Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/browser/nacl_process_host.h" | 5 #include "components/nacl/browser/nacl_process_host.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "components/nacl/common/nacl_messages.h" | 33 #include "components/nacl/common/nacl_messages.h" |
| 34 #include "components/nacl/common/nacl_process_type.h" | 34 #include "components/nacl/common/nacl_process_type.h" |
| 35 #include "components/nacl/common/nacl_switches.h" | 35 #include "components/nacl/common/nacl_switches.h" |
| 36 #include "content/public/browser/browser_child_process_host.h" | 36 #include "content/public/browser/browser_child_process_host.h" |
| 37 #include "content/public/browser/browser_ppapi_host.h" | 37 #include "content/public/browser/browser_ppapi_host.h" |
| 38 #include "content/public/browser/child_process_data.h" | 38 #include "content/public/browser/child_process_data.h" |
| 39 #include "content/public/browser/plugin_service.h" | 39 #include "content/public/browser/plugin_service.h" |
| 40 #include "content/public/common/child_process_host.h" | 40 #include "content/public/common/child_process_host.h" |
| 41 #include "content/public/common/content_switches.h" | 41 #include "content/public/common/content_switches.h" |
| 42 #include "content/public/common/process_type.h" | 42 #include "content/public/common/process_type.h" |
| 43 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 43 #include "ipc/ipc_channel.h" | 44 #include "ipc/ipc_channel.h" |
| 44 #include "ipc/ipc_switches.h" | 45 #include "ipc/ipc_switches.h" |
| 45 #include "native_client/src/shared/imc/nacl_imc_c.h" | 46 #include "native_client/src/shared/imc/nacl_imc_c.h" |
| 46 #include "net/base/net_util.h" | 47 #include "net/base/net_util.h" |
| 47 #include "net/socket/tcp_listen_socket.h" | 48 #include "net/socket/tcp_listen_socket.h" |
| 48 #include "ppapi/host/host_factory.h" | 49 #include "ppapi/host/host_factory.h" |
| 49 #include "ppapi/host/ppapi_host.h" | 50 #include "ppapi/host/ppapi_host.h" |
| 50 #include "ppapi/proxy/ppapi_messages.h" | 51 #include "ppapi/proxy/ppapi_messages.h" |
| 51 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" | 52 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" |
| 52 #include "ppapi/shared_impl/ppapi_switches.h" | 53 #include "ppapi/shared_impl/ppapi_switches.h" |
| 53 | 54 |
| 54 #if defined(OS_POSIX) | 55 #if defined(OS_POSIX) |
| 55 #include <fcntl.h> | 56 #include <fcntl.h> |
| 56 | 57 |
| 57 #include "ipc/ipc_channel_posix.h" | 58 #include "ipc/ipc_channel_posix.h" |
| 58 #elif defined(OS_WIN) | 59 #elif defined(OS_WIN) |
| 59 #include <windows.h> | 60 #include <windows.h> |
| 60 | 61 |
| 61 #include "base/threading/thread.h" | 62 #include "base/threading/thread.h" |
| 62 #include "base/win/scoped_handle.h" | 63 #include "base/win/scoped_handle.h" |
| 63 #include "components/nacl/browser/nacl_broker_service_win.h" | 64 #include "components/nacl/browser/nacl_broker_service_win.h" |
| 64 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 65 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| 65 #include "content/public/common/sandbox_init.h" | 66 #include "content/public/common/sandbox_init.h" |
| 66 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 67 #endif | 67 #endif |
| 68 | 68 |
| 69 using content::BrowserThread; | 69 using content::BrowserThread; |
| 70 using content::ChildProcessData; | 70 using content::ChildProcessData; |
| 71 using content::ChildProcessHost; | 71 using content::ChildProcessHost; |
| 72 using ppapi::proxy::SerializedHandle; | 72 using ppapi::proxy::SerializedHandle; |
| 73 | 73 |
| 74 #if defined(OS_WIN) | 74 #if defined(OS_WIN) |
| 75 | 75 |
| 76 namespace { | 76 namespace { |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 126 #if defined(OS_WIN) | 126 #if defined(OS_WIN) |
| 127 bool RunningOnWOW64() { | 127 bool RunningOnWOW64() { |
| 128 return (base::win::OSInfo::GetInstance()->wow64_status() == | 128 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 129 base::win::OSInfo::WOW64_ENABLED); | 129 base::win::OSInfo::WOW64_ENABLED); |
| 130 } | 130 } |
| 131 | 131 |
| 132 // NOTE: changes to this class need to be reviewed by the security team. | 132 // NOTE: changes to this class need to be reviewed by the security team. |
| 133 class NaClSandboxedProcessLauncherDelegate | 133 class NaClSandboxedProcessLauncherDelegate |
| 134 : public content::SandboxedProcessLauncherDelegate { | 134 : public content::SandboxedProcessLauncherDelegate { |
| 135 public: | 135 public: |
| 136 NaClSandboxedProcessLauncherDelegate() {} | 136 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* /*host*/) {} |
| 137 virtual ~NaClSandboxedProcessLauncherDelegate() {} | 137 virtual ~NaClSandboxedProcessLauncherDelegate() {} |
| 138 | 138 |
| 139 virtual void PostSpawnTarget(base::ProcessHandle process) { | 139 virtual void PostSpawnTarget(base::ProcessHandle process) { |
| 140 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of | 140 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of |
| 141 // address space to prevent later failure due to address space fragmentation | 141 // address space to prevent later failure due to address space fragmentation |
