| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ | 5 #ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ |
| 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ | 6 #define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> |
| 10 #include <vector> | 11 #include <vector> |
| 11 | 12 |
| 13 #include <sys/types.h> |
| 14 |
| 15 #include "base/files/scoped_file.h" |
| 12 #include "base/process/kill.h" | 16 #include "base/process/kill.h" |
| 17 #include "base/process/process_handle.h" |
| 13 #include "base/synchronization/lock.h" | 18 #include "base/synchronization/lock.h" |
| 14 #include "content/common/content_export.h" | 19 #include "content/common/content_export.h" |
| 15 #include "content/public/browser/file_descriptor_info.h" | 20 #include "content/public/browser/file_descriptor_info.h" |
| 16 | 21 |
| 22 namespace base { |
| 23 class Pickle; |
| 24 } // namespace base |
| 25 |
| 17 namespace content { | 26 namespace content { |
| 18 | 27 |
| 19 class CONTENT_EXPORT ZygoteCommunication { | 28 class CONTENT_EXPORT ZygoteCommunication { |
| 20 public: | 29 public: |
| 21 ZygoteCommunication(); | 30 ZygoteCommunication(); |
| 22 ~ZygoteCommunication(); | 31 ~ZygoteCommunication(); |
| 23 | 32 |
| 24 void Init(); | 33 void Init(); |
| 25 | 34 |
| 26 // Tries to start a process of type indicated by process_type. | 35 // Tries to start a process of type indicated by process_type. |
| (...skipping 19 matching lines...) Expand all Loading... |
| 46 // really dead). This is to prevent a waiting waitpid() from blocking in | 55 // really dead). This is to prevent a waiting waitpid() from blocking in |
| 47 // a single-threaded Zygote. See crbug.com/157458. | 56 // a single-threaded Zygote. See crbug.com/157458. |
| 48 base::TerminationStatus GetTerminationStatus(base::ProcessHandle handle, | 57 base::TerminationStatus GetTerminationStatus(base::ProcessHandle handle, |
| 49 bool known_dead, | 58 bool known_dead, |
| 50 int* exit_code); | 59 int* exit_code); |
| 51 | 60 |
| 52 // Returns the sandbox status of this zygote. | 61 // Returns the sandbox status of this zygote. |
| 53 int GetSandboxStatus(); | 62 int GetSandboxStatus(); |
| 54 | 63 |
| 55 private: | 64 private: |
| 56 // Whether we should use the namespace sandbox instead of the setuid sandbox. | |
| 57 bool ShouldUseNamespaceSandbox(); | |
| 58 | |
| 59 // Should be called every time a Zygote child is born. | 65 // Should be called every time a Zygote child is born. |
| 60 void ZygoteChildBorn(pid_t process); | 66 void ZygoteChildBorn(pid_t process); |
| 61 | 67 |
| 62 // Read the reply from the zygote. | 68 // Read the reply from the zygote. |
| 63 ssize_t ReadReply(void* buf, size_t buf_len); | 69 ssize_t ReadReply(void* buf, size_t buf_len); |
| 64 | 70 |
| 65 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the | 71 // Sends |data| to the zygote via |control_fd_|. If |fds| is non-NULL, the |
| 66 // included file descriptors will also be passed. The caller is responsible | 72 // included file descriptors will also be passed. The caller is responsible |
| 67 // for acquiring |control_lock_|. | 73 // for acquiring |control_lock_|. |
| 68 bool SendMessage(const base::Pickle& data, const std::vector<int>* fds); | 74 bool SendMessage(const base::Pickle& data, const std::vector<int>* fds); |
| 69 | 75 |
| 70 // Get the sandbox status from the zygote. | 76 // Get the sandbox status from the zygote. |
| 71 ssize_t ReadSandboxStatus(); | 77 ssize_t ReadSandboxStatus(); |
| 72 | 78 |
| 73 int control_fd_; // the socket to the zygote. | 79 base::ScopedFD control_fd_; // the socket to the zygote. |
| 74 // A lock protecting all communication with the zygote. This lock must be | 80 // A lock protecting all communication with the zygote. This lock must be |
| 75 // acquired before sending a command and released after the result has been | 81 // acquired before sending a command and released after the result has been |
| 76 // received. | 82 // received. |
| 77 base::Lock control_lock_; | 83 base::Lock control_lock_; |
| 78 // The pid of the zygote. | 84 // The pid of the zygote. |
| 79 pid_t pid_; | 85 pid_t pid_; |
| 80 // The list of running zygote children. | 86 // The list of running zygote children. |
| 81 std::set<pid_t> list_of_running_zygote_children_; | 87 std::set<pid_t> list_of_running_zygote_children_; |
| 82 // The lock to guard the list of running zygote children. | 88 // The lock to guard the list of running zygote children. |
| 83 base::Lock child_tracking_lock_; | 89 base::Lock child_tracking_lock_; |
| 84 int sandbox_status_; | 90 int sandbox_status_; |
| 85 bool have_read_sandbox_status_word_; | 91 bool have_read_sandbox_status_word_; |
| 86 // Set to true when the zygote is initialized successfully. | 92 // Set to true when the zygote is initialized successfully. |
| 87 bool init_; | 93 bool init_; |
| 88 }; | 94 }; |
| 89 | 95 |
| 90 } // namespace content | 96 } // namespace content |
| 91 | 97 |
| 92 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ | 98 #endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1976403002:
Fix logic for checking chrome-sandbox setuid binary (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master