Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ppapi_plugin_process_host.h" | 5 #include "content/browser/ppapi_plugin_process_host.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
| 13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 14 #include "content/browser/browser_child_process_host_impl.h" | 14 #include "content/browser/browser_child_process_host_impl.h" |
| 15 #include "content/browser/plugin_service_impl.h" | 15 #include "content/browser/plugin_service_impl.h" |
| 16 #include "content/browser/renderer_host/render_message_filter.h" | 16 #include "content/browser/renderer_host/render_message_filter.h" |
| 17 #include "content/common/child_process_host_impl.h" | 17 #include "content/common/child_process_host_impl.h" |
| 18 #include "content/common/child_process_messages.h" | 18 #include "content/common/child_process_messages.h" |
| 19 #include "content/public/browser/content_browser_client.h" | 19 #include "content/public/browser/content_browser_client.h" |
| 20 #include "content/public/common/content_constants.h" | 20 #include "content/public/common/content_constants.h" |
| 21 #include "content/public/common/content_switches.h" | 21 #include "content/public/common/content_switches.h" |
| 22 #include "content/public/common/pepper_plugin_info.h" | 22 #include "content/public/common/pepper_plugin_info.h" |
| 23 #include "content/public/common/process_type.h" | 23 #include "content/public/common/process_type.h" |
| 24 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 24 #include "ipc/ipc_switches.h" | 25 #include "ipc/ipc_switches.h" |
| 25 #include "net/base/network_change_notifier.h" | 26 #include "net/base/network_change_notifier.h" |
| 26 #include "ppapi/proxy/ppapi_messages.h" | 27 #include "ppapi/proxy/ppapi_messages.h" |
| 27 #include "ui/base/ui_base_switches.h" | 28 #include "ui/base/ui_base_switches.h" |
| 28 | 29 |
| 29 #if defined(OS_WIN) | 30 #if defined(OS_WIN) |
| 30 #include "content/common/sandbox_win.h" | 31 #include "content/common/sandbox_win.h" |
| 31 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 32 #include "sandbox/win/src/sandbox_policy.h" | 32 #include "sandbox/win/src/sandbox_policy.h" |
| 33 #endif | 33 #endif |
| 34 | 34 |
| 35 namespace content { | 35 namespace content { |
| 36 | 36 |
| 37 #if defined(OS_WIN) | |
| 38 // NOTE: changes to this class need to be reviewed by the security team. | 37 // NOTE: changes to this class need to be reviewed by the security team. |
| 39 class PpapiPluginSandboxedProcessLauncherDelegate | 38 class PpapiPluginSandboxedProcessLauncherDelegate |
| 40 : public content::SandboxedProcessLauncherDelegate { | 39 : public content::SandboxedProcessLauncherDelegate { |
| 41 public: | 40 public: |
| 42 explicit PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker) | 41 PpapiPluginSandboxedProcessLauncherDelegate( bool is_broker, |
| 43 : is_broker_(is_broker) {} | 42 const PepperPluginInfo& info, |
| 43 ChildProcessHost* host) | |
| 44 #if defined(OS_WIN) | |
| 45 : is_broker_(is_broker) {} | |
|
jam
2014/02/28 18:07:43
nit: since is_broker_ is used for both ifdefs, i'd
aberent
2014/02/28 21:17:28
Done. Had to put in some slightly strange line bre
| |
| 46 #elif defined(OS_POSIX) | |
| 47 : is_broker_(is_broker), | |
| 48 info_(info), | |
| 49 ipc_fd_(host->TakeClientFileDescriptor()) {} | |
| 50 #endif // OS_WIN | |
| 51 | |
| 44 virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} | 52 virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {} |
| 45 | 53 |
| 46 virtual void ShouldSandbox(bool* in_sandbox) OVERRIDE { | 54 #if defined(OS_WIN) |
| 47 if (is_broker_) | 55 virtual bool ShouldSandbox() OVERRIDE { |
| 48 *in_sandbox = false; | 56 return !is_broker_; |
| 49 } | 57 } |
| 50 | 58 |
| 51 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, | 59 virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, |
| 52 bool* success) { | 60 bool* success) { |
| 53 if (is_broker_) | 61 if (is_broker_) |
| 54 return; | 62 return; |
| 55 // The Pepper process as locked-down as a renderer execpt that it can | 63 // The Pepper process as locked-down as a renderer execpt that it can |
| 56 // create the server side of chrome pipes. | 64 // create the server side of chrome pipes. |
| 57 sandbox::ResultCode result; | 65 sandbox::ResultCode result; |
| 58 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | 66 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, |
| 59 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | 67 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, |
| 60 L"\\\\.\\pipe\\chrome.*"); | 68 L"\\\\.\\pipe\\chrome.*"); |
| 61 *success = (result == sandbox::SBOX_ALL_OK); | 69 *success = (result == sandbox::SBOX_ALL_OK); |
| 62 } | 70 } |
| 63 | 71 |
| 72 #elif defined(OS_POSIX) | |
