Linux: add a Credentials class to handle Linux capabilities.

(This is a re-land of https://chromiumcodereview.appspot.com/51113009/)

BUG=312380
TBR=jorgelo@chromium.org

Review URL: https://codereview.chromium.org/55603003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232837 0039d316-1c4b-4281-b951-d872f2087c98

sandbox/linux/sandbox_linux.gypi

@@ -7,8 +7,10 @@
     'conditions': [
       ['OS=="linux"', {
         'compile_suid_client': 1,
+        'compile_credentials': 1,
       }, {
         'compile_suid_client': 0,
+        'compile_credentials': 0,
       }],
       ['((OS=="linux" or OS=="android") and '
              '(target_arch=="ia32" or target_arch=="x64" or '
@@ -149,6 +151,18 @@
       'dependencies': [
         '../base/base.gyp:base',
       ],
+      'conditions': [
+        ['compile_credentials==1', {
+          'sources': [
+            'services/credentials.cc',
+            'services/credentials.h',
+          ],
+          'dependencies': [
+            # for capabilities.cc.
+            '../build/linux/system.gyp:libcap',
+          ],
+        }],
+      ],
       'include_dirs': [
         '..',
       ],

sandbox/linux/sandbox_linux_test_sources.gypi

@@ -35,5 +35,10 @@
         'seccomp-bpf/syscall_unittest.cc',
       ],
     }],
+    [ 'compile_credentials==1', {
+      'sources': [
+        'services/credentials_unittest.cc',
+      ],
+    }],
   ],
 }

sandbox/linux/services/credentials.cc

@@ -0,0 +1,67 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/services/credentials.h"
+
+#include <stdio.h>
+#include <sys/capability.h>
+
+#include "base/basictypes.h"
+#include "base/logging.h"
+
+namespace {
+
+struct CapFreeDeleter {
+  inline void operator()(cap_t cap) const {
+    int ret = cap_free(cap);
+    CHECK_EQ(0, ret);
+  }
+};
+
+// Wrapper to manage libcap2's cap_t type.
+typedef scoped_ptr<typeof(*((cap_t)0)), CapFreeDeleter> ScopedCap;
+
+struct CapTextFreeDeleter {
+  inline void operator()(char* cap_text) const {
+    int ret = cap_free(cap_text);
+    CHECK_EQ(0, ret);
+  }
+};
+
+// Wrapper to manage the result from libcap2's cap_from_text().
+typedef scoped_ptr<char, CapTextFreeDeleter> ScopedCapText;
+
+}  // namespace.
+
+namespace sandbox {
+
+Credentials::Credentials() {
+}
+
+Credentials::~Credentials() {
+}
+
+void Credentials::DropAllCapabilities() {
+  ScopedCap cap(cap_init());
+  CHECK(cap);
+  PCHECK(0 == cap_set_proc(cap.get()));
+}
+
+bool Credentials::HasAnyCapability() {
+  ScopedCap current_cap(cap_get_proc());
+  CHECK(current_cap);
+  ScopedCap empty_cap(cap_init());
+  CHECK(empty_cap);
+  return cap_compare(current_cap.get(), empty_cap.get()) != 0;
+}
+
+scoped_ptr<std::string> Credentials::GetCurrentCapString() {
+  ScopedCap current_cap(cap_get_proc());
+  CHECK(current_cap);
+  ScopedCapText cap_text(cap_to_text(current_cap.get(), NULL));
+  CHECK(cap_text);
+  return scoped_ptr<std::string> (new std::string(cap_text.get()));
+}
+
+}  // namespace sandbox.

sandbox/linux/services/credentials.h

@@ -0,0 +1,46 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+#define SANDBOX_LINUX_SERVICES_CREDENTIALS_H_
+
+#include "build/build_config.h"
+// Link errors are tedious to track, raise a compile-time error instead.
+#if defined(OS_ANDROID)
+#error "Android is not supported."
+#endif  // defined(OS_ANDROID).
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+
+namespace sandbox {
+
+// This class should be used to manipulate the current process' credentials.
+// It is currently a stub used to manipulate POSIX.1e capabilities as
+// implemented by the Linux kernel.
+class Credentials {
+ public:
+  Credentials();
+  ~Credentials();
+
+  // Drop all capabilities in the effective, inheritable and permitted sets for
+  // the current process.
+  void DropAllCapabilities();
+  // Return true iff there is any capability in any of the capabilities sets
+  // of the current process.
+  bool HasAnyCapability();
+  // Returns the capabilities of the current process in textual form, as
+  // documented in libcap2's cap_to_text(3). This is mostly useful for
+  // debugging and tests.
+  scoped_ptr<std::string> GetCurrentCapString();
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(Credentials);
+};
+
+}  // namespace sandbox.
+
+#endif  // SANDBOX_LINUX_SERVICES_CREDENTIALS_H_

sandbox/linux/services/credentials_unittest.cc

@@ -0,0 +1,36 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/linux/services/credentials.h"
+
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/tests/unit_tests.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace sandbox {
+
+// Give dynamic tools a simple thing to test.
+TEST(Credentials, CreateAndDestroy) {
+  {
+    Credentials cred1;
+    (void) cred1;
+  }
+  scoped_ptr<Credentials> cred2(new Credentials);
+}
+
+SANDBOX_TEST(Credentials, DropAllCaps) {
+  Credentials creds;
+  creds.DropAllCapabilities();
+  SANDBOX_ASSERT(!creds.HasAnyCapability());
+}
+
+SANDBOX_TEST(Credentials, GetCurrentCapString) {
+  Credentials creds;
+  creds.DropAllCapabilities();
+  const char kNoCapabilityText[] = "=";
+  SANDBOX_ASSERT(*creds.GetCurrentCapString() == kNoCapabilityText);
+}
+
+}  // namespace sandbox.