Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/browser/nacl_process_host.h" | 5 #include "components/nacl/browser/nacl_process_host.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "components/nacl/common/nacl_messages.h" | 33 #include "components/nacl/common/nacl_messages.h" |
| 34 #include "components/nacl/common/nacl_process_type.h" | 34 #include "components/nacl/common/nacl_process_type.h" |
| 35 #include "components/nacl/common/nacl_switches.h" | 35 #include "components/nacl/common/nacl_switches.h" |
| 36 #include "content/public/browser/browser_child_process_host.h" | 36 #include "content/public/browser/browser_child_process_host.h" |
| 37 #include "content/public/browser/browser_ppapi_host.h" | 37 #include "content/public/browser/browser_ppapi_host.h" |
| 38 #include "content/public/browser/child_process_data.h" | 38 #include "content/public/browser/child_process_data.h" |
| 39 #include "content/public/browser/plugin_service.h" | 39 #include "content/public/browser/plugin_service.h" |
| 40 #include "content/public/common/child_process_host.h" | 40 #include "content/public/common/child_process_host.h" |
| 41 #include "content/public/common/content_switches.h" | 41 #include "content/public/common/content_switches.h" |
| 42 #include "content/public/common/process_type.h" | 42 #include "content/public/common/process_type.h" |
| 43 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 43 #include "ipc/ipc_channel.h" | 44 #include "ipc/ipc_channel.h" |
| 44 #include "ipc/ipc_switches.h" | 45 #include "ipc/ipc_switches.h" |
| 45 #include "native_client/src/shared/imc/nacl_imc_c.h" | 46 #include "native_client/src/shared/imc/nacl_imc_c.h" |
| 46 #include "net/base/net_util.h" | 47 #include "net/base/net_util.h" |
| 47 #include "net/socket/tcp_listen_socket.h" | 48 #include "net/socket/tcp_listen_socket.h" |
| 48 #include "ppapi/host/host_factory.h" | 49 #include "ppapi/host/host_factory.h" |
| 49 #include "ppapi/host/ppapi_host.h" | 50 #include "ppapi/host/ppapi_host.h" |
| 50 #include "ppapi/proxy/ppapi_messages.h" | 51 #include "ppapi/proxy/ppapi_messages.h" |
| 51 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" | 52 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" |
| 52 #include "ppapi/shared_impl/ppapi_switches.h" | 53 #include "ppapi/shared_impl/ppapi_switches.h" |
| 53 | 54 |
| 54 #if defined(OS_POSIX) | 55 #if defined(OS_POSIX) |
| 55 #include <fcntl.h> | 56 #include <fcntl.h> |
| 56 | 57 |
| 57 #include "ipc/ipc_channel_posix.h" | 58 #include "ipc/ipc_channel_posix.h" |
| 58 #elif defined(OS_WIN) | 59 #elif defined(OS_WIN) |
| 59 #include <windows.h> | 60 #include <windows.h> |
| 60 | 61 |
| 61 #include "base/threading/thread.h" | 62 #include "base/threading/thread.h" |
| 62 #include "base/win/scoped_handle.h" | 63 #include "base/win/scoped_handle.h" |
| 63 #include "components/nacl/browser/nacl_broker_service_win.h" | 64 #include "components/nacl/browser/nacl_broker_service_win.h" |
| 64 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 65 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| 65 #include "content/public/common/sandbox_init.h" | 66 #include "content/public/common/sandbox_init.h" |
| 66 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 67 #endif | 67 #endif |
| 68 | 68 |
| 69 using content::BrowserThread; | 69 using content::BrowserThread; |
| 70 using content::ChildProcessData; | 70 using content::ChildProcessData; |
| 71 using content::ChildProcessHost; | 71 using content::ChildProcessHost; |
| 72 using ppapi::proxy::SerializedHandle; | 72 using ppapi::proxy::SerializedHandle; |
| 73 | 73 |
| 74 #if defined(OS_WIN) | 74 #if defined(OS_WIN) |
| 75 | 75 |
| 76 namespace { | 76 namespace { |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 121 | 121 |
| 122 #endif // defined(OS_WIN) | 122 #endif // defined(OS_WIN) |
| 123 | 123 |
| 124 namespace { | 124 namespace { |
| 125 | 125 |
| 126 #if defined(OS_WIN) | 126 #if defined(OS_WIN) |
| 127 bool RunningOnWOW64() { | 127 bool RunningOnWOW64() { |
| 128 return (base::win::OSInfo::GetInstance()->wow64_status() == | 128 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 129 base::win::OSInfo::WOW64_ENABLED); | 129 base::win::OSInfo::WOW64_ENABLED); |
| 130 } | 130 } |
| 131 #endif | |
| 131 | 132 |
| 132 // NOTE: changes to this class need to be reviewed by the security team. | 133 // NOTE: changes to this class need to be reviewed by the security team. |
| 133 class NaClSandboxedProcessLauncherDelegate | 134 class NaClSandboxedProcessLauncherDelegate |
| 134 : public content::SandboxedProcessLauncherDelegate { | 135 : public content::SandboxedProcessLauncherDelegate { |
| 135 public: | 136 public: |
| 136 NaClSandboxedProcessLauncherDelegate() {} | 137 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) |
| 138 #if defined(OS_POSIX) | |
| 139 : ipc_fd_(host->TakeClientFileDescriptor()) | |
| 140 #endif | |
| 141 {} | |
| 142 | |
| 137 virtual ~NaClSandboxedProcessLauncherDelegate() {} | 143 virtual ~NaClSandboxedProcessLauncherDelegate() {} |
| 138 | 144 |
| 145 #if defined(OS_WIN) | |
| 139 virtual void PostSpawnTarget(base::ProcessHandle process) { | 146 virtual void PostSpawnTarget(base::ProcessHandle process) { |
