1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_LINUX_SERVICES_PROC_UTIL_H_ 6 #define SANDBOX_LINUX_SERVICES_PROC_UTIL_H_ 7 8 #include "base/files/scoped_file.h" 9 #include "base/macros.h" 10 #include "sandbox/sandbox_export.h" 11 12 namespace sandbox { 13 14 class SANDBOX_EXPORT ProcUtil { 15 public: 16 // Returns the number of file descriptors in the current process's FD 17 // table, excluding |proc_fd|, which should be a file descriptor for 18 // /proc/. 19 static int CountOpenFds(int proc_fd); 20 21 // Checks whether the current process has any directory file descriptor open. 22 // Directory file descriptors are "capabilities" that would let a process use 23 // system calls such as openat() to bypass restrictions such as 24 // DropFileSystemAccess(). 25 // Sometimes it's useful to call HasOpenDirectory() after file system access 26 // has been dropped. In this case, |proc_fd| should be a file descriptor to 27 // /proc/. The file descriptor in |proc_fd| will be ignored by 28 // HasOpenDirectory() and remains owned by the caller. It is very important 29 // for the caller to close it. 30 static bool HasOpenDirectory(int proc_fd) WARN_UNUSED_RESULT; 31 static bool HasOpenDirectory() WARN_UNUSED_RESULT; 32 33 // Open /proc/ or crash if not possible. 34 static base::ScopedFD OpenProc(); 35 36 private: 37 DISALLOW_IMPLICIT_CONSTRUCTORS(ProcUtil); 38 }; 39 40 } // namespace sandbox 41 42 #endif // SANDBOX_LINUX_SERVICES_PROC_UTIL_H_ 43