diff options
author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-04 23:41:46 +0000 |
---|---|---|
committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-04 23:41:46 +0000 |
commit | 42d50c7e9415ada8967545df7d3a3eb30a79e7af (patch) | |
tree | 1b7135192e4a4f991f469eacb768b2009a96fcfc /sandbox | |
parent | e96b41e842a83c997f9d93f92cf4bdda5d47542c (diff) | |
download | chromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.zip chromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.tar.gz chromium_src-42d50c7e9415ada8967545df7d3a3eb30a79e7af.tar.bz2 |
Linux: add a Credentials class to handle Linux capabilities.
(This is a re-land of https://chromiumcodereview.appspot.com/51113009/)
BUG=312380
TBR=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/55603003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232837 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/linux/sandbox_linux.gypi | 14 | ||||
-rw-r--r-- | sandbox/linux/sandbox_linux_test_sources.gypi | 5 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.cc | 67 | ||||
-rw-r--r-- | sandbox/linux/services/credentials.h | 46 | ||||
-rw-r--r-- | sandbox/linux/services/credentials_unittest.cc | 36 |
5 files changed, 168 insertions, 0 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi index 29639f8..3b2df8b 100644 --- a/sandbox/linux/sandbox_linux.gypi +++ b/sandbox/linux/sandbox_linux.gypi @@ -7,8 +7,10 @@ 'conditions': [ ['OS=="linux"', { 'compile_suid_client': 1, + 'compile_credentials': 1, }, { 'compile_suid_client': 0, + 'compile_credentials': 0, }], ['((OS=="linux" or OS=="android") and ' '(target_arch=="ia32" or target_arch=="x64" or ' @@ -149,6 +151,18 @@ 'dependencies': [ '../base/base.gyp:base', ], + 'conditions': [ + ['compile_credentials==1', { + 'sources': [ + 'services/credentials.cc', + 'services/credentials.h', + ], + 'dependencies': [ + # for capabilities.cc. + '../build/linux/system.gyp:libcap', + ], + }], + ], 'include_dirs': [ '..', ], diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi index 81190cd..21c4214 100644 --- a/sandbox/linux/sandbox_linux_test_sources.gypi +++ b/sandbox/linux/sandbox_linux_test_sources.gypi @@ -35,5 +35,10 @@ 'seccomp-bpf/syscall_unittest.cc', ], }], + [ 'compile_credentials==1', { + 'sources': [ + 'services/credentials_unittest.cc', + ], + }], ], } diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc new file mode 100644 index 0000000..a6387d2 --- /dev/null +++ b/sandbox/linux/services/credentials.cc @@ -0,0 +1,67 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/linux/services/credentials.h" + +#include <stdio.h> +#include <sys/capability.h> + +#include "base/basictypes.h" +#include "base/logging.h" + +namespace { + +struct CapFreeDeleter { + inline void operator()(cap_t cap) const { + int ret = cap_free(cap); + CHECK_EQ(0, ret); + } +}; + +// Wrapper to manage libcap2's cap_t type. +typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap; + +struct CapTextFreeDeleter { + inline void operator()(char* cap_text) const { + int ret = cap_free(cap_text); + CHECK_EQ(0, ret); + } +}; + +// Wrapper to manage the result from libcap2's cap_from_text(). +typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText; + +} // namespace. + +namespace sandbox { + +Credentials::Credentials() { +} + +Credentials::~Credentials() { +} + +void Credentials::DropAllCapabilities() { + ScopedCap cap(cap_init()); + CHECK(cap); + PCHECK(0 == cap_set_proc(cap.get())); +} + +bool Credentials::HasAnyCapability() { + ScopedCap current_cap(cap_get_proc()); + CHECK(current_cap); + ScopedCap empty_cap(cap_init()); + CHECK(empty_cap); + return cap_compare(current_cap.get(), empty_cap.get()) != 0; +} + +scoped_ptr<std::string> Credentials::GetCurrentCapString() { + ScopedCap current_cap(cap_get_proc()); + CHECK(current_cap); + ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL)); + CHECK(cap_text); + return scoped_ptr<std::string> (new std::string(cap_text.get())); +} + +} // namespace sandbox. diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h new file mode 100644 index 0000000..3ea3cfc --- /dev/null +++ b/sandbox/linux/services/credentials.h @@ -0,0 +1,46 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ +#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ + +#include "build/build_config.h" +// Link errors are tedious to track, raise a compile-time error instead. +#if defined(OS_ANDROID) +#error "Android is not supported." +#endif // defined(OS_ANDROID). + +#include <string> + +#include "base/basictypes.h" +#include "base/memory/scoped_ptr.h" + +namespace sandbox { + +// This class should be used to manipulate the current process' credentials. +// It is currently a stub used to manipulate POSIX.1e capabilities as +// implemented by the Linux kernel. +class Credentials { + public: + Credentials(); + ~Credentials(); + + // Drop all capabilities in the effective, inheritable and permitted sets for + // the current process. + void DropAllCapabilities(); + // Return true iff there is any capability in any of the capabilities sets + // of the current process. + bool HasAnyCapability(); + // Returns the capabilities of the current process in textual form, as + // documented in libcap2's cap_to_text(3). This is mostly useful for + // debugging and tests. + scoped_ptr<std::string> GetCurrentCapString(); + + private: + DISALLOW_COPY_AND_ASSIGN(Credentials); +}; + +} // namespace sandbox. + +#endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_ diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc new file mode 100644 index 0000000..7c705a4 --- /dev/null +++ b/sandbox/linux/services/credentials_unittest.cc @@ -0,0 +1,36 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/linux/services/credentials.h" + +#include "base/logging.h" +#include "base/memory/scoped_ptr.h" +#include "sandbox/linux/tests/unit_tests.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace sandbox { + +// Give dynamic tools a simple thing to test. +TEST(Credentials, CreateAndDestroy) { + { + Credentials cred1; + (void) cred1; + } + scoped_ptr<Credentials> cred2(new Credentials); +} + +SANDBOX_TEST(Credentials, DropAllCaps) { + Credentials creds; + creds.DropAllCapabilities(); + SANDBOX_ASSERT(!creds.HasAnyCapability()); +} + +SANDBOX_TEST(Credentials, GetCurrentCapString) { + Credentials creds; + creds.DropAllCapabilities(); + const char kNoCapabilityText[] = "="; + SANDBOX_ASSERT(*creds.GetCurrentCapString() == kNoCapabilityText); +} + +} // namespace sandbox. |