Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
| 13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 14 #include "content/browser/browser_child_process_host_impl.h" | 14 #include "content/browser/browser_child_process_host_impl.h" |
| 15 #include "content/browser/plugin_service_impl.h" | 15 #include "content/browser/plugin_service_impl.h" |
| 16 #include "content/browser/renderer_host/render_message_filter.h" | 16 #include "content/browser/renderer_host/render_message_filter.h" |
| 17 #include "content/common/child_process_host_impl.h" | 17 #include "content/common/child_process_host_impl.h" |
| 18 #include "content/common/child_process_messages.h" | 18 #include "content/common/child_process_messages.h" |
| 19 #include "content/public/browser/content_browser_client.h" | 19 #include "content/public/browser/content_browser_client.h" |
| 20 #include "content/public/common/content_constants.h" | 20 #include "content/public/common/content_constants.h" |
| 21 #include "content/public/common/content_switches.h" | 21 #include "content/public/common/content_switches.h" |
| 22 #include "content/public/common/pepper_plugin_info.h" | 22 #include "content/public/common/pepper_plugin_info.h" |
| 23 #include "content/public/common/process_type.h" | 23 #include "content/public/common/process_type.h" |
| 24 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 24 #include "ipc/ipc_switches.h" | 25 #include "ipc/ipc_switches.h" |
| 25 #include "net/base/network_change_notifier.h" | 26 #include "net/base/network_change_notifier.h" |
| 26 #include "ppapi/proxy/ppapi_messages.h" | 27 #include "ppapi/proxy/ppapi_messages.h" |
| 27 #include "ui/base/ui_base_switches.h" | 28 #include "ui/base/ui_base_switches.h" |
| 28 | 29 |
| 29 #if defined(OS_WIN) | 30 #if defined(OS_WIN) |
| 30 #include "content/common/sandbox_win.h" | 31 #include "content/common/sandbox_win.h" |
| 31 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 32 #include "sandbox/win/src/sandbox_policy.h" | 32 #include "sandbox/win/src/sandbox_policy.h" |
| 33 #endif | 33 #endif |
| 34 | 34 |
| 35 namespace content { | 35 namespace content { |
| 36 | 36 |
| 37 #if defined(OS_WIN) | 37 #if defined(OS_WIN) |
| 38 // NOTE: changes to this class need to be reviewed by the security team. | 38 // NOTE: changes to this class need to be reviewed by the security team. |
| 39 class PpapiPluginSandboxedProcessLauncherDelegate | 39 class PpapiPluginSandboxedProcessLauncherDelegate |
| 40 : public content::SandboxedProcessLauncherDelegate { | 40 : public content::SandboxedProcessLauncherDelegate { |
| 41 public: | 41 public: |
| 42 explicit PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker) | 42 PpapiPluginSandboxedProcessLauncherDelegate( bool is_broker, |
| 43 const PepperPluginInfo& /*info*/, | |
| 44 ChildProcessHost* /*host*/) | |
| 43 : is_broker_(is_broker) {} | 45 : is_broker_(is_broker) {} |
| 44 virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} | 46 virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} |
| 45 | 47 |
| 46 virtual void ShouldSandbox(bool* in_sandbox) OVERRIDE { | 48 virtual void ShouldSandbox(bool* in_sandbox) OVERRIDE { |
| 47 if (is_broker_) | 49 if (is_broker_) |
| 48 *in_sandbox = false; | 50 *in_sandbox = false; |
| 49 } | 51 } |
| 50 | 52 |
| 51 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, | 53 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, |
| 52 bool* success) { | 54 bool* success) { |
| 53 if (is_broker_) | 55 if (is_broker_) |
| 54 return; | 56 return; |
| 55 // The Pepper process as locked-down as a renderer execpt that it can | 57 // The Pepper process as locked-down as a renderer execpt that it can |
| 56 // create the server side of chrome pipes. | 58 // create the server side of chrome pipes. |
| 57 sandbox::ResultCode result; | 59 sandbox::ResultCode result; |
| 58 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 60 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 59 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 61 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 60 L"\\\\.\\pipe\\chrome.*"); | 62 L"\\\\.\\pipe\\chrome.*"); |
| 61 *success = (result == sandbox::SBOX_ALL_OK); | 63 *success = (result == sandbox::SBOX_ALL_OK); |
| 62 } | 64 } |
| 63 | 65 |
| 64 private: | 66 private: |
| 65 bool is_broker_; | 67 bool is_broker_; |
| 66 | 68 |
| 67 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); | 69 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); |
| 68 }; | 70 }; |
| 71 | |
| 72 #elif defined(OS_POSIX) | |
| 73 // NOTE: changes to this class need to be reviewed by the security team. | |
|
jam
2014/02/26 19:47:52
ditto
aberent
2014/02/28 08:51:07
Done.
