| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // A mini-zygote specifically for Native Client. | 5 // A mini-zygote specifically for Native Client. |
| 6 | 6 |
| 7 #include "components/nacl/loader/nacl_helper_linux.h" | 7 #include "components/nacl/loader/nacl_helper_linux.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 have_to_reply = | 269 have_to_reply = |
| 270 HandleGetTerminationStatusRequest(input_iter, &write_pickle); | 270 HandleGetTerminationStatusRequest(input_iter, &write_pickle); |
| 271 break; | 271 break; |
| 272 default: | 272 default: |
| 273 LOG(ERROR) << "Unsupported command from Zygote"; | 273 LOG(ERROR) << "Unsupported command from Zygote"; |
| 274 return false; | 274 return false; |
| 275 } | 275 } |
| 276 if (!have_to_reply) | 276 if (!have_to_reply) |
| 277 return false; | 277 return false; |
| 278 const std::vector<int> empty; // We never send file descriptors back. | 278 const std::vector<int> empty; // We never send file descriptors back. |
| 279 if (!UnixDomainSocket::SendMsg(reply_fd, write_pickle.data(), | 279 if (!base::UnixDomainSocket::SendMsg(reply_fd, write_pickle.data(), |
| 280 write_pickle.size(), empty)) { | 280 write_pickle.size(), empty)) { |
| 281 LOG(ERROR) << "*** send() to zygote failed"; | 281 LOG(ERROR) << "*** send() to zygote failed"; |
| 282 return false; | 282 return false; |
| 283 } | 283 } |
| 284 return true; | 284 return true; |
| 285 } | 285 } |
| 286 | 286 |
| 287 // Read a request from the Zygote from |zygote_ipc_fd| and handle it. | 287 // Read a request from the Zygote from |zygote_ipc_fd| and handle it. |
| 288 // Die on EOF from |zygote_ipc_fd|. | 288 // Die on EOF from |zygote_ipc_fd|. |
| 289 bool HandleZygoteRequest(int zygote_ipc_fd, | 289 bool HandleZygoteRequest(int zygote_ipc_fd, |
| 290 const NaClLoaderSystemInfo& system_info, | 290 const NaClLoaderSystemInfo& system_info, |
| 291 nacl::NaClSandbox* nacl_sandbox) { | 291 nacl::NaClSandbox* nacl_sandbox) { |
| 292 ScopedVector<base::ScopedFD> fds; | 292 ScopedVector<base::ScopedFD> fds; |
| 293 char buf[kNaClMaxIPCMessageLength]; | 293 char buf[kNaClMaxIPCMessageLength]; |
| 294 const ssize_t msglen = UnixDomainSocket::RecvMsg(zygote_ipc_fd, | 294 const ssize_t msglen = base::UnixDomainSocket::RecvMsg(zygote_ipc_fd, |
| 295 &buf, sizeof(buf), &fds); | 295 &buf, sizeof(buf), &fds); |
| 296 // If the Zygote has started handling requests, we should be sandboxed via | 296 // If the Zygote has started handling requests, we should be sandboxed via |
| 297 // the setuid sandbox. | 297 // the setuid sandbox. |
| 298 if (!nacl_sandbox->layer_one_enabled()) { | 298 if (!nacl_sandbox->layer_one_enabled()) { |
| 299 LOG(ERROR) << "NaCl helper process running without a sandbox!\n" | 299 LOG(ERROR) << "NaCl helper process running without a sandbox!\n" |
| 300 << "Most likely you need to configure your SUID sandbox " | 300 << "Most likely you need to configure your SUID sandbox " |
| 301 << "correctly"; | 301 << "correctly"; |
| 302 } | 302 } |
| 303 if (msglen == 0 || (msglen == -1 && errno == ECONNRESET)) { | 303 if (msglen == 0 || (msglen == -1 && errno == ECONNRESET)) { |
| 304 // EOF from the browser. Goodbye! | 304 // EOF from the browser. Goodbye! |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 461 #if !defined(THREAD_SANITIZER) | 461 #if !defined(THREAD_SANITIZER) |
| 462 CHECK(nacl_sandbox->IsSingleThreaded()); | 462 CHECK(nacl_sandbox->IsSingleThreaded()); |
| 463 #endif | 463 #endif |
| 464 | 464 |
| 465 const bool is_init_process = 1 == getpid(); | 465 const bool is_init_process = 1 == getpid(); |
| 466 nacl_sandbox->InitializeLayerOneSandbox(); | 466 nacl_sandbox->InitializeLayerOneSandbox(); |
| 467 CHECK_EQ(is_init_process, nacl_sandbox->layer_one_enabled()); | 467 CHECK_EQ(is_init_process, nacl_sandbox->layer_one_enabled()); |
| 468 | 468 |
| 469 const std::vector<int> empty; | 469 const std::vector<int> empty; |
| 470 // Send the zygote a message to let it know we are ready to help | 470 // Send the zygote a message to let it know we are ready to help |
| 471 if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, | 471 if (!base::UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, |
| 472 kNaClHelperStartupAck, | 472 kNaClHelperStartupAck, |
| 473 sizeof(kNaClHelperStartupAck), empty)) { | 473 sizeof(kNaClHelperStartupAck), empty)) { |
| 474 LOG(ERROR) << "*** send() to zygote failed"; | 474 LOG(ERROR) << "*** send() to zygote failed"; |
| 475 } | 475 } |
| 476 | 476 |
| 477 // Now handle requests from the Zygote. | 477 // Now handle requests from the Zygote. |
| 478 while (true) { | 478 while (true) { |
| 479 bool request_handled = HandleZygoteRequest( | 479 bool request_handled = HandleZygoteRequest( |
| 480 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); | 480 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); |
| 481 // Do not turn this into a CHECK() without thinking about robustness | 481 // Do not turn this into a CHECK() without thinking about robustness |
| 482 // against malicious IPC requests. | 482 // against malicious IPC requests. |
| 483 DCHECK(request_handled); | 483 DCHECK(request_handled); |
| 484 } | 484 } |
| 485 NOTREACHED(); | 485 NOTREACHED(); |
| 486 } | 486 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1146813011:
Move UnixDomainSocket to base namespace (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master