Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/browser/nacl_process_host.h" | 5 #include "components/nacl/browser/nacl_process_host.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "components/nacl/common/nacl_messages.h" | 33 #include "components/nacl/common/nacl_messages.h" |
| 34 #include "components/nacl/common/nacl_process_type.h" | 34 #include "components/nacl/common/nacl_process_type.h" |
| 35 #include "components/nacl/common/nacl_switches.h" | 35 #include "components/nacl/common/nacl_switches.h" |
| 36 #include "content/public/browser/browser_child_process_host.h" | 36 #include "content/public/browser/browser_child_process_host.h" |
| 37 #include "content/public/browser/browser_ppapi_host.h" | 37 #include "content/public/browser/browser_ppapi_host.h" |
| 38 #include "content/public/browser/child_process_data.h" | 38 #include "content/public/browser/child_process_data.h" |
| 39 #include "content/public/browser/plugin_service.h" | 39 #include "content/public/browser/plugin_service.h" |
| 40 #include "content/public/common/child_process_host.h" | 40 #include "content/public/common/child_process_host.h" |
| 41 #include "content/public/common/content_switches.h" | 41 #include "content/public/common/content_switches.h" |
| 42 #include "content/public/common/process_type.h" | 42 #include "content/public/common/process_type.h" |
| 43 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 43 #include "ipc/ipc_channel.h" | 44 #include "ipc/ipc_channel.h" |
| 44 #include "ipc/ipc_switches.h" | 45 #include "ipc/ipc_switches.h" |
| 45 #include "native_client/src/shared/imc/nacl_imc_c.h" | 46 #include "native_client/src/shared/imc/nacl_imc_c.h" |
| 46 #include "net/base/net_util.h" | 47 #include "net/base/net_util.h" |
| 47 #include "net/socket/tcp_listen_socket.h" | 48 #include "net/socket/tcp_listen_socket.h" |
| 48 #include "ppapi/host/host_factory.h" | 49 #include "ppapi/host/host_factory.h" |
| 49 #include "ppapi/host/ppapi_host.h" | 50 #include "ppapi/host/ppapi_host.h" |
| 50 #include "ppapi/proxy/ppapi_messages.h" | 51 #include "ppapi/proxy/ppapi_messages.h" |
| 51 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" | 52 #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" |
| 52 #include "ppapi/shared_impl/ppapi_switches.h" | 53 #include "ppapi/shared_impl/ppapi_switches.h" |
| 53 | 54 |
| 54 #if defined(OS_POSIX) | 55 #if defined(OS_POSIX) |
| 55 #include <fcntl.h> | 56 #include <fcntl.h> |
| 56 | 57 |
| 57 #include "ipc/ipc_channel_posix.h" | 58 #include "ipc/ipc_channel_posix.h" |
| 58 #elif defined(OS_WIN) | 59 #elif defined(OS_WIN) |
| 59 #include <windows.h> | 60 #include <windows.h> |
| 60 | 61 |
| 61 #include "base/threading/thread.h" | 62 #include "base/threading/thread.h" |
| 62 #include "base/win/scoped_handle.h" | 63 #include "base/win/scoped_handle.h" |
| 63 #include "components/nacl/browser/nacl_broker_service_win.h" | 64 #include "components/nacl/browser/nacl_broker_service_win.h" |
| 64 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 65 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| 65 #include "content/public/common/sandbox_init.h" | 66 #include "content/public/common/sandbox_init.h" |
| 66 #include "content/public/common/sandboxed_process_launcher_delegate.h" | |
| 67 #endif | 67 #endif |
| 68 | 68 |
| 69 using content::BrowserThread; | 69 using content::BrowserThread; |
| 70 using content::ChildProcessData; | 70 using content::ChildProcessData; |
| 71 using content::ChildProcessHost; | 71 using content::ChildProcessHost; |
