diff options
author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-05 00:07:10 +0000 |
---|---|---|
committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-05 00:07:10 +0000 |
commit | 6650cedc1f950f1cdb5d437c3e22f6882f485b14 (patch) | |
tree | 3059983e467fd724b108c475b2ae2ccd91d1fc0c /sandbox | |
parent | ff7870ca92973d9d525fb3771f8f73d9dbefe508 (diff) | |
download | chromium_src-6650cedc1f950f1cdb5d437c3e22f6882f485b14.zip chromium_src-6650cedc1f950f1cdb5d437c3e22f6882f485b14.tar.gz chromium_src-6650cedc1f950f1cdb5d437c3e22f6882f485b14.tar.bz2 |
Revert 232837 "Linux: add a Credentials class to handle Linux ca..."
> Linux: add a Credentials class to handle Linux capabilities.
>
> (This is a re-land of https://chromiumcodereview.appspot.com/51113009/)
>
> BUG=312380
> TBR=jorgelo@chromium.org
>
> Review URL: https://codereview.chromium.org/55603003
TBR=jln@chromium.org
Review URL: https://codereview.chromium.org/45923006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232842 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/linux/sandbox_linux.gypi | 14 | ||||
-rw-r--r-- | sandbox/linux/sandbox_linux_test_sources.gypi | 5 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.cc | 67 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.h | 46 | ||||
-rw-r--r-- | sandbox/linux/services/credentials_unittest.cc | 36 |
5 files changed, 0 insertions, 168 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi index 3b2df8b..29639f8 100644 --- a/sandbox/linux/sandbox_linux.gypi +++ b/sandbox/linux/sandbox_linux.gypi @@ -7,10 +7,8 @@ 'conditions': [ ['OS=="linux"', { 'compile_suid_client': 1, - 'compile_credentials': 1, }, { 'compile_suid_client': 0, - 'compile_credentials': 0, }], ['((OS=="linux" or OS=="android") and ' '(target_arch=="ia32" or target_arch=="x64" or ' @@ -151,18 +149,6 @@ 'dependencies': [ '../base/base.gyp:base', ], - 'conditions': [ - ['compile_credentials==1', { - 'sources': [ - 'services/credentials.cc', - 'services/credentials.h', - ], - 'dependencies': [ - # for capabilities.cc. - '../build/linux/system.gyp:libcap', - ], - }], - ], 'include_dirs': [ '..', ], diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi index 21c4214..81190cd 100644 --- a/sandbox/linux/sandbox_linux_test_sources.gypi +++ b/sandbox/linux/sandbox_linux_test_sources.gypi @@ -35,10 +35,5 @@ 'seccomp-bpf/syscall_unittest.cc', ], }], - [ 'compile_credentials==1', { - 'sources': [ - 'services/credentials_unittest.cc', - ], - }], ], } diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc deleted file mode 100644 index a6387d2..0000000 --- a/sandbox/linux/services/credentials.cc +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "sandbox/linux/services/credentials.h" - -#include <stdio.h> -#include <sys/capability.h> - -#include "base/basictypes.h" -#include "base/logging.h" - -namespace { - -struct CapFreeDeleter { - inline void operator()(cap_t cap) const { - int ret = cap_free(cap); - CHECK_EQ(0, ret); - } -}; - -// Wrapper to manage libcap2's cap_t type. -typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; - -struct CapTextFreeDeleter { - inline void operator()(char* cap_text) const { - int ret = cap_free(cap_text); - CHECK_EQ(0, ret); - } -}; - -// Wrapper to manage the result from libcap2's cap_from_text(). -typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; - -} // namespace. - -namespace sandbox { - -Credentials::Credentials() { -} - -Credentials::~Credentials() { -} - -void Credentials::DropAllCapabilities() { - ScopedCap cap(cap_init()); - CHECK(cap); - PCHECK(0 == cap_set_proc(cap.get())); -} - -bool Credentials::HasAnyCapability() { - ScopedCap current_cap(cap_get_proc()); - CHECK(current_cap); - ScopedCap empty_cap(cap_init()); - CHECK(empty_cap); - return cap_compare(current_cap.get(), empty_cap.get()) != 0; -} - -scoped_ptr<std::string> Credentials::GetCurrentCapString() { - ScopedCap current_cap(cap_get_proc()); - CHECK(current_cap); - ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); - CHECK(cap_text); - return scoped_ptr<std::string> (new std::string(cap_text.get())); -} - -} // namespace sandbox. diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h deleted file mode 100644 index 3ea3cfc..0000000 --- a/sandbox/linux/services/credentials.h +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ -#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ - -#include "build/build_config.h" -// Link errors are tedious to track, raise a compile-time error instead. -#if defined(OS_ANDROID) -#error "Android is not supported." -#endif // defined(OS_ANDROID). - -#include <string> - -#include "base/basictypes.h" -#include "base/memory/scoped_ptr.h" - -namespace sandbox { - -// This class should be used to manipulate the current process' credentials. -// It is currently a stub used to manipulate POSIX.1e capabilities as -// implemented by the Linux kernel. -class Credentials { - public: - Credentials(); - ~Credentials(); - - // Drop all capabilities in the effective, inheritable and permitted sets for - // the current process. - void DropAllCapabilities(); - // Return true iff there is any capability in any of the capabilities sets - // of the current process. - bool HasAnyCapability(); - // Returns the capabilities of the current process in textual form, as - // documented in libcap2's cap_to_text(3). This is mostly useful for - // debugging and tests. - scoped_ptr<std::string> GetCurrentCapString(); - - private: - DISALLOW_COPY_AND_ASSIGN(Credentials); -}; - -} // namespace sandbox. - -#endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc deleted file mode 100644 index 7c705a4..0000000 --- a/sandbox/linux/services/credentials_unittest.cc +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "sandbox/linux/services/credentials.h" - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "sandbox/linux/tests/unit_tests.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace sandbox { - -// Give dynamic tools a simple thing to test. -TEST(Credentials, CreateAndDestroy) { - { - Credentials cred1; - (void) cred1; - } - scoped_ptr<Credentials> cred2(new Credentials); -} - -SANDBOX_TEST(Credentials, DropAllCaps) { - Credentials creds; - creds.DropAllCapabilities(); - SANDBOX_ASSERT(!creds.HasAnyCapability()); -} - -SANDBOX_TEST(Credentials, GetCurrentCapString) { - Credentials creds; - creds.DropAllCapabilities(); - const char kNoCapabilityText[] = "="; - SANDBOX_ASSERT(*creds.GetCurrentCapString() == kNoCapabilityText); -} - -} // namespace sandbox. |