| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/browser_main_loop.h" | 5 #include "content/browser/browser_main_loop.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 #include "media/capture/system_message_window_win.h" | 152 #include "media/capture/system_message_window_win.h" |
| 153 #elif defined(OS_LINUX) && defined(USE_UDEV) | 153 #elif defined(OS_LINUX) && defined(USE_UDEV) |
| 154 #include "media/capture/device_monitor_udev.h" | 154 #include "media/capture/device_monitor_udev.h" |
| 155 #elif defined(OS_MACOSX) | 155 #elif defined(OS_MACOSX) |
| 156 #include "media/capture/device_monitor_mac.h" | 156 #include "media/capture/device_monitor_mac.h" |
| 157 #endif | 157 #endif |
| 158 | 158 |
| 159 #if defined(OS_POSIX) && !defined(OS_MACOSX) | 159 #if defined(OS_POSIX) && !defined(OS_MACOSX) |
| 160 #include "content/browser/renderer_host/render_sandbox_host_linux.h" | 160 #include "content/browser/renderer_host/render_sandbox_host_linux.h" |
| 161 #include "content/browser/zygote_host/zygote_host_impl_linux.h" | 161 #include "content/browser/zygote_host/zygote_host_impl_linux.h" |
| 162 #include "sandbox/linux/suid/client/setuid_sandbox_host.h" | |
| 163 | 162 |
| 164 #if !defined(OS_ANDROID) | 163 #if !defined(OS_ANDROID) |
| 165 #include "content/public/browser/zygote_handle_linux.h" | 164 #include "content/public/browser/zygote_handle_linux.h" |
| 166 #endif // !defined(OS_ANDROID) | 165 #endif // !defined(OS_ANDROID) |
| 167 #endif // defined(OS_POSIX) && !defined(OS_MACOSX) | 166 #endif // defined(OS_POSIX) && !defined(OS_MACOSX) |
| 168 | 167 |
| 169 | 168 |
| 170 #if defined(ENABLE_PLUGINS) | 169 #if defined(ENABLE_PLUGINS) |
| 171 #include "content/browser/plugin_service_impl.h" | 170 #include "content/browser/plugin_service_impl.h" |
| 172 #endif | 171 #endif |
| (...skipping 26 matching lines...) Expand all Loading... |
| 199 #ifdef DestroyAll | 198 #ifdef DestroyAll |
| 200 #undef DestroyAll | 199 #undef DestroyAll |
| 201 #endif | 200 #endif |
| 202 | 201 |
| 203 namespace content { | 202 namespace content { |
| 204 namespace { | 203 namespace { |
| 205 | 204 |
| 206 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) | 205 #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
| 207 void SetupSandbox(const base::CommandLine& parsed_command_line) { | 206 void SetupSandbox(const base::CommandLine& parsed_command_line) { |
| 208 TRACE_EVENT0("startup", "SetupSandbox"); | 207 TRACE_EVENT0("startup", "SetupSandbox"); |
| 209 base::FilePath sandbox_binary; | |
| 210 | |
| 211 std::unique_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( | |
| 212 sandbox::SetuidSandboxHost::Create()); | |
| 213 | |
| 214 const bool want_setuid_sandbox = | |
| 215 !parsed_command_line.HasSwitch(switches::kNoSandbox) && | |
| 216 !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox) && | |
| 217 !setuid_sandbox_host->IsDisabledViaEnvironment(); | |
| 218 | |
| 219 static const char no_suid_error[] = | |
| 220 "Running without the SUID sandbox! See " | |
| 221 "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_s
andbox_development.md " | |
| 222 "for more information on developing with the sandbox on."; | |
| 223 if (want_setuid_sandbox) { | |
| 224 sandbox_binary = setuid_sandbox_host->GetSandboxBinaryPath(); | |
| 225 if (sandbox_binary.empty()) { | |
| 226 // This needs to be fatal. Talk to security@chromium.org if you feel | |
| 227 // otherwise. | |
| 228 LOG(FATAL) << no_suid_error; | |
| 229 } | |
| 230 } else { | |
| 231 LOG(ERROR) << no_suid_error; | |
| 232 } | |
| 233 | 208 |
| 234 // Tickle the sandbox host and zygote host so they fork now. | 209 // Tickle the sandbox host and zygote host so they fork now. |
| 235 RenderSandboxHostLinux::GetInstance()->Init(); | 210 RenderSandboxHostLinux::GetInstance()->Init(); |
| 236 ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value()); | 211 ZygoteHostImpl::GetInstance()->Init(parsed_command_line); |
| 237 *GetGenericZygote() = CreateZygote(); | 212 *GetGenericZygote() = CreateZygote(); |
| 238 RenderProcessHostImpl::EarlyZygoteLaunch(); | 213 RenderProcessHostImpl::EarlyZygoteLaunch(); |
| 239 } | 214 } |
| 240 #endif | 215 #endif |
| 241 | 216 |
| 242 #if defined(USE_GLIB) | 217 #if defined(USE_GLIB) |
| 243 static void GLibLogHandler(const gchar* log_domain, | 218 static void GLibLogHandler(const gchar* log_domain, |
| 244 GLogLevelFlags log_level, | 219 GLogLevelFlags log_level, |
| 245 const gchar* message, | 220 const gchar* message, |
| 246 gpointer userdata) { | 221 gpointer userdata) { |
| (...skipping 1296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1543 std::move(worker_task_runner), | 1518 std::move(worker_task_runner), |
| 1544 MediaInternals::GetInstance()); | 1519 MediaInternals::GetInstance()); |
| 1545 } | 1520 } |
| 1546 CHECK(audio_manager_); | 1521 CHECK(audio_manager_); |
| 1547 | 1522 |
| 1548 if (use_hang_monitor) | 1523 if (use_hang_monitor) |
| 1549 media::AudioManager::StartHangMonitor(io_thread_->task_runner()); | 1524 media::AudioManager::StartHangMonitor(io_thread_->task_runner()); |
| 1550 } | 1525 } |
| 1551 | 1526 |
| 1552 } // namespace content | 1527 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1976403002:
Fix logic for checking chrome-sandbox setuid binary (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master