Issue 12805004: Remove mention of the nacl process in content.

Issue 12805004: Remove mention of the nacl process in content. (Closed)

Created:
7 years, 9 months ago by jam

Modified:
7 years, 9 months ago

Reviewers:
cpu_(ooo_6.6-7.5), robertshield, jschuh

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam

Base URL:
svn://chrome-svn/chrome/trunk/src/

Visibility:
Public.

More Reviews

Description

Refactor sandbox_policy.cc so that it doesn't contain the sandbox policies for all processes. Instead have whoever creates a sandboxed process set this data. This allows us to clean a few NaCl related changes in content: -remove NaCl sandbox rules from content -remove the hack for ifdef'ing out the GPU policy since it didn't link for nacl64.exe -remove the 1GB memory reservation for the NaCl loader process out of content Other cleanup: -renamed sandbox_policy.* to sandbox_win.* to match the other platform-specific sandbox files -moved BrokerGetFileHandleForProcess to internal content files since it's not called from outside -remove AddGpuDllEvictionPolicy since it was redundant (the one dll it removed was already listed in the generic list) There's still more cleanup to be done in the sandbox code (i.e. remove chrome frame switch, nacl process type switch etc). I will do that in future changes. BUG=191682 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=189175

Patch Set 1 #

Patch Set 2 : #

Total comments: 2

Patch Set 3 : #

Total comments: 1

Patch Set 4 : fix chrome_frame_net_tests and sync #

Total comments: 6

Patch Set 5 : #

Total comments: 3

Patch Set 6 : add comments that changes to sandbox policy need to be reviewed by security team #

