Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/utility_process_host_impl.h" | 5 #include "content/browser/utility_process_host_impl.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/lazy_instance.h" | 10 #include "base/lazy_instance.h" |
| 11 #include "base/message_loop/message_loop.h" | 11 #include "base/message_loop/message_loop.h" |
| 12 #include "base/run_loop.h" | 12 #include "base/run_loop.h" |
| 13 #include "base/sequenced_task_runner.h" | 13 #include "base/sequenced_task_runner.h" |
| 14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
| 15 #include "base/synchronization/lock.h" | 15 #include "base/synchronization/lock.h" |
| 16 #include "base/synchronization/waitable_event.h" | 16 #include "base/synchronization/waitable_event.h" |
| 17 #include "content/browser/browser_child_process_host_impl.h" | 17 #include "content/browser/browser_child_process_host_impl.h" |
| 18 #include "content/browser/renderer_host/render_process_host_impl.h" | 18 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 19 #include "content/common/child_process_host_impl.h" | 19 #include "content/common/child_process_host_impl.h" |
| 20 #include "content/common/utility_messages.h" | 20 #include "content/common/utility_messages.h" |
| 21 #include "content/public/browser/browser_thread.h" | 21 #include "content/public/browser/browser_thread.h" |
| 22 #include "content/public/browser/content_browser_client.h" | 22 #include "content/public/browser/content_browser_client.h" |
| 23 #include "content/public/browser/utility_process_host_client.h" | 23 #include "content/public/browser/utility_process_host_client.h" |
| 24 #include "content/public/common/content_switches.h" | 24 #include "content/public/common/content_switches.h" |
| 25 #include "content/public/common/process_type.h" | 25 #include "content/public/common/process_type.h" |
| 26 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 26 #include "ipc/ipc_switches.h" | 27 #include "ipc/ipc_switches.h" |
| 27 #include "ui/base/ui_base_switches.h" | 28 #include "ui/base/ui_base_switches.h" |
| 28 | 29 |
| 29 #if defined(OS_WIN) | |
| 30 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 31 #endif | |
| 32 | |
| 33 namespace content { | 30 namespace content { |
| 34 | 31 |
| 35 #if defined(OS_WIN) | 32 #if defined(OS_WIN) |
| 36 // NOTE: changes to this class need to be reviewed by the security team. | 33 // NOTE: changes to this class need to be reviewed by the security team. |
| 37 class UtilitySandboxedProcessLauncherDelegate | 34 class UtilitySandboxedProcessLauncherDelegate |
| 38 : public SandboxedProcessLauncherDelegate { | 35 : public SandboxedProcessLauncherDelegate { |
| 39 public: | 36 public: |
| 40 explicit UtilitySandboxedProcessLauncherDelegate( | 37 UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir, |
| 41 const base::FilePath& exposed_dir) : exposed_dir_(exposed_dir) {} | 38 bool launch_elevated, |
| 39 bool /*no_sandbox*/, | |
| 40 base::EnvironmentMap& /*env*/, | |
| 41 ChildProcessHost* /*host*/) | |
| 42 : launch_elevated_(launch_elevated), | |
| 43 exposed_dir_(exposed_dir) {} | |
| 44 | |
| 42 virtual ~UtilitySandboxedProcessLauncherDelegate() {} | 45 virtual ~UtilitySandboxedProcessLauncherDelegate() {} |
| 43 | 46 |
| 47 virtual bool LaunchElevated() OVERRIDE { | |
| 48 return launch_elevated_; | |
| 49 } | |
| 44 virtual void PreSandbox(bool* disable_default_policy, | 50 virtual void PreSandbox(bool* disable_default_policy, |
| 45 base::FilePath* exposed_dir) OVERRIDE { | 51 base::FilePath* exposed_dir) OVERRIDE { |
| 46 *exposed_dir = exposed_dir_; | 52 *exposed_dir = exposed_dir_; |
| 47 } | 53 } |
| 48 | 54 |
| 49 private: | 55 private: |
| 56 bool launch_elevated_; | |
| 50 base::FilePath exposed_dir_; | 57 base::FilePath exposed_dir_; |
| 51 }; | 58 }; |
| 52 #endif | 59 #elif defined(OS_POSIX) |
| 53 | 60 |
| 61 // NOTE: changes to this class need to be reviewed by the security team. | |
| 62 class UtilitySandboxedProcessLauncherDelegate : | |
|
jam
2014/02/26 19:47:52
ditto
aberent
2014/02/28 08:51:07
Done.