| |
| 74 class PpapiPluginSandboxedProcessLauncherDelegate | |
| 75 : public content::SandboxedProcessLauncherDelegate { | |
| 76 public: | |
| 77 PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker, | |
| 78 const PepperPluginInfo& info, | |
| 79 ChildProcessHost* host) | |
| 80 : is_broker_(is_broker), | |
| 81 info_(info), | |
| 82 ipc_fd_(host->TakeClientFileDescriptor()) {} | |
| 83 | |
| 84 virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} | |
| 85 | |
| 86 virtual bool UseZygote() OVERRIDE { | |
| 87 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | |
| 88 CommandLine::StringType plugin_launcher = browser_command_line | |
| 89 .GetSwitchValueNative(switches::kPpapiPluginLauncher); | |
| 90 return !is_broker_ && plugin_launcher.empty() && info_.is_sandboxed; | |
| 91 } | |
| 92 virtual int IpcFd() OVERRIDE { | |
| 93 return ipc_fd_; | |
| 94 } | |
| 95 private: | |
| 96 bool is_broker_; | |
| 97 const PepperPluginInfo& info_; | |
| 98 int ipc_fd_; | |
| 99 | |
| 100 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); | |
| 101 }; | |
| 69 #endif // OS_WIN | 102 #endif // OS_WIN |
| 70 | 103 |
| 71 class PpapiPluginProcessHost::PluginNetworkObserver | 104 class PpapiPluginProcessHost::PluginNetworkObserver |
| 72 : public net::NetworkChangeNotifier::IPAddressObserver, | 105 : public net::NetworkChangeNotifier::IPAddressObserver, |
| 73 public net::NetworkChangeNotifier::ConnectionTypeObserver { | 106 public net::NetworkChangeNotifier::ConnectionTypeObserver { |
| 74 public: | 107 public: |
| 75 explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host) | 108 explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host) |
| 76 : process_host_(process_host) { | 109 : process_host_(process_host) { |
| 77 net::NetworkChangeNotifier::AddIPAddressObserver(this); | 110 net::NetworkChangeNotifier::AddIPAddressObserver(this); |
| 78 net::NetworkChangeNotifier::AddConnectionTypeObserver(this); | 111 net::NetworkChangeNotifier::AddConnectionTypeObserver(this); |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 326 } | 359 } |
| 327 | 360 |
| 328 if (!plugin_launcher.empty()) | 361 if (!plugin_launcher.empty()) |
| 329 cmd_line->PrependWrapper(plugin_launcher); | 362 cmd_line->PrependWrapper(plugin_launcher); |
| 330 | 363 |
| 331 // On posix, never use the zygote for the broker. Also, only use the zygote if | 364 // On posix, never use the zygote for the broker. Also, only use the zygote if |
| 332 // the plugin is sandboxed, and we are not using a plugin launcher - having a | 365 // the plugin is sandboxed, and we are not using a plugin launcher - having a |
| 333 // plugin launcher means we need to use another process instead of just | 366 // plugin launcher means we need to use another process instead of just |
| 334 // forking the zygote. | 367 // forking the zygote. |
| 335 #if defined(OS_POSIX) | 368 #if defined(OS_POSIX) |
| 336 bool use_zygote = !is_broker_ && plugin_launcher.empty() && info.is_sandboxed; | |
| 337 if (!info.is_sandboxed) | 369 if (!info.is_sandboxed) |
| 338 cmd_line->AppendSwitchASCII(switches::kNoSandbox, std::string()); | 370 cmd_line->AppendSwitchASCII(switches::kNoSandbox, std::string()); |
| 339 #endif // OS_POSIX | 371 #endif // OS_POSIX |
| 340 process_->Launch( | 372 process_->Launch( |
| 341 #if defined(OS_WIN) | 373 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_, |
| 342 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_), | 374 info, |
| 343 false, | 375 process_->GetHost()), |
| 344 #elif defined(OS_POSIX) | |
| 345 use_zygote, | |
| 346 base::EnvironmentMap(), | |
| 347 #endif | |
| 348 cmd_line); | 376 cmd_line); |
| 349 return true; | 377 return true; |
| 350 } | 378 } |
| 351 | 379 |
| 352 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { | 380 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { |
| 353 base::ProcessHandle process_handle; | 381 base::ProcessHandle process_handle; |
| 354 int renderer_child_id; | 382 int renderer_child_id; |
| 355 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); | 383 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); |
| 356 | 384 |
| 357 base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ? | 385 base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ? |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 441 // sent_requests_ queue should be the one that the plugin just created. | 469 // sent_requests_ queue should be the one that the plugin just created. |
| 442 Client* client = sent_requests_.front(); | 470 Client* client = sent_requests_.front(); |
| 443 sent_requests_.pop(); | 471 sent_requests_.pop(); |
| 444 | 472 |
| 445 const ChildProcessData& data = process_->GetData(); | 473 const ChildProcessData& data = process_->GetData(); |
| 446 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 474 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
| 447 data.id); | 475 data.id); |
| 448 } | 476 } |
| 449 | 477 |
| 450 } // namespace content | 478 } // namespace content |
| OLD | NEW |
