diff options
author | rickyz <rickyz@chromium.org> | 2015-01-09 12:28:49 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-01-09 20:30:47 +0000 |
commit | d5c338d2b43cb2249d5418dfdc1b83e3b92d990b (patch) | |
tree | 7777df4ec133cbcb44d3b374a1e17d97aafdea7a | |
parent | defeac1fe1ebfbdcb3028e8bb214b4eb78cea595 (diff) | |
download | chromium_src-d5c338d2b43cb2249d5418dfdc1b83e3b92d990b.zip chromium_src-d5c338d2b43cb2249d5418dfdc1b83e3b92d990b.tar.gz chromium_src-d5c338d2b43cb2249d5418dfdc1b83e3b92d990b.tar.bz2 |
Change Credentials to a static class.
BUG=
Review URL: https://codereview.chromium.org/806193006
Cr-Commit-Position: refs/heads/master@{#310846}
-rw-r--r-- | sandbox/linux/services/credentials.cc | 11 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.h | 15 | ||||
-rw-r--r-- | sandbox/linux/services/credentials_unittest.cc | 78 |
3 files changed, 39 insertions, 65 deletions
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc index c1283ea..06e1a64 100644 --- a/sandbox/linux/services/credentials.cc +++ b/sandbox/linux/services/credentials.cc @@ -157,21 +157,16 @@ void CheckCloneNewUserErrno(int error) { namespace sandbox { -Credentials::Credentials() { -} - -Credentials::~Credentials() { -} - bool Credentials::DropAllCapabilities() { ScopedCap cap(cap_init()); CHECK(cap); PCHECK(0 == cap_set_proc(cap.get())); + CHECK(!HasAnyCapability()); // We never let this function fail. return true; } -bool Credentials::HasAnyCapability() const { +bool Credentials::HasAnyCapability() { ScopedCap current_cap(cap_get_proc()); CHECK(current_cap); ScopedCap empty_cap(cap_init()); @@ -179,7 +174,7 @@ bool Credentials::HasAnyCapability() const { return cap_compare(current_cap.get(), empty_cap.get()) != 0; } -scoped_ptr<std::string> Credentials::GetCurrentCapString() const { +scoped_ptr<std::string> Credentials::GetCurrentCapString() { ScopedCap current_cap(cap_get_proc()); CHECK(current_cap); ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h index ddc54db..fc65afc 100644 --- a/sandbox/linux/services/credentials.h +++ b/sandbox/linux/services/credentials.h @@ -25,19 +25,16 @@ namespace sandbox { // implemented by the Linux kernel. class SANDBOX_EXPORT Credentials { public: - Credentials(); - ~Credentials(); - // Drop all capabilities in the effective, inheritable and permitted sets for // the current process. - bool DropAllCapabilities() WARN_UNUSED_RESULT; + static bool DropAllCapabilities() WARN_UNUSED_RESULT; // Return true iff there is any capability in any of the capabilities sets // of the current process. - bool HasAnyCapability() const; + static bool HasAnyCapability(); // Returns the capabilities of the current process in textual form, as // documented in libcap2's cap_to_text(3). This is mostly useful for // debugging and tests. - scoped_ptr<std::string> GetCurrentCapString() const; + static scoped_ptr<std::string> GetCurrentCapString(); // Returns whether the kernel supports CLONE_NEWUSER and whether it would be // possible to immediately move to a new user namespace. There is no point @@ -52,7 +49,7 @@ class SANDBOX_EXPORT Credentials { // change. // If this call succeeds, the current process will be granted a full set of // capabilities in the new namespace. - bool MoveToNewUserNS() WARN_UNUSED_RESULT; + static bool MoveToNewUserNS() WARN_UNUSED_RESULT; // Remove the ability of the process to access the file system. File // descriptors which are already open prior to calling this API remain @@ -65,10 +62,10 @@ class SANDBOX_EXPORT Credentials { // are closed (for example, by checking the result of // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing // that file descriptor). Otherwise it may be possible to escape the chroot. - bool DropFileSystemAccess() WARN_UNUSED_RESULT; + static bool DropFileSystemAccess() WARN_UNUSED_RESULT; private: - DISALLOW_COPY_AND_ASSIGN(Credentials); + DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials); }; } // namespace sandbox. diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc index 5d1ebba..92f199a 100644 --- a/sandbox/linux/services/credentials_unittest.cc +++ b/sandbox/linux/services/credentials_unittest.cc @@ -48,32 +48,20 @@ bool WorkingDirectoryIsRoot() { return true; } -// Give dynamic tools a simple thing to test. -TEST(Credentials, CreateAndDestroy) { - { - Credentials cred1; - (void) cred1; - } - scoped_ptr<Credentials> cred2(new