| 72 using ppapi::proxy::SerializedHandle; | 72 using ppapi::proxy::SerializedHandle; |
| 73 | 73 |
| 74 #if defined(OS_WIN) | 74 #if defined(OS_WIN) |
| 75 | 75 |
| 76 namespace { | 76 namespace { |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 137 | 137 |
| 138 #endif // defined(OS_WIN) | 138 #endif // defined(OS_WIN) |
| 139 | 139 |
| 140 namespace { | 140 namespace { |
| 141 | 141 |
| 142 #if defined(OS_WIN) | 142 #if defined(OS_WIN) |
| 143 bool RunningOnWOW64() { | 143 bool RunningOnWOW64() { |
| 144 return (base::win::OSInfo::GetInstance()->wow64_status() == | 144 return (base::win::OSInfo::GetInstance()->wow64_status() == |
| 145 base::win::OSInfo::WOW64_ENABLED); | 145 base::win::OSInfo::WOW64_ENABLED); |
| 146 } | 146 } |
| 147 #endif | |
| 147 | 148 |
| 148 // NOTE: changes to this class need to be reviewed by the security team. | 149 // NOTE: changes to this class need to be reviewed by the security team. |
| 149 class NaClSandboxedProcessLauncherDelegate | 150 class NaClSandboxedProcessLauncherDelegate |
| 150 : public content::SandboxedProcessLauncherDelegate { | 151 : public content::SandboxedProcessLauncherDelegate { |
| 151 public: | 152 public: |
| 152 NaClSandboxedProcessLauncherDelegate() {} | 153 NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) |
| 154 #if defined(OS_POSIX) | |
| 155 : ipc_fd_(host->TakeClientFileDescriptor()) | |
| 156 #endif | |
| 157 {} | |
| 158 | |
| 153 virtual ~NaClSandboxedProcessLauncherDelegate() {} | 159 virtual ~NaClSandboxedProcessLauncherDelegate() {} |
| 154 | 160 |
| 161 #if defined(OS_WIN) | |
| 155 virtual void PostSpawnTarget(base::ProcessHandle process) { | 162 virtual void PostSpawnTarget(base::ProcessHandle process) { |
| 156 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of | 163 // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of |
| 157 // address space to prevent later failure due to address space fragmentation | 164 // address space to prevent later failure due to address space fragmentation |
| 158 // from .dll loading. The NaCl process will attempt to locate this space by | 165 // from .dll loading. The NaCl process will attempt to locate this space by |
| 159 // scanning the address space using VirtualQuery. | 166 // scanning the address space using VirtualQuery. |
| 160 // TODO(bbudge) Handle the --no-sandbox case. | 167 // TODO(bbudge) Handle the --no-sandbox case. |
| 161 // http://code.google.com/p/nativeclient/issues/detail?id=2131 | 168 // http://code.google.com/p/nativeclient/issues/detail?id=2131 |
| 162 const SIZE_T kNaClSandboxSize = 1 << 30; | 169 const SIZE_T kNaClSandboxSize = 1 << 30; |
| 163 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { | 170 if (!nacl::AllocateAddressSpaceASLR(process, kNaClSandboxSize)) { |
| 164 DLOG(WARNING) << "Failed to reserve address space for Native Client"; | 171 DLOG(WARNING) << "Failed to reserve address space for Native Client"; |
| 165 } | 172 } |
| 166 } | 173 } |
| 174 #elif defined(OS_POSIX) | |
| 175 virtual bool ShouldUseZygote() OVERRIDE { | |
| 176 CommandLine::StringType nacl_loader_prefix = | |
| 177 CommandLine::ForCurrentProcess()->GetSwitchValueNative( | |
| 178 switches::kNaClLoaderCmdPrefix); | |
| 179 return nacl_loader_prefix.empty(); | |
| 180 } | |
| 181 virtual int GetIpcFd() OVERRIDE { | |
| 182 return ipc_fd_; | |
| 183 } | |
| 184 #endif // OS_WIN | |
| 185 | |
| 186 private: | |
| 187 #if defined(OS_POSIX) | |
| 188 int ipc_fd_; | |
| 189 #endif // OS_POSIX | |
| 190 | |
|
Mark Seaborn
2014/02/28 22:12:24
Nit: don't put an empty line at the end of the cla
aberent
2014/03/12 21:58:58
Done.
