scoped_file.cc revision a1401311d1ab56c4ed0a474bd38c108f75cb0cd9
1a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// found in the LICENSE file. 4a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 5a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/files/scoped_file.h" 6a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 7a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/logging.h" 8a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 9a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_POSIX) 10a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <unistd.h> 11a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 12a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/posix/eintr_wrapper.h" 13a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 14a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 15a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)namespace base { 16a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)namespace internal { 17a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 18a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(OS_POSIX) 19a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 20a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// static 21a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)void ScopedFDCloseTraits::Free(int fd) { 22a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // It's important to crash here. 23a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // There are security implications to not closing a file descriptor 24a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // properly. As file descriptors are "capabilities", keeping them open 25a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // would make the current process keep access to a resource. Much of 26a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Chrome relies on being able to "drop" such access. 27a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // It's especially problematic on Linux with the setuid sandbox, where 28a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // a single open directory would bypass the entire security model. 29a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) PCHECK(0 == IGNORE_EINTR(close(fd))); 30a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} 31a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 32a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif // OS_POSIX 33a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 34a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} // namespace internal 35a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} // namespace base 36