Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
// Copyright 2014 The Crashpad Authors. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
#ifndef CRASHPAD_UTIL_POSIX_PROCESS_INFO_H_
|
|
|
|
|
#define CRASHPAD_UTIL_POSIX_PROCESS_INFO_H_
|
|
|
|
|
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
#include <set>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
2016-01-06 12:22:50 -05:00
|
|
|
|
#include "base/macros.h"
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
#include "build/build_config.h"
|
2017-03-15 00:09:28 -04:00
|
|
|
|
#include "util/misc/initialization_state.h"
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
#include "util/misc/initialization_state_dcheck.h"
|
|
|
|
|
|
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
#include <mach/mach.h>
|
2016-10-31 15:48:24 -04:00
|
|
|
|
#include <sys/sysctl.h>
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
namespace crashpad {
|
|
|
|
|
|
|
|
|
|
class ProcessInfo {
|
|
|
|
|
public:
|
|
|
|
|
ProcessInfo();
|
|
|
|
|
~ProcessInfo();
|
|
|
|
|
|
|
|
|
|
//! \brief Initializes this object with information about the process whose ID
|
|
|
|
|
//! is \a pid.
|
|
|
|
|
//!
|
|
|
|
|
//! This method must be called successfully prior to calling any other method
|
|
|
|
|
//! in this class. This method may only be called once.
|
|
|
|
|
//!
|
|
|
|
|
//! It is unspecified whether the information that an object of this class
|
|
|
|
|
//! returns is loaded at the time Initialize() is called or subsequently, and
|
|
|
|
|
//! whether this information is cached in the object or not.
|
|
|
|
|
//!
|
|
|
|
|
//! \param[in] pid The process ID to obtain information for.
|
|
|
|
|
//!
|
|
|
|
|
//! \return `true` on success, `false` on failure with a message logged.
|
|
|
|
|
bool Initialize(pid_t pid);
|
|
|
|
|
|
|
|
|
|
#if defined(OS_MACOSX) || DOXYGEN
|
|
|
|
|
//! \brief Initializes this object with information about a process based on
|
|
|
|
|
//! its Mach task.
|
|
|
|
|
//!
|
|
|
|
|
//! This method serves as a stand-in for Initialize() and may be called in its
|
|
|
|
|
//! place with the same restrictions and considerations.
|
|
|
|
|
//!
|
|
|
|
|
//! \param[in] task The Mach task to obtain information for.
|
|
|
|
|
//!
|
|
|
|
|
//! \return `true` on success, `false` on failure with an message logged.
|
|
|
|
|
bool InitializeFromTask(task_t task);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
//! \return The target task’s process ID.
|
|
|
|
|
pid_t ProcessID() const;
|
|
|
|
|
|
|
|
|
|
//! \return The target task’s parent process ID.
|
|
|
|
|
pid_t ParentProcessID() const;
|
|
|
|
|
|
|
|
|
|
//! \return The target process’ real user ID as would be returned to it by
|
|
|
|
|
//! `getuid()`.
|
|
|
|
|
uid_t RealUserID() const;
|
|
|
|
|
|
|
|
|
|
//! \return The target process’ effective user ID as would be returned to it
|
|
|
|
|
//! by `geteuid()`.
|
|
|
|
|
uid_t EffectiveUserID() const;
|
|
|
|
|
|
|
|
|
|
//! \return The target process’ saved set-user ID.
|
|
|
|
|
uid_t SavedUserID() const;
|
|
|
|
|
|
|
|
|
|
//! \return the target process’ real group ID as would be returned to it by
|
|
|
|
|
//! `getgid()`.
|
|
|
|
|
gid_t RealGroupID() const;
|
|
|
|
|
|
|
|
|
|
//! \return the target process’ effective group ID as would be returned to it
|
|
|
|
|
//! by `getegid()`.
|
|
|
|
|
gid_t EffectiveGroupID() const;
|
|
|
|
|
|
|
|
|
|
//! \return The target process’ saved set-group ID.
|
|
|
|
|
gid_t SavedGroupID() const;
|
|
|
|
|
|
|
|
|
|
//! \return the target process’ supplementary group list as would be returned
|
|
|
|
|
//! to it by `getgroups()`.
|
|
|
|
|
std::set<gid_t> SupplementaryGroups() const;
|
|
|
|
|
|
|
|
|
|
//! \return All groups that the target process claims membership in, including
|
|
|
|
|
//! RealGroupID(), EffectiveGroupID(), SavedGroupID(), and
|
|
|
|
|
//! SupplementaryGroups().
|
|
|
|
|
std::set<gid_t> AllGroups() const;
|
|
|
|
|
|
|
|
|
|
//! \brief Determines whether the target process has changed privileges.
|
|
|
|
|
//!
|
|
|
|
|
//! A process is considered to have changed privileges if it has changed its
|
|
|
|
|
//! real, effective, or saved set-user or group IDs with the `setuid()`,
|
|
|
|
|
//! `seteuid()`, `setreuid()`, `setgid()`, `setegid()`, or `setregid()` system
|
|
|
|
|
//! calls since its most recent `execve()`, or if its privileges changed at
|
|
|
|
|
//! `execve()` as a result of executing a setuid or setgid executable.