| |
| 167 }; | 191 }; |
| 168 | 192 |
| 169 #endif // OS_WIN | |
| 170 | |
| 171 void SetCloseOnExec(NaClHandle fd) { | 193 void SetCloseOnExec(NaClHandle fd) { |
| 172 #if defined(OS_POSIX) | 194 #if defined(OS_POSIX) |
| 173 int flags = fcntl(fd, F_GETFD); | 195 int flags = fcntl(fd, F_GETFD); |
| 174 CHECK_NE(flags, -1); | 196 CHECK_NE(flags, -1); |
| 175 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); | 197 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC); |
| 176 CHECK_EQ(rc, 0); | 198 CHECK_EQ(rc, 0); |
| 177 #endif | 199 #endif |
| 178 } | 200 } |
| 179 | 201 |
| 180 bool ShareHandleToSelLdr( | 202 bool ShareHandleToSelLdr( |
| (...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 571 cmd_line->PrependWrapper(nacl_loader_prefix); | 593 cmd_line->PrependWrapper(nacl_loader_prefix); |
| 572 | 594 |
| 573 // On Windows we might need to start the broker process to launch a new loader | 595 // On Windows we might need to start the broker process to launch a new loader |
| 574 #if defined(OS_WIN) | 596 #if defined(OS_WIN) |
| 575 if (RunningOnWOW64()) { | 597 if (RunningOnWOW64()) { |
| 576 if (!NaClBrokerService::GetInstance()->LaunchLoader( | 598 if (!NaClBrokerService::GetInstance()->LaunchLoader( |
| 577 weak_factory_.GetWeakPtr(), channel_id)) { | 599 weak_factory_.GetWeakPtr(), channel_id)) { |
| 578 SendErrorToRenderer("broker service did not launch process"); | 600 SendErrorToRenderer("broker service did not launch process"); |
| 579 return false; | 601 return false; |
| 580 } | 602 } |
| 581 } else { | 603 return true; |
| 582 process_->Launch(new NaClSandboxedProcessLauncherDelegate, | |
| 583 false, | |
| 584 cmd_line.release()); | |
| 585 } | 604 } |
| 586 #elif defined(OS_POSIX) | |
| 587 process_->Launch(nacl_loader_prefix.empty(), // use_zygote | |
| 588 base::EnvironmentMap(), | |
| 589 cmd_line.release()); | |
| 590 #endif | 605 #endif |
| 591 | 606 process_->Launch( |
| 607 new NaClSandboxedProcessLauncherDelegate(process_->GetHost()), | |
| 608 cmd_line.release()); | |
| 592 return true; | 609 return true; |
| 593 } | 610 } |
| 594 | 611 |
| 595 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { | 612 bool NaClProcessHost::OnMessageReceived(const IPC::Message& msg) { |
| 596 bool handled = true; | 613 bool handled = true; |
| 597 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) | 614 IPC_BEGIN_MESSAGE_MAP(NaClProcessHost, msg) |
| 598 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, | 615 IPC_MESSAGE_HANDLER(NaClProcessMsg_QueryKnownToValidate, |
| 599 OnQueryKnownToValidate) | 616 OnQueryKnownToValidate) |
| 600 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, | 617 IPC_MESSAGE_HANDLER(NaClProcessMsg_SetKnownToValidate, |
| 601 OnSetKnownToValidate) | 618 OnSetKnownToValidate) |
| (...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1047 process_handle.Take(), info, | 1064 process_handle.Take(), info, |
| 1048 base::MessageLoopProxy::current(), | 1065 base::MessageLoopProxy::current(), |
| 1049 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, | 1066 base::Bind(&NaClProcessHost::OnDebugExceptionHandlerLaunchedByBroker, |
| 1050 weak_factory_.GetWeakPtr())); | 1067 weak_factory_.GetWeakPtr())); |
| 1051 return true; | 1068 return true; |
| 1052 } | 1069 } |
| 1053 } | 1070 } |
| 1054 #endif | 1071 #endif |
| 1055 | 1072 |
| 1056 } // namespace nacl | 1073 } // namespace nacl |
| OLD | NEW |
