| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/render_sandbox_host_linux.h" | 5 #include "content/browser/renderer_host/render_sandbox_host_linux.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <fontconfig/fontconfig.h> | 8 #include <fontconfig/fontconfig.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 #include <unistd.h> | 10 #include <unistd.h> |
| (...skipping 647 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 658 DCHECK(!initialized_); | 658 DCHECK(!initialized_); |
| 659 initialized_ = true; | 659 initialized_ = true; |
| 660 | 660 |
| 661 int fds[2]; | 661 int fds[2]; |
| 662 // We use SOCK_SEQPACKET rather than SOCK_DGRAM to prevent the renderer from | 662 // We use SOCK_SEQPACKET rather than SOCK_DGRAM to prevent the renderer from |
| 663 // sending datagrams to other sockets on the system. The sandbox may prevent | 663 // sending datagrams to other sockets on the system. The sandbox may prevent |
| 664 // the renderer from calling socket() to create new sockets, but it'll still | 664 // the renderer from calling socket() to create new sockets, but it'll still |
| 665 // inherit some sockets. With PF_UNIX+SOCK_DGRAM, it can call sendmsg to send | 665 // inherit some sockets. With PF_UNIX+SOCK_DGRAM, it can call sendmsg to send |
| 666 // a datagram to any (abstract) socket on the same system. With | 666 // a datagram to any (abstract) socket on the same system. With |
| 667 // SOCK_SEQPACKET, this is prevented. | 667 // SOCK_SEQPACKET, this is prevented. |
| 668 #if defined(OS_FREEBSD) || defined(OS_OPENBSD) |
| 669 // The BSDs often don't support SOCK_SEQPACKET yet, so fall back to |
| 670 // SOCK_DGRAM if necessary. |
| 671 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) != 0) |
| 672 CHECK(socketpair(AF_UNIX, SOCK_DGRAM, 0, fds) == 0); |
| 673 #else |
| 668 CHECK(socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) == 0); | 674 CHECK(socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) == 0); |
| 675 #endif |
| 669 | 676 |
| 670 renderer_socket_ = fds[0]; | 677 renderer_socket_ = fds[0]; |
| 671 const int browser_socket = fds[1]; | 678 const int browser_socket = fds[1]; |
| 672 | 679 |
| 673 int pipefds[2]; | 680 int pipefds[2]; |
| 674 CHECK(0 == pipe(pipefds)); | 681 CHECK(0 == pipe(pipefds)); |
| 675 const int child_lifeline_fd = pipefds[0]; | 682 const int child_lifeline_fd = pipefds[0]; |
| 676 childs_lifeline_fd_ = pipefds[1]; | 683 childs_lifeline_fd_ = pipefds[1]; |
| 677 | 684 |
| 678 pid_ = fork(); | 685 pid_ = fork(); |
| 679 if (pid_ == 0) { | 686 if (pid_ == 0) { |
| 680 SandboxIPCProcess handler(child_lifeline_fd, browser_socket, sandbox_path); | 687 SandboxIPCProcess handler(child_lifeline_fd, browser_socket, sandbox_path); |
| 681 handler.Run(); | 688 handler.Run(); |
| 682 _exit(0); | 689 _exit(0); |
| 683 } | 690 } |
| 684 } | 691 } |
| 685 | 692 |
| 686 RenderSandboxHostLinux::~RenderSandboxHostLinux() { | 693 RenderSandboxHostLinux::~RenderSandboxHostLinux() { |
| 687 if (initialized_) { | 694 if (initialized_) { |
| 688 if (HANDLE_EINTR(close(renderer_socket_)) < 0) | 695 if (HANDLE_EINTR(close(renderer_socket_)) < 0) |
| 689 PLOG(ERROR) << "close"; | 696 PLOG(ERROR) << "close"; |
| 690 if (HANDLE_EINTR(close(childs_lifeline_fd_)) < 0) | 697 if (HANDLE_EINTR(close(childs_lifeline_fd_)) < 0) |
| 691 PLOG(ERROR) << "close"; | 698 PLOG(ERROR) << "close"; |
| 692 } | 699 } |
| 693 } | 700 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7006006:
Replace OS_LINUX ifdefs with OS_POSIX & !OS_MACOSX, TOOLKIT_USES_GTK, or (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src