Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(89)

Side by Side Diff: content/browser/zygote_host/zygote_communication_linux.h

Issue 1976403002: Fix logic for checking chrome-sandbox setuid binary (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rickyz feedback Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_
6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <set> 9 #include <set>
10 #include <string>
10 #include <vector> 11 #include <vector>
11 12
13 #include <sys/types.h>
14
15 #include "base/files/scoped_file.h"
12 #include "base/process/kill.h" 16 #include "base/process/kill.h"
17 #include "base/process/process_handle.h"
13 #include "base/synchronization/lock.h" 18 #include "base/synchronization/lock.h"
14 #include "content/common/content_export.h" 19 #include "content/common/content_export.h"
15 #include "content/public/browser/file_descriptor_info.h" 20 #include "content/public/browser/file_descriptor_info.h"
16 21
22 namespace base {
23 class Pickle;
24 } // namespace base
25
17 namespace content { 26 namespace content {
18 27
19 class CONTENT_EXPORT ZygoteCommunication { 28 class CONTENT_EXPORT ZygoteCommunication {
20 public: 29 public:
21 ZygoteCommunication(); 30 ZygoteCommunication();
22 ~ZygoteCommunication(); 31 ~ZygoteCommunication();
23 32
24 void Init(); 33 void Init();
25 34
26 // Tries to start a process of type indicated by process_type. 35 // Tries to start a process of type indicated by process_type.
(...skipping 19 matching lines...) Expand all
46 // really dead). This is to prevent a waiting waitpid() from blocking in 55 // really dead). This is to prevent a waiting waitpid() from blocking in
47 // a single-threaded Zygote. See crbug.com/157458. 56 // a single-threaded Zygote. See crbug.com/157458.
48 base::TerminationStatus GetTerminationStatus(base::ProcessHandle handle, 57 base::TerminationStatus GetTerminationStatus(base::ProcessHandle handle,
49 bool known_dead, 58 bool known_dead,
50 int* exit_code); 59 int* exit_code);
51 60
52 // Returns the sandbox status of this zygote. 61 // Returns the sandbox status of this zygote.
53 int GetSandboxStatus(); 62 int GetSandboxStatus();
54 63
55 private: 64 private:
56 // Whether we should use the namespace sandbox instead of the setuid sandbox.
57 bool ShouldUseNamespaceSandbox();
58
59 // Should be called every time a Zygote child is born. 65 // Should be called every time a Zygote child is born.
60 void ZygoteChildBorn(pid_t process); 66 void ZygoteChildBorn(pid_t process);
61 67
62 // Read the reply from the zygote. 68 // Read the reply from the zygote.
63 ssize_t ReadReply(void* buf, size_t buf_len); 69 ssize_t ReadReply(void* buf, size_t buf_len);
64 70
65 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the 71 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the
66 // included file descriptors will also be passed. The caller is responsible 72 // included file descriptors will also be passed. The caller is responsible
67 // for acquiring |control_lock_|. 73 // for acquiring |control_lock_|.
68 bool SendMessage(const base::Pickle& data, const std::vector<int>* fds); 74 bool SendMessage(const base::Pickle& data, const std::vector<int>* fds);
69 75
70 // Get the sandbox status from the zygote. 76 // Get the sandbox status from the zygote.
71 ssize_t ReadSandboxStatus(); 77 ssize_t ReadSandboxStatus();
72 78
73 int control_fd_; // the socket to the zygote. 79 base::ScopedFD control_fd_; // the socket to the zygote.
74 // A lock protecting all communication with the zygote. This lock must be 80 // A lock protecting all communication with the zygote. This lock must be
75 // acquired before sending a command and released after the result has been 81 // acquired before sending a command and released after the result has been
76 // received. 82 // received.
77 base::Lock control_lock_; 83 base::Lock control_lock_;
78 // The pid of the zygote. 84 // The pid of the zygote.
79 pid_t pid_; 85 pid_t pid_;
80 // The list of running zygote children. 86 // The list of running zygote children.
81 std::set<pid_t> list_of_running_zygote_children_; 87 std::set<pid_t> list_of_running_zygote_children_;
82 // The lock to guard the list of running zygote children. 88 // The lock to guard the list of running zygote children.
83 base::Lock child_tracking_lock_; 89 base::Lock child_tracking_lock_;
84 int sandbox_status_; 90 int sandbox_status_;
85 bool have_read_sandbox_status_word_; 91 bool have_read_sandbox_status_word_;
86 // Set to true when the zygote is initialized successfully. 92 // Set to true when the zygote is initialized successfully.
87 bool init_; 93 bool init_;
88 }; 94 };
89 95
90 } // namespace content 96 } // namespace content
91 97
92 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ 98 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_
OLDNEW
« no previous file with comments | « content/browser/browser_main_loop.cc ('k') | content/browser/zygote_host/zygote_communication_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698