| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 #include "content/public/common/content_switches.h" | 28 #include "content/public/common/content_switches.h" |
| 29 #include "content/public/common/pepper_plugin_info.h" | 29 #include "content/public/common/pepper_plugin_info.h" |
| 30 #include "content/public/common/process_type.h" | 30 #include "content/public/common/process_type.h" |
| 31 #include "content/public/common/sandbox_type.h" | 31 #include "content/public/common/sandbox_type.h" |
| 32 #include "content/public/common/sandboxed_process_launcher_delegate.h" | 32 #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| 33 #include "ipc/ipc_switches.h" | 33 #include "ipc/ipc_switches.h" |
| 34 #include "net/base/network_change_notifier.h" | 34 #include "net/base/network_change_notifier.h" |
| 35 #include "ppapi/proxy/ppapi_messages.h" | 35 #include "ppapi/proxy/ppapi_messages.h" |
| 36 #include "ui/base/ui_base_switches.h" | 36 #include "ui/base/ui_base_switches.h" |
| 37 | 37 |
| 38 #if defined(OS_POSIX) |
| 39 #include "content/public/browser/zygote_handle_linux.h" |
| 40 #endif // defined(OS_POSIX) |
| 41 |
| 38 #if defined(OS_WIN) | 42 #if defined(OS_WIN) |
| 39 #include "content/browser/renderer_host/dwrite_font_proxy_message_filter_win.h" | 43 #include "content/browser/renderer_host/dwrite_font_proxy_message_filter_win.h" |
| 40 #include "content/common/sandbox_win.h" | 44 #include "content/common/sandbox_win.h" |
| 41 #include "sandbox/win/src/process_mitigations.h" | 45 #include "sandbox/win/src/process_mitigations.h" |
| 42 #include "sandbox/win/src/sandbox_policy.h" | 46 #include "sandbox/win/src/sandbox_policy.h" |
| 43 #include "ui/gfx/win/dpi.h" | 47 #include "ui/gfx/win/dpi.h" |
| 44 #endif | 48 #endif |
| 45 | 49 |
| 46 namespace content { | 50 namespace content { |
| 47 | 51 |
| 52 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 53 ZygoteHandle g_ppapi_zygote; |
| 54 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 55 |
| 48 // NOTE: changes to this class need to be reviewed by the security team. | 56 // NOTE: changes to this class need to be reviewed by the security team. |
| 49 class PpapiPluginSandboxedProcessLauncherDelegate | 57 class PpapiPluginSandboxedProcessLauncherDelegate |
| 50 : public content::SandboxedProcessLauncherDelegate { | 58 : public content::SandboxedProcessLauncherDelegate { |
| 51 public: | 59 public: |
| 52 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, | 60 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, |
| 53 const PepperPluginInfo& info, | 61 const PepperPluginInfo& info, |
| 54 ChildProcessHost* host) | 62 ChildProcessHost* host) |
| 55 : info_(info), | 63 : info_(info), |
| 56 #if defined(OS_POSIX) | 64 #if defined(OS_POSIX) |
| 57 ipc_fd_(host->TakeClientFileDescriptor()), | 65 ipc_fd_(host->TakeClientFileDescriptor()), |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 const base::string16& sid = | 98 const base::string16& sid = |
| 91 GetContentClient()->browser()->GetAppContainerSidForSandboxType( | 99 GetContentClient()->browser()->GetAppContainerSidForSandboxType( |
| 92 GetSandboxType()); | 100 GetSandboxType()); |
| 93 if (!sid.empty()) | 101 if (!sid.empty()) |
| 94 AddAppContainerPolicy(policy, sid.c_str()); | 102 AddAppContainerPolicy(policy, sid.c_str()); |
| 95 | 103 |
| 96 return true; | 104 return true; |
| 97 } | 105 } |
| 98 | 106 |
| 99 #elif defined(OS_POSIX) | 107 #elif defined(OS_POSIX) |
| 100 bool ShouldUseZygote() override { | 108 #if !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 109 ZygoteHandle* GetZygote() override { |
| 101 const base::CommandLine& browser_command_line = | 110 const base::CommandLine& browser_command_line = |
| 102 *base::CommandLine::ForCurrentProcess(); | 111 *base::CommandLine::ForCurrentProcess(); |
