OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/mac/bootstrap_sandbox.h" | 5 #include "sandbox/mac/bootstrap_sandbox.h" |
6 | 6 |
7 #include <servers/bootstrap.h> | 7 #include <servers/bootstrap.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 #include <unistd.h> | 9 #include <unistd.h> |
10 | 10 |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/mac/foundation_util.h" | 12 #include "base/mac/foundation_util.h" |
13 #include "base/mac/mach_logging.h" | 13 #include "base/mac/mach_logging.h" |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/memory/ptr_util.h" |
15 #include "base/rand_util.h" | 16 #include "base/rand_util.h" |
16 #include "base/strings/stringprintf.h" | 17 #include "base/strings/stringprintf.h" |
17 #include "sandbox/mac/launchd_interception_server.h" | 18 #include "sandbox/mac/launchd_interception_server.h" |
18 #include "sandbox/mac/pre_exec_delegate.h" | 19 #include "sandbox/mac/pre_exec_delegate.h" |
19 | 20 |
20 namespace sandbox { | 21 namespace sandbox { |
21 | 22 |
22 namespace { | 23 namespace { |
23 | 24 |
24 struct SandboxCheckInRequest { | 25 struct SandboxCheckInRequest { |
(...skipping 23 matching lines...) Expand all Loading... |
48 | 49 |
49 private: | 50 private: |
50 mach_msg_header_t* message_; | 51 mach_msg_header_t* message_; |
51 | 52 |
52 DISALLOW_COPY_AND_ASSIGN(ScopedCallMachMsgDestroy); | 53 DISALLOW_COPY_AND_ASSIGN(ScopedCallMachMsgDestroy); |
53 }; | 54 }; |
54 | 55 |
55 } // namespace | 56 } // namespace |
56 | 57 |
57 // static | 58 // static |
58 scoped_ptr<BootstrapSandbox> BootstrapSandbox::Create() { | 59 std::unique_ptr<BootstrapSandbox> BootstrapSandbox::Create() { |
59 scoped_ptr<BootstrapSandbox> null; // Used for early returns. | 60 std::unique_ptr<BootstrapSandbox> null; // Used for early returns. |
60 scoped_ptr<BootstrapSandbox> sandbox(new BootstrapSandbox()); | 61 std::unique_ptr<BootstrapSandbox> sandbox(new BootstrapSandbox()); |
61 sandbox->launchd_server_.reset(new LaunchdInterceptionServer(sandbox.get())); | 62 sandbox->launchd_server_.reset(new LaunchdInterceptionServer(sandbox.get())); |
62 | 63 |
63 // Check in with launchd to get the receive right for the server that is | 64 // Check in with launchd to get the receive right for the server that is |
64 // published in the bootstrap namespace. | 65 // published in the bootstrap namespace. |
65 mach_port_t port = MACH_PORT_NULL; | 66 mach_port_t port = MACH_PORT_NULL; |
66 kern_return_t kr = bootstrap_check_in(bootstrap_port, | 67 kern_return_t kr = bootstrap_check_in(bootstrap_port, |
67 sandbox->server_bootstrap_name().c_str(), &port); | 68 sandbox->server_bootstrap_name().c_str(), &port); |
68 if (kr != KERN_SUCCESS) { | 69 if (kr != KERN_SUCCESS) { |
69 BOOTSTRAP_LOG(ERROR, kr) | 70 BOOTSTRAP_LOG(ERROR, kr) |
70 << "Failed to bootstrap_check_in the sandbox server."; | 71 << "Failed to bootstrap_check_in the sandbox server."; |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
136 | 137 |
137 void BootstrapSandbox::RegisterSandboxPolicy( | 138 void BootstrapSandbox::RegisterSandboxPolicy( |
138 int sandbox_policy_id, | 139 int sandbox_policy_id, |
139 const BootstrapSandboxPolicy& policy) { | 140 const BootstrapSandboxPolicy& policy) { |
140 CHECK(IsPolicyValid(policy)); | 141 CHECK(IsPolicyValid(policy)); |
141 base::AutoLock lock(lock_); | 142 base::AutoLock lock(lock_); |
142 DCHECK(policies_.find(sandbox_policy_id) == policies_.end()); | 143 DCHECK(policies_.find(sandbox_policy_id) == policies_.end()); |
143 policies_.insert(std::make_pair(sandbox_policy_id, policy)); | 144 policies_.insert(std::make_pair(sandbox_policy_id, policy)); |
144 } | 145 } |
145 | 146 |
146 scoped_ptr<PreExecDelegate> BootstrapSandbox::NewClient(int sandbox_policy_id) { | 147 std::unique_ptr<PreExecDelegate> BootstrapSandbox::NewClient( |
| 148 int sandbox_policy_id) { |
147 base::AutoLock lock(lock_); | 149 base::AutoLock lock(lock_); |
148 | 150 |
149 DCHECK(policies_.find(sandbox_policy_id) != policies_.end()); | 151 DCHECK(policies_.find(sandbox_policy_id) != policies_.end()); |
150 | 152 |
151 uint64_t token; | 153 uint64_t token; |
152 while (true) { | 154 while (true) { |
153 token = base::RandUint64(); | 155 token = base::RandUint64(); |
154 if (awaiting_processes_.find(token) == awaiting_processes_.end()) | 156 if (awaiting_processes_.find(token) == awaiting_processes_.end()) |
155 break; | 157 break; |
156 } | 158 } |
157 | 159 |
158 awaiting_processes_[token] = sandbox_policy_id; | 160 awaiting_processes_[token] = sandbox_policy_id; |
159 return make_scoped_ptr(new PreExecDelegate(server_bootstrap_name_, token)); | 161 return base::WrapUnique(new PreExecDelegate(server_bootstrap_name_, token)); |
160 } | 162 } |
161 | 163 |
162 void BootstrapSandbox::RevokeToken(uint64_t token) { | 164 void BootstrapSandbox::RevokeToken(uint64_t token) { |
163 base::AutoLock lock(lock_); | 165 base::AutoLock lock(lock_); |
164 const auto& it = awaiting_processes_.find(token); | 166 const auto& it = awaiting_processes_.find(token); |
165 if (it != awaiting_processes_.end()) | 167 if (it != awaiting_processes_.end()) |
166 awaiting_processes_.erase(it); | 168 awaiting_processes_.erase(it); |
167 } | 169 } |
168 | 170 |
169 void BootstrapSandbox::InvalidateClient(base::ProcessHandle handle) { | 171 void BootstrapSandbox::InvalidateClient(base::ProcessHandle handle) { |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
252 } else { | 254 } else { |
253 { | 255 { |
254 base::AutoLock lock(lock_); | 256 base::AutoLock lock(lock_); |
255 sandboxed_processes_.erase(client_pid); | 257 sandboxed_processes_.erase(client_pid); |
256 } | 258 } |
257 MACH_LOG(ERROR, kr) << "HandleChildCheckIn mach_msg MACH_SEND_MSG"; | 259 MACH_LOG(ERROR, kr) << "HandleChildCheckIn mach_msg MACH_SEND_MSG"; |
258 } | 260 } |
259 } | 261 } |
260 | 262 |
261 } // namespace sandbox | 263 } // namespace sandbox |
OLD | NEW |