| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host_linux.h" | 5 #include "content/browser/zygote_host_linux.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 #include "crypto/nss_util.h" | 30 #include "crypto/nss_util.h" |
| 31 #include "content/common/chrome_descriptors.h" | 31 #include "content/common/chrome_descriptors.h" |
| 32 #include "content/common/font_config_ipc_linux.h" | 32 #include "content/common/font_config_ipc_linux.h" |
| 33 #include "content/common/main_function_params.h" | 33 #include "content/common/main_function_params.h" |
| 34 #include "content/common/pepper_plugin_registry.h" | 34 #include "content/common/pepper_plugin_registry.h" |
| 35 #include "content/common/process_watcher.h" | 35 #include "content/common/process_watcher.h" |
| 36 #include "content/common/sandbox_methods_linux.h" | 36 #include "content/common/sandbox_methods_linux.h" |
| 37 #include "content/common/seccomp_sandbox.h" | 37 #include "content/common/seccomp_sandbox.h" |
| 38 #include "content/common/set_process_title.h" | 38 #include "content/common/set_process_title.h" |
| 39 #include "content/common/unix_domain_socket_posix.h" | 39 #include "content/common/unix_domain_socket_posix.h" |
| 40 #include "content/common/zygote_fork_delegate_linux.h" | |
| 41 #include "content/public/common/content_switches.h" | 40 #include "content/public/common/content_switches.h" |
| 42 #include "content/public/common/result_codes.h" | 41 #include "content/public/common/result_codes.h" |
| 42 #include "content/public/common/zygote_fork_delegate_linux.h" |
| 43 #include "skia/ext/SkFontHost_fontconfig_control.h" | 43 #include "skia/ext/SkFontHost_fontconfig_control.h" |
| 44 #include "unicode/timezone.h" | 44 #include "unicode/timezone.h" |
| 45 #include "ipc/ipc_channel.h" | 45 #include "ipc/ipc_channel.h" |
| 46 #include "ipc/ipc_switches.h" | 46 #include "ipc/ipc_switches.h" |
| 47 | 47 |
| 48 #if defined(OS_LINUX) | 48 #if defined(OS_LINUX) |
| 49 #include <sys/epoll.h> | 49 #include <sys/epoll.h> |
| 50 #include <sys/prctl.h> | 50 #include <sys/prctl.h> |
| 51 #include <sys/signal.h> | 51 #include <sys/signal.h> |
| 52 #else | 52 #else |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 "the policies haven't been loaded into the kernel?)"; | 87 "the policies haven't been loaded into the kernel?)"; |
| 88 } | 88 } |
| 89 } | 89 } |
| 90 #endif // CHROMIUM_SELINUX | 90 #endif // CHROMIUM_SELINUX |
| 91 | 91 |
| 92 // This is the object which implements the zygote. The ZygoteMain function, | 92 // This is the object which implements the zygote. The ZygoteMain function, |
| 93 // which is called from ChromeMain, simply constructs one of these objects and | 93 // which is called from ChromeMain, simply constructs one of these objects and |
| 94 // runs it. | 94 // runs it. |
| 95 class Zygote { | 95 class Zygote { |
| 96 public: | 96 public: |
| 97 Zygote(int sandbox_flags, ZygoteForkDelegate* helper) | 97 Zygote(int sandbox_flags, content::ZygoteForkDelegate* helper) |
| 98 : sandbox_flags_(sandbox_flags), helper_(helper) { | 98 : sandbox_flags_(sandbox_flags), helper_(helper) { |
| 99 if (helper_) | 99 if (helper_) |
| 100 helper_->InitialUMA(&initial_uma_name_, | 100 helper_->InitialUMA(&initial_uma_name_, |
| 101 &initial_uma_sample_, | 101 &initial_uma_sample_, |
| 102 &initial_uma_boundary_value_); | 102 &initial_uma_boundary_value_); |
| 103 } | 103 } |
| 104 | 104 |
| 105 bool ProcessRequests() { | 105 bool ProcessRequests() { |
| 106 // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the | 106 // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the |
| 107 // browser on it. | 107 // browser on it. |
| (...skipping 420 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 return false; | 528 return false; |
| 529 } | 529 } |
| 530 | 530 |