| |
| 63 public SandboxedProcessLauncherDelegate { | |
| 64 public: | |
| 65 UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir, | |
| 66 bool /*launch_elevated*/, | |
| 67 bool no_sandbox, | |
| 68 base::EnvironmentMap& env, | |
| 69 ChildProcessHost* host) | |
| 70 : exposed_dir_(exposed_dir), | |
| 71 no_sandbox_(no_sandbox), | |
| 72 env_(env), | |
| 73 ipc_fd_(host->TakeClientFileDescriptor()) {} | |
| 74 | |
| 75 virtual ~UtilitySandboxedProcessLauncherDelegate() {} | |
| 76 | |
| 77 virtual bool UseZygote() OVERRIDE { | |
| 78 return !no_sandbox_ && exposed_dir_.empty(); | |
| 79 } | |
| 80 virtual base::EnvironmentMap GetEnvironment() OVERRIDE { | |
| 81 return env_; | |
| 82 } | |
| 83 virtual int IpcFd() OVERRIDE { | |
| 84 return ipc_fd_; | |
| 85 } | |
| 86 | |
| 87 private: | |
| 88 base::FilePath exposed_dir_; | |
| 89 bool no_sandbox_; | |
| 90 base::EnvironmentMap env_; | |
| 91 int ipc_fd_; | |
| 92 }; | |
| 93 #endif // OS_WIN | |
| 54 | 94 |
| 55 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL; | 95 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL; |
| 56 | 96 |
| 57 UtilityProcessHost* UtilityProcessHost::Create( | 97 UtilityProcessHost* UtilityProcessHost::Create( |
| 58 UtilityProcessHostClient* client, | 98 UtilityProcessHostClient* client, |
| 59 base::SequencedTaskRunner* client_task_runner) { | 99 base::SequencedTaskRunner* client_task_runner) { |
| 60 return new UtilityProcessHostImpl(client, client_task_runner); | 100 return new UtilityProcessHostImpl(client, client_task_runner); |
| 61 } | 101 } |
| 62 | 102 |
| 63 void UtilityProcessHost::RegisterUtilityMainThreadFactory( | 103 void UtilityProcessHost::RegisterUtilityMainThreadFactory( |
| 64 UtilityMainThreadFactoryFunction create) { | 104 UtilityMainThreadFactoryFunction create) { |
| 65 g_utility_main_thread_factory = create; | 105 g_utility_main_thread_factory = create; |
| 66 } | 106 } |
| 67 | 107 |
| 68 UtilityProcessHostImpl::UtilityProcessHostImpl( | 108 UtilityProcessHostImpl::UtilityProcessHostImpl( |
| 69 UtilityProcessHostClient* client, | 109 UtilityProcessHostClient* client, |
| 70 base::SequencedTaskRunner* client_task_runner) | 110 base::SequencedTaskRunner* client_task_runner) |
| 71 : client_(client), | 111 : client_(client), |
| 72 client_task_runner_(client_task_runner), | 112 client_task_runner_(client_task_runner), |
| 73 is_batch_mode_(false), | 113 is_batch_mode_(false), |
| 74 is_mdns_enabled_(false), | 114 is_mdns_enabled_(false), |
| 75 no_sandbox_(false), | 115 no_sandbox_(false), |
| 76 #if defined(OS_WIN) | |
| 77 run_elevated_(false), | 116 run_elevated_(false), |
| 78 #endif | |
| 79 #if defined(OS_LINUX) | 117 #if defined(OS_LINUX) |
| 80 child_flags_(ChildProcessHost::CHILD_ALLOW_SELF), | 118 child_flags_(ChildProcessHost::CHILD_ALLOW_SELF), |
| 81 #else | 119 #else |
