diff options
Diffstat (limited to '')
-rw-r--r-- | security/sandbox/chromium/base/posix/can_lower_nice_to.cc | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/security/sandbox/chromium/base/posix/can_lower_nice_to.cc b/security/sandbox/chromium/base/posix/can_lower_nice_to.cc new file mode 100644 index 0000000000..b1686dcae1 --- /dev/null +++ b/security/sandbox/chromium/base/posix/can_lower_nice_to.cc @@ -0,0 +1,60 @@ +// Copyright 2018 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/posix/can_lower_nice_to.h" + +#include <limits.h> +#include <sys/resource.h> +#include <sys/types.h> +#include <unistd.h> + +#include "build/build_config.h" + +// Not defined on AIX by default. +#if defined(OS_AIX) +#if defined(RLIMIT_NICE) +#error Assumption about OS_AIX is incorrect +#endif +#define RLIMIT_NICE 20 +#endif + +namespace base { +namespace internal { + +bool CanLowerNiceTo(int nice_value) { + // On a POSIX system, the nice value of a thread can be lowered 1. by the root + // user, 2. by a user with the CAP_SYS_NICE permission or 3. by any user if + // the target value is within the range allowed by RLIMIT_NICE. + + // 1. Check for root user. + if (geteuid() == 0) + return true; + + // 2. Skip checking the CAP_SYS_NICE permission because it would require + // libcap.so. + + // 3. Check whether the target value is within the range allowed by + // RLIMIT_NICE. + // + // NZERO should be defined in <limits.h> per POSIX, and should be at least 20. + // (NZERO-1) is the highest possible niceness value (i.e. lowest priority). + // Most platforms use NZERO=20. + // + // RLIMIT_NICE tells us how much we can reduce niceness (increase priority) if + // we start at NZERO. For example, if NZERO is 20 and the rlimit is 30, we can + // lower niceness anywhere within the [-10, 19] range (20 - 30 = -10). + // + // So, we are allowed to reduce niceness to a minimum of NZERO - rlimit: + struct rlimit rlim; + if (getrlimit(RLIMIT_NICE, &rlim) != 0) + return false; + const int lowest_nice_allowed = NZERO - static_cast<int>(rlim.rlim_cur); + + // And lowering niceness to |nice_value| is allowed if it is greater than or + // equal to the limit: + return nice_value >= lowest_nice_allowed; +} + +} // namespace internal +} // namespace base |