| 140 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of | 147 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of |
| 141 // address space to prevent later failure due to address space fragmentation | 148 // address space to prevent later failure due to address space fragmentation |
| 142 // from .dll loading. The NaCl process will attempt to locate this space by | 149 // from .dll loading. The NaCl process will attempt to locate this space by |
| 143 // scanning the address space using VirtualQuery. | 150 // scanning the address space using VirtualQuery. |
| 144 // TODO(bbudge) Handle the --no-sandbox case. | 151 // TODO(bbudge) Handle the --no-sandbox case. |
| 145 // http://code.google.com/p/nativeclient/issues/detail?id=2131 | 152 // http://code.google.com/p/nativeclient/issues/detail?id=2131 |
| 146 const SIZE_T kNaClSandboxSize = 1 << 30; | 153 const SIZE_T kNaClSandboxSize = 1 << 30; |
| 147 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { | 154 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { |
| 148 DLOG(WARNING) << "Failed to reserve address space for Native Client"; | 155 DLOG(WARNING) << "Failed to reserve address space for Native Client"; |
| 149 } | 156 } |
| 150 } | 157 } |
| 158 #elif defined(OS_POSIX) | |
| 159 virtual bool ShouldUseZygote() OVERRIDE { | |
| 160 CommandLine::StringType nacl_loader_prefix = | |
| 161 CommandLine::ForCurrentProcess()->GetSwitchValueNative( | |
| 162 switches::kNaClLoaderCmdPrefix); | |
| 163 return nacl_loader_prefix.empty(); | |
| 164 } | |
| 165 virtual int GetIpcFd() OVERRIDE { | |
| 166 return ipc_fd_; | |
| 167 } | |
| 168 #endif // OS_WIN | |
| 169 | |
| 170 private: | |
| 171 | |
|
jam
2014/02/28 18:07:43
nit: no blank line
aberent
2014/02/28 21:17:28
Done.
| |
| 172 #if defined(OS_POSIX) | |
| 173 int ipc_fd_; | |
| 174 #endif // OS_POSIX | |
| 175 | |
| 151 }; | 176 }; |
| 152 | 177 |
| 153 #endif // OS_WIN | |
| 154 | |
| 155 void SetCloseOnExec(NaClHandle fd) { | 178 void SetCloseOnExec(NaClHandle fd) { |
| 156 #if defined(OS_POSIX) | 179 #if defined(OS_POSIX) |
| 157 int flags = fcntl(fd, F_GETFD); | 180 int flags = fcntl(fd, F_GETFD); |
| 158 CHECK_NE(flags, -1); | 181 CHECK_NE(flags, -1); |
| 159 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); | 182 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); |
| 160 CHECK_EQ(rc, 0); | 183 CHECK_EQ(rc, 0); |
| 161 #endif | 184 #endif |
| 162 } | 185 } |
| 163 | 186 |
| 164 bool ShareHandleToSelLdr( | 187 bool ShareHandleToSelLdr( |
| (...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 528 cmd_line->PrependWrapper(nacl_loader_prefix); | 551 cmd_line->PrependWrapper(nacl_loader_prefix); |
| 529 | 552 |
| 530 // On Windows we might need to start the broker process to launch a new loader | 553 // On Windows we might need to start the broker process to launch a new loader |
| 531 #if defined(OS_WIN) | 554 #if defined(OS_WIN) |
| 532 if (RunningOnWOW64()) { | 555 if (RunningOnWOW64()) { |
| 533 if (!NaClBrokerService::GetInstance()->LaunchLoader( | 556 if (!NaClBrokerService::GetInstance()->LaunchLoader( |
| 534 weak_factory_.GetWeakPtr(), channel_id)) { | 557 weak_factory_.GetWeakPtr(), channel_id)) { |
| 535 SendErrorToRenderer("broker service did not launch process"); | 558 SendErrorToRenderer("broker service did not launch process"); |
| 536 return false; | 559 return false; |
| 537 } | 560 } |
| 538 } else { | 561 return true; |
| 539 process_->Launch(new NaClSandboxedProcessLauncherDelegate, | |
| 540 false, | |
| 541 cmd_line.release()); | |
| 542 } | 562 } |
| 543 #elif defined(OS_POSIX) | |
| 544 process_->Launch(nacl_loader_prefix.empty(), // use_zygote | |
| 545 base::EnvironmentMap(), | |
| 546 cmd_line.release()); | |
| 547 #endif | 563 #endif |
| 548 | 564 process_->Launch( |
| 565 new NaClSandboxedProcessLauncherDelegate(process_->GetHost()), | |
| 566 cmd_line.release()); | |
| 549 return true; | 567 return true; |
| 550 } | 568 } |
| 551 | 569 |
| 552 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { | 570 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { |
| 553 bool handled = true; | 571 bool handled = true; |
| 554 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) | 572 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) |
| 555 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, | 573 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, |
| 556 OnQueryKnownToValidate) | 574 OnQueryKnownToValidate) |
| 557 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, | 575 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, |
| 558 OnSetKnownToValidate) | 576 OnSetKnownToValidate) |
| (...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1005 process_handle.Take(), info, | 1023 process_handle.Take(), info, |
| 1006 base::MessageLoopProxy::current(), | 1024 base::MessageLoopProxy::current(), |
| 1007 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, | 1025 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, |
| 1008 weak_factory_.GetWeakPtr())); | 1026 weak_factory_.GetWeakPtr())); |
| 1009 return true; | 1027 return true; |
| 1010 } | 1028 } |
| 1011 } | 1029 } |
| 1012 #endif | 1030 #endif |
| 1013 | 1031 |
| 1014 } // namespace nacl | 1032 } // namespace nacl |
| OLD | NEW |