| 82 child_flags_(ChildProcessHost::CHILD_NORMAL), | 120 child_flags_(ChildProcessHost::CHILD_NORMAL), |
| 83 #endif | 121 #endif |
| 84 started_(false) { | 122 started_(false) { |
| 85 } | 123 } |
| 86 | 124 |
| 87 UtilityProcessHostImpl::~UtilityProcessHostImpl() { | 125 UtilityProcessHostImpl::~UtilityProcessHostImpl() { |
| 88 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 126 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 219 | 257 |
| 220 if (is_mdns_enabled_) | 258 if (is_mdns_enabled_) |
| 221 cmd_line->AppendSwitch(switches::kUtilityProcessEnableMDns); | 259 cmd_line->AppendSwitch(switches::kUtilityProcessEnableMDns); |
| 222 | 260 |
| 223 #if defined(OS_WIN) | 261 #if defined(OS_WIN) |
| 224 // Let the utility process know if it is intended to be elevated. | 262 // Let the utility process know if it is intended to be elevated. |
| 225 if (run_elevated_) | 263 if (run_elevated_) |
| 226 cmd_line->AppendSwitch(switches::kUtilityProcessRunningElevated); | 264 cmd_line->AppendSwitch(switches::kUtilityProcessRunningElevated); |
| 227 #endif | 265 #endif |
| 228 | 266 |
| 229 bool use_zygote = false; | |
| 230 | |
| 231 #if defined(OS_LINUX) | |
| 232 // The Linux sandbox does not support granting access to a single directory, | |
| 233 // so we need to bypass the zygote in that case. | |
| 234 use_zygote = !no_sandbox_ && exposed_dir_.empty(); | |
| 235 #endif | |
| 236 | |
| 237 process_->Launch( | 267 process_->Launch( |
| 238 #if defined(OS_WIN) | 268 new UtilitySandboxedProcessLauncherDelegate(exposed_dir_, |
| 239 new UtilitySandboxedProcessLauncherDelegate(exposed_dir_), | 269 run_elevated_, |
| 240 run_elevated_, | 270 no_sandbox_, env_, |
| 241 #elif defined(OS_POSIX) | 271 process_->GetHost()), |
| 242 use_zygote, | |
| 243 env_, | |
| 244 #endif | |
| 245 cmd_line); | 272 cmd_line); |
| 246 } | 273 } |
| 247 | 274 |
| 248 return true; | 275 return true; |
| 249 } | 276 } |
| 250 | 277 |
| 251 bool UtilityProcessHostImpl::OnMessageReceived(const IPC::Message& message) { | 278 bool UtilityProcessHostImpl::OnMessageReceived(const IPC::Message& message) { |
| 252 client_task_runner_->PostTask( | 279 client_task_runner_->PostTask( |
| 253 FROM_HERE, | 280 FROM_HERE, |
| 254 base::Bind(base::IgnoreResult( | 281 base::Bind(base::IgnoreResult( |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 265 } | 292 } |
| 266 | 293 |
| 267 void UtilityProcessHostImpl::OnProcessCrashed(int exit_code) { | 294 void UtilityProcessHostImpl::OnProcessCrashed(int exit_code) { |
| 268 client_task_runner_->PostTask( | 295 client_task_runner_->PostTask( |
| 269 FROM_HERE, | 296 FROM_HERE, |
| 270 base::Bind(&UtilityProcessHostClient::OnProcessCrashed, client_.get(), | 297 base::Bind(&UtilityProcessHostClient::OnProcessCrashed, client_.get(), |
| 271 exit_code)); | 298 exit_code)); |
| 272 } | 299 } |
| 273 | 300 |
| 274 } // namespace content | 301 } // namespace content |
| OLD | NEW |
