OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/zygote_host_linux.h" | 5 #include "content/browser/zygote_host_linux.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <pthread.h> | 9 #include <pthread.h> |
10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 "the policies haven't been loaded into the kernel?)"; | 92 "the policies haven't been loaded into the kernel?)"; |
93 } | 93 } |
94 } | 94 } |
95 #endif // CHROMIUM_SELINUX | 95 #endif // CHROMIUM_SELINUX |
96 | 96 |
97 // This is the object which implements the zygote. The ZygoteMain function, | 97 // This is the object which implements the zygote. The ZygoteMain function, |
98 // which is called from ChromeMain, simply constructs one of these objects and | 98 // which is called from ChromeMain, simply constructs one of these objects and |
99 // runs it. | 99 // runs it. |
100 class Zygote { | 100 class Zygote { |
101 public: | 101 public: |
102 explicit Zygote(int sandbox_flags, ZygoteForkDelegate* helper) | 102 Zygote(int sandbox_flags, ZygoteForkDelegate* helper) |
103 : sandbox_flags_(sandbox_flags), | 103 : sandbox_flags_(sandbox_flags), helper_(helper) { |
104 helper_(helper) { | |
105 } | 104 } |
106 | 105 |
107 bool ProcessRequests() { | 106 bool ProcessRequests() { |
108 // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the | 107 // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the |
109 // browser on it. | 108 // browser on it. |
110 // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel. | 109 // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel. |
111 // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC | 110 // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC |
112 | 111 |
113 // We need to accept SIGCHLD, even though our handler is a no-op because | 112 // We need to accept SIGCHLD, even though our handler is a no-op because |
114 // otherwise we cannot wait on children. (According to POSIX 2001.) | 113 // otherwise we cannot wait on children. (According to POSIX 2001.) |
(...skipping 694 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
809 VLOG(1) << "Enabling experimental Seccomp sandbox."; | 808 VLOG(1) << "Enabling experimental Seccomp sandbox."; |
810 sandbox_flags |= ZygoteHost::kSandboxSeccomp; | 809 sandbox_flags |= ZygoteHost::kSandboxSeccomp; |
811 } | 810 } |
812 } | 811 } |
813 #endif // SECCOMP_SANDBOX | 812 #endif // SECCOMP_SANDBOX |
814 | 813 |
815 Zygote zygote(sandbox_flags, forkdelegate); | 814 Zygote zygote(sandbox_flags, forkdelegate); |
816 // This function call can return multiple times, once per fork(). | 815 // This function call can return multiple times, once per fork(). |
817 return zygote.ProcessRequests(); | 816 return zygote.ProcessRequests(); |
818 } | 817 } |
OLD | NEW |