| Index: chrome/renderer/renderer_main_platform_delegate_linux.cc
|
| diff --git a/chrome/renderer/renderer_main_platform_delegate_linux.cc b/chrome/renderer/renderer_main_platform_delegate_linux.cc
|
| index 6502129bc790d60a19fa9f485946ae14b4b7dea1..e997bc90de4b54172267cfe2cc264f23571f5a29 100644
|
| --- a/chrome/renderer/renderer_main_platform_delegate_linux.cc
|
| +++ b/chrome/renderer/renderer_main_platform_delegate_linux.cc
|
| @@ -4,7 +4,10 @@
|
|
|
| #include "chrome/renderer/renderer_main_platform_delegate.h"
|
|
|
| +#include <stdlib.h>
|
| +
|
| #include "base/debug_util.h"
|
| +#include "base/eintr_wrapper.h"
|
|
|
| // This is a no op class because we do not have a sandbox on linux.
|
|
|
| @@ -16,6 +19,9 @@ RendererMainPlatformDelegate::RendererMainPlatformDelegate(
|
| RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
|
| }
|
|
|
| +extern void SkiaFontConfigUseIPCImplementation(int fd);
|
| +extern void SkiaFontConfigUseDirectImplementation();
|
| +
|
| void RendererMainPlatformDelegate::PlatformInitialize() {
|
| }
|
|
|
| @@ -23,18 +29,51 @@ void RendererMainPlatformDelegate::PlatformUninitialize() {
|
| }
|
|
|
| bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
|
| - // We have no sandbox.
|
| + // Our sandbox support is in the very early stages
|
| // http://code.google.com/p/chromium/issues/detail?id=8081
|
| return true;
|
| }
|
|
|
| bool RendererMainPlatformDelegate::EnableSandbox() {
|
| - // We have no sandbox.
|
| + // Our sandbox support is in the very early stages
|
| // http://code.google.com/p/chromium/issues/detail?id=8081
|
| +
|
| + const char* const sandbox_fd_string = getenv("SBX_D");
|
| + if (sandbox_fd_string) {
|
| + // The SUID sandbox sets this environment variable to a file descriptor
|
| + // over which we can signal that we have completed our startup and can be
|
| + // chrooted.
|
| +
|
| + char* endptr;
|
| + const long fd_long = strtol(sandbox_fd_string, &endptr, 10);
|
| + if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX)
|
| + return false;
|
| + const int fd = fd_long;
|
| +
|
| + static const char kChrootMe = 'C';
|
| + static const char kChrootMeSuccess = 'O';
|
| +
|
| + if (HANDLE_EINTR(write(fd, &kChrootMe, 1)) != 1)
|
| + return false;
|
| +
|
| + char reply;
|
| + if (HANDLE_EINTR(read(fd, &reply, 1)) != 1)
|
| + return false;
|
| + if (reply != kChrootMeSuccess)
|
| + return false;
|
| + if (chdir("/") == -1)
|
| + return false;
|
| +
|
| + static const int kMagicSandboxIPCDescriptor = 5;
|
| + SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor);
|
| + } else {
|
| + SkiaFontConfigUseDirectImplementation();
|
| + }
|
| +
|
| return true;
|
| }
|
|
|
| void RendererMainPlatformDelegate::RunSandboxTests() {
|
| - // We have no sandbox.
|
| + // Our sandbox support is in the very early stages
|
| // http://code.google.com/p/chromium/issues/detail?id=8081
|
| }
|
|
|
Chromium Code Reviews
Issue 112074:
Linux: Add support for chrooted renderers. (Closed)
