| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/browser/nacl_process_host.h" | 5 #include "components/nacl/browser/nacl_process_host.h" |
| 6 | 6 |
| 7 #include <string.h> | 7 #include <string.h> |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 #include "ppapi/shared_impl/ppapi_constants.h" | 61 #include "ppapi/shared_impl/ppapi_constants.h" |
| 62 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" | 62 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" |
| 63 | 63 |
| 64 #if defined(OS_POSIX) | 64 #if defined(OS_POSIX) |
| 65 | 65 |
| 66 #include <arpa/inet.h> | 66 #include <arpa/inet.h> |
| 67 #include <fcntl.h> | 67 #include <fcntl.h> |
| 68 #include <netinet/in.h> | 68 #include <netinet/in.h> |
| 69 #include <sys/socket.h> | 69 #include <sys/socket.h> |
| 70 | 70 |
| 71 #include "content/public/browser/zygote_handle_linux.h" |
| 71 #include "ipc/ipc_channel_posix.h" | 72 #include "ipc/ipc_channel_posix.h" |
| 72 #elif defined(OS_WIN) | 73 #elif defined(OS_WIN) |
| 73 #include <windows.h> | 74 #include <windows.h> |
| 74 #include <winsock2.h> | 75 #include <winsock2.h> |
| 75 | 76 |
| 76 #include "base/threading/thread.h" | 77 #include "base/threading/thread.h" |
| 77 #include "base/win/scoped_handle.h" | 78 #include "base/win/scoped_handle.h" |
| 78 #include "components/nacl/browser/nacl_broker_service_win.h" | 79 #include "components/nacl/browser/nacl_broker_service_win.h" |
| 79 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 80 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| 80 #include "content/public/common/sandbox_init.h" | 81 #include "content/public/common/sandbox_init.h" |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 148 return (base::win::OSInfo::GetInstance()->wow64_status() == | 149 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 149 base::win::OSInfo::WOW64_ENABLED); | 150 base::win::OSInfo::WOW64_ENABLED); |
| 150 } | 151 } |
| 151 | 152 |
| 152 } // namespace | 153 } // namespace |
| 153 | 154 |
| 154 #endif // defined(OS_WIN) | 155 #endif // defined(OS_WIN) |
| 155 | 156 |
| 156 namespace { | 157 namespace { |
| 157 | 158 |
| 159 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 160 content::ZygoteHandle g_nacl_zygote; |
| 161 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 162 |
| 158 // NOTE: changes to this class need to be reviewed by the security team. | 163 // NOTE: changes to this class need to be reviewed by the security team. |
| 159 class NaClSandboxedProcessLauncherDelegate | 164 class NaClSandboxedProcessLauncherDelegate |
| 160 : public content::SandboxedProcessLauncherDelegate { | 165 : public content::SandboxedProcessLauncherDelegate { |
| 161 public: | 166 public: |
| 162 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) | 167 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) |
| 163 #if defined(OS_POSIX) | 168 #if defined(OS_POSIX) |
| 164 : ipc_fd_(host->TakeClientFileDescriptor()) | 169 : ipc_fd_(host->TakeClientFileDescriptor()) |
| 165 #endif | 170 #endif |
| 166 {} | 171 {} |
| 167 | 172 |
| 168 ~NaClSandboxedProcessLauncherDelegate() override {} | 173 ~NaClSandboxedProcessLauncherDelegate() override {} |
| 169 | 174 |
| 170 #if defined(OS_WIN) | 175 #if defined(OS_WIN) |
| 171 void PostSpawnTarget(base::ProcessHandle process) override { | 176 void PostSpawnTarget(base::ProcessHandle process) override { |
| 172 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of | 177 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of |
| 173 // address space to prevent later failure due to address space fragmentation | 178 // address space to prevent later failure due to address space fragmentation |
| 174 // from .dll loading. The NaCl process will attempt to locate this space by | 179 // from .dll loading. The NaCl process will attempt to locate this space by |
| 175 // scanning the address space using VirtualQuery. | 180 // scanning the address space using VirtualQuery. |
| 176 // TODO(bbudge) Handle the --no-sandbox case. | 181 // TODO(bbudge) Handle the --no-sandbox case. |
| 177 // http://code.google.com/p/nativeclient/issues/detail?id=2131 | 182 // http://code.google.com/p/nativeclient/issues/detail?id=2131 |
