Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/browser/renderer_host/render_process_host_impl.cc |
| diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc |
| index 53e3e278154025e9c5e62fe91bd42bade96ea566..a86b1a750facec4da2df6dd18eee70336420b105 100644 |
| --- a/content/browser/renderer_host/render_process_host_impl.cc |
| +++ b/content/browser/renderer_host/render_process_host_impl.cc |
| @@ -126,6 +126,7 @@ |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/process_type.h" |
| #include "content/public/common/result_codes.h" |
| +#include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #include "content/public/common/url_constants.h" |
| #include "gpu/command_buffer/service/gpu_switches.h" |
| #include "ipc/ipc_channel.h" |
| @@ -145,7 +146,6 @@ |
| #include "base/win/scoped_com_initializer.h" |
| #include "content/common/font_cache_dispatcher_win.h" |
| #include "content/common/sandbox_win.h" |
| -#include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #endif |
| #if defined(ENABLE_WEBRTC) |
| @@ -289,7 +289,7 @@ SiteProcessMap* GetSiteProcessMapForBrowserContext(BrowserContext* context) { |
| class RendererSandboxedProcessLauncherDelegate |
| : public content::SandboxedProcessLauncherDelegate { |
| public: |
| - RendererSandboxedProcessLauncherDelegate() {} |
| + RendererSandboxedProcessLauncherDelegate(IPC::ChannelProxy* /*channel*/) {} |
| virtual ~RendererSandboxedProcessLauncherDelegate() {} |
| virtual void PreSpawnTarget(sandbox::TargetPolicy* policy, |
| @@ -297,6 +297,31 @@ class RendererSandboxedProcessLauncherDelegate |
| AddBaseHandleClosePolicy(policy); |
| GetContentClient()->browser()->PreSpawnRenderer(policy, success); |
| } |
| + private: |
| + int ipc_fd_; |
| +}; |
| + |
| +#elif defined(OS_POSIX) |
| + |
| +// NOTE: changes to this class need to be reviewed by the security team. |
|
jam
2014/02/26 19:47:52
ditto
aberent
2014/02/28 08:51:07
Done.
|
| +class RendererSandboxedProcessLauncherDelegate |
| + : public content::SandboxedProcessLauncherDelegate { |
| + public: |
| + RendererSandboxedProcessLauncherDelegate(IPC::ChannelProxy* channel) |
| + : ipc_fd_(channel->TakeClientFileDescriptor()) {} |
| + virtual ~RendererSandboxedProcessLauncherDelegate() {} |
| + |
| + virtual bool UseZygote() OVERRIDE { |
| + const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); |
| + CommandLine::StringType renderer_prefix = |
| + browser_command_line.GetSwitchValueNative(switches::kRendererCmdPrefix); |
| + return renderer_prefix.empty(); |
| + } |
| + virtual int IpcFd() OVERRIDE { |
| + return ipc_fd_; |
| + } |
| + private: |
| + int ipc_fd_; |
| }; |
| #endif // OS_WIN |
| @@ -564,14 +589,7 @@ bool RenderProcessHostImpl::Init() { |
| // As long as there's no renderer prefix, we can use the zygote process |
| // at this stage. |
| child_process_launcher_.reset(new ChildProcessLauncher( |
| -#if defined(OS_WIN) |
| - new RendererSandboxedProcessLauncherDelegate, |
| - false, |
| -#elif defined(OS_POSIX) |
| - renderer_prefix.empty(), |
| - base::EnvironmentMap(), |
| - channel_->TakeClientFileDescriptor(), |
| -#endif |
| + new RendererSandboxedProcessLauncherDelegate(channel_.get()), |
| cmd_line, |
| GetID(), |
| this)); |