Total comments: 4

Patch Set 7 : sync #

Total comments: 6

Patch Set 8 : #

Patch Set 9 : #

Created: 7 years, 9 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+538 lines, -1299 lines)			Patch
M	chrome/browser/chrome_content_browser_client.h	View	1 2 3 4 5 6	1 chunk	+2 lines, -0 lines	0 comments	Download
M	chrome/browser/chrome_content_browser_client.cc	View	1 2 3 4 5 6	2 chunks	+28 lines, -0 lines	0 comments	Download
M	chrome/browser/nacl_host/nacl_broker_host_win.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	chrome/browser/nacl_host/nacl_process_host.cc	View	1 2 3 4 5 6	3 chunks	+33 lines, -2 lines	0 comments	Download
M	chrome/chrome_exe.gypi	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	chrome/nacl/nacl_broker_listener.h	View	1 2 3 4 5 6 7	2 chunks	+7 lines, -1 line	0 comments	Download
M	chrome/nacl/nacl_broker_listener.cc	View	1 2 3 4 5 6 7	3 chunks	+17 lines, -2 lines	0 comments	Download
M	chrome/service/service_utility_process_host.cc	View	1 2 3 4 5 6 7	2 chunks	+26 lines, -2 lines	0 comments	Download
M	chrome_frame/test/net/fake_external_tab.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -2 lines	0 comments	Download
M	content/browser/browser_child_process_host_impl.h	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/browser_child_process_host_impl.cc	View	1 2 3 4 5 6	2 chunks	+5 lines, -5 lines	0 comments	Download
M	content/browser/browser_main_loop.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/child_process_launcher.h	View	1 2 3 4 5 6	2 chunks	+2 lines, -1 line	0 comments	Download
M	content/browser/child_process_launcher.cc	View	1 2 3 4 5 6	7 chunks	+9 lines, -7 lines	0 comments	Download
M	content/browser/gpu/gpu_process_host.cc	View	1 2 3 4 5 6 7	6 chunks	+115 lines, -8 lines	0 comments	Download
M	content/browser/plugin_process_host.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/ppapi_plugin_process_host.cc	View	1 2 3 4 5 6	2 chunks	+28 lines, -1 line	0 comments	Download
M	content/browser/renderer_host/render_process_host_impl.cc	View	1 2 3 4 5 6	3 chunks	+19 lines, -1 line	0 comments	Download
M	content/browser/utility_process_host_impl.cc	View	1 2 3 4 5 6 7	2 chunks	+24 lines, -1 line	0 comments	Download
M	content/browser/worker_host/worker_process_host.cc	View	1 2 3 4 5 6	3 chunks	+21 lines, -2 lines	0 comments	Download
M	content/common/sandbox_init_win.cc	View	1 2 3 4 5 6	3 chunks	+12 lines, -28 lines	0 comments	Download
D	content/common/sandbox_policy.h	View	1 2 3 4 5 6	1 chunk	+0 lines, -21 lines	0 comments	Download
M	content/common/sandbox_policy.cc	View	1 2 3 4 5 6	1 chunk	+0 lines, -913 lines	0 comments	Download
A	content/common/sandbox_util.h	View	1 2 3 4	1 chunk	+26 lines, -0 lines	0 comments	Download
A +	content/common/sandbox_util.cc	View	1 2 3 4	1 chunk	+3 lines, -1 line	0 comments	Download
A +	content/common/sandbox_win.h	View	1 2 3 4	1 chunk	+18 lines, -3 lines	0 comments	Download
A +	content/common/sandbox_win.cc	View	1 2 3 4	16 chunks	+58 lines, -214 lines	0 comments	Download
M	content/content_common.gypi	View	1 2 3 4 5 6	3 chunks	+5 lines, -9 lines	0 comments	Download
M	content/ppapi_plugin/ppapi_thread.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/public/browser/browser_child_process_host.h	View	1 2 3 4 5 6	2 chunks	+3 lines, -2 lines	0 comments	Download
M	content/public/browser/content_browser_client.h	View	1 2 3 4 5 6	3 chunks	+14 lines, -5 lines	0 comments	Download
M	content/public/common/sandbox_init.h	View	1 2 3 4 5 6	4 chunks	+6 lines, -15 lines	0 comments	Download
D	content/public/common/sandbox_init.cc	View	1 2 3 4 5 6	1 chunk	+0 lines, -44 lines	0 comments	Download
A	content/public/common/sandboxed_process_launcher_delegate.h	View	1 2 3 4	1 chunk	+44 lines, -0 lines	0 comments	Download
M	content/public/test/test_launcher.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	content/renderer/pepper/pepper_plugin_delegate_impl.cc	View	1 2 3 4 5 6 7 8	2 chunks	+2 lines, -2 lines	0 comments	Download
M	content/renderer/pepper/pepper_proxy_channel_delegate_impl.cc	View	1 2 3 4 5 6	1 chunk	+1 line, -1 line	0 comments	Download
M	sandbox/win/src/security_level.h	View	1 2 3 4 5 6	1 chunk	+2 lines, -0 lines	0 comments	Download

Messages

Total messages: 13 (0 generated)

Expand Messages | Collapse Messages

cpu_(ooo_6.6-7.5)

https://codereview.chromium.org/12805004/diff/10001/content/common/sandbox_policy.cc File content/common/sandbox_policy.cc (right): https://codereview.chromium.org/12805004/diff/10001/content/common/sandbox_policy.cc#newcode816 content/common/sandbox_policy.cc:816: GetContentClient()->AddPolicy(cmd_line, policy); how about not having this #if here ...

7 years, 9 months ago (2013-03-15 17:58:53 UTC) #1

jam

7 years, 9 months ago (2013-03-15 18:06:33 UTC) #2

jam

ok Carlos, this is now ready to look at. https://codereview.chromium.org/12805004/diff/43001/content/common/sandbox_init_win.cc File content/common/sandbox_init_win.cc (left): https://codereview.chromium.org/12805004/diff/43001/content/common/sandbox_init_win.cc#oldcode47 content/common/sandbox_init_win.cc:47: ...

7 years, 9 months ago (2013-03-15 22:33:08 UTC) #3

cpu_(ooo_6.6-7.5)

https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_browser_main_win.cc File chrome/browser/chrome_browser_main_win.cc (right): https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_browser_main_win.cc#newcode90 chrome/browser/chrome_browser_main_win.cc:90: this function looks really ugly here, isn't a better ...

7 years, 9 months ago (2013-03-18 19:46:26 UTC) #4

jam

https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_browser_main_win.cc File chrome/browser/chrome_browser_main_win.cc (right): https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_browser_main_win.cc#newcode90 chrome/browser/chrome_browser_main_win.cc:90: On 2013/03/18 19:46:26, cpu wrote: > this function looks ...