Credentials); -} - SANDBOX_TEST(Credentials, DropAllCaps) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); - CHECK(!creds.HasAnyCapability()); + CHECK(Credentials::DropAllCapabilities()); + CHECK(!Credentials::HasAnyCapability()); } SANDBOX_TEST(Credentials, GetCurrentCapString) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); const char kNoCapabilityText[] = "="; - CHECK(*creds.GetCurrentCapString() == kNoCapabilityText); + CHECK(*Credentials::GetCurrentCapString() == kNoCapabilityText); } SANDBOX_TEST(Credentials, MoveToNewUserNS) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); - bool moved_to_new_ns = creds.MoveToNewUserNS(); + CHECK(Credentials::DropAllCapabilities()); + bool moved_to_new_ns = Credentials::MoveToNewUserNS(); fprintf(stdout, "Unprivileged CLONE_NEWUSER supported: %s\n", moved_to_new_ns ? "true." : "false."); @@ -84,28 +72,26 @@ SANDBOX_TEST(Credentials, MoveToNewUserNS) { fflush(stdout); return; } - CHECK(creds.HasAnyCapability()); - CHECK(creds.DropAllCapabilities()); - CHECK(!creds.HasAnyCapability()); + CHECK(Credentials::HasAnyCapability()); + CHECK(Credentials::DropAllCapabilities()); + CHECK(!Credentials::HasAnyCapability()); } SANDBOX_TEST(Credentials, SupportsUserNS) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); bool user_ns_supported = Credentials::SupportsNewUserNS(); - bool moved_to_new_ns = creds.MoveToNewUserNS(); + bool moved_to_new_ns = Credentials::MoveToNewUserNS(); CHECK_EQ(user_ns_supported, moved_to_new_ns); } SANDBOX_TEST(Credentials, UidIsPreserved) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); uid_t old_ruid, old_euid, old_suid; gid_t old_rgid, old_egid, old_sgid; PCHECK(0 == getresuid(&old_ruid, &old_euid, &old_suid)); PCHECK(0 == getresgid(&old_rgid, &old_egid, &old_sgid)); // Probably missing kernel support. - if (!creds.MoveToNewUserNS()) return; + if (!Credentials::MoveToNewUserNS()) return; uid_t new_ruid, new_euid, new_suid; PCHECK(0 == getresuid(&new_ruid, &new_euid, &new_suid)); CHECK(old_ruid == new_ruid); @@ -119,27 +105,25 @@ SANDBOX_TEST(Credentials, UidIsPreserved) { CHECK(old_sgid == new_sgid); } -bool NewUserNSCycle(Credentials* creds) { - DCHECK(creds); - if (!creds->MoveToNewUserNS() || - !creds->HasAnyCapability() || - !creds->DropAllCapabilities() || - creds->HasAnyCapability()) { +bool NewUserNSCycle() { + if (!Credentials::MoveToNewUserNS() || + !Credentials::HasAnyCapability() || + !Credentials::DropAllCapabilities() || + Credentials::HasAnyCapability()) { return false; } return true; } SANDBOX_TEST(Credentials, NestedUserNS) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); // Probably missing kernel support. - if (!creds.MoveToNewUserNS()) return; - CHECK(creds.DropAllCapabilities()); + if (!Credentials::MoveToNewUserNS()) return; + CHECK(Credentials::DropAllCapabilities()); // As of 3.12, the kernel has a limit of 32. See create_user_ns(). const int kNestLevel = 10; for (int i = 0; i < kNestLevel; ++i) { - CHECK(NewUserNSCycle(&creds)) << "Creating new user NS failed at iteration " + CHECK(NewUserNSCycle()) << "Creating new user NS failed at iteration " << i << "."; } } @@ -153,11 +137,10 @@ TEST(Credentials, CanDetectRoot) { } SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); // Probably missing kernel support. - if (!creds.MoveToNewUserNS()) return; - CHECK(creds.DropFileSystemAccess()); + if (!Credentials::MoveToNewUserNS()) return; + CHECK(Credentials::DropFileSystemAccess()); CHECK(!DirectoryExists("/proc")); CHECK(WorkingDirectoryIsRoot()); // We want the chroot to never have a subdirectory. A subdirectory @@ -168,17 +151,16 @@ SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) { // Check that after dropping filesystem access and dropping privileges // it is not possible to regain capabilities. SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) { - Credentials creds; - CHECK(creds.DropAllCapabilities()); + CHECK(Credentials::DropAllCapabilities()); // Probably missing kernel support. - if (!creds.MoveToNewUserNS()) return; - CHECK(creds.DropFileSystemAccess()); - CHECK(creds.DropAllCapabilities()); + if (!Credentials::MoveToNewUserNS()) return; + CHECK(Credentials::DropFileSystemAccess()); + CHECK(Credentials::DropAllCapabilities()); // The kernel should now prevent us from regaining capabilities because we // are in a chroot. CHECK(!Credentials::SupportsNewUserNS()); - CHECK(!creds.MoveToNewUserNS()); + CHECK(!Credentials::MoveToNewUserNS()); } } // namespace. |