Chromium Code Reviews Chromium Code Reviews
Issue 12805004:
Remove mention of the nacl process in content. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/nacl/nacl_broker_listener.h" | 5 #include "chrome/nacl/nacl_broker_listener.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/message_loop.h" | 10 #include "base/message_loop.h" |
| 11 #include "base/message_loop_proxy.h" | 11 #include "base/message_loop_proxy.h" |
| 12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
| 13 #include "base/process_util.h" | 13 #include "base/process_util.h" |
| 14 #include "chrome/common/nacl_cmd_line.h" | 14 #include "chrome/common/nacl_cmd_line.h" |
| 15 #include "chrome/common/nacl_debug_exception_handler_win.h" | 15 #include "chrome/common/nacl_debug_exception_handler_win.h" |
| 16 #include "chrome/common/nacl_messages.h" | 16 #include "chrome/common/nacl_messages.h" |
| 17 #include "content/public/common/content_switches.h" | 17 #include "content/public/common/content_switches.h" |
| 18 #include "content/public/common/sandbox_init.h" | 18 #include "content/public/common/sandbox_init.h" |
| 19 #include "ipc/ipc_channel.h" | 19 #include "ipc/ipc_channel.h" |
| 20 #include "ipc/ipc_switches.h" | 20 #include "ipc/ipc_switches.h" |
| 21 #include "sandbox/win/src/sandbox_policy.h" | |
| 21 | 22 |
| 22 namespace { | 23 namespace { |
| 23 | 24 |
| 24 void SendReply(IPC::Channel* channel, int32 pid, bool result) { | 25 void SendReply(IPC::Channel* channel, int32 pid, bool result) { |
| 25 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); | 26 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); |
| 26 } | 27 } |
| 27 | 28 |
| 28 } // namespace | 29 } // namespace |
| 29 | 30 |
| 30 NaClBrokerListener::NaClBrokerListener() | 31 NaClBrokerListener::NaClBrokerListener() |
| 31 : browser_handle_(base::kNullProcessHandle) { | 32 : browser_handle_(base::kNullProcessHandle) { |
| 32 } | 33 } |
| 33 | 34 |
| 34 NaClBrokerListener::~NaClBrokerListener() { | 35 NaClBrokerListener::~NaClBrokerListener() { |
| 35 base::CloseProcessHandle(browser_handle_); | 36 base::CloseProcessHandle(browser_handle_); |
| 36 } | 37 } |
| 37 | 38 |
| 38 void NaClBrokerListener::Listen() { | 39 void NaClBrokerListener::Listen() { |
| 39 std::string channel_name = | 40 std::string channel_name = |
| 40 CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | 41 CommandLine::ForCurrentProcess()->GetSwitchValueASCII( |
| 41 switches::kProcessChannelID); | 42 switches::kProcessChannelID); |
| 42 channel_.reset(new IPC::Channel( | 43 channel_.reset(new IPC::Channel( |
| 43 channel_name, IPC::Channel::MODE_CLIENT, this)); | 44 channel_name, IPC::Channel::MODE_CLIENT, this)); |
| 44 CHECK(channel_->Connect()); | 45 CHECK(channel_->Connect()); |
| 45 MessageLoop::current()->Run(); | 46 MessageLoop::current()->Run(); |
| 46 } | 47 } |
| 47 | 48 |
| 49 // NOTE: changes to this method need to be reviewed by the security team. | |
| 50 void NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy, | |
| 51 bool* success) { | |
| 52 // This code is duplicated in chrome_browser_main_win.cc. | |
|
cpu_(ooo_6.6-7.5)
2013/03/19 21:22:55
is the comment of line 52 correct?
