| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/mac/bootstrap_sandbox.h" | 5 #include "sandbox/mac/bootstrap_sandbox.h" |
| 6 | 6 |
| 7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
| 8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
| 9 #include <mach/mach.h> | 9 #include <mach/mach.h> |
| 10 #include <servers/bootstrap.h> | 10 #include <servers/bootstrap.h> |
| 11 | 11 |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/mac/mac_util.h" | 13 #include "base/mac/mac_util.h" |
| 14 #include "base/mac/mach_logging.h" | 14 #include "base/mac/mach_logging.h" |
| 15 #include "base/mac/scoped_mach_port.h" | 15 #include "base/mac/scoped_mach_port.h" |
| 16 #include "base/mac/scoped_nsobject.h" | 16 #include "base/mac/scoped_nsobject.h" |
| 17 #include "base/process/kill.h" | 17 #include "base/process/kill.h" |
| 18 #include "base/strings/stringprintf.h" | 18 #include "base/strings/stringprintf.h" |
| 19 #include "base/test/multiprocess_test.h" | 19 #include "base/test/multiprocess_test.h" |
| 20 #include "base/test/test_timeouts.h" | 20 #include "base/test/test_timeouts.h" |
| 21 #include "sandbox/mac/pre_exec_delegate.h" |
| 21 #include "sandbox/mac/xpc.h" | 22 #include "sandbox/mac/xpc.h" |
| 22 #import "testing/gtest_mac.h" | 23 #import "testing/gtest_mac.h" |
| 23 #include "testing/multiprocess_func_list.h" | 24 #include "testing/multiprocess_func_list.h" |
| 24 | 25 |
| 25 NSString* const kTestNotification = @"org.chromium.bootstrap_sandbox_test"; | 26 NSString* const kTestNotification = @"org.chromium.bootstrap_sandbox_test"; |
| 26 | 27 |
| 27 @interface DistributedNotificationObserver : NSObject { | 28 @interface DistributedNotificationObserver : NSObject { |
| 28 @private | 29 @private |
| 29 int receivedCount_; | 30 int receivedCount_; |
| 30 base::scoped_nsobject<NSString> object_; | 31 base::scoped_nsobject<NSString> object_; |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 BootstrapSandboxPolicy policy; | 98 BootstrapSandboxPolicy policy; |
| 98 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); | 99 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); |
| 99 if (base::mac::IsOSSnowLeopard()) | 100 if (base::mac::IsOSSnowLeopard()) |
| 100 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); | 101 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); |
| 101 return policy; | 102 return policy; |
| 102 } | 103 } |
| 103 | 104 |
| 104 void RunChildWithPolicy(int policy_id, | 105 void RunChildWithPolicy(int policy_id, |
| 105 const char* child_name, | 106 const char* child_name, |
| 106 base::ProcessHandle* out_pid) { | 107 base::ProcessHandle* out_pid) { |
| 107 sandbox_->PrepareToForkWithPolicy(policy_id); | 108 scoped_ptr<PreExecDelegate> pre_exec_delegate( |
| 109 sandbox_->NewClient(policy_id)); |
| 110 |
| 108 base::LaunchOptions options; | 111 base::LaunchOptions options; |
| 109 options.replacement_bootstrap_name = sandbox_->server_bootstrap_name(); | 112 options.pre_exec_delegate = pre_exec_delegate.get(); |
| 113 |
| 110 base::Process process = SpawnChildWithOptions(child_name, options); | 114 base::Process process = SpawnChildWithOptions(child_name, options); |
| 111 ASSERT_TRUE(process.IsValid()); | 115 ASSERT_TRUE(process.IsValid()); |
| 112 sandbox_->FinishedFork(process.Handle()); | |
| 113 int code = 0; | 116 int code = 0; |
| 114 EXPECT_TRUE(process.WaitForExit(&code)); | 117 EXPECT_TRUE(process.WaitForExit(&code)); |
| 115 EXPECT_EQ(0, code); | 118 EXPECT_EQ(0, code); |
| 116 if (out_pid) | 119 if (out_pid) |
| 117 *out_pid = process.Pid(); | 120 *out_pid = process.Pid(); |
| 118 } | 121 } |
| 119 | 122 |
| 120 protected: | 123 protected: |
| 121 scoped_ptr<BootstrapSandbox> sandbox_; | 124 scoped_ptr<BootstrapSandbox> sandbox_; |
| 122 }; | 125 }; |
| (...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 446 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, | 449 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, |
| 447 MACH_MSG_TYPE_MAKE_SEND)); | 450 MACH_MSG_TYPE_MAKE_SEND)); |
| 448 base::mac::ScopedMachSendRight scoped_port_send(port); | 451 base::mac::ScopedMachSendRight scoped_port_send(port); |
| 449 | 452 |
| 450 // Set up the policy and register the port. | 453 // Set up the policy and register the port. |
| 451 BootstrapSandboxPolicy policy(BaselinePolicy()); | 454 BootstrapSandboxPolicy policy(BaselinePolicy()); |
| 452 policy.rules["sync"] = Rule(port); | 455 policy.rules["sync"] = Rule(port); |
| 453 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); | 456 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); |
| 454 | 457 |
| 455 // Launch the child. | 458 // Launch the child. |
| 456 sandbox_->PrepareToForkWithPolicy(kTestPolicyId); | 459 scoped_ptr<PreExecDelegate> pre_exec_delegate( |
| 460 sandbox_->NewClient(kTestPolicyId)); |
| 457 base::LaunchOptions options; | 461 base::LaunchOptions options; |
| 458 options.replacement_bootstrap_name = sandbox_->server_bootstrap_name(); | 462 options.pre_exec_delegate = pre_exec_delegate.get(); |
| 459 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); | 463 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); |
| 460 ASSERT_TRUE(process.IsValid()); | 464 ASSERT_TRUE(process.IsValid()); |
| 461 sandbox_->FinishedFork(process.Handle()); | |
| 462 | 465 |
| 463 // Synchronize with the child. | 466 // Synchronize with the child. |
| 464 mach_msg_empty_rcv_t rcv_msg; | 467 mach_msg_empty_rcv_t rcv_msg; |
| 465 bzero(&rcv_msg, sizeof(rcv_msg)); | 468 bzero(&rcv_msg, sizeof(rcv_msg)); |
| 466 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, | 469 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, |
| 467 sizeof(rcv_msg), port, | 470 sizeof(rcv_msg), port, |
| 468 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL); | 471 TestTimeouts::tiny_timeout().InMilliseconds(), MACH_PORT_NULL); |
| 469 ASSERT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr); | 472 ASSERT_EQ(KERN_SUCCESS, kr) << mach_error_string(kr); |
| 470 | 473 |
| 471 // Destroy the sandbox. | 474 // Destroy the sandbox. |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 kr = mach_msg_receive(&rcv_msg.header); | 531 kr = mach_msg_receive(&rcv_msg.header); |
| 529 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; | 532 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; |
| 530 | 533 |
| 531 // Try to message the sandbox. | 534 // Try to message the sandbox. |
| 532 bootstrap_look_up(bootstrap_port, "test", &port); | 535 bootstrap_look_up(bootstrap_port, "test", &port); |
| 533 | 536 |
| 534 return 0; | 537 return 0; |
| 535 } | 538 } |
| 536 | 539 |
| 537 } // namespace sandbox | 540 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1346923006:
Refactor the bootstrap sandbox process launching integration. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master