| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/utility_process_host_impl.h" | 5 #include "content/browser/utility_process_host_impl.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir, | 51 UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir, |
| 52 bool launch_elevated, | 52 bool launch_elevated, |
| 53 bool no_sandbox, | 53 bool no_sandbox, |
| 54 const base::EnvironmentMap& env, | 54 const base::EnvironmentMap& env, |
| 55 ChildProcessHost* host) | 55 ChildProcessHost* host) |
| 56 : exposed_dir_(exposed_dir), | 56 : exposed_dir_(exposed_dir), |
| 57 #if defined(OS_WIN) | 57 #if defined(OS_WIN) |
| 58 launch_elevated_(launch_elevated) | 58 launch_elevated_(launch_elevated) |
| 59 #elif defined(OS_POSIX) | 59 #elif defined(OS_POSIX) |
| 60 env_(env), | 60 env_(env), |
| 61 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 61 no_sandbox_(no_sandbox), | 62 no_sandbox_(no_sandbox), |
| 63 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 62 ipc_fd_(host->TakeClientFileDescriptor()) | 64 ipc_fd_(host->TakeClientFileDescriptor()) |
| 63 #endif // OS_WIN | 65 #endif // OS_WIN |
| 64 {} | 66 {} |
| 65 | 67 |
| 66 ~UtilitySandboxedProcessLauncherDelegate() override {} | 68 ~UtilitySandboxedProcessLauncherDelegate() override {} |
| 67 | 69 |
| 68 #if defined(OS_WIN) | 70 #if defined(OS_WIN) |
| 69 bool ShouldLaunchElevated() override { return launch_elevated_; } | 71 bool ShouldLaunchElevated() override { return launch_elevated_; } |
| 70 | 72 |
| 71 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { | 73 bool PreSpawnTarget(sandbox::TargetPolicy* policy) override { |
| 72 if (exposed_dir_.empty()) | 74 if (exposed_dir_.empty()) |
| 73 return true; | 75 return true; |
| 74 | 76 |
| 75 sandbox::ResultCode result; | 77 sandbox::ResultCode result; |
| 76 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 78 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
| 77 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 79 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
| 78 exposed_dir_.value().c_str()); | 80 exposed_dir_.value().c_str()); |
| 79 if (result != sandbox::SBOX_ALL_OK) | 81 if (result != sandbox::SBOX_ALL_OK) |
| 80 return false; | 82 return false; |
| 81 | 83 |
| 82 base::FilePath exposed_files = exposed_dir_.AppendASCII("*"); | 84 base::FilePath exposed_files = exposed_dir_.AppendASCII("*"); |
| 83 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, | 85 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, |
| 84 sandbox::TargetPolicy::FILES_ALLOW_ANY, | 86 sandbox::TargetPolicy::FILES_ALLOW_ANY, |
| 85 exposed_files.value().c_str()); | 87 exposed_files.value().c_str()); |
| 86 return result == sandbox::SBOX_ALL_OK; | 88 return result == sandbox::SBOX_ALL_OK; |
| 87 } | 89 } |
| 88 | 90 |
| 89 #elif defined(OS_POSIX) | 91 #elif defined(OS_POSIX) |
| 90 | 92 |
| 91 bool ShouldUseZygote() override { | 93 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 92 return !no_sandbox_ && exposed_dir_.empty(); | 94 ZygoteHandle* GetZygote() override { |
| 95 if (no_sandbox_ || !exposed_dir_.empty()) |
| 96 return nullptr; |
| 97 static ZygoteHandle zygote; |
| 98 return &zygote; |
| 93 } | 99 } |
| 100 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 94 base::EnvironmentMap GetEnvironment() override { return env_; } | 101 base::EnvironmentMap GetEnvironment() override { return env_; } |
| 95 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } | 102 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } |
| 96 #endif // OS_WIN | 103 #endif // OS_WIN |
| 97 | 104 |
| 98 SandboxType GetSandboxType() override { | 105 SandboxType GetSandboxType() override { |
| 99 return SANDBOX_TYPE_UTILITY; | 106 return SANDBOX_TYPE_UTILITY; |
| 100 } | 107 } |
| 101 | 108 |
| 102 private: | 109 private: |
| 103 base::FilePath exposed_dir_; | 110 base::FilePath exposed_dir_; |
| 104 | 111 |
| 105 #if defined(OS_WIN) | 112 #if defined(OS_WIN) |
| 106 bool launch_elevated_; | 113 bool launch_elevated_; |
| 107 #elif defined(OS_POSIX) | 114 #elif defined(OS_POSIX) |
| 108 base::EnvironmentMap env_; | 115 base::EnvironmentMap env_; |
| 116 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 109 bool no_sandbox_; | 117 bool no_sandbox_; |
| 118 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 110 base::ScopedFD ipc_fd_; | 119 base::ScopedFD ipc_fd_; |
| 111 #endif // OS_WIN | 120 #endif // OS_WIN |
| 112 }; | 121 }; |
| 113 | 122 |
| 114 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL; | 123 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL; |
| 115 | 124 |
| 116 UtilityProcessHost* UtilityProcessHost::Create( | 125 UtilityProcessHost* UtilityProcessHost::Create( |
| 117 const scoped_refptr<UtilityProcessHostClient>& client, | 126 const scoped_refptr<UtilityProcessHostClient>& client, |
| 118 const scoped_refptr<base::SequencedTaskRunner>& client_task_runner) { | 127 const scoped_refptr<base::SequencedTaskRunner>& client_task_runner) { |
| 119 return new UtilityProcessHostImpl(client, client_task_runner); | 128 return new UtilityProcessHostImpl(client, client_task_runner); |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 if (RenderProcessHost::run_renderer_in_process()) | 388 if (RenderProcessHost::run_renderer_in_process()) |
| 380 handle = base::GetCurrentProcessHandle(); | 389 handle = base::GetCurrentProcessHandle(); |
| 381 else | 390 else |
| 382 handle = process_->GetData().handle; | 391 handle = process_->GetData().handle; |
| 383 | 392 |
| 384 mojo_application_host_->Activate(this, handle); | 393 mojo_application_host_->Activate(this, handle); |
| 385 } | 394 } |
| 386 } | 395 } |
| 387 | 396 |
| 388 } // namespace content | 397 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1532423003:
Have each SandboxedProcessLauncherDelegate maintain a zygote. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master