Change Credentials to a static class.

BUG=

Review URL: https://codereview.chromium.org/806193006

Cr-Commit-Position: refs/heads/master@{#310846}

3 files changed, 39 insertions, 65 deletions

diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index c1283ea..06e1a64 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -157,21 +157,16 @@ void CheckCloneNewUserErrno(int error) {
 
 namespace sandbox {
 
-Credentials::Credentials() {
-}
-
-Credentials::~Credentials() {
-}
-
 bool Credentials::DropAllCapabilities() {
   ScopedCap cap(cap_init());
   CHECK(cap);
   PCHECK(0 == cap_set_proc(cap.get()));
+  CHECK(!HasAnyCapability());
   // We never let this function fail.
   return true;
 }
 
-bool Credentials::HasAnyCapability() const {
+bool Credentials::HasAnyCapability() {
   ScopedCap current_cap(cap_get_proc());
   CHECK(current_cap);
   ScopedCap empty_cap(cap_init());
@@ -179,7 +174,7 @@ bool Credentials::HasAnyCapability() const {
   return cap_compare(current_cap.get(), empty_cap.get()) != 0;
 }
 
-scoped_ptr<std::string> Credentials::GetCurrentCapString() const {
+scoped_ptr<std::string> Credentials::GetCurrentCapString() {
   ScopedCap current_cap(cap_get_proc());
   CHECK(current_cap);
   ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL));
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h
index ddc54db..fc65afc 100644
--- a/sandbox/linux/services/credentials.h
+++ b/sandbox/linux/services/credentials.h
@@ -25,19 +25,16 @@ namespace sandbox {
 // implemented by the Linux kernel.
 class SANDBOX_EXPORT Credentials {
  public:
-  Credentials();
-  ~Credentials();
-
   // Drop all capabilities in the effective, inheritable and permitted sets for
   // the current process.
-  bool DropAllCapabilities() WARN_UNUSED_RESULT;
+  static bool DropAllCapabilities() WARN_UNUSED_RESULT;
   // Return true iff there is any capability in any of the capabilities sets
   // of the current process.
-  bool HasAnyCapability() const;
+  static bool HasAnyCapability();
   // Returns the capabilities of the current process in textual form, as
   // documented in libcap2's cap_to_text(3). This is mostly useful for
   // debugging and tests.
-  scoped_ptr<std::string> GetCurrentCapString() const;
+  static scoped_ptr<std::string> GetCurrentCapString();
 
   // Returns whether the kernel supports CLONE_NEWUSER and whether it would be
   // possible to immediately move to a new user namespace. There is no point
@@ -52,7 +49,7 @@ class SANDBOX_EXPORT Credentials {
   // change.
   // If this call succeeds, the current process will be granted a full set of
   // capabilities in the new namespace.
-  bool MoveToNewUserNS() WARN_UNUSED_RESULT;
+  static bool MoveToNewUserNS() WARN_UNUSED_RESULT;
 
   // Remove the ability of the process to access the file system. File
   // descriptors which are already open prior to calling this API remain
@@ -65,10 +62,10 @@ class SANDBOX_EXPORT Credentials {
   // are closed (for example, by checking the result of
   // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing
   // that file descriptor). Otherwise it may be possible to escape the chroot.
-  bool DropFileSystemAccess() WARN_UNUSED_RESULT;
+  static bool DropFileSystemAccess() WARN_UNUSED_RESULT;
 
  private:
-  DISALLOW_COPY_AND_ASSIGN(Credentials);
+  DISALLOW_IMPLICIT_CONSTRUCTORS(Credentials);
 };
 
 }  // namespace sandbox.
diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
index 5d1ebba..92f199a 100644
--- a/sandbox/linux/services/credentials_unittest.cc
+++ b/sandbox/linux/services/credentials_unittest.cc
@@ -48,32 +48,20 @@ bool WorkingDirectoryIsRoot() {
   return true;
 }
 
-// Give dynamic tools a simple thing to test.
-TEST(Credentials, CreateAndDestroy) {
-  {
-    Credentials cred1;
-    (void) cred1;
-  }
-  scoped_ptr<Credentials> cred2(new Credentials);
-}
-
 SANDBOX_TEST(Credentials, DropAllCaps) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
-  CHECK(!creds.HasAnyCapability());
+  CHECK(Credentials::DropAllCapabilities());
+  CHECK(!Credentials::HasAnyCapability());
 }
 
 SANDBOX_TEST(Credentials, GetCurrentCapString) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   const char kNoCapabilityText[] = "=";
-  CHECK(*creds.GetCurrentCapString() == kNoCapabilityText);
+  CHECK(*Credentials::GetCurrentCapString() == kNoCapabilityText);
 }
 
