king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd5f7aa4152'
${ noResults }
v811_spc009/external/libbrillo/brillo/minijail/minijail.cc

190 lines
5.7 KiB
Raw Blame History

// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "brillo/minijail/minijail.h"
#include <sys/types.h>
#include <sys/wait.h>
using std::vector;
namespace brillo {
static base::LazyInstance<Minijail>::DestructorAtExit g_minijail
= LAZY_INSTANCE_INITIALIZER;
Minijail::Minijail() {}
Minijail::~Minijail() {}
// static
Minijail* Minijail::GetInstance() {
static Minijail* minijail = new Minijail();
return minijail;
}
struct minijail* Minijail::New() {
return minijail_new();
}
void Minijail::Destroy(struct minijail* jail) {
minijail_destroy(jail);
}
void Minijail::DropRoot(struct minijail* jail, uid_t uid, gid_t gid) {
minijail_change_uid(jail, uid);
minijail_change_gid(jail, gid);
}
bool Minijail::DropRoot(struct minijail* jail,
const char* user,
const char* group) {
// |user| and |group| are copied so the only reason either of these
// calls can fail is ENOMEM.
return !minijail_change_user(jail, user) &&
!minijail_change_group(jail, group);
}
void Minijail::EnterNewPidNamespace(struct minijail* jail) {
minijail_namespace_pids(jail);
}
void Minijail::MountTmp(struct minijail* jail) {
minijail_mount_tmp(jail);
}
void Minijail::UseSeccompFilter(struct minijail* jail, const char* path) {
minijail_no_new_privs(jail);
minijail_use_seccomp_filter(jail);
minijail_parse_seccomp_filters(jail, path);
}
void Minijail::UseCapabilities(struct minijail* jail, uint64_t capmask) {
minijail_use_caps(jail, capmask);
}
void Minijail::ResetSignalMask(struct minijail* jail) {
minijail_reset_signal_mask(jail);
}
void Minijail::CloseOpenFds(struct minijail* jail) {
minijail_close_open_fds(jail);
}
void Minijail::PreserveFd(struct minijail* jail, int parent_fd, int child_fd) {
minijail_preserve_fd(jail, parent_fd, child_fd);
}
void Minijail::Enter(struct minijail* jail) {
minijail_enter(jail);
}
bool Minijail::Run(struct minijail* jail, vector<char*> args, pid_t* pid) {
return minijail_run_pid(jail, args[0], args.data(), pid) == 0;
}
bool Minijail::RunSync(struct minijail* jail, vector<char*> args, int* status) {
pid_t pid;
if (Run(jail, args, &pid) && waitpid(pid, status, 0) == pid) {
return true;
}
return false;
}
bool Minijail::RunPipe(struct minijail* jail,
vector<char*> args,
pid_t* pid,
int* stdin) {
#if defined(__ANDROID__)
return minijail_run_pid_pipes_no_preload(jail, args[0], args.data(), pid,
stdin, NULL, NULL) == 0;
#else
return minijail_run_pid_pipes(jail, args[0], args.data(), pid, stdin, NULL,
NULL) == 0;
#endif // __ANDROID__
}
bool Minijail::RunPipes(struct minijail* jail,
vector<char*> args,
pid_t* pid,
int* stdin,
int* stdout,
int* stderr) {
#if defined(__ANDROID__)
return minijail_run_pid_pipes_no_preload(jail, args[0], args.data(), pid,
stdin, stdout, stderr) == 0;
#else
return minijail_run_pid_pipes(jail, args[0], args.data(), pid, stdin, stdout,
stderr) == 0;
#endif // __ANDROID__
}
bool Minijail::RunEnvPipes(struct minijail* jail,
vector<char*> args,
vector<char*> env,
pid_t* pid,
int* stdin,
int* stdout,
int* stderr) {
#if defined(__ANDROID__)
return minijail_run_env_pid_pipes_no_preload(jail, args[0], args.data(),
env.data(), pid, stdin, stdout,
stderr) == 0;
#else
return minijail_run_env_pid_pipes(jail, args[0], args.data(), env.data(), pid,
stdin, stdout, stderr) == 0;
#endif // __ANDROID__
}
bool Minijail::RunAndDestroy(struct minijail* jail,
vector<char*> args,
pid_t* pid) {
bool res = Run(jail, args, pid);
Destroy(jail);
return res;
}
bool Minijail::RunSyncAndDestroy(struct minijail* jail,
vector<char*> args,
int* status) {
bool res = RunSync(jail, args, status);
Destroy(jail);
return res;
}
bool Minijail::RunPipeAndDestroy(struct minijail* jail,
vector<char*> args,
pid_t* pid,
int* stdin) {
bool res = RunPipe(jail, args, pid, stdin);
Destroy(jail);
return res;
}
bool Minijail::RunPipesAndDestroy(struct minijail* jail,
vector<char*> args,
pid_t* pid,
int* stdin,
int* stdout,
int* stderr) {
bool res = RunPipes(jail, args, pid, stdin, stdout, stderr);
Destroy(jail);
return res;
}
bool Minijail::RunEnvPipesAndDestroy(struct minijail* jail,
vector<char*> args,
vector<char*> env,
pid_t* pid,
int* stdin,
int* stdout,
int* stderr) {
bool res = RunEnvPipes(jail, args, env, pid, stdin, stdout, stderr);
Destroy(jail);
return res;
}
} // namespace brillo
Reference in new issue View Git Blame Copy Permalink