jam
2013/03/19 22:57:29
updated now,thanks
| |
| 53 | |
| 54 // Allow the server side of a pipe restricted to the "chrome.nacl." | |
| 55 // namespace so that it cannot impersonate other system or other chrome | |
| 56 // service pipes. | |
| 57 sandbox::ResultCode result = policy->AddRule( | |
| 58 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 59 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
| 60 L"\\\\.\\pipe\\chrome.nacl.*"); | |
| 61 *success = (result == sandbox::SBOX_ALL_OK); | |
| 62 } | |
| 63 | |
| 48 void NaClBrokerListener::OnChannelConnected(int32 peer_pid) { | 64 void NaClBrokerListener::OnChannelConnected(int32 peer_pid) { |
| 49 bool res = base::OpenProcessHandle(peer_pid, &browser_handle_); | 65 bool res = base::OpenProcessHandle(peer_pid, &browser_handle_); |
| 50 CHECK(res); | 66 CHECK(res); |
| 51 } | 67 } |
| 52 | 68 |
| 53 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { | 69 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { |
| 54 bool handled = true; | 70 bool handled = true; |
| 55 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) | 71 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) |
| 56 IPC_MESSAGE_HANDLER(NaClProcessMsg_LaunchLoaderThroughBroker, | 72 IPC_MESSAGE_HANDLER(NaClProcessMsg_LaunchLoaderThroughBroker, |
| 57 OnLaunchLoaderThroughBroker) | 73 OnLaunchLoaderThroughBroker) |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 80 if (!exe_path.empty()) { | 96 if (!exe_path.empty()) { |
| 81 CommandLine* cmd_line = new CommandLine(exe_path); | 97 CommandLine* cmd_line = new CommandLine(exe_path); |
| 82 nacl::CopyNaClCommandLineArguments(cmd_line); | 98 nacl::CopyNaClCommandLineArguments(cmd_line); |
| 83 | 99 |
| 84 cmd_line->AppendSwitchASCII(switches::kProcessType, | 100 cmd_line->AppendSwitchASCII(switches::kProcessType, |
| 85 switches::kNaClLoaderProcess); | 101 switches::kNaClLoaderProcess); |
| 86 | 102 |
| 87 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, | 103 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, |
| 88 loader_channel_id); | 104 loader_channel_id); |
| 89 | 105 |
| 90 loader_process = | 106 loader_process = content::StartSandboxedProcess(this, cmd_line); |
| 91 content::StartProcessWithAccess(cmd_line, base::FilePath()); | |
| 92 if (loader_process) { | 107 if (loader_process) { |
| 93 DuplicateHandle(::GetCurrentProcess(), loader_process, | 108 DuplicateHandle(::GetCurrentProcess(), loader_process, |
| 94 browser_handle_, &loader_handle_in_browser, | 109 browser_handle_, &loader_handle_in_browser, |
| 95 PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION , FALSE, 0); | 110 PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION , FALSE, 0); |
| 96 base::CloseProcessHandle(loader_process); | 111 base::CloseProcessHandle(loader_process); |
| 97 } | 112 } |
| 98 } | 113 } |
| 99 channel_->Send(new NaClProcessMsg_LoaderLaunched(loader_channel_id, | 114 channel_->Send(new NaClProcessMsg_LoaderLaunched(loader_channel_id, |
| 100 loader_handle_in_browser)); | 115 loader_handle_in_browser)); |
| 101 } | 116 } |
| 102 | 117 |
| 103 void NaClBrokerListener::OnLaunchDebugExceptionHandler( | 118 void NaClBrokerListener::OnLaunchDebugExceptionHandler( |
| 104 int32 pid, base::ProcessHandle process_handle, | 119 int32 pid, base::ProcessHandle process_handle, |
| 105 const std::string& startup_info) { | 120 const std::string& startup_info) { |
| 106 NaClStartDebugExceptionHandlerThread( | 121 NaClStartDebugExceptionHandlerThread( |
| 107 process_handle, startup_info, | 122 process_handle, startup_info, |
| 108 base::MessageLoopProxy::current(), | 123 base::MessageLoopProxy::current(), |
| 109 base::Bind(SendReply, channel_.get(), pid)); | 124 base::Bind(SendReply, channel_.get(), pid)); |
| 110 } | 125 } |
| 111 | 126 |
| 112 void NaClBrokerListener::OnStopBroker() { | 127 void NaClBrokerListener::OnStopBroker() { |
| 113 MessageLoop::current()->Quit(); | 128 MessageLoop::current()->Quit(); |
| 114 } | 129 } |
| OLD | NEW |
