Refactor configuration of sandboxes - first steps

content/browser/gpu/gpu_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/gpu/gpu_process_host.h"
 
 #include "base/base64.h"
 #include "base/base_switches.h"
 #include "base/basictypes.h"
 #include "base/bind.h"
@@ skipping 15 matching lines @@
 #include "content/common/gpu/gpu_messages.h"
 #include "content/common/view_messages.h"
 #include "content/port/browser/render_widget_host_view_frame_subscriber.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_widget_host_view.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/result_codes.h"
+#include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "gpu/command_buffer/service/gpu_switches.h"
 #include "ipc/ipc_channel_handle.h"
 #include "ipc/ipc_switches.h"
 #include "ui/events/latency_info.h"
 #include "ui/gl/gl_switches.h"
 
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #include "content/common/sandbox_win.h"
-#include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "sandbox/win/src/sandbox_policy.h"
 #include "ui/gfx/switches.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chromeos/chromeos_switches.h"
 #endif
 
 #if defined(USE_OZONE)
 #include "ui/ozone/ozone_switches.h"
@@ skipping 109 matching lines @@
     int surface_id,
     bool alive,
     base::TimeTicks timebase,
     base::TimeDelta interval,
     const std::vector<ui::LatencyInfo>& latency_info) {
   AcceleratedSurfaceBuffersSwappedCompletedForGPU(
       host_id, route_id, alive, timebase, interval);
   AcceleratedSurfaceBuffersSwappedCompletedForRenderer(
       surface_id, timebase, interval, latency_info);
 }
+#endif  // OS_WIN
 
 // NOTE: changes to this class need to be reviewed by the security team.
 class GpuSandboxedProcessLauncherDelegate
     : public SandboxedProcessLauncherDelegate {
  public:
-  explicit GpuSandboxedProcessLauncherDelegate(CommandLine* cmd_line)
+  GpuSandboxedProcessLauncherDelegate(CommandLine* cmd_line,
+                                      ChildProcessHost* host)
+#if defined(OS_WIN)
       : cmd_line_(cmd_line) {}
+#elif defined(OS_POSIX)
+      : ipc_fd_(host->TakeClientFileDescriptor()) {}
+#endif
+
   virtual ~GpuSandboxedProcessLauncherDelegate() {}
 
-  virtual void ShouldSandbox(bool* in_sandbox) OVERRIDE {
-    if (cmd_line_->HasSwitch(switches::kDisableGpuSandbox)) {
-      *in_sandbox = false;
+#if defined(OS_WIN)
+  virtual bool ShouldSandbox() OVERRIDE {
+    bool sandbox = !cmd_line_->HasSwitch(switches::kDisableGpuSandbox);
+    if(! sandbox) {
       DVLOG(1) << "GPU sandbox is disabled";
     }
+    return sandbox;
   }
 
   virtual void PreSandbox(bool* disable_default_policy,
                           base::FilePath* exposed_dir) OVERRIDE {
     *disable_default_policy = true;
   }
 
   // For the GPU process we gotten as far as USER_LIMITED. The next level
   // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL
   // backend. Note that the GPU process is connected to the interactive
@@ skipping 66 matching lines @@
         result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                                  sandbox::TargetPolicy::FILES_ALLOW_ANY,
                                  log_file_path.c_str());
         if (result != sandbox::SBOX_ALL_OK) {
           *success = false;
           return;
         }
       }
     }
   }
+#elif defined(OS_POSIX)
+
+  virtual int GetIpcFd() OVERRIDE {
+    return ipc_fd_;
+  }
+#endif  // OS_WIN
 
  private:
+#if defined(OS_WIN)
   CommandLine* cmd_line_;
+#elif defined(OS_POSIX)
+  int ipc_fd_;
+#endif  // OS_WIN
 };
-#endif  // defined(OS_WIN)
 
 }  // anonymous namespace
 
 // static
 bool GpuProcessHost::ValidateHost(GpuProcessHost* host) {
   if (!host)
     return false;
 
   // The Gpu process is invalid if it's not using SwiftShader, the card is
   // blacklisted, and we can kill it and start over.
@@ skipping 843 matching lines @@
   }
 
   UMA_HISTOGRAM_BOOLEAN("GPU.GPU.GPUProcessSoftwareRendering",
                         swiftshader_rendering_);
 
   // If specified, prepend a launcher program to the command line.
   if (!gpu_launcher.empty())
     cmd_line->PrependWrapper(gpu_launcher);
 
   process_->Launch(
-#if defined(OS_WIN)
-      new GpuSandboxedProcessLauncherDelegate(cmd_line),
-      false,
-#elif defined(OS_POSIX)
-      false,
-      base::EnvironmentMap(),
-#endif
+      new GpuSandboxedProcessLauncherDelegate(cmd_line,
+                                              process_->GetHost()),
       cmd_line);
   process_launched_ = true;
 
   UMA_HISTOGRAM_ENUMERATION("GPU.GPUProcessLifetimeEvents",
                             LAUNCHED, GPU_PROCESS_LIFETIME_EVENT_MAX);
   return true;
 }
 
 void GpuProcessHost::SendOutstandingReplies() {
   valid_ = false;
@@ skipping 66 matching lines @@
   TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader");
   ClientIdToShaderCacheMap::iterator iter =
       client_id_to_shader_cache_.find(client_id);
   // If the cache doesn't exist then this is an off the record profile.
   if (iter == client_id_to_shader_cache_.end())
     return;
   iter->second->Cache(GetShaderPrefixKey() + ":" + key, shader);
 }
 
 }  // namespace content