summaryrefslogtreecommitdiffstats
path: root/sandbox
diff options
context:
space:
mode:
authorilevy@chromium.org <ilevy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-05 06:35:47 +0000
committerilevy@chromium.org <ilevy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-05 06:35:47 +0000
commitcd7db286804526957c8f98748e615c2e4a33f71c (patch)
tree4cf960c507e3594a6f0e59a32b5b61c53032861a /sandbox
parent83d3c0c15a92aa6b20456ad83f56739206afcdd9 (diff)
downloadchromium_src-cd7db286804526957c8f98748e615c2e4a33f71c.zip
chromium_src-cd7db286804526957c8f98748e615c2e4a33f71c.tar.gz
chromium_src-cd7db286804526957c8f98748e615c2e4a33f71c.tar.bz2
Revert 232852 "Linux: add a Credentials class to handle Linux ca..."
Causing 30-50% rate failure in slave* trybots. I'm sorry Julien. :-\ > Linux: add a Credentials class to handle Linux capabilities. > > (This is a re-land of https://chromiumcodereview.appspot.com/51113009/) > > BUG=312380 > TBR=jorgelo@chromium.org > > Review URL: https://codereview.chromium.org/58693002 TBR=jln@chromium.org Review URL: https://codereview.chromium.org/59073002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232927 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r--sandbox/linux/sandbox_linux.gypi14
-rw-r--r--sandbox/linux/sandbox_linux_test_sources.gypi5
-rw-r--r--sandbox/linux/services/credentials.cc67
-rw-r--r--sandbox/linux/services/credentials.h46
-rw-r--r--sandbox/linux/services/credentials_unittest.cc36
5 files changed, 0 insertions, 168 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index 3b2df8b..29639f8 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -7,10 +7,8 @@
'conditions': [
['OS=="linux"', {
'compile_suid_client': 1,
- 'compile_credentials': 1,
}, {
'compile_suid_client': 0,
- 'compile_credentials': 0,
}],
['((OS=="linux" or OS=="android") and '
'(target_arch=="ia32" or target_arch=="x64" or '
@@ -151,18 +149,6 @@
'dependencies': [
'../base/base.gyp:base',
],
- 'conditions': [
- ['compile_credentials==1', {
- 'sources': [
- 'services/credentials.cc',
- 'services/credentials.h',
- ],
- 'dependencies': [
- # for capabilities.cc.
- '../build/linux/system.gyp:libcap',
- ],
- }],
- ],
'include_dirs': [
'..',
],
diff --git a/sandbox/linux/sandbox_linux_test_sources.gypi b/sandbox/linux/sandbox_linux_test_sources.gypi
index 21c4214..81190cd 100644
--- a/sandbox/linux/sandbox_linux_test_sources.gypi
+++ b/sandbox/linux/sandbox_linux_test_sources.gypi
@@ -35,10 +35,5 @@
'seccomp-bpf/syscall_unittest.cc',
],
}],
- [ 'compile_credentials==1', {
- 'sources': [
- 'services/credentials_unittest.cc',
- ],
- }],
],
}
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
deleted file mode 100644
index a6387d2..0000000
--- a/sandbox/linux/services/credentials.cc
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/linux/services/credentials.h"
-
-#include <stdio.h>
-#include <sys/capability.h>
-
-#include "base/basictypes.h"
-#include "base/logging.h"
-
-namespace {
-
-struct CapFreeDeleter {
- inline void operator()(cap_t cap) const {
- int ret = cap_free(cap);
- CHECK_EQ(0, ret);
- }
-};
-
-// Wrapper to manage libcap2's cap_t type.
-typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap;
-
-struct CapTextFreeDeleter {
- inline void operator()(char* cap_text) const {
- int ret = cap_free(cap_text);
- CHECK_EQ(0, ret);
- }
-};
-
-// Wrapper to manage the result from libcap2's cap_from_text().
-typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText;
-
-} // namespace.
-
-namespace sandbox {
-
-Credentials::Credentials() {
-}
-
-Credentials::~Credentials() {
-}
-
-void Credentials::DropAllCapabilities() {
- ScopedCap cap(cap_init());
- CHECK(cap);
- PCHECK(0 == cap_set_proc(cap.get()));
-}
-
-bool Credentials::HasAnyCapability() {
- ScopedCap current_cap(cap_get_proc());
- CHECK(current_cap);
- ScopedCap empty_cap(cap_init());
- CHECK(empty_cap);
- return cap_compare(current_cap.get(), empty_cap.get()) != 0;
-}
-
-scoped_ptr<std::string> Credentials::GetCurrentCapString() {
- ScopedCap current_cap(cap_get_proc());
- CHECK(current_cap);
- ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL));
- CHECK(cap_text);
- return scoped_ptr<std::string> (new std::string(cap_text.get()));
-}
-
-} // namespace sandbox.
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h
deleted file mode 100644
index 3ea3cfc..0000000
--- a/sandbox/linux/services/credentials.h
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
-#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
-
-#include "build/build_config.h"
-// Link errors are tedious to track, raise a compile-time error instead.
-#if defined(OS_ANDROID)
-#error "Android is not supported."
-#endif // defined(OS_ANDROID).
-
-#include <string>
-
-#include "base/basictypes.h"
-#include "base/memory/scoped_ptr.h"
-
-namespace sandbox {
-
-// This class should be used to manipulate the current process' credentials.
-// It is currently a stub used to manipulate POSIX.1e capabilities as
-// implemented by the Linux kernel.
-class Credentials {
- public:
- Credentials();
- ~Credentials();
-
- // Drop all capabilities in the effective, inheritable and permitted sets for
- // the current process.
- void DropAllCapabilities();
- // Return true iff there is any capability in any of the capabilities sets
- // of the current process.
- bool HasAnyCapability();
- // Returns the capabilities of the current process in textual form, as
- // documented in libcap2's cap_to_text(3). This is mostly useful for
- // debugging and tests.
- scoped_ptr<std::string> GetCurrentCapString();
-
- private:
- DISALLOW_COPY_AND_ASSIGN(Credentials);
-};
-
-} // namespace sandbox.
-
-#endif // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
deleted file mode 100644
index 7c705a4..0000000
--- a/sandbox/linux/services/credentials_unittest.cc
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/linux/services/credentials.h"
-
-#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "sandbox/linux/tests/unit_tests.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-namespace sandbox {
-
-// Give dynamic tools a simple thing to test.
-TEST(Credentials, CreateAndDestroy) {
- {
- Credentials cred1;
- (void) cred1;
- }
- scoped_ptr<Credentials> cred2(new Credentials);
-}
-
-SANDBOX_TEST(Credentials, DropAllCaps) {
- Credentials creds;
- creds.DropAllCapabilities();
- SANDBOX_ASSERT(!creds.HasAnyCapability());
-}
-
-SANDBOX_TEST(Credentials, GetCurrentCapString) {
- Credentials creds;
- creds.DropAllCapabilities();
- const char kNoCapabilityText[] = "=";
- SANDBOX_ASSERT(*creds.GetCurrentCapString() == kNoCapabilityText);
-}
-
-} // namespace sandbox.