Refactor configuration of sandboxes - first steps

content/browser/ppapi_plugin_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ppapi_plugin_process_host.h"
 
 #include <string>
 
 #include "base/base_switches.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/metrics/field_trial.h"
 #include "base/strings/utf_string_conversions.h"
 #include "content/browser/browser_child_process_host_impl.h"
 #include "content/browser/plugin_service_impl.h"
 #include "content/browser/renderer_host/render_message_filter.h"
 #include "content/common/child_process_host_impl.h"
 #include "content/common/child_process_messages.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/content_constants.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/pepper_plugin_info.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "ipc/ipc_switches.h"
 #include "net/base/network_change_notifier.h"
 #include "ppapi/proxy/ppapi_messages.h"
 #include "ui/base/ui_base_switches.h"
 
 #if defined(OS_WIN)
 #include "content/common/sandbox_win.h"
-#include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "sandbox/win/src/sandbox_policy.h"
 #endif
 
 namespace content {
 
-#if defined(OS_WIN)
 // NOTE: changes to this class need to be reviewed by the security team.
 class PpapiPluginSandboxedProcessLauncherDelegate
     : public content::SandboxedProcessLauncherDelegate {
  public:
-  explicit PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker)
-      : is_broker_(is_broker) {}
+  PpapiPluginSandboxedProcessLauncherDelegate(bool is_broker,
+                                              const PepperPluginInfo& info,
+                                              ChildProcessHost* host)
+      :
+#if defined(OS_POSIX)
+        info_(info),
+        ipc_fd_(host->TakeClientFileDescriptor()),
+#endif  // OS_POSIX
+        is_broker_(is_broker) {}
+
   virtual ~PpapiPluginSandboxedProcessLauncherDelegate() {}
 
-  virtual void ShouldSandbox(bool* in_sandbox) OVERRIDE {
-    if (is_broker_)
-      *in_sandbox = false;
+#if defined(OS_WIN)
+  virtual bool ShouldSandbox() OVERRIDE {
+    return !is_broker_;
   }
 
   virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
                               bool* success) {
     if (is_broker_)
       return;
     // The Pepper process as locked-down as a renderer execpt that it can
     // create the server side of chrome pipes.
     sandbox::ResultCode result;
     result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
                              sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
                              L"\\\\.\\pipe\\chrome.*");
     *success = (result == sandbox::SBOX_ALL_OK);
   }
 
+#elif defined(OS_POSIX)
+  virtual bool ShouldUseZygote() OVERRIDE {
+    const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
+    CommandLine::StringType plugin_launcher = browser_command_line
+        .GetSwitchValueNative(switches::kPpapiPluginLauncher);
+    return !is_broker_ && plugin_launcher.empty() && info_.is_sandboxed;
+  }
+  virtual int GetIpcFd() OVERRIDE {
+    return ipc_fd_;
+  }
+#endif  // OS_WIN
+
  private:
+#if defined(OS_POSIX)
+  const PepperPluginInfo& info_;
+  int ipc_fd_;
+#endif  // OS_POSIX
   bool is_broker_;
 
   DISALLOW_COPY_AND_ASSIGN(PpapiPluginSandboxedProcessLauncherDelegate);
 };
-#endif  // OS_WIN
 
 class PpapiPluginProcessHost::PluginNetworkObserver
     : public net::NetworkChangeNotifier::IPAddressObserver,
       public net::NetworkChangeNotifier::ConnectionTypeObserver {
  public:
   explicit PluginNetworkObserver(PpapiPluginProcessHost* process_host)
       : process_host_(process_host) {
     net::NetworkChangeNotifier::AddIPAddressObserver(this);
     net::NetworkChangeNotifier::AddConnectionTypeObserver(this);
   }
@@ skipping 246 matching lines @@
   }
 
   if (!plugin_launcher.empty())
     cmd_line->PrependWrapper(plugin_launcher);
 
   // On posix, never use the zygote for the broker. Also, only use the zygote if
   // the plugin is sandboxed, and we are not using a plugin launcher - having a
   // plugin launcher means we need to use another process instead of just
   // forking the zygote.
 #if defined(OS_POSIX)
-  bool use_zygote = !is_broker_ && plugin_launcher.empty() && info.is_sandboxed;
   if (!info.is_sandboxed)
     cmd_line->AppendSwitchASCII(switches::kNoSandbox, std::string());
 #endif  // OS_POSIX
   process_->Launch(
-#if defined(OS_WIN)
-      new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_),
-      false,
-#elif defined(OS_POSIX)
-      use_zygote,
-      base::EnvironmentMap(),
-#endif
+      new PpapiPluginSandboxedProcessLauncherDelegate(is_broker_,
+                                                      info,
+                                                      process_->GetHost()),
       cmd_line);
   return true;
 }
 
 void PpapiPluginProcessHost::RequestPluginChannel(Client* client) {
   base::ProcessHandle process_handle;
   int renderer_child_id;
   client->GetPpapiChannelInfo(&process_handle, &renderer_child_id);
 
   base::ProcessId process_id = (process_handle == base::kNullProcessHandle) ?
@@ skipping 83 matching lines @@
   // sent_requests_ queue should be the one that the plugin just created.
   Client* client = sent_requests_.front();
   sent_requests_.pop();
 
   const ChildProcessData& data = process_->GetData();
   client->OnPpapiChannelOpened(channel_handle, base::GetProcId(data.handle),
                                data.id);
 }
 
 }  // namespace content