7 years, 9 months ago (2013-03-18 19:50:19 UTC) #5

https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_bro...
File chrome/browser/chrome_browser_main_win.cc (right):

https://codereview.chromium.org/12805004/diff/55002/chrome/browser/chrome_bro...
chrome/browser/chrome_browser_main_win.cc:90: 
On 2013/03/18 19:46:26, cpu wrote:
> this function looks really ugly here, isn't a better place to put this code,
> like src\chrome\browser\nacl_host or other place?

I agree this is a bit of an odd function. I think it'll look odd anywhere.

The issue of putting it in nacl_host (which I think is also as odd to put it as
it's here) is that then we'd have to put this in a header.

> 
> You know the directories better than me.

https://codereview.chromium.org/12805004/diff/55002/content/common/sandbox_in...
File content/common/sandbox_init_win.cc (left):

https://codereview.chromium.org/12805004/diff/55002/content/common/sandbox_in...
content/common/sandbox_init_win.cc:24: if (process_type.empty() || process_type
== switches::kNaClBrokerProcess) {
On 2013/03/18 19:46:26, cpu wrote:
> we should leave the if (process_type.empty())
> 
> The reason being that CreateAlternateDesktop() is heavyweight specially in
Vista
> and XP boxes and here we would be doing it for the service process and maybe
> others.

I would much rather have this code be generic. The service process starting up
is not a common thing, and isn't user-visible anyways. If this is good enough to
block chrome starting, then I'm personally fine with it delaying service process
startup

https://codereview.chromium.org/12805004/diff/55002/content/common/sandbox_po...
File content/common/sandbox_policy.cc (right):

https://codereview.chromium.org/12805004/diff/55002/content/common/sandbox_po...
content/common/sandbox_policy.cc:836: // For Native Client sel_ldr processes on
32-bit Windows, reserve 1 GB of
On 2013/03/18 19:46:26, cpu wrote:
> you want to add this as another callback after process started as well?

yeah, this and other nacl stuff in this file will be done in future changes

jam

Carlos/Justin: please take a look, these are the changes we talked about yesterday Robert: small ...

7 years, 9 months ago (2013-03-19 16:06:27 UTC) #6

robertshield

On 2013/03/19 16:06:27, jam wrote: > Carlos/Justin: please take a look, these are the changes ...

7 years, 9 months ago (2013-03-19 16:36:15 UTC) #7

cpu_(ooo_6.6-7.5)

https://codereview.chromium.org/12805004/diff/94001/chrome/nacl/nacl_broker_listener.cc File chrome/nacl/nacl_broker_listener.cc (right): https://codereview.chromium.org/12805004/diff/94001/chrome/nacl/nacl_broker_listener.cc#newcode52 chrome/nacl/nacl_broker_listener.cc:52: // This code is duplicated in chrome_browser_main_win.cc. is the ...

7 years, 9 months ago (2013-03-19 21:22:54 UTC) #8

cpu_(ooo_6.6-7.5)

https://codereview.chromium.org/12805004/diff/98003/chrome/nacl/nacl_broker_listener.h File chrome/nacl/nacl_broker_listener.h (right): https://codereview.chromium.org/12805004/diff/98003/chrome/nacl/nacl_broker_listener.h#newcode30 chrome/nacl/nacl_broker_listener.h:30: bool* success); OVERRIDE

7 years, 9 months ago (2013-03-19 21:25:48 UTC) #9

cpu_(ooo_6.6-7.5)

https://codereview.chromium.org/12805004/diff/98003/content/browser/gpu/gpu_process_host.cc File content/browser/gpu/gpu_process_host.cc (right): https://codereview.chromium.org/12805004/diff/98003/content/browser/gpu/gpu_process_host.cc#newcode183 content/browser/gpu/gpu_process_host.cc:183: } OVERRIDE same below

7 years, 9 months ago (2013-03-19 21:27:42 UTC) #10

jam

7 years, 9 months ago (2013-03-19 22:57:29 UTC) #11

lgtm

Expand Messages | Collapse Messages