Chromium Code Reviews Chromium Code Reviews
Issue 177863002:
Refactor configuration of sandboxes - first steps (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: components/nacl/browser/nacl_process_host.cc |
| diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc |
| index a5a1341dcfb16c65a3bcc8baf41eccd24c8c6b65..ff6e29e70ba081d3d0e511468132af885e550255 100644 |
| --- a/components/nacl/browser/nacl_process_host.cc |
| +++ b/components/nacl/browser/nacl_process_host.cc |
| @@ -40,6 +40,7 @@ |
| #include "content/public/common/child_process_host.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/process_type.h" |
| +#include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #include "ipc/ipc_channel.h" |
| #include "ipc/ipc_switches.h" |
| #include "native_client/src/shared/imc/nacl_imc_c.h" |
| @@ -63,7 +64,6 @@ |
| #include "components/nacl/browser/nacl_broker_service_win.h" |
| #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| #include "content/public/common/sandbox_init.h" |
| -#include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #endif |
| using content::BrowserThread; |
| @@ -128,14 +128,21 @@ bool RunningOnWOW64() { |
| return (base::win::OSInfo::GetInstance()->wow64_status() == |
| base::win::OSInfo::WOW64_ENABLED); |
| } |
| +#endif |
| // NOTE: changes to this class need to be reviewed by the security team. |
| class NaClSandboxedProcessLauncherDelegate |
| : public content::SandboxedProcessLauncherDelegate { |
| public: |
| - NaClSandboxedProcessLauncherDelegate() {} |
| + NaClSandboxedProcessLauncherDelegate(ChildProcessHost* host) |
| +#if defined(OS_POSIX) |
| + : ipc_fd_(host->TakeClientFileDescriptor()) |
| +#endif |
| + {} |
| + |
| virtual ~NaClSandboxedProcessLauncherDelegate() {} |
| +#if defined(OS_WIN) |
| virtual void PostSpawnTarget(base::ProcessHandle process) { |
| // For Native Client sel_ldr processes on 32-bit Windows, reserve 1 GB of |
| // address space to prevent later failure due to address space fragmentation |
| @@ -148,10 +155,26 @@ class NaClSandboxedProcessLauncherDelegate |
| DLOG(WARNING) << "Failed to reserve address space for Native Client"; |
| } |
| } |
| -}; |
| - |
| +#elif defined(OS_POSIX) |
| + virtual bool ShouldUseZygote() OVERRIDE { |
| + CommandLine::StringType nacl_loader_prefix = |
| + CommandLine::ForCurrentProcess()->GetSwitchValueNative( |
| + switches::kNaClLoaderCmdPrefix); |
| + return nacl_loader_prefix.empty(); |
| + } |
| + virtual int GetIpcFd() OVERRIDE { |
| + return ipc_fd_; |
| + } |
| #endif // OS_WIN |
| + private: |
| + |
|
jam
2014/02/28 18:07:43
nit: no blank line
aberent
2014/02/28 21:17:28
Done.
|
| +#if defined(OS_POSIX) |
| + int ipc_fd_; |
| +#endif // OS_POSIX |
| + |
| +}; |
| + |
| void SetCloseOnExec(NaClHandle fd) { |
| #if defined(OS_POSIX) |
| int flags = fcntl(fd, F_GETFD); |
| @@ -535,17 +558,12 @@ bool NaClProcessHost::LaunchSelLdr() { |
| SendErrorToRenderer("broker service did not launch process"); |
| return false; |
| } |
| - } else { |
| - process_->Launch(new NaClSandboxedProcessLauncherDelegate, |
| - false, |
| - cmd_line.release()); |
| + return true; |
| } |
| -#elif defined(OS_POSIX) |
| - process_->Launch(nacl_loader_prefix.empty(), // use_zygote |
| - base::EnvironmentMap(), |
| - cmd_line.release()); |
| #endif |
| - |
| + process_->Launch( |
| + new NaClSandboxedProcessLauncherDelegate(process_->GetHost()), |
| + cmd_line.release()); |
| return true; |
| } |
