OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/broker/nacl_broker_listener.h" | 5 #include "components/nacl/broker/nacl_broker_listener.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
11 #include "base/path_service.h" | 11 #include "base/path_service.h" |
12 #include "base/process/launch.h" | 12 #include "base/process/launch.h" |
13 #include "base/process/process.h" | 13 #include "base/process/process.h" |
14 #include "base/process/process_handle.h" | 14 #include "base/process/process_handle.h" |
15 #include "base/thread_task_runner_handle.h" | 15 #include "base/thread_task_runner_handle.h" |
16 #include "components/nacl/common/nacl_cmd_line.h" | 16 #include "components/nacl/common/nacl_cmd_line.h" |
17 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 17 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
18 #include "components/nacl/common/nacl_messages.h" | 18 #include "components/nacl/common/nacl_messages.h" |
19 #include "components/nacl/common/nacl_switches.h" | 19 #include "components/nacl/common/nacl_switches.h" |
20 #include "content/public/common/content_switches.h" | 20 #include "content/public/common/content_switches.h" |
21 #include "content/public/common/sandbox_init.h" | 21 #include "content/public/common/sandbox_init.h" |
22 #include "ipc/attachment_broker_unprivileged.h" | 22 #include "ipc/attachment_broker_unprivileged.h" |
23 #include "ipc/ipc_channel.h" | 23 #include "ipc/ipc_channel.h" |
24 #include "ipc/ipc_switches.h" | 24 #include "ipc/ipc_switches.h" |
25 #include "sandbox/win/src/sandbox_policy.h" | |
26 | 25 |
27 namespace { | 26 namespace { |
28 | 27 |
29 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { | 28 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { |
30 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); | 29 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); |
31 } | 30 } |
32 | 31 |
33 } // namespace | 32 } // namespace |
34 | 33 |
35 NaClBrokerListener::NaClBrokerListener() { | 34 NaClBrokerListener::NaClBrokerListener() { |
(...skipping 13 matching lines...) Expand all Loading... |
49 channel_ = IPC::Channel::CreateClient(channel_name, this); | 48 channel_ = IPC::Channel::CreateClient(channel_name, this); |
50 IPC::AttachmentBroker* broker = IPC::AttachmentBroker::GetGlobal(); | 49 IPC::AttachmentBroker* broker = IPC::AttachmentBroker::GetGlobal(); |
51 if (broker && !broker->IsPrivilegedBroker()) | 50 if (broker && !broker->IsPrivilegedBroker()) |
52 broker->RegisterBrokerCommunicationChannel(channel_.get()); | 51 broker->RegisterBrokerCommunicationChannel(channel_.get()); |
53 CHECK(channel_->Connect()); | 52 CHECK(channel_->Connect()); |
54 base::MessageLoop::current()->Run(); | 53 base::MessageLoop::current()->Run(); |
55 } | 54 } |
56 | 55 |
57 // NOTE: changes to this method need to be reviewed by the security team. | 56 // NOTE: changes to this method need to be reviewed by the security team. |
58 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { | 57 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { |
59 // This code is duplicated in chrome_content_browser_client.cc. | 58 return true; |
60 | |
61 // Allow the server side of a pipe restricted to the "chrome.nacl." | |
62 // namespace so that it cannot impersonate other system or other chrome | |
63 // service pipes. | |
64 sandbox::ResultCode result = policy->AddRule( | |
65 sandbox::TargetPolicy::SUBSYS_NAMED_PIPES, | |
66 sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, | |
67 L"\\\\.\\pipe\\chrome.nacl.*"); | |
68 return result == sandbox::SBOX_ALL_OK; | |
69 } | 59 } |
70 | 60 |
71 void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) { | 61 void NaClBrokerListener::OnChannelConnected(int32_t peer_pid) { |
72 browser_process_ = base::Process::OpenWithExtraPrivileges(peer_pid); | 62 browser_process_ = base::Process::OpenWithExtraPrivileges(peer_pid); |
73 CHECK(browser_process_.IsValid()); | 63 CHECK(browser_process_.IsValid()); |
74 } | 64 } |
75 | 65 |
76 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { | 66 bool NaClBrokerListener::OnMessageReceived(const IPC::Message& msg) { |
77 bool handled = true; | 67 bool handled = true; |
78 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) | 68 IPC_BEGIN_MESSAGE_MAP(NaClBrokerListener, msg) |
(...skipping 23 matching lines...) Expand all Loading... |
102 if (!exe_path.empty()) { | 92 if (!exe_path.empty()) { |
103 base::CommandLine* cmd_line = new base::CommandLine(exe_path); | 93 base::CommandLine* cmd_line = new base::CommandLine(exe_path); |
104 nacl::CopyNaClCommandLineArguments(cmd_line); | 94 nacl::CopyNaClCommandLineArguments(cmd_line); |
105 | 95 |
106 cmd_line->AppendSwitchASCII(switches::kProcessType, | 96 cmd_line->AppendSwitchASCII(switches::kProcessType, |
107 switches::kNaClLoaderProcess); | 97 switches::kNaClLoaderProcess); |
108 | 98 |
109 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, | 99 cmd_line->AppendSwitchASCII(switches::kProcessChannelID, |
110 loader_channel_id); | 100 loader_channel_id); |
111 | 101 |
112 base::Process loader_process = content::StartSandboxedProcess( | 102 base::Process loader_process = base::LaunchProcess(*cmd_line, base::LaunchOp
tions()); |
113 this, cmd_line, base::HandlesToInheritVector()); | |
114 if (loader_process.IsValid()) { | 103 if (loader_process.IsValid()) { |
115 // Note: PROCESS_DUP_HANDLE is necessary here, because: | 104 // Note: PROCESS_DUP_HANDLE is necessary here, because: |
116 // 1) The current process is the broker, which is the loader's parent. | 105 // 1) The current process is the broker, which is the loader's parent. |
117 // 2) The browser is not the loader's parent, and so only gets the | 106 // 2) The browser is not the loader's parent, and so only gets the |
118 // access rights we confer here. | 107 // access rights we confer here. |
119 // 3) The browser calls DuplicateHandle to set up communications with | 108 // 3) The browser calls DuplicateHandle to set up communications with |
120 // the loader. | 109 // the loader. |
121 // 4) The target process handle to DuplicateHandle needs to have | 110 // 4) The target process handle to DuplicateHandle needs to have |
122 // PROCESS_DUP_HANDLE access rights. | 111 // PROCESS_DUP_HANDLE access rights. |
123 DuplicateHandle( | 112 DuplicateHandle( |
(...skipping 13 matching lines...) Expand all Loading... |
137 const std::string& startup_info) { | 126 const std::string& startup_info) { |
138 NaClStartDebugExceptionHandlerThread( | 127 NaClStartDebugExceptionHandlerThread( |
139 base::Process(process_handle), startup_info, | 128 base::Process(process_handle), startup_info, |
140 base::ThreadTaskRunnerHandle::Get(), | 129 base::ThreadTaskRunnerHandle::Get(), |
141 base::Bind(SendReply, channel_.get(), pid)); | 130 base::Bind(SendReply, channel_.get(), pid)); |
142 } | 131 } |
143 | 132 |
144 void NaClBrokerListener::OnStopBroker() { | 133 void NaClBrokerListener::OnStopBroker() { |
145 base::MessageLoop::current()->QuitWhenIdle(); | 134 base::MessageLoop::current()->QuitWhenIdle(); |
146 } | 135 } |
OLD | NEW |