// Copyright 2015 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "sandbox/linux/suid/client/setuid_sandbox_host.h" #include <fcntl.h> #include <stddef.h> #include <stdlib.h> #include <sys/stat.h> #include <unistd.h> #include <memory> #include <string> #include <utility> #include "base/command_line.h" #include "base/environment.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/files/scoped_file.h" #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/path_service.h" #include "base/posix/eintr_wrapper.h" #include "base/process/launch.h" #include "base/process/process_metrics.h" #include "base/strings/string_number_conversions.h" #include "sandbox/linux/suid/common/sandbox.h" #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h" namespace sandbox { namespace { // Set an environment variable that reflects the API version we expect from the // setuid sandbox. Old versions of the sandbox will ignore this. void SetSandboxAPIEnvironmentVariable(base::Environment* env) { … } // Unset environment variables that are expected to be set by the setuid // sandbox. This is to allow nesting of one instance of the SUID sandbox // inside another. void UnsetExpectedEnvironmentVariables(base::EnvironmentMap* env_map) { … } // Wrapper around a shared C function. // Returns the "saved" environment variable name corresponding to |envvar| // in a new string or NULL. std::string* CreateSavedVariableName(const char* env_var) { … } // The ELF loader will clear many environment variables so we save them to // different names here so that the SUID sandbox can resolve them for the // renderer. void SaveSUIDUnsafeEnvironmentVariables(base::Environment* env) { … } const char* GetDevelSandboxPath() { … } } // namespace std::unique_ptr<SetuidSandboxHost> SetuidSandboxHost::Create() { … } SetuidSandboxHost::SetuidSandboxHost(std::unique_ptr<base::Environment> env) : … { … } SetuidSandboxHost::~SetuidSandboxHost() = default; // Check if CHROME_DEVEL_SANDBOX is set but empty. This currently disables // the setuid sandbox. TODO(jln): fix this (crbug.com/245376). bool SetuidSandboxHost::IsDisabledViaEnvironment() { … } base::FilePath SetuidSandboxHost::GetSandboxBinaryPath() { … } void SetuidSandboxHost::PrependWrapper(base::CommandLine* cmd_line) { … } void SetuidSandboxHost::SetupLaunchOptions( base::LaunchOptions* options, base::ScopedFD* dummy_fd) { … } void SetuidSandboxHost::SetupLaunchEnvironment() { … } } // namespace sandbox
Codebase Browser
chromium