Refactor configuration of sandboxes - first steps

content/browser/utility_process_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/utility_process_host_impl.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/lazy_instance.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/sequenced_task_runner.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/synchronization/lock.h"
 #include "base/synchronization/waitable_event.h"
 #include "content/browser/browser_child_process_host_impl.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/common/child_process_host_impl.h"
 #include "content/common/utility_messages.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/utility_process_host_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_switches.h"
 #include "ui/base/ui_base_switches.h"
 
-#if defined(OS_WIN)
-#include "content/public/common/sandboxed_process_launcher_delegate.h"
-#endif
-
 namespace content {
 
-#if defined(OS_WIN)
 // NOTE: changes to this class need to be reviewed by the security team.
 class UtilitySandboxedProcessLauncherDelegate
     : public SandboxedProcessLauncherDelegate {
  public:
-  explicit UtilitySandboxedProcessLauncherDelegate(
-    const base::FilePath& exposed_dir) : exposed_dir_(exposed_dir) {}
+  UtilitySandboxedProcessLauncherDelegate(const base::FilePath& exposed_dir,
+                                          bool launch_elevated,
+                                          bool no_sandbox,
+                                          base::EnvironmentMap& env,
+                                          ChildProcessHost* host)
+#if defined(OS_WIN)
+      : launch_elevated_(launch_elevated),
+        exposed_dir_(exposed_dir) {}
+#elif defined(OS_POSIX)
+      : exposed_dir_(exposed_dir),

[jam, 2014/02/28 18:07:43]

nit: bring out the shared part out of the ifdefs

[aberent, 2014/02/28 21:17:28]

Done.

+        env_(env),
+        no_sandbox_(no_sandbox),
+        ipc_fd_(host->TakeClientFileDescriptor()) {}
+#endif  // OS_WIN
+
   virtual ~UtilitySandboxedProcessLauncherDelegate() {}
 
+#if defined(OS_WIN)
+  virtual bool ShouldLaunchElevated() OVERRIDE {
+    return launch_elevated_;
+  }
   virtual void PreSandbox(bool* disable_default_policy,
                           base::FilePath* exposed_dir) OVERRIDE {
     *exposed_dir = exposed_dir_;
   }
+#elif defined(OS_POSIX)
 
-private:
-  base::FilePath exposed_dir_;
-};
+  virtual bool ShouldUseZygote() OVERRIDE {
+    return !no_sandbox_ && exposed_dir_.empty();
+  }
+  virtual base::EnvironmentMap GetEnvironment() OVERRIDE {
+    return env_;
+  }
+  virtual int GetIpcFd() OVERRIDE {
+    return ipc_fd_;
+  }
+#endif  // OS_WIN
+
+ private:
+
+#if defined(OS_WIN)
+  bool launch_elevated_;
 #endif
 
+  base::FilePath exposed_dir_;
+
+#if defined(OS_POSIX)
+  base::EnvironmentMap env_;
+  bool no_sandbox_;
+  int ipc_fd_;
+#endif  // OS_WIN
+};
 
 UtilityMainThreadFactoryFunction g_utility_main_thread_factory = NULL;
 
 UtilityProcessHost* UtilityProcessHost::Create(
     UtilityProcessHostClient* client,
     base::SequencedTaskRunner* client_task_runner) {
   return new UtilityProcessHostImpl(client, client_task_runner);
 }
 
 void UtilityProcessHost::RegisterUtilityMainThreadFactory(
     UtilityMainThreadFactoryFunction create) {
   g_utility_main_thread_factory = create;
 }
 
 UtilityProcessHostImpl::UtilityProcessHostImpl(
     UtilityProcessHostClient* client,
     base::SequencedTaskRunner* client_task_runner)
     : client_(client),
       client_task_runner_(client_task_runner),
       is_batch_mode_(false),
       is_mdns_enabled_(false),
       no_sandbox_(false),
-#if defined(OS_WIN)
       run_elevated_(false),
-#endif
 #if defined(OS_LINUX)
       child_flags_(ChildProcessHost::CHILD_ALLOW_SELF),
 #else
       child_flags_(ChildProcessHost::CHILD_NORMAL),
 #endif
       started_(false) {
 }
 
 UtilityProcessHostImpl::~UtilityProcessHostImpl() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
@@ skipping 130 matching lines @@
 
     if (is_mdns_enabled_)
       cmd_line->AppendSwitch(switches::kUtilityProcessEnableMDns);
 
 #if defined(OS_WIN)
     // Let the utility process know if it is intended to be elevated.
     if (run_elevated_)
       cmd_line->AppendSwitch(switches::kUtilityProcessRunningElevated);
 #endif
 
-    bool use_zygote = false;
-
-#if defined(OS_LINUX)
-    // The Linux sandbox does not support granting access to a single directory,
-    // so we need to bypass the zygote in that case.
-    use_zygote = !no_sandbox_ && exposed_dir_.empty();
-#endif
-
     process_->Launch(
-#if defined(OS_WIN)
-        new UtilitySandboxedProcessLauncherDelegate(exposed_dir_),
-        run_elevated_,
-#elif defined(OS_POSIX)
-        use_zygote,
-        env_,
-#endif
+        new UtilitySandboxedProcessLauncherDelegate(exposed_dir_,
+                                                    run_elevated_,
+                                                    no_sandbox_, env_,
+                                                    process_->GetHost()),
         cmd_line);
   }
 
   return true;
 }
 
 bool UtilityProcessHostImpl::OnMessageReceived(const IPC::Message& message) {
   client_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(base::IgnoreResult(
@@ skipping 10 matching lines @@
 }
 
 void UtilityProcessHostImpl::OnProcessCrashed(int exit_code) {
   client_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&UtilityProcessHostClient::OnProcessCrashed, client_.get(),
             exit_code));
 }
 
 }  // namespace content