| 142 // from .dll loading. The NaCl process will attempt to locate this space by | 142 // from .dll loading. The NaCl process will attempt to locate this space by |
| 143 // scanning the address space using VirtualQuery. | 143 // scanning the address space using VirtualQuery. |
| 144 // TODO(bbudge) Handle the --no-sandbox case. | 144 // TODO(bbudge) Handle the --no-sandbox case. |
| 145 // http://code.google.com/p/nativeclient/issues/detail?id=2131 | 145 // http://code.google.com/p/nativeclient/issues/detail?id=2131 |
| 146 const SIZE_T kNaClSandboxSize = 1 << 30; | 146 const SIZE_T kNaClSandboxSize = 1 << 30; |
| 147 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { | 147 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { |
| 148 DLOG(WARNING) << "Failed to reserve address space for Native Client"; | 148 DLOG(WARNING) << "Failed to reserve address space for Native Client"; |
| 149 } | 149 } |
| 150 } | 150 } |
| 151 }; | 151 }; |
| 152 #elif defined(OS_POSIX) | |
|
jam
2014/02/26 19:47:52
why have two implementations in this file instead
aberent
2014/02/28 08:51:06
Done. I have tried various versions of this, and w
| |
| 153 // NOTE: changes to this class need to be reviewed by the security team. | |
| 154 class NaClSandboxedProcessLauncherDelegate | |
| 155 : public content::SandboxedProcessLauncherDelegate { | |
| 156 public: | |
| 157 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) | |
| 158 : ipc_fd_(host->TakeClientFileDescriptor()) {} | |
| 159 | |
| 160 virtual ~NaClSandboxedProcessLauncherDelegate() {} | |
| 161 | |
| 162 virtual bool UseZygote() OVERRIDE { | |
| 163 CommandLine::StringType nacl_loader_prefix = | |
| 164 CommandLine::ForCurrentProcess()->GetSwitchValueNative( | |
| 165 switches::kNaClLoaderCmdPrefix); | |
| 166 return nacl_loader_prefix.empty(); | |
| 167 } | |
| 168 virtual int IpcFd() OVERRIDE { | |
| 169 return ipc_fd_; | |
| 170 } | |
| 171 private: | |
| 172 int ipc_fd_; | |
| 173 }; | |
| 152 | 174 |
| 153 #endif // OS_WIN | 175 #endif // OS_WIN |
| 154 | 176 |
| 155 void SetCloseOnExec(NaClHandle fd) { | 177 void SetCloseOnExec(NaClHandle fd) { |
| 156 #if defined(OS_POSIX) | 178 #if defined(OS_POSIX) |
| 157 int flags = fcntl(fd, F_GETFD); | 179 int flags = fcntl(fd, F_GETFD); |
| 158 CHECK_NE(flags, -1); | 180 CHECK_NE(flags, -1); |
| 159 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); | 181 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); |
| 160 CHECK_EQ(rc, 0); | 182 CHECK_EQ(rc, 0); |
| 161 #endif | 183 #endif |
| (...skipping 366 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 528 cmd_line->PrependWrapper(nacl_loader_prefix); | 550 cmd_line->PrependWrapper(nacl_loader_prefix); |
| 529 | 551 |
| 530 // On Windows we might need to start the broker process to launch a new loader | 552 // On Windows we might need to start the broker process to launch a new loader |
| 531 #if defined(OS_WIN) | 553 #if defined(OS_WIN) |
| 532 if (RunningOnWOW64()) { | 554 if (RunningOnWOW64()) { |
| 533 if (!NaClBrokerService::GetInstance()->LaunchLoader( | 555 if (!NaClBrokerService::GetInstance()->LaunchLoader( |
| 534 weak_factory_.GetWeakPtr(), channel_id)) { | 556 weak_factory_.GetWeakPtr(), channel_id)) { |
| 535 SendErrorToRenderer("broker service did not launch process"); | 557 SendErrorToRenderer("broker service did not launch process"); |
| 536 return false; | 558 return false; |
| 537 } | 559 } |
| 538 } else { | 560 return true; |
| 539 process_->Launch(new NaClSandboxedProcessLauncherDelegate, | |
| 540 false, | |
| 541 cmd_line.release()); | |
| 542 } | 561 } |
| 543 #elif defined(OS_POSIX) | |
| 544 process_->Launch(nacl_loader_prefix.empty(), // use_zygote | |
| 545 base::EnvironmentMap(), | |
| 546 cmd_line.release()); | |
| 547 #endif | 562 #endif |
| 548 | 563 process_->Launch( |
| 564 new NaClSandboxedProcessLauncherDelegate(process_->GetHost()), | |
| 565 cmd_line.release()); | |
| 549 return true; | 566 return true; |
| 550 } | 567 } |
| 551 | 568 |
| 552 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { | 569 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { |
| 553 bool handled = true; | 570 bool handled = true; |
| 554 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) | 571 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) |
| 555 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, | 572 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, |
| 556 OnQueryKnownToValidate) | 573 OnQueryKnownToValidate) |
| 557 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, | 574 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, |
| 558 OnSetKnownToValidate) | 575 OnSetKnownToValidate) |
| (...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1005 process_handle.Take(), info, | 1022 process_handle.Take(), info, |
| 1006 base::MessageLoopProxy::current(), | 1023 base::MessageLoopProxy::current(), |
| 1007 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, | 1024 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, |
| 1008 weak_factory_.GetWeakPtr())); | 1025 weak_factory_.GetWeakPtr())); |
| 1009 return true; | 1026 return true; |
| 1010 } | 1027 } |
| 1011 } | 1028 } |
| 1012 #endif | 1029 #endif |
| 1013 | 1030 |
| 1014 } // namespace nacl | 1031 } // namespace nacl |
| OLD | NEW |
