OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dlfcn.h> | 5 #include <dlfcn.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/epoll.h> | 7 #include <sys/epoll.h> |
8 #include <sys/prctl.h> | 8 #include <sys/prctl.h> |
9 #include <sys/signal.h> | 9 #include <sys/signal.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
11 #include <sys/stat.h> | 11 #include <sys/stat.h> |
(...skipping 17 matching lines...) Expand all Loading... |
29 #include "base/rand_util.h" | 29 #include "base/rand_util.h" |
30 #include "base/scoped_ptr.h" | 30 #include "base/scoped_ptr.h" |
31 #include "base/sys_info.h" | 31 #include "base/sys_info.h" |
32 #include "base/unix_domain_socket_posix.h" | 32 #include "base/unix_domain_socket_posix.h" |
33 #include "build/build_config.h" | 33 #include "build/build_config.h" |
34 | 34 |
35 #include "chrome/browser/zygote_host_linux.h" | 35 #include "chrome/browser/zygote_host_linux.h" |
36 #include "chrome/common/chrome_descriptors.h" | 36 #include "chrome/common/chrome_descriptors.h" |
37 #include "chrome/common/chrome_switches.h" | 37 #include "chrome/common/chrome_switches.h" |
38 #include "chrome/common/main_function_params.h" | 38 #include "chrome/common/main_function_params.h" |
| 39 #include "chrome/common/pepper_plugin_registry.h" |
39 #include "chrome/common/process_watcher.h" | 40 #include "chrome/common/process_watcher.h" |
40 #include "chrome/common/sandbox_methods_linux.h" | 41 #include "chrome/common/sandbox_methods_linux.h" |
41 | 42 |
42 #include "media/base/media.h" | 43 #include "media/base/media.h" |
43 | 44 |
44 #include "skia/ext/SkFontHost_fontconfig_control.h" | 45 #include "skia/ext/SkFontHost_fontconfig_control.h" |
45 | 46 |
46 #include "sandbox/linux/seccomp/sandbox.h" | 47 #include "sandbox/linux/seccomp/sandbox.h" |
47 | 48 |
48 #include "unicode/timezone.h" | 49 #include "unicode/timezone.h" |
(...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
539 | 540 |
540 // ICU DateFormat class (used in base/time_format.cc) needs to get the | 541 // ICU DateFormat class (used in base/time_format.cc) needs to get the |
541 // Olson timezone ID by accessing the zoneinfo files on disk. After | 542 // Olson timezone ID by accessing the zoneinfo files on disk. After |
542 // TimeZone::createDefault is called once here, the timezone ID is | 543 // TimeZone::createDefault is called once here, the timezone ID is |
543 // cached and there's no more need to access the file system. | 544 // cached and there's no more need to access the file system. |
544 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); | 545 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); |
545 | 546 |
546 FilePath module_path; | 547 FilePath module_path; |
547 if (PathService::Get(base::DIR_MODULE, &module_path)) | 548 if (PathService::Get(base::DIR_MODULE, &module_path)) |
548 media::InitializeMediaLibrary(module_path); | 549 media::InitializeMediaLibrary(module_path); |
| 550 |
| 551 // Ensure access to the Pepper plugins before the sandbox is turned on. |
| 552 PepperPluginRegistry::PreloadModules(); |
549 } | 553 } |
550 | 554 |
551 #if !defined(CHROMIUM_SELINUX) | 555 #if !defined(CHROMIUM_SELINUX) |
552 static bool EnterSandbox() { | 556 static bool EnterSandbox() { |
553 // The SUID sandbox sets this environment variable to a file descriptor | 557 // The SUID sandbox sets this environment variable to a file descriptor |
554 // over which we can signal that we have completed our startup and can be | 558 // over which we can signal that we have completed our startup and can be |
555 // chrooted. | 559 // chrooted. |
556 const char* const sandbox_fd_string = getenv("SBX_D"); | 560 const char* const sandbox_fd_string = getenv("SBX_D"); |
557 | 561 |
558 if (switches::SeccompSandboxEnabled()) { | 562 if (switches::SeccompSandboxEnabled()) { |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
684 LOG(INFO) << "Enabling experimental Seccomp sandbox."; | 688 LOG(INFO) << "Enabling experimental Seccomp sandbox."; |
685 sandbox_flags |= ZygoteHost::kSandboxSeccomp; | 689 sandbox_flags |= ZygoteHost::kSandboxSeccomp; |
686 } | 690 } |
687 } | 691 } |
688 #endif // SECCOMP_SANDBOX | 692 #endif // SECCOMP_SANDBOX |
689 | 693 |
690 Zygote zygote(sandbox_flags); | 694 Zygote zygote(sandbox_flags); |
691 // This function call can return multiple times, once per fork(). | 695 // This function call can return multiple times, once per fork(). |
692 return zygote.ProcessRequests(); | 696 return zygote.ProcessRequests(); |
693 } | 697 } |
OLD | NEW |