|
|
|
|
|
bool DidChangePrivileges() const;
|
|
|
|
|
|
2017-03-15 00:09:28 -04:00
|
|
|
|
//! \brief Determines the target process’ bitness.
|
|
|
|
|
//!
|
|
|
|
|
//! \param[out] is_64_bit `true` if the target task is a 64-bit process.
|
|
|
|
|
//!
|
|
|
|
|
//! \return `true` on success, with \a is_64_bit set. Otherwise, `false` with
|
|
|
|
|
//! a message logged.
|
|
|
|
|
bool Is64Bit(bool* is_64_bit) const;
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
|
|
|
|
|
//! \brief Determines the target process’ start time.
|
|
|
|
|
//!
|
|
|
|
|
//! \param[out] start_time The time that the process started.
|
2017-03-15 00:09:28 -04:00
|
|
|
|
//!
|
|
|
|
|
//! \return `true` on success, with \a start_time set. Otherwise, `false` with
|
|
|
|
|
//! a message logged.
|
|
|
|
|
bool StartTime(timeval* start_time) const;
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
|
|
|
|
|
//! \brief Obtains the arguments used to launch a process.
|
|
|
|
|
//!
|
|
|
|
|
//! Whether it is possible to obtain this information for a process with
|
|
|
|
|
//! different privileges than the running program is system-dependent.
|
|
|
|
|
//!
|
|
|
|
|
//! \param[out] argv The process’ arguments as passed to its `main()` function
|
|
|
|
|
//! as the \a argv parameter, possibly modified by the process.
|
|
|
|
|
//!
|
|
|
|
|
//! \return `true` on success, with \a argv populated appropriately.
|
|
|
|
|
//! Otherwise, `false` with a message logged.
|
|
|
|
|
//!
|
|
|
|
|
//! \note This function may spuriously return `false` when used to examine a
|
|
|
|
|
//! process that it is calling `exec()`. If examining such a process, call
|
|
|
|
|
//! this function in a retry loop with a small (100ns) delay to avoid an
|
|
|
|
|
//! erroneous assumption that \a pid is not running.
|
|
|
|
|
bool Arguments(std::vector<std::string>* argv) const;
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
|
kinfo_proc kern_proc_info_;
|
2017-03-14 13:05:40 -07:00
|
|
|
|
#elif defined(OS_LINUX) || defined(OS_ANDROID)
|
2017-03-15 00:09:28 -04:00
|
|
|
|
// Some members are marked mutable so that they can be lazily initialized by
|
|
|
|
|
// const methods. These are always InitializationState-protected so that
|
|
|
|
|
// multiple successive calls will always produce the same return value and out
|
|
|
|
|
// parameters. This is necessary for intergration with the Snapshot interface.
|
|
|
|
|
// See https://crashpad.chromium.org/bug/9.
|
2017-03-14 13:05:40 -07:00
|
|
|
|
std::set<gid_t> supplementary_groups_;
|
2017-03-15 00:09:28 -04:00
|
|
|
|
mutable timeval start_time_;
|
2017-03-14 13:05:40 -07:00
|
|
|
|
pid_t pid_;
|
|
|
|
|
pid_t ppid_;
|
|
|
|
|
uid_t uid_;
|
|
|
|
|
uid_t euid_;
|
|
|
|
|
uid_t suid_;
|
|
|
|
|
gid_t gid_;
|
|
|
|
|
gid_t egid_;
|
|
|
|
|
gid_t sgid_;
|
2017-03-15 00:09:28 -04:00
|
|
|
|
mutable InitializationState start_time_initialized_;
|
|
|
|
|
mutable InitializationState is_64_bit_initialized_;
|
|
|
|
|
mutable bool is_64_bit_;
|
Move some parts of ProcessReader (in snapshot) to ProcessInfo (in util).
Also, move ProcessArgumentsForPID() into ProcessInfo.
This change prepares for a TaskForPID() implementation that’s capable of
operating correctly in a setuid root executable. TaskForPID() belongs in
util/mach, but for its permission checks, it must access some process
properties that were previously fetched by ProcessReader in snapshot.
util can’t depend on snapshot. The generic util-safe process information
bits (Is64Bit(), ProcessID(), ParentProcessID(), and StartTime()) are
moved from ProcessReader to ProcessInfo (in util), where the current
ProcessReader can use it (as it’s OK for snapshot to depend on util),
and the future TaskForPID() in util can also use it. ProcessInfo also
contains other methods that TaskForPID() will use, providing access to
the credentials that the target process holds. ProcessArgumentsForPID()
is related, and is also now a part of ProcessInfo.
TEST=snapshot_test, util_test
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/727973002
2014-11-14 17:54:42 -05:00
|
|
|
|
#endif
|
|
|
|
|
InitializationStateDcheck initialized_;
|
|
|
|
|
|
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(ProcessInfo);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // namespace crashpad
|
|
|
|
|
|
|
|
|
|
#endif // CRASHPAD_UTIL_POSIX_PROCESS_INFO_H_
|