| 73 virtual bool ShouldUseZygote() OVERRIDE { | |
| 74 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); | |
| 75 CommandLine::StringType plugin_launcher = browser_command_line | |
| 76 .GetSwitchValueNative(switches::kPpapiPluginLauncher); | |
| 77 return !is_broker_ && plugin_launcher.empty() && info_.is_sandboxed; | |
| 78 } | |
| 79 virtual int GetIpcFd() OVERRIDE { | |
| 80 return ipc_fd_; | |
| 81 } | |
| 82 #endif // OS_WIN | |
| 83 | |
| 64 private: | 84 private: |
| 65 bool is_broker_; | 85 bool is_broker_; |
| 66 | 86 |
| 87 #if defined(OS_POSIX) | |
| 88 const PepperPluginInfo& info_; | |
| 89 int ipc_fd_; | |
| 90 #endif // OS_POSIX | |
| 91 | |
| 67 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); | 92 DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate); |
| 68 }; | 93 }; |
| 69 #endif // OS_WIN | |
| 70 | 94 |
| 71 class PpapiPluginProcessHost::PluginNetworkObserver | 95 class PpapiPluginProcessHost::PluginNetworkObserver |
| 72 : public net::NetworkChangeNotifier::IPAddressObserver, | 96 : public net::NetworkChangeNotifier::IPAddressObserver, |
| 73 public net::NetworkChangeNotifier::ConnectionTypeObserver { | 97 public net::NetworkChangeNotifier::ConnectionTypeObserver { |
| 74 public: | 98 public: |
| 75 explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host) | 99 explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host) |
| 76 : process_host_(process_host) { | 100 : process_host_(process_host) { |
| 77 net::NetworkChangeNotifier::AddIPAddressObserver(this); | 101 net::NetworkChangeNotifier::AddIPAddressObserver(this); |
| 78 net::NetworkChangeNotifier::AddConnectionTypeObserver(this); | 102 net::NetworkChangeNotifier::AddConnectionTypeObserver(this); |
| 79 } | 103 } |
| (...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 326 } | 350 } |
| 327 | 351 |
| 328 if (!plugin_launcher.empty()) | 352 if (!plugin_launcher.empty()) |
| 329 cmd_line->PrependWrapper(plugin_launcher); | 353 cmd_line->PrependWrapper(plugin_launcher); |
| 330 | 354 |
| 331 // On posix, never use the zygote for the broker. Also, only use the zygote if | 355 // On posix, never use the zygote for the broker. Also, only use the zygote if |
| 332 // the plugin is sandboxed, and we are not using a plugin launcher - having a | 356 // the plugin is sandboxed, and we are not using a plugin launcher - having a |
| 333 // plugin launcher means we need to use another process instead of just | 357 // plugin launcher means we need to use another process instead of just |
| 334 // forking the zygote. | 358 // forking the zygote. |
| 335 #if defined(OS_POSIX) | 359 #if defined(OS_POSIX) |
| 336 bool use_zygote = !is_broker_ && plugin_launcher.empty() && info.is_sandboxed; | |
| 337 if (!info.is_sandboxed) | 360 if (!info.is_sandboxed) |
| 338 cmd_line->AppendSwitchASCII(switches::kNoSandbox, std::string()); | 361 cmd_line->AppendSwitchASCII(switches::kNoSandbox, std::string()); |
| 339 #endif // OS_POSIX | 362 #endif // OS_POSIX |
| 340 process_->Launch( | 363 process_->Launch( |
| 341 #if defined(OS_WIN) | 364 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_, |
| 342 new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_), | 365 info, |
| 343 false, | 366 process_->GetHost()), |
| 344 #elif defined(OS_POSIX) | |
| 345 use_zygote, | |
| 346 base::EnvironmentMap(), | |
| 347 #endif | |
| 348 cmd_line); | 367 cmd_line); |
| 349 return true; | 368 return true; |
| 350 } | 369 } |
| 351 | 370 |
| 352 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { | 371 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) { |
| 353 base::ProcessHandle process_handle; | 372 base::ProcessHandle process_handle; |
| 354 int renderer_child_id; | 373 int renderer_child_id; |
| 355 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); | 374 client->GetPpapiChannelInfo(&process_handle, &renderer_child_id); |
| 356 | 375 |
| 357 base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ? | 376 base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ? |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 441 // sent_requests_ queue should be the one that the plugin just created. | 460 // sent_requests_ queue should be the one that the plugin just created. |
| 442 Client* client = sent_requests_.front(); | 461 Client* client = sent_requests_.front(); |
| 443 sent_requests_.pop(); | 462 sent_requests_.pop(); |
| 444 | 463 |
| 445 const ChildProcessData& data = process_->GetData(); | 464 const ChildProcessData& data = process_->GetData(); |
| 446 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), | 465 client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle), |
| 447 data.id); | 466 data.id); |
| 448 } | 467 } |
| 449 | 468 |
| 450 } // namespace content | 469 } // namespace content |
| OLD | NEW |
