Linux Zygote: add sanity checks and cleanup

content/zygote/zygote_main_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/zygote/zygote_main.h"
 
 #include <dlfcn.h>
 #include <fcntl.h>
 #include <pthread.h>
 #include <stdio.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #include "base/basictypes.h"
 #include "base/command_line.h"
-#include "base/containers/hash_tables.h"
-#include "base/files/file_path.h"
 #include "base/linux_util.h"
-#include "base/memory/scoped_ptr.h"
 #include "base/native_library.h"
 #include "base/pickle.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/rand_util.h"
 #include "base/sys_info.h"
 #include "build/build_config.h"
 #include "content/common/font_config_ipc_linux.h"
 #include "content/common/pepper_plugin_list.h"
 #include "content/common/sandbox_linux.h"
@@ skipping 264 matching lines @@
   // pre-sandbox init, but more likely this is just a build configuration error.
   #error Which SSL library are you using?
 #endif
 #if defined(ENABLE_PLUGINS)
   // Ensure access to the Pepper plugins before the sandbox is turned on.
   PreloadPepperPlugins();
 #endif
 #if defined(ENABLE_WEBRTC)
   InitializeWebRtcModule();
 #endif
+  SkFontConfigInterface::SetGlobal(
+      new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref();
 }
 
 // Do nothing here
 static void SIGCHLDHandler(int signal) {
 }
 
 // The current process will become a process reaper like init.
 // We fork a child that will continue normally, when it dies, we can safely
 // exit.
 // We need to be careful we close the magic kZygoteIdFd properly in the parent
@@ skipping 60 matching lines @@
     (void) HANDLE_EINTR(close(sync_fds[0]));
     if (read_ret == 1)
       return true;
     else
       return false;
   }
 }
 
 // This will set the *using_suid_sandbox variable to true if the SUID sandbox
 // is enabled. This does not necessarily exclude other types of sandboxing.
-static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
-                         bool* using_suid_sandbox, bool* has_started_new_init) {
+static bool EnterSuidSandbox(LinuxSandbox* linux_sandbox,
+                             bool* using_suid_sandbox,
+                             bool* has_started_new_init) {
   *using_suid_sandbox = false;
   *has_started_new_init = false;
+
+  sandbox::SetuidSandboxClient* setuid_sandbox =
+      linux_sandbox->setuid_sandbox_client();
+
   if (!setuid_sandbox)
     return false;
 
   PreSandboxInit();
-  SkFontConfigInterface::SetGlobal(
-      new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref();
+
+  // Check that the pre-sandbox initialization didn't spawn threads.
+  DCHECK(linux_sandbox->IsSingleThreaded());
 
   if (setuid_sandbox->IsSuidSandboxChild()) {
     // Use the SUID sandbox.  This still allows the seccomp sandbox to
     // be enabled by the process later.
     *using_suid_sandbox = true;
 
     if (!setuid_sandbox->IsSuidSandboxUpToDate()) {
       LOG(WARNING) << "You are using a wrong version of the setuid binary!\n"
        "Please read "
        "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment."
@@ skipping 47 matching lines @@
 
 bool ZygoteMain(const MainFunctionParams& params,
                 ZygoteForkDelegate* forkdelegate) {
   g_am_zygote_or_renderer = true;
   sandbox::InitLibcUrandomOverrides();
 
   LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
   // This will pre-initialize the various sandboxes that need it.
   linux_sandbox->PreinitializeSandbox();
 
-  sandbox::SetuidSandboxClient* setuid_sandbox =
-      linux_sandbox->setuid_sandbox_client();
-
   if (forkdelegate != NULL) {
     VLOG(1) << "ZygoteMain: initializing fork delegate";
     forkdelegate->Init(Zygote::kMagicSandboxIPCDescriptor);
   } else {
     VLOG(1) << "ZygoteMain: fork delegate is NULL";
   }
 
   // Turn on the sandbox.
   bool using_suid_sandbox = false;
   bool has_started_new_init = false;
 
-  if (!EnterSandbox(setuid_sandbox,
-                    &using_suid_sandbox,
-                    &has_started_new_init)) {
+  if (!EnterSuidSandbox(linux_sandbox,
+                        &using_suid_sandbox,
+                        &has_started_new_init)) {
     LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: "
                << errno << ")";
     return false;
   }
 
+  sandbox::SetuidSandboxClient* setuid_sandbox =
+      linux_sandbox->setuid_sandbox_client();
+
   if (setuid_sandbox->IsInNewPIDNamespace() && !has_started_new_init) {
     LOG(ERROR) << "The SUID sandbox created a new PID namespace but Zygote "
                   "is not the init process. Please, make sure the SUID "
                   "binary is up to date.";
   }
 
   int sandbox_flags = linux_sandbox->GetStatus();
 
   Zygote zygote(sandbox_flags, forkdelegate);
   // This function call can return multiple times, once per fork().
   return zygote.ProcessRequests();
 }
 
 }  // namespace content