| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/nacl/broker/nacl_broker_listener.h" | 5 #include "components/nacl/broker/nacl_broker_listener.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 12 #include "base/process/launch.h" | 12 #include "base/process/launch.h" |
| 13 #include "base/process/process.h" | 13 #include "base/process/process.h" |
| 14 #include "base/process/process_handle.h" | 14 #include "base/process/process_handle.h" |
| 15 #include "base/thread_task_runner_handle.h" | 15 #include "base/thread_task_runner_handle.h" |
| 16 #include "components/nacl/common/nacl_cmd_line.h" | 16 #include "components/nacl/common/nacl_cmd_line.h" |
| 17 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 17 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
| 18 #include "components/nacl/common/nacl_messages.h" | 18 #include "components/nacl/common/nacl_messages.h" |
| 19 #include "components/nacl/common/nacl_switches.h" | 19 #include "components/nacl/common/nacl_switches.h" |
| 20 #include "content/public/common/content_switches.h" | 20 #include "content/public/common/content_switches.h" |
| 21 #include "content/public/common/sandbox_init.h" | 21 #include "content/public/common/sandbox_init.h" |
| 22 #include "ipc/attachment_broker_unprivileged.h" | 22 #include "ipc/attachment_broker_unprivileged.h" |
| 23 #include "ipc/ipc_channel.h" | 23 #include "ipc/ipc_channel.h" |
| 24 #include "ipc/ipc_switches.h" | 24 #include "ipc/ipc_switches.h" |
| 25 #include "sandbox/win/src/sandbox_policy.h" | |
| 26 | 25 |
| 27 namespace { | 26 namespace { |
| 28 | 27 |
| 29 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { | 28 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { |
| 30 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); | 29 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); |
| 31 } | 30 } |
| 32 | 31 |
| 33 } // namespace | 32 } // namespace |
| 34 | 33 |
| 35 NaClBrokerListener::NaClBrokerListener() { | 34 NaClBrokerListener::NaClBrokerListener() { |
| (...skipping 13 matching lines...) Expand all Loading... |
| 49 channel_ = IPC::Channel::CreateClient(channel_name, this); | 48 channel_ = IPC::Channel::CreateClient(channel_name, this); |
| 50 IPC::AttachmentBroker* broker = IPC::AttachmentBroker::GetGlobal(); | 49 IPC::AttachmentBroker* broker = IPC::AttachmentBroker::GetGlobal(); |
| 51 if (broker && !broker->IsPrivilegedBroker()) | 50 if (broker && !broker->IsPrivilegedBroker()) |
| 52 broker->RegisterBrokerCommunicationChannel(channel_.get()); | 51 broker->RegisterBrokerCommunicationChannel(channel_.get()); |
| 53 CHECK(channel_->Connect()); | 52 CHECK(channel_->Connect()); |
| 54 base::MessageLoop::current()->Run(); | 53 base::MessageLoop::current()->Run(); |
| 55 } | 54 } |
| 56 | 55 |
| 57 // NOTE: changes to this method need to be reviewed by the security team. | 56 // NOTE: changes to this method need to be reviewed by the security team. |
| 58 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { | 57 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { |
| 59 // This code is duplicated in chrome_content_browser_client.cc. | 58 return true; |
| 60 | |
| 61 // Allow the server side of a pipe restricted to the "chrome.nacl." | |
| 62 // namespace so that it cannot impersonate other system or other chrome | |
| 63 // service pipes. | |
| 64 sandbox::ResultCode result = policy->AddRule( | |
| 65 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
| 66 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
| 67 L"\\\\.\\pipe\\chrome.nacl.*"); | |
| 68 return result == sandbox::SBOX_ALL_OK; | |
| 69 } | 59 } |
| 70 | 60 |
| 71 void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) { | 61 void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) { |
| 72 browser_process_ = base::Process::OpenWithExtraPrivileges(peer_pid); | 62 browser_process_ = base::Process::OpenWithExtraPrivileges(peer_pid); |
| 73 CHECK(browser_process_.IsValid()); | 63 CHECK(browser_process_.IsValid()); |
| 74 } | 64 } |
| 75 | 65 |
| 76 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { | 66 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { |
| 77 bool handled = true; | 67 bool handled = true; |
| 78 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) | 68 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) |
| (...skipping 23 matching lines...) Expand all Loading... |
| 102 if (!exe_path.empty()) { | 92 if (!exe_path.empty()) { |
| 103 base::CommandLine* cmd_line = new base::CommandLine(exe_path); | 93 base::CommandLine* cmd_line = new base::CommandLine(exe_path); |
| 104 nacl::CopyNaClCommandLineArguments(cmd_line); | 94 nacl::CopyNaClCommandLineArguments(cmd_line); |
| 105 | 95 |
| 106 cmd_line->AppendSwitchASCII(switches::kProcessType, | 96 cmd_line->AppendSwitchASCII(switches::kProcessType, |
| 107 switches::kNaClLoaderProcess); | 97 switches::kNaClLoaderProcess); |
| 108 | 98 |
| 109 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, | 99 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, |
| 110 loader_channel_id); | 100 loader_channel_id); |
| 111 | 101 |
| 112 base::Process loader_process = content::StartSandboxedProcess( | 102 base::Process loader_process = base::LaunchProcess(*cmd_line, base::LaunchOp
tions()); |
| 113 this, cmd_line, base::HandlesToInheritVector()); | |
| 114 if (loader_process.IsValid()) { | 103 if (loader_process.IsValid()) { |
| 115 // Note: PROCESS_DUP_HANDLE is necessary here, because: | 104 // Note: PROCESS_DUP_HANDLE is necessary here, because: |
| 116 // 1) The current process is the broker, which is the loader's parent. | 105 // 1) The current process is the broker, which is the loader's parent. |
| 117 // 2) The browser is not the loader's parent, and so only gets the | 106 // 2) The browser is not the loader's parent, and so only gets the |
| 118 // access rights we confer here. | 107 // access rights we confer here. |
| 119 // 3) The browser calls DuplicateHandle to set up communications with | 108 // 3) The browser calls DuplicateHandle to set up communications with |
| 120 // the loader. | 109 // the loader. |
| 121 // 4) The target process handle to DuplicateHandle needs to have | 110 // 4) The target process handle to DuplicateHandle needs to have |
| 122 // PROCESS_DUP_HANDLE access rights. | 111 // PROCESS_DUP_HANDLE access rights. |
| 123 DuplicateHandle( | 112 DuplicateHandle( |
| (...skipping 13 matching lines...) Expand all Loading... |
| 137 const std::string& startup_info) { | 126 const std::string& startup_info) { |
| 138 NaClStartDebugExceptionHandlerThread( | 127 NaClStartDebugExceptionHandlerThread( |
| 139 base::Process(process_handle), startup_info, | 128 base::Process(process_handle), startup_info, |
| 140 base::ThreadTaskRunnerHandle::Get(), | 129 base::ThreadTaskRunnerHandle::Get(), |
| 141 base::Bind(SendReply, channel_.get(), pid)); | 130 base::Bind(SendReply, channel_.get(), pid)); |
| 142 } | 131 } |
| 143 | 132 |
| 144 void NaClBrokerListener::OnStopBroker() { | 133 void NaClBrokerListener::OnStopBroker() { |
| 145 base::MessageLoop::current()->QuitWhenIdle(); | 134 base::MessageLoop::current()->QuitWhenIdle(); |
| 146 } | 135 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master