Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(305)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/zygote_host_linux.cc

Issue 149230: Linux: SUID sandbox support (Closed)
Patch Set: ... Created 11 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/renderer_host/render_crash_handler_host_linux.cc ('k') | chrome/browser/zygote_main_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/zygote_host_linux.h" 5 #include "chrome/browser/zygote_host_linux.h"
6 6
7 #include <unistd.h> 7 #include <unistd.h>
8 #include <sys/types.h> 8 #include <sys/types.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h>
10 11
11 #include "base/command_line.h" 12 #include "base/command_line.h"
12 #include "base/eintr_wrapper.h" 13 #include "base/eintr_wrapper.h"
13 #include "base/logging.h" 14 #include "base/logging.h"
14 #include "base/path_service.h" 15 #include "base/path_service.h"
15 #include "base/pickle.h" 16 #include "base/pickle.h"
16 #include "base/process_util.h" 17 #include "base/process_util.h"
18 #include "base/string_util.h"
17 #include "base/unix_domain_socket_posix.h" 19 #include "base/unix_domain_socket_posix.h"
18 20
19 #include "chrome/browser/renderer_host/render_sandbox_host_linux.h" 21 #include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
22 #include "chrome/common/chrome_constants.h"
20 #include "chrome/common/chrome_switches.h" 23 #include "chrome/common/chrome_switches.h"
21 24
22 ZygoteHost::ZygoteHost() { 25 ZygoteHost::ZygoteHost() {
23 std::wstring chrome_path; 26 std::wstring chrome_path;
24 CHECK(PathService::Get(base::FILE_EXE, &chrome_path)); 27 CHECK(PathService::Get(base::FILE_EXE, &chrome_path));
25 CommandLine cmd_line(chrome_path); 28 CommandLine cmd_line(chrome_path);
26 29
27 cmd_line.AppendSwitchWithValue(switches::kProcessType, 30 cmd_line.AppendSwitchWithValue(switches::kProcessType,
28 switches::kZygoteProcess); 31 switches::kZygoteProcess);
29 32
30 int fds[2]; 33 int fds[2];
31 CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0); 34 CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);
32 base::file_handle_mapping_vector fds_to_map; 35 base::file_handle_mapping_vector fds_to_map;
33 fds_to_map.push_back(std::make_pair(fds[1], 3)); 36 fds_to_map.push_back(std::make_pair(fds[1], 3));
34 37
35 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); 38 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
36 if (browser_command_line.HasSwitch(switches::kZygoteCmdPrefix)) { 39 if (browser_command_line.HasSwitch(switches::kZygoteCmdPrefix)) {
37 const std::wstring prefix = 40 const std::wstring prefix =
38 browser_command_line.GetSwitchValue(switches::kZygoteCmdPrefix); 41 browser_command_line.GetSwitchValue(switches::kZygoteCmdPrefix);
39 cmd_line.PrependWrapper(prefix); 42 cmd_line.PrependWrapper(prefix);
40 } 43 }
41 44
45 const std::string kSandboxPath =
46 WideToASCII(std::wstring(L"/var/run/") +
47 chrome::kBrowserProcessExecutableName +
48 L"-sandbox");
49
50 const std::string sandbox_bin = WideToASCII(chrome_path) + "-sandbox";
51 struct stat st;
52 if (access(sandbox_bin.c_str(), X_OK) == 0 &&
53 stat(sandbox_bin.c_str(), &st) == 0 &&
54 (st.st_mode & S_ISUID) &&
55 (st.st_mode & S_IXOTH) &&
56 access(kSandboxPath.c_str(), F_OK) == 0) {
57 cmd_line.PrependWrapper(chrome_path + L"-sandbox");
58 }
59
42 // Start up the sandbox host process and get the file descriptor for the 60 // Start up the sandbox host process and get the file descriptor for the
43 // renderers to talk to it. 61 // renderers to talk to it.
44 const int sfd = Singleton<RenderSandboxHostLinux>()->GetRendererSocket(); 62 const int sfd = Singleton<RenderSandboxHostLinux>()->GetRendererSocket();
45 fds_to_map.push_back(std::make_pair(sfd, 5)); 63 fds_to_map.push_back(std::make_pair(sfd, 5));
46 64
47 base::ProcessHandle process; 65 base::ProcessHandle process;
48 base::LaunchApp(cmd_line.argv(), fds_to_map, false, &process); 66 base::LaunchApp(cmd_line.argv(), fds_to_map, false, &process);
49 CHECK(process != -1) << "Failed to launch zygote process"; 67 CHECK(process != -1) << "Failed to launch zygote process";
50 68
51 close(fds[1]); 69 close(fds[1]);
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 !read_pickle.ReadBool(&iter, &tmp_child_exited)) { 140 !read_pickle.ReadBool(&iter, &tmp_child_exited)) {
123 LOG(WARNING) << "Error parsing DidProcessCrash response from zygote."; 141 LOG(WARNING) << "Error parsing DidProcessCrash response from zygote.";
124 return false; 142 return false;
125 } 143 }
126 144
127 if (child_exited) 145 if (child_exited)
128 *child_exited = tmp_child_exited; 146 *child_exited = tmp_child_exited;
129 147
130 return did_crash; 148 return did_crash;
131 } 149 }
OLDNEW
« no previous file with comments | « chrome/browser/renderer_host/render_crash_handler_host_linux.cc ('k') | chrome/browser/zygote_main_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698