| 103 base::CommandLine::StringType plugin_launcher = browser_command_line | 112 base::CommandLine::StringType plugin_launcher = browser_command_line |
| 104 .GetSwitchValueNative(switches::kPpapiPluginLauncher); | 113 .GetSwitchValueNative(switches::kPpapiPluginLauncher); |
| 105 return !is_broker_ && plugin_launcher.empty(); | 114 if (is_broker_ || !plugin_launcher.empty()) |
| 115 return nullptr; |
| 116 return &g_ppapi_zygote; |
| 106 } | 117 } |
| 118 #endif // !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 119 |
| 107 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } | 120 base::ScopedFD TakeIpcFd() override { return std::move(ipc_fd_); } |
| 108 #endif // OS_WIN | 121 #endif // OS_WIN |
| 109 | 122 |
| 110 SandboxType GetSandboxType() override { | 123 SandboxType GetSandboxType() override { |
| 111 return SANDBOX_TYPE_PPAPI; | 124 return SANDBOX_TYPE_PPAPI; |
| 112 } | 125 } |
| 113 | 126 |
| 114 private: | 127 private: |
| 115 const PepperPluginInfo& info_; | 128 const PepperPluginInfo& info_; |
| 116 #if defined(OS_POSIX) | 129 #if defined(OS_POSIX) |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 183 const PepperPluginInfo& info) { | 196 const PepperPluginInfo& info) { |
| 184 PpapiPluginProcessHost* plugin_host = | 197 PpapiPluginProcessHost* plugin_host = |
| 185 new PpapiPluginProcessHost(); | 198 new PpapiPluginProcessHost(); |
| 186 if (plugin_host->Init(info)) | 199 if (plugin_host->Init(info)) |
| 187 return plugin_host; | 200 return plugin_host; |
| 188 | 201 |
| 189 NOTREACHED(); // Init is not expected to fail. | 202 NOTREACHED(); // Init is not expected to fail. |
| 190 return NULL; | 203 return NULL; |
| 191 } | 204 } |
| 192 | 205 |
| 206 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 207 // static |
| 208 void PpapiPluginProcessHost::EarlyZygoteLaunch() { |
| 209 DCHECK(!g_ppapi_zygote); |
| 210 g_ppapi_zygote = CreateZygote(); |
| 211 } |
| 212 #endif // defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX) |
| 213 |
| 193 // static | 214 // static |
| 194 void PpapiPluginProcessHost::DidCreateOutOfProcessInstance( | 215 void PpapiPluginProcessHost::DidCreateOutOfProcessInstance( |
| 195 int plugin_process_id, | 216 int plugin_process_id, |
| 196 int32_t pp_instance, | 217 int32_t pp_instance, |
| 197 const PepperRendererInstanceData& instance_data) { | 218 const PepperRendererInstanceData& instance_data) { |
| 198 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) { | 219 for (PpapiPluginProcessHostIterator iter; !iter.Done(); ++iter) { |
| 199 if (iter->process_.get() && | 220 if (iter->process_.get() && |
| 200 iter->process_->GetData().id == plugin_process_id) { | 221 iter->process_->GetData().id == plugin_process_id) { |
| 201 // Found the plugin. | 222 // Found the plugin. |
| 202 iter->host_impl_->AddInstance(pp_instance, instance_data); | 223 iter->host_impl_->AddInstance(pp_instance, instance_data); |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 520 // sent_requests_ queue should be the one that the plugin just created. | 541 // sent_requests_ queue should be the one that the plugin just created. |
| 521 Client* client = sent_requests_.front(); | 542 Client* client = sent_requests_.front(); |
| 522 sent_requests_.pop(); | 543 sent_requests_.pop(); |
| 523 | 544 |
| 524 const ChildProcessData& data = process_->GetData(); | 545 const ChildProcessData& data = process_->GetData(); |
| 525 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 546 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
| 526 data.id); | 547 data.id); |
| 527 } | 548 } |
| 528 | 549 |
| 529 } // namespace content | 550 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1532423003:
Have each SandboxedProcessLauncherDelegate maintain a zygote. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master