| 178 const SIZE_T kNaClSandboxSize = 1 << 30; | 183 const SIZE_T kNaClSandboxSize = 1 << 30; |
| 179 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { | 184 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { |
| 180 DLOG(WARNING) << "Failed to reserve address space for Native Client"; | 185 DLOG(WARNING) << "Failed to reserve address space for Native Client"; |
| 181 } | 186 } |
| 182 } | 187 } |
| 183 #elif defined(OS_POSIX) | 188 #elif defined(OS_POSIX) |
| 184 bool ShouldUseZygote() override { return true; } | 189 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 190 content::ZygoteHandle* GetZygote() override { return &g_nacl_zygote; } |
| 191 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 192 |
| 185 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } | 193 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } |
| 186 #endif // OS_WIN | 194 #endif // OS_WIN |
| 187 | 195 |
| 188 private: | 196 private: |
| 189 #if defined(OS_POSIX) | 197 #if defined(OS_POSIX) |
| 190 base::ScopedFD ipc_fd_; | 198 base::ScopedFD ipc_fd_; |
| 191 #endif // OS_POSIX | 199 #endif // OS_POSIX |
| 192 }; | 200 }; |
| 193 | 201 |
| 194 void SetCloseOnExec(NaClHandle fd) { | 202 void SetCloseOnExec(NaClHandle fd) { |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 410 cmd->GetSwitchValueASCII(switches::kNaClDebugMask); | 418 cmd->GetSwitchValueASCII(switches::kNaClDebugMask); |
| 411 // By default, exclude debugging SSH and the PNaCl translator. | 419 // By default, exclude debugging SSH and the PNaCl translator. |
| 412 // about::flags only allows empty flags as the default, so replace | 420 // about::flags only allows empty flags as the default, so replace |
| 413 // the empty setting with the default. To debug all apps, use a wild-card. | 421 // the empty setting with the default. To debug all apps, use a wild-card. |
| 414 if (nacl_debug_mask.empty()) { | 422 if (nacl_debug_mask.empty()) { |
| 415 nacl_debug_mask = "!*://*/*ssh_client.nmf,chrome://pnacl-translator/*"; | 423 nacl_debug_mask = "!*://*/*ssh_client.nmf,chrome://pnacl-translator/*"; |
| 416 } | 424 } |
| 417 NaClBrowser::GetDelegate()->SetDebugPatterns(nacl_debug_mask); | 425 NaClBrowser::GetDelegate()->SetDebugPatterns(nacl_debug_mask); |
| 418 } | 426 } |
| 419 | 427 |
| 428 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 429 // static |
| 430 void NaClProcessHost::EarlyZygoteLaunch() { |
| 431 DCHECK(!g_nacl_zygote); |
| 432 g_nacl_zygote = content::zygote_handle::CreateZygote(); |
| 433 } |
| 434 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 435 |
| 420 // static | 436 // static |
| 421 void NaClProcessHost::SetPpapiKeepAliveThrottleForTesting( | 437 void NaClProcessHost::SetPpapiKeepAliveThrottleForTesting( |
| 422 unsigned milliseconds) { | 438 unsigned milliseconds) { |
| 423 keepalive_throttle_interval_milliseconds_ = milliseconds; | 439 keepalive_throttle_interval_milliseconds_ = milliseconds; |
| 424 } | 440 } |
| 425 | 441 |
| 426 void NaClProcessHost::Launch( | 442 void NaClProcessHost::Launch( |
| 427 NaClHostMessageFilter* nacl_host_message_filter, | 443 NaClHostMessageFilter* nacl_host_message_filter, |
| 428 IPC::Message* reply_msg, | 444 IPC::Message* reply_msg, |
| 429 const base::FilePath& manifest_path) { | 445 const base::FilePath& manifest_path) { |
| (...skipping 943 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1373 NaClStartDebugExceptionHandlerThread( | 1389 NaClStartDebugExceptionHandlerThread( |
| 1374 process.Pass(), info, base::ThreadTaskRunnerHandle::Get(), | 1390 process.Pass(), info, base::ThreadTaskRunnerHandle::Get(), |
| 1375 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, | 1391 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, |
| 1376 weak_factory_.GetWeakPtr())); | 1392 weak_factory_.GetWeakPtr())); |
| 1377 return true; | 1393 return true; |
| 1378 } | 1394 } |
| 1379 } | 1395 } |
| 1380 #endif | 1396 #endif |
| 1381 | 1397 |
| 1382 } // namespace nacl | 1398 } // namespace nacl |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1532423003:
Have each SandboxedProcessLauncherDelegate maintain a zygote. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master