summaryrefslogtreecommitdiffstats
path: root/sandbox
diff options
context:
space:
mode:
authorjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-04 23:41:46 +0000
committerjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-04 23:41:46 +0000
commit42d50c7e9415ada8967545df7d3a3eb30a79e7af (patch)
tree1b7135192e4a4f991f469eacb768b2009a96fcfc /sandbox
parente96b41e842a83c997f9d93f92cf4bdda5d47542c (diff)
downloadchromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.zip
chromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.tar.gz
chromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.tar.bz2
Linux: add a Credentials class to handle Linux capabilities.
(This is a re-land of https://chromiumcodereview.appspot.com/51113009/) BUG=312380 TBR=jorgelo@chromium.org Review URL: https://codereview.chromium.org/55603003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232837 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r--sandbox/linux/sandbox_linux.gypi14
-rw-r--r--sandbox/linux/sandbox_linux_test_sources.gypi5
-rw-r--r--sandbox/linux/services/credentials.cc67
-rw-r--r--sandbox/linux/services/credentials.h46
-rw-r--r--sandbox/linux/services/credentials_unittest.cc36
5 files changed, 168 insertions, 0 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index 29639f8..3b2df8b 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -7,8 +7,10 @@
'conditions': [
['OS=="linux"', {
'compile_suid_client': 1,
+ 'compile_credentials': 1,
}, {
'compile_suid_client': 0,
+ 'compile_credentials': 0,
}],
['((OS=="linux" or OS=="android") and '
'(target_arch=="ia32" or target_arch=="x64" or '
@@ -149,6 +151,18 @@
'dependencies': [
'../base/base.gyp:base',
],
+ 'conditions': [
+ ['compile_credentials==1', {
+ 'sources': [
+ 'services/credentials.cc',
+ 'services/credentials.h',
+ ],
+ 'dependencies': [
+ # for capabilities.cc.
+ '../build/linux/system.gyp:libcap',
+ ],
+ }],
+ ],
'include_dirs': [
'..',
],
diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi
index 81190cd..21c4214 100644
--- a/sandbox/linux/sandbox_linux_test_sources.gypi
+++ b/sandbox/linux/sandbox_linux_test_sources.gypi
@@ -35,5 +35,10 @@
'seccomp-bpf/syscall_unittest.cc',
],
}],
+ [ 'compile_credentials==1', {
+ 'sources': [
+ 'services/credentials_unittest.cc',
+ ],
+ }],
],
}
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
new file mode 100644
index 0000000..a6387d2
--- /dev/null
+++ b/sandbox/linux/services/credentials.cc
@@ -0,0 +1,67 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/services/credentials.h"
+
+#include <stdio.h>
+#include <sys/capability.h>
+
+#include "base/basictypes.h"
+#include "base/logging.h"
+
+namespace {
+
+struct CapFreeDeleter {
+ inline void operator()(cap_t cap) const {
+ int ret = cap_free(cap);
+ CHECK_EQ(0, ret);
+ }
+};
+
+// Wrapper to manage libcap2's cap_t type.
+typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap;
+
+struct CapTextFreeDeleter {
+ inline void operator()(char* cap_text) const {
+ int ret = cap_free(cap_text);
+ CHECK_EQ(0, ret);
+ }
+};
+
+// Wrapper to manage the result from libcap2's cap_from_text().
+typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText;
+
+} // namespace.
+
+namespace sandbox {
+
+Credentials::Credentials() {
+}
+
+Credentials::~Credentials() {
+}
+
+void Credentials::DropAllCapabilities() {
+ ScopedCap cap(cap_init());
+ CHECK(cap);
+ PCHECK(0 == cap_set_proc(cap.get()));
+}
+
+bool Credentials::HasAnyCapability() {
+ ScopedCap current_cap(cap_get_proc());
+ CHECK(current_cap);
+ ScopedCap empty_cap(cap_init());
+ CHECK(empty_cap);
+ return cap_compare(current_cap.get(), empty_cap.get()) != 0;
+}
+
+scoped_ptr<std::string> Credentials::GetCurrentCapString() {
+ ScopedCap current_cap(cap_get_proc());
+ CHECK(current_cap);
+ ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL));
+ CHECK(cap_text);
+ return scoped_ptr<std::string> (new std::string(cap_text.get()));
+}
+
+} // namespace sandbox.
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h
new file mode 100644
index 0000000..3ea3cfc
--- /dev/null
+++ b/sandbox/linux/services/credentials.h
@@ -0,0 +1,46 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+
+#include "build/build_config.h"
+// Link errors are tedious to track, raise a compile-time error instead.
+#if defined(OS_ANDROID)
+#error "Android is not supported."
+#endif // defined(OS_ANDROID).
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+
+namespace sandbox {
+
+// This class should be used to manipulate the current process' credentials.
+// It is currently a stub used to manipulate POSIX.1e capabilities as
+// implemented by the Linux kernel.
+class Credentials {
+ public:
+ Credentials();
+ ~Credentials();
+
+ // Drop all capabilities in the effective, inheritable and permitted sets for
+ // the current process.
+ void DropAllCapabilities();
+ // Return true iff there is any capability in any of the capabilities sets
+ // of the current process.
+ bool HasAnyCapability();
+ // Returns the capabilities of the current process in textual form, as
+ // documented in libcap2's cap_to_text(3). This is mostly useful for
+ // debugging and tests.
+ scoped_ptr<std::string> GetCurrentCapString();
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(Credentials);
+};
+
+} // namespace sandbox.
+
+#endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
new file mode 100644
index 0000000..7c705a4
--- /dev/null
+++ b/sandbox/linux/services/credentials_unittest.cc
@@ -0,0 +1,36 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/services/credentials.h"
+
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/tests/unit_tests.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace sandbox {
+
+// Give dynamic tools a simple thing to test.
+TEST(Credentials, CreateAndDestroy) {
+ {
+ Credentials cred1;
+ (void) cred1;
+ }
+ scoped_ptr<Credentials> cred2(new Credentials);
+}
+
+SANDBOX_TEST(Credentials, DropAllCaps) {
+ Credentials creds;
+ creds.DropAllCapabilities();
+ SANDBOX_ASSERT(!creds.HasAnyCapability());
+}
+
+SANDBOX_TEST(Credentials, GetCurrentCapString) {
+ Credentials creds;
+ creds.DropAllCapabilities();
+ const char kNoCapabilityText[] = "=";
+ SANDBOX_ASSERT(*creds.GetCurrentCapString() == kNoCapabilityText);
+}
+
+} // namespace sandbox.