 SANDBOX_TEST(Credentials, MoveToNewUserNS) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
-  bool moved_to_new_ns = creds.MoveToNewUserNS();
+  CHECK(Credentials::DropAllCapabilities());
+  bool moved_to_new_ns = Credentials::MoveToNewUserNS();
   fprintf(stdout,
           "Unprivileged CLONE_NEWUSER supported: %s\n",
           moved_to_new_ns ? "true." : "false.");
@@ -84,28 +72,26 @@ SANDBOX_TEST(Credentials, MoveToNewUserNS) {
     fflush(stdout);
     return;
   }
-  CHECK(creds.HasAnyCapability());
-  CHECK(creds.DropAllCapabilities());
-  CHECK(!creds.HasAnyCapability());
+  CHECK(Credentials::HasAnyCapability());
+  CHECK(Credentials::DropAllCapabilities());
+  CHECK(!Credentials::HasAnyCapability());
 }
 
 SANDBOX_TEST(Credentials, SupportsUserNS) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   bool user_ns_supported = Credentials::SupportsNewUserNS();
-  bool moved_to_new_ns = creds.MoveToNewUserNS();
+  bool moved_to_new_ns = Credentials::MoveToNewUserNS();
   CHECK_EQ(user_ns_supported, moved_to_new_ns);
 }
 
 SANDBOX_TEST(Credentials, UidIsPreserved) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   uid_t old_ruid, old_euid, old_suid;
   gid_t old_rgid, old_egid, old_sgid;
   PCHECK(0 == getresuid(&old_ruid, &old_euid, &old_suid));
   PCHECK(0 == getresgid(&old_rgid, &old_egid, &old_sgid));
   // Probably missing kernel support.
-  if (!creds.MoveToNewUserNS()) return;
+  if (!Credentials::MoveToNewUserNS()) return;
   uid_t new_ruid, new_euid, new_suid;
   PCHECK(0 == getresuid(&new_ruid, &new_euid, &new_suid));
   CHECK(old_ruid == new_ruid);
@@ -119,27 +105,25 @@ SANDBOX_TEST(Credentials, UidIsPreserved) {
   CHECK(old_sgid == new_sgid);
 }
 
-bool NewUserNSCycle(Credentials* creds) {
-  DCHECK(creds);
-  if (!creds->MoveToNewUserNS() ||
-      !creds->HasAnyCapability() ||
-      !creds->DropAllCapabilities() ||
-      creds->HasAnyCapability()) {
+bool NewUserNSCycle() {
+  if (!Credentials::MoveToNewUserNS() ||
+      !Credentials::HasAnyCapability() ||
+      !Credentials::DropAllCapabilities() ||
+      Credentials::HasAnyCapability()) {
     return false;
   }
   return true;
 }
 
 SANDBOX_TEST(Credentials, NestedUserNS) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   // Probably missing kernel support.
-  if (!creds.MoveToNewUserNS()) return;
-  CHECK(creds.DropAllCapabilities());
+  if (!Credentials::MoveToNewUserNS()) return;
+  CHECK(Credentials::DropAllCapabilities());
   // As of 3.12, the kernel has a limit of 32. See create_user_ns().
   const int kNestLevel = 10;
   for (int i = 0; i < kNestLevel; ++i) {
-    CHECK(NewUserNSCycle(&creds)) << "Creating new user NS failed at iteration "
+    CHECK(NewUserNSCycle()) << "Creating new user NS failed at iteration "
                                   << i << ".";
   }
 }
@@ -153,11 +137,10 @@ TEST(Credentials, CanDetectRoot) {
 }
 
 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   // Probably missing kernel support.
-  if (!creds.MoveToNewUserNS()) return;
-  CHECK(creds.DropFileSystemAccess());
+  if (!Credentials::MoveToNewUserNS()) return;
+  CHECK(Credentials::DropFileSystemAccess());
   CHECK(!DirectoryExists("/proc"));
   CHECK(WorkingDirectoryIsRoot());
   // We want the chroot to never have a subdirectory. A subdirectory
@@ -168,17 +151,16 @@ SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(DropFileSystemAccessIsSafe)) {
 // Check that after dropping filesystem access and dropping privileges
 // it is not possible to regain capabilities.
 SANDBOX_TEST(Credentials, DISABLE_ON_LSAN(CannotRegainPrivileges)) {
-  Credentials creds;
-  CHECK(creds.DropAllCapabilities());
+  CHECK(Credentials::DropAllCapabilities());
   // Probably missing kernel support.
-  if (!creds.MoveToNewUserNS()) return;
-  CHECK(creds.DropFileSystemAccess());
-  CHECK(creds.DropAllCapabilities());
+  if (!Credentials::MoveToNewUserNS()) return;
+  CHECK(Credentials::DropFileSystemAccess());
+  CHECK(Credentials::DropAllCapabilities());
 
   // The kernel should now prevent us from regaining capabilities because we
   // are in a chroot.
   CHECK(!Credentials::SupportsNewUserNS());
-  CHECK(!creds.MoveToNewUserNS());
+  CHECK(!Credentials::MoveToNewUserNS());
 }
 
 }  // namespace.