OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "mojo/runner/child_process.h" | 5 #include "mojo/runner/child_process.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
303 base::SysInfo::NumberOfProcessors(); | 303 base::SysInfo::NumberOfProcessors(); |
304 | 304 |
305 // Do whatever warming that the mojo application wants. | 305 // Do whatever warming that the mojo application wants. |
306 typedef void (*SandboxWarmFunction)(); | 306 typedef void (*SandboxWarmFunction)(); |
307 SandboxWarmFunction sandbox_warm = reinterpret_cast<SandboxWarmFunction>( | 307 SandboxWarmFunction sandbox_warm = reinterpret_cast<SandboxWarmFunction>( |
308 base::GetFunctionPointerFromNativeLibrary(app_library, | 308 base::GetFunctionPointerFromNativeLibrary(app_library, |
309 "MojoSandboxWarm")); | 309 "MojoSandboxWarm")); |
310 if (sandbox_warm) | 310 if (sandbox_warm) |
311 sandbox_warm(); | 311 sandbox_warm(); |
312 | 312 |
313 // TODO(erg,jln): Allowing access to all of /dev/shm/ makes it easy to | |
314 // spy on other shared memory using processes. This is a temporary hack | |
315 // so that we have some sandbox until we have proper shared memory | |
316 // support integrated into mojo. | |
317 std::vector<BrokerFilePermission> permissions; | 313 std::vector<BrokerFilePermission> permissions; |
318 permissions.push_back( | |
319 BrokerFilePermission::ReadWriteCreateUnlinkRecursive("/dev/shm/")); | |
320 sandbox.reset(new mandoline::LinuxSandbox(permissions)); | 314 sandbox.reset(new mandoline::LinuxSandbox(permissions)); |
321 sandbox->Warmup(); | 315 sandbox->Warmup(); |
322 sandbox->EngageNamespaceSandbox(); | 316 sandbox->EngageNamespaceSandbox(); |
323 sandbox->EngageSeccompSandbox(); | 317 sandbox->EngageSeccompSandbox(); |
324 sandbox->Seal(); | 318 sandbox->Seal(); |
325 } | 319 } |
326 #endif | 320 #endif |
327 } | 321 } |
328 | 322 |
329 embedder::ScopedPlatformHandle platform_channel = | 323 embedder::ScopedPlatformHandle platform_channel = |
(...skipping 15 matching lines...) Expand all Loading... |
345 // This will block, then run whatever the controller wants. | 339 // This will block, then run whatever the controller wants. |
346 blocker.Block(); | 340 blocker.Block(); |
347 | 341 |
348 app_context.Shutdown(); | 342 app_context.Shutdown(); |
349 | 343 |
350 return 0; | 344 return 0; |
351 } | 345 } |
352 | 346 |
353 } // namespace runner | 347 } // namespace runner |
354 } // namespace mojo | 348 } // namespace mojo |
OLD | NEW |