diff options
| author | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 11:07:13 +0000 |
|---|---|---|
| committer | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 11:07:13 +0000 |
| commit | 464c1e2dc81262c924391affc940a2e122132091 (patch) | |
| tree | bc123ebf596bf1dc2d24d6871ac64455a2bbd86a /ipc/ipc_channel.h | |
| parent | 08a62b874cbc45d9b6f9854cd0a11be0662e77e8 (diff) | |
| download | chromium_src-464c1e2dc81262c924391affc940a2e122132091.zip chromium_src-464c1e2dc81262c924391affc940a2e122132091.tar.gz chromium_src-464c1e2dc81262c924391affc940a2e122132091.tar.bz2 | |
Limit access to named IPC channels with SO_PEERCRED, not file permissions.
BUG=
TEST=Run Chrome & configure a service, to get the service process to start. Close Chrome and run a copy as a different user, but from the same user-data-dir. New Chrome should not be able to communicate with the service process.
Review URL: http://codereview.chromium.org/6631002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80602 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc/ipc_channel.h')
| -rw-r--r-- | ipc/ipc_channel.h | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ipc/ipc_channel.h b/ipc/ipc_channel.h index 91d9f2b..1550d49 100644 --- a/ipc/ipc_channel.h +++ b/ipc/ipc_channel.h @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -67,7 +67,10 @@ class Channel : public Message::Sender { MODE_NO_FLAG = 0x0, MODE_SERVER_FLAG = 0x1, MODE_CLIENT_FLAG = 0x2, - MODE_NAMED_FLAG = 0x4 + MODE_NAMED_FLAG = 0x4, +#if defined(OS_POSIX) + MODE_OPEN_ACCESS_FLAG = 0x8, // Don't restrict access based on client UID. +#endif }; // Some Standard Modes @@ -82,6 +85,13 @@ class Channel : public Message::Sender { // MODE_NAMED_CLIENT is equivalent to MODE_CLIENT. MODE_NAMED_SERVER = MODE_SERVER_FLAG | MODE_NAMED_FLAG, MODE_NAMED_CLIENT = MODE_CLIENT_FLAG | MODE_NAMED_FLAG, +#if defined(OS_POSIX) + // An "open" named server accepts connections from ANY client. + // The caller must then implement their own access-control based on the + // client process' user Id. + MODE_OPEN_NAMED_SERVER = MODE_OPEN_ACCESS_FLAG | MODE_SERVER_FLAG | + MODE_NAMED_FLAG +#endif }; enum { @@ -152,10 +162,14 @@ class Channel : public Message::Sender { // currently connected. bool HasAcceptedConnection() const; + // Returns true if the peer process' effective user id can be determined, in + // which case the supplied client_euid is updated with it. + bool GetClientEuid(uid_t* client_euid) const; + // Closes any currently connected socket, and returns to a listening state // for more connections. void ResetToAcceptingConnectionState(); -#endif // defined(OS_POSIX) +#endif // defined(OS_POSIX) && !defined(OS_NACL) protected: // Used in Chrome by the TestSink to provide a dummy channel implementation |