StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Remove dead code

Browse Source 
IPC always creates comms object from a fd.

PiperOrigin-RevId: 248683525
Change-Id: Ib4285ec0494d551257237c12f92f983b943205cb
This commit is contained in:
Wiktor Garbacz 2019-05-17 02:01:44 -07:00 committed by Copybara-Service
parent 8678af23d0
commit 34d17b77ac
2 changed files with 2 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
sandboxed_api/sandbox2/monitor.cc
View File

@ -113,6 +113,8 @@ Monitor::Monitor(Executor* executor, Policy* policy, Notify* notify)
comms_(executor_->ipc()->comms()),
ipc_(executor_->ipc()),
wait_for_execve_(executor->enable_sandboxing_pre_execve_) {
// It's a pre-connected Comms channel, no need to accept new connection.
CHECK(comms_->IsConnected());
std::string path =
absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all_and_log);
external_kill_request_flag_.test_and_set(std::memory_order_relaxed);
@ -206,10 +208,6 @@ void Monitor::Run() {
SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_NOTIFY);
return;
}
if (!InitAcceptConnection()) {
SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_CONNECTION);
return;
}
if (!InitSendIPC()) {
SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_IPC);
return;
@ -648,36 +646,6 @@ bool Monitor::InitPtraceAttach() {
return true;
}
bool Monitor::InitAcceptConnection() {
// It's a pre-connected Comms channel, no need to accept new connection or
// verify the peer (sandboxee).
if (comms_->IsConnected()) {
return true;
}
if (!comms_->Accept()) {
return false;
}
// Check whether the PID which has connected to us, is the PID we're
// expecting.
pid_t cred_pid;
uid_t cred_uid;
gid_t cred_gid;
if (!comms_->RecvCreds(&cred_pid, &cred_uid, &cred_gid)) {
LOG(ERROR) << "Couldn't receive credentials";
return false;
}
if (pid_ != cred_pid) {
LOG(ERROR) << "Initial PID (" << pid_ << ") differs from the PID received "
<< "from the peer (" << cred_pid << ")";
return false;
}
return true;
}
void Monitor::ActionProcessSyscall(Regs* regs, const Syscall& syscall) {
// If the sandboxing is not enabled yet, allow the first __NR_execveat.
if (syscall.nr() == __NR_execveat && !IsActivelyMonitoring()) {

4
sandboxed_api/sandbox2/monitor.h
View File

@ -78,10 +78,6 @@ class Monitor final {
// Returns success/failure status.
bool InitPtraceAttach();
// Waits for the Client to connect.
// Returns success/failure status.
bool InitAcceptConnection();
// Sets up required signal masks/handlers; prepare mask for sigtimedwait().
bool InitSetupSignals(sigset_t* sset);