OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/linux/services/broker_process.h" | 5 #include "sandbox/linux/services/broker_process.h" |
6 | 6 |
7 #include <fcntl.h> | 7 #include <fcntl.h> |
8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
11 #include <sys/types.h> | 11 #include <sys/types.h> |
12 #include <unistd.h> | 12 #include <unistd.h> |
13 | 13 |
14 #include <algorithm> | 14 #include <algorithm> |
15 #include <string> | 15 #include <string> |
16 #include <vector> | 16 #include <vector> |
17 | 17 |
18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
19 #include "base/compiler_specific.h" | 19 #include "base/compiler_specific.h" |
20 #include "base/logging.h" | 20 #include "base/logging.h" |
21 #include "base/pickle.h" | 21 #include "base/pickle.h" |
22 #include "base/posix/eintr_wrapper.h" | 22 #include "base/posix/eintr_wrapper.h" |
23 #include "base/posix/unix_domain_socket_linux.h" | 23 #include "base/posix/unix_domain_socket_linux.h" |
| 24 #include "base/process/process_metrics.h" |
24 #include "build/build_config.h" | 25 #include "build/build_config.h" |
25 #include "sandbox/linux/services/linux_syscalls.h" | 26 #include "sandbox/linux/services/linux_syscalls.h" |
26 | 27 |
27 #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) | 28 #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) |
28 #define MSG_CMSG_CLOEXEC 0x40000000 | 29 #define MSG_CMSG_CLOEXEC 0x40000000 |
29 #endif | 30 #endif |
30 | 31 |
31 namespace { | 32 namespace { |
32 | 33 |
33 static const size_t kMaxMessageLength = 4096; | 34 static const size_t kMaxMessageLength = 4096; |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 CHECK(!initialized_); | 140 CHECK(!initialized_); |
140 int socket_pair[2]; | 141 int socket_pair[2]; |
141 // Use SOCK_SEQPACKET, because we need to preserve message boundaries | 142 // Use SOCK_SEQPACKET, because we need to preserve message boundaries |
142 // but we also want to be notified (recvmsg should return and not block) | 143 // but we also want to be notified (recvmsg should return and not block) |
143 // when the connection has been broken (one of the processes died). | 144 // when the connection has been broken (one of the processes died). |
144 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) { | 145 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) { |
145 LOG(ERROR) << "Failed to create socketpair"; | 146 LOG(ERROR) << "Failed to create socketpair"; |
146 return false; | 147 return false; |
147 } | 148 } |
148 | 149 |
| 150 DCHECK_EQ(1, base::GetNumberOfThreads(base::GetCurrentProcessHandle())); |
149 int child_pid = fork(); | 151 int child_pid = fork(); |
150 if (child_pid == -1) { | 152 if (child_pid == -1) { |
151 close(socket_pair[0]); | 153 close(socket_pair[0]); |
152 close(socket_pair[1]); | 154 close(socket_pair[1]); |
153 return false; | 155 return false; |
154 } | 156 } |
155 if (child_pid) { | 157 if (child_pid) { |
156 // We are the parent and we have just forked our broker process. | 158 // We are the parent and we have just forked our broker process. |
157 close(socket_pair[0]); | 159 close(socket_pair[0]); |
158 // We should only be able to write to the IPC channel. We'll always send | 160 // We should only be able to write to the IPC channel. We'll always send |
(...skipping 350 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
509 GetFileNameInWhitelist(allowed_w_files_, requested_filename, | 511 GetFileNameInWhitelist(allowed_w_files_, requested_filename, |
510 file_to_open); | 512 file_to_open); |
511 return allowed_for_read_and_write; | 513 return allowed_for_read_and_write; |
512 } | 514 } |
513 default: | 515 default: |
514 return false; | 516 return false; |
515 } | 517 } |
516 } | 518 } |
517 | 519 |
518 } // namespace sandbox. | 520 } // namespace sandbox. |
OLD | NEW |