Have each SandboxedProcessLauncherDelegate maintain a zygote.

content/browser/utility_process_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/utility_process_host_impl.h"
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
@@ skipping 19 matching lines @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/utility_process_host_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
 #include "content/public/common/sandbox_type.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_switches.h"
 #include "ui/base/ui_base_switches.h"
 
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+#include "content/browser/zygote_host/zygote_communication_linux.h"
+#endif  // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+
 #if defined(OS_WIN)
 #include "sandbox/win/src/sandbox_policy.h"
 #include "sandbox/win/src/sandbox_types.h"
 #endif
 
 namespace content {
 
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+namespace {
+ZygoteHandle zygote;
+}  // namespace
+#endif  // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+
 // NOTE: changes to this class need to be reviewed by the security team.
 class UtilitySandboxedProcessLauncherDelegate
     : public SandboxedProcessLauncherDelegate {
  public:
   UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir,
                                           bool launch_elevated,
                                           bool no_sandbox,
                                           const base::EnvironmentMap& env,
                                           ChildProcessHost* host)
       : exposed_dir_(exposed_dir),
 #if defined(OS_WIN)
         launch_elevated_(launch_elevated)
 #elif defined(OS_POSIX)
         env_(env),
+#if !defined(OS_MACOSX) && !defined(OS_ANDROID)
         no_sandbox_(no_sandbox),
+#endif  // !defined(OS_MACOSX)  && !defined(OS_ANDROID)
         ipc_fd_(host->TakeClientFileDescriptor())
 #endif  // OS_WIN
   {}
 
   ~UtilitySandboxedProcessLauncherDelegate() override {}
 
 #if defined(OS_WIN)
   bool ShouldLaunchElevated() override { return launch_elevated_; }
 
   bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {
     if (exposed_dir_.empty())
       return true;
 
     sandbox::ResultCode result;
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
                              exposed_dir_.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return false;
 
     base::FilePath exposed_files = exposed_dir_.AppendASCII("*");
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                              sandbox::TargetPolicy::FILES_ALLOW_ANY,
                              exposed_files.value().c_str());
     return result == sandbox::SBOX_ALL_OK;
   }
 
 #elif defined(OS_POSIX)
 
-  bool ShouldUseZygote() override {
-    return !no_sandbox_ && exposed_dir_.empty();
+#if !defined(OS_MACOSX) && !defined(OS_ANDROID)
+  ZygoteHandle* GetZygote() override {
+    if (no_sandbox_ || !exposed_dir_.empty())
+      return nullptr;
+    return &zygote;
   }
+#endif  // !defined(OS_MACOSX) && !defined(OS_ANDROID)
   base::EnvironmentMap GetEnvironment() override { return env_; }
   base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); }
 #endif  // OS_WIN
 
   SandboxType GetSandboxType() override {
     return SANDBOX_TYPE_UTILITY;
   }
 
  private:
   base::FilePath exposed_dir_;
 
 #if defined(OS_WIN)
   bool launch_elevated_;
 #elif defined(OS_POSIX)
   base::EnvironmentMap env_;
+#if !defined(OS_MACOSX) && !defined(OS_ANDROID)
   bool no_sandbox_;
+#endif  // !defined(OS_MACOSX) && !defined(OS_ANDROID)
   base::ScopedFD ipc_fd_;
 #endif  // OS_WIN
 };
 
 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL;
 
 UtilityProcessHost* UtilityProcessHost::Create(
     const scoped_refptr<UtilityProcessHostClient>& client,
     const scoped_refptr<base::SequencedTaskRunner>& client_task_runner) {
   return new UtilityProcessHostImpl(client, client_task_runner);
@@ skipping 93 matching lines @@
 ServiceRegistry* UtilityProcessHostImpl::GetServiceRegistry() {
   if (mojo_application_host_)
     return mojo_application_host_->service_registry();
   return nullptr;
 }
 
 void UtilityProcessHostImpl::SetName(const base::string16& name) {
   name_ = name;
 }
 
+#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+// static
+void UtilityProcessHostImpl::EarlyZygoteLaunch() {
+  DCHECK(!zygote);
+  zygote = new ZygoteCommunication();
+  zygote->Init();
+}
+#endif  // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
+
 bool UtilityProcessHostImpl::StartProcess() {
   if (started_)
     return true;
   started_ = true;
 
   if (is_batch_mode_)
     return true;
 
   // Name must be set or metrics_service will crash in any test which
   // launches a UtilityProcessHost.
@@ skipping 138 matching lines @@
     if (RenderProcessHost::run_renderer_in_process())
       handle = base::GetCurrentProcessHandle();
     else
       handle = process_->GetData().handle;
 
     mojo_application_host_->Activate(this, handle);
   }
 }
 
 }  // namespace content