| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // A mini-zygote specifically for Native Client. | 5 // A mini-zygote specifically for Native Client. |
| 6 | 6 |
| 7 #include "chrome/common/nacl_helper_linux.h" | 7 #include "chrome/common/nacl_helper_linux.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 #include "crypto/nss_util.h" | 31 #include "crypto/nss_util.h" |
| 32 #include "ipc/ipc_descriptors.h" | 32 #include "ipc/ipc_descriptors.h" |
| 33 #include "ipc/ipc_switches.h" | 33 #include "ipc/ipc_switches.h" |
| 34 #include "sandbox/linux/services/libc_urandom_override.h" | 34 #include "sandbox/linux/services/libc_urandom_override.h" |
| 35 | 35 |
| 36 namespace { | 36 namespace { |
| 37 | 37 |
| 38 // The child must mimic the behavior of zygote_main_linux.cc on the child | 38 // The child must mimic the behavior of zygote_main_linux.cc on the child |
| 39 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from | 39 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from |
| 40 // if (!child) { | 40 // if (!child) { |
| 41 // Note: this code doesn't attempt to support SELINUX or the SECCOMP sandbox. | 41 // Note: this code doesn't attempt to support the SECCOMP sandbox. |
| 42 void BecomeNaClLoader(const std::vector<int>& child_fds, | 42 void BecomeNaClLoader(const std::vector<int>& child_fds, |
| 43 size_t prereserved_sandbox_size) { | 43 size_t prereserved_sandbox_size) { |
| 44 VLOG(1) << "NaCl loader: setting up IPC descriptor"; | 44 VLOG(1) << "NaCl loader: setting up IPC descriptor"; |
| 45 // don't need zygote FD any more | 45 // don't need zygote FD any more |
| 46 if (HANDLE_EINTR(close(kNaClZygoteDescriptor)) != 0) | 46 if (HANDLE_EINTR(close(kNaClZygoteDescriptor)) != 0) |
| 47 LOG(ERROR) << "close(kNaClZygoteDescriptor) failed."; | 47 LOG(ERROR) << "close(kNaClZygoteDescriptor) failed."; |
| 48 base::GlobalDescriptors::GetInstance()->Set(kPrimaryIPCChannel, | 48 base::GlobalDescriptors::GetInstance()->Set(kPrimaryIPCChannel, |
| 49 child_fds[kNaClBrowserFDIndex]); | 49 child_fds[kNaClBrowserFDIndex]); |
| 50 | 50 |
| 51 base::MessageLoopForIO main_message_loop; | 51 base::MessageLoopForIO main_message_loop; |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 __attribute__((no_address_safety_analysis)) | 210 __attribute__((no_address_safety_analysis)) |
| 211 const char* __asan_default_options() { | 211 const char* __asan_default_options() { |
| 212 return kAsanDefaultOptionsNaCl; | 212 return kAsanDefaultOptionsNaCl; |
| 213 } | 213 } |
| 214 #endif | 214 #endif |
| 215 | 215 |
| 216 int main(int argc, char* argv[]) { | 216 int main(int argc, char* argv[]) { |
| 217 CommandLine::Init(argc, argv); | 217 CommandLine::Init(argc, argv); |
| 218 base::AtExitManager exit_manager; | 218 base::AtExitManager exit_manager; |
| 219 base::RandUint64(); // acquire /dev/urandom fd before sandbox is raised | 219 base::RandUint64(); // acquire /dev/urandom fd before sandbox is raised |
| 220 #if !defined(CHROMIUM_SELINUX) | |
| 221 // Allows NSS to fopen() /dev/urandom. | 220 // Allows NSS to fopen() /dev/urandom. |
| 222 sandbox::InitLibcUrandomOverrides(); | 221 sandbox::InitLibcUrandomOverrides(); |
| 223 #endif | |
| 224 #if defined(USE_NSS) | 222 #if defined(USE_NSS) |
| 225 // Configure NSS for use inside the NaCl process. | 223 // Configure NSS for use inside the NaCl process. |
| 226 // The fork check has not caused problems for NaCl, but this appears to be | 224 // The fork check has not caused problems for NaCl, but this appears to be |
| 227 // best practice (see other places LoadNSSLibraries is called.) | 225 // best practice (see other places LoadNSSLibraries is called.) |
| 228 crypto::DisableNSSForkCheck(); | 226 crypto::DisableNSSForkCheck(); |
| 229 // Without this line on Linux, HMAC::Init will instantiate a singleton that | 227 // Without this line on Linux, HMAC::Init will instantiate a singleton that |
| 230 // in turn attempts to open a file. Disabling this behavior avoids a ~70 ms | 228 // in turn attempts to open a file. Disabling this behavior avoids a ~70 ms |
| 231 // stall the first time HMAC is used. | 229 // stall the first time HMAC is used. |
| 232 crypto::ForceNSSNoDBInit(); | 230 crypto::ForceNSSNoDBInit(); |
| 233 // Load shared libraries before sandbox is raised. | 231 // Load shared libraries before sandbox is raised. |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 284 _exit(-1); | 282 _exit(-1); |
| 285 } | 283 } |
| 286 // if fork fails, send PID=-1 to zygote | 284 // if fork fails, send PID=-1 to zygote |
| 287 if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, &badpid, | 285 if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, &badpid, |
| 288 sizeof(badpid), empty)) { | 286 sizeof(badpid), empty)) { |
| 289 LOG(ERROR) << "*** send() to zygote failed"; | 287 LOG(ERROR) << "*** send() to zygote failed"; |
| 290 } | 288 } |
| 291 } | 289 } |
| 292 CHECK(false); // This routine must not return | 290 CHECK(false); // This routine must not return |
| 293 } | 291 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14771026:
Linux: remove unmaintained SELinux code. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src