diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-26 04:14:23 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-26 04:14:23 +0000 |
| commit | 24f70c9cf5f021b74f26b89ca547e778356d0aee (patch) | |
| tree | 06b4fee522caeba5e535fc23b45f955c173e27da /content/common | |
| parent | 08d0e483998bb878934a8108956614cd4195de51 (diff) | |
| download | chromium_src-24f70c9cf5f021b74f26b89ca547e778356d0aee.zip chromium_src-24f70c9cf5f021b74f26b89ca547e778356d0aee.tar.gz chromium_src-24f70c9cf5f021b74f26b89ca547e778356d0aee.tar.bz2 | |
Revert 237242 "Linux sandbox: move CurrentProcessHasOpenDirectories"
> Linux sandbox: move CurrentProcessHasOpenDirectories
>
> Move CurrentProcessHasOpenDirectories() to the Credentials class and rename
> it to HasOpenDirectory().
> Also add some unittests.
>
> BUG=312380
> R=jorgelo@chromium.org
>
> Review URL: https://codereview.chromium.org/85403011
TBR=jln@chromium.org
Review URL: https://codereview.chromium.org/85343005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237251 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common')
| -rw-r--r-- | content/common/sandbox_linux.cc | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc index b9cfe0e..6589682 100644 --- a/content/common/sandbox_linux.cc +++ b/content/common/sandbox_linux.cc @@ -23,7 +23,6 @@ #include "content/common/sandbox_seccomp_bpf_linux.h" #include "content/public/common/content_switches.h" #include "content/public/common/sandbox_linux.h" -#include "sandbox/linux/services/credentials.h" #include "sandbox/linux/suid/client/setuid_sandbox_client.h" namespace { @@ -63,6 +62,61 @@ bool IsRunningTSAN() { #endif } +struct DIRDeleter { + void operator()(DIR* d) { + PCHECK(closedir(d) == 0); + } +}; + +// |proc_fd| should be a file descriptor to /proc (useful if the process +// is sandboxed) or -1. +// If |proc_fd| is -1, this function will return false if /proc/self/fd +// cannot be opened. +bool CurrentProcessHasOpenDirectories(int proc_fd) { + int proc_self_fd = -1; + if (proc_fd >= 0) { + proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); + } else { + proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); + if (proc_self_fd < 0) { + // If not available, guess false. + // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what + // other situations are here. http://crbug.com/314985 + return false; + } + } + CHECK_GE(proc_self_fd, 0); + + // Ownership of proc_self_fd is transferred here, it must not be closed + // or modified afterwards except via dir. + scoped_ptr<DIR, DIRDeleter> dir(fdopendir(proc_self_fd)); + CHECK(dir); + + struct dirent e; + struct dirent* de; + while (!readdir_r(dir.get(), &e, &de) && de) { + if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) { + continue; + } + + int fd_num; + CHECK(base::StringToInt(e.d_name, &fd_num)); + if (fd_num == proc_fd || fd_num == proc_self_fd) { + continue; + } + + struct stat s; + // It's OK to use proc_self_fd here, fstatat won't modify it. + CHECK(fstatat(proc_self_fd, e.d_name, &s, 0) == 0); + if (S_ISDIR(s.st_mode)) { + return true; + } + } + + // No open unmanaged directories found. + return false; +} + } // namespace namespace content { @@ -284,7 +338,7 @@ bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) { } bool LinuxSandbox::HasOpenDirectories() { - return sandbox::Credentials().HasOpenDirectory(proc_fd_); + return CurrentProcessHasOpenDirectories(proc_fd_); } void LinuxSandbox::SealSandbox() { |