); | |
| 164 | |
| 165 if (!caps.empty()) { | |
| 166 const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
| 167 for (const cap_flag_t flag : flags) { | |
| 168 PCHECK(cap_set_flag(cap.get(), flag, caps.size(), &caps.at(0), CAP_SET) == | |
| 169 0); | |
| 170 } | |
| 171 } | |
| 172 | |
| 173 return cap_set_proc(cap.get()) == 0; | |
| 174 } | |
| 175 | |
| 156 bool Credentials::HasAnyCapability() { | 176 bool Credentials::HasAnyCapability() { |
| 157 ScopedCap current_cap(cap_get_proc()); | 177 ScopedCap current_cap(cap_get_proc()); |
| 158 CHECK(current_cap); | 178 CHECK(current_cap); |
| 159 ScopedCap empty_cap(cap_init()); | 179 ScopedCap empty_cap(cap_init()); |
| 160 CHECK(empty_cap); | 180 CHECK(empty_cap); |
| 161 return cap_compare(current_cap.get(), empty_cap.get()) != 0; | 181 return cap_compare(current_cap.get(), empty_cap.get()) != 0; |
| 162 } | 182 } |
| 163 | 183 |
| 184 bool Credentials::HasCapability(cap_value_t cap) { | |
| 185 ScopedCap current_cap(cap_get_proc()); | |
| 186 PCHECK(current_cap); | |
| 187 | |
| 188 cap_flag_value_t value; | |
| 189 const cap_flag_t flags[] = {CAP_EFFECTIVE, CAP_PERMITTED}; | |
| 190 for (const cap_flag_t flag : flags) { | |
| 191 PCHECK(cap_get_flag(current_cap.get(), cap, flag, &value) == 0); | |
| 192 if (value == CAP_SET) { | |
| 193 return true; | |
| 194 } | |
| 195 } | |
| 196 return false; | |
| 197 } | |
| 198 | |
| 164 scoped_ptr<std::string> Credentials::GetCurrentCapString() { | 199 scoped_ptr<std::string> Credentials::GetCurrentCapString() { |
| 165 ScopedCap current_cap(cap_get_proc()); | 200 ScopedCap current_cap(cap_get_proc()); |
| 166 CHECK(current_cap); | 201 CHECK(current_cap); |
| 167 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); | 202 ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); |
| 168 CHECK(cap_text); | 203 CHECK(cap_text); |
| 169 return scoped_ptr<std::string> (new std::string(cap_text.get())); | 204 return scoped_ptr<std::string> (new std::string(cap_text.get())); |
| 170 } | 205 } |
| 171 | 206 |
| 172 // static | 207 // static |
| 173 bool Credentials::CanCreateProcessInNewUserNS() { | 208 bool Credentials::CanCreateProcessInNewUserNS() { |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 245 CHECK_LE(0, proc_fd); | 280 CHECK_LE(0, proc_fd); |
| 246 | 281 |
| 247 CHECK(ChrootToSafeEmptyDir()); | 282 CHECK(ChrootToSafeEmptyDir()); |
| 248 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); | 283 CHECK(!base::DirectoryExists(base::FilePath("/proc"))); |
| 249 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); | 284 CHECK(!ProcUtil::HasOpenDirectory(proc_fd)); |
| 250 // We never let this function fail. | 285 // We never let this function fail. |
| 251 return true; | 286 return true; |
| 252 } | 287 } |
| 253 | 288 |
| 254 } // namespace sandbox. | 289 } // namespace sandbox. |
| OLD | NEW |