| 531 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs | 531 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs |
| 532 // fork() returns are not the real PIDs, so we need to map the Real PIDS | 532 // fork() returns are not the real PIDs, so we need to map the Real PIDS |
| 533 // into the sandbox PID namespace. | 533 // into the sandbox PID namespace. |
| 534 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap; | 534 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap; |
| 535 ProcessMap real_pids_to_sandbox_pids; | 535 ProcessMap real_pids_to_sandbox_pids; |
| 536 | 536 |
| 537 const int sandbox_flags_; | 537 const int sandbox_flags_; |
| 538 ZygoteForkDelegate* helper_; | 538 content::ZygoteForkDelegate* helper_; |
| 539 | 539 |
| 540 // These might be set by helper_->InitialUMA. They supply a UMA | 540 // These might be set by helper_->InitialUMA. They supply a UMA |
| 541 // enumeration sample we should report on the first fork. | 541 // enumeration sample we should report on the first fork. |
| 542 std::string initial_uma_name_; | 542 std::string initial_uma_name_; |
| 543 int initial_uma_sample_; | 543 int initial_uma_sample_; |
| 544 int initial_uma_boundary_value_; | 544 int initial_uma_boundary_value_; |
| 545 }; | 545 }; |
| 546 | 546 |
| 547 // With SELinux we can carve out a precise sandbox, so we don't have to play | 547 // With SELinux we can carve out a precise sandbox, so we don't have to play |
| 548 // with intercepting libc calls. | 548 // with intercepting libc calls. |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 799 | 799 |
| 800 static bool EnterSandbox() { | 800 static bool EnterSandbox() { |
| 801 PreSandboxInit(); | 801 PreSandboxInit(); |
| 802 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); | 802 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); |
| 803 return true; | 803 return true; |
| 804 } | 804 } |
| 805 | 805 |
| 806 #endif // CHROMIUM_SELINUX | 806 #endif // CHROMIUM_SELINUX |
| 807 | 807 |
| 808 bool ZygoteMain(const MainFunctionParams& params, | 808 bool ZygoteMain(const MainFunctionParams& params, |
| 809 ZygoteForkDelegate* forkdelegate) { | 809 content::ZygoteForkDelegate* forkdelegate) { |
| 810 #if !defined(CHROMIUM_SELINUX) | 810 #if !defined(CHROMIUM_SELINUX) |
| 811 g_am_zygote_or_renderer = true; | 811 g_am_zygote_or_renderer = true; |
| 812 #endif | 812 #endif |
| 813 | 813 |
| 814 #if defined(SECCOMP_SANDBOX) | 814 #if defined(SECCOMP_SANDBOX) |
| 815 if (SeccompSandboxEnabled()) { | 815 if (SeccompSandboxEnabled()) { |
| 816 // The seccomp sandbox needs access to files in /proc, which might be denied | 816 // The seccomp sandbox needs access to files in /proc, which might be denied |
| 817 // after one of the other sandboxes have been started. So, obtain a suitable | 817 // after one of the other sandboxes have been started. So, obtain a suitable |
| 818 // file handle in advance. | 818 // file handle in advance. |
| 819 g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY); | 819 g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 865 VLOG(1) << "Enabling experimental Seccomp sandbox."; | 865 VLOG(1) << "Enabling experimental Seccomp sandbox."; |
| 866 sandbox_flags |= ZygoteHost::kSandboxSeccomp; | 866 sandbox_flags |= ZygoteHost::kSandboxSeccomp; |
| 867 } | 867 } |
| 868 } | 868 } |
| 869 #endif // SECCOMP_SANDBOX | 869 #endif // SECCOMP_SANDBOX |
| 870 | 870 |
| 871 Zygote zygote(sandbox_flags, forkdelegate); | 871 Zygote zygote(sandbox_flags, forkdelegate); |
| 872 // This function call can return multiple times, once per fork(). | 872 // This function call can return multiple times, once per fork(). |
| 873 return zygote.ProcessRequests(); | 873 return zygote.ProcessRequests(); |
| 874 } | 874 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8381029:
Move ZygoteForkDelegateLinux to content/public/app. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/