OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/render_sandbox_host_linux.h" | 5 #include "content/browser/renderer_host/render_sandbox_host_linux.h" |
6 | 6 |
7 #include <fcntl.h> | |
8 #include <fontconfig/fontconfig.h> | |
9 #include <stdint.h> | |
10 #include <sys/poll.h> | |
11 #include <sys/socket.h> | 7 #include <sys/socket.h> |
12 #include <sys/stat.h> | |
13 #include <sys/uio.h> | |
14 #include <time.h> | |
15 #include <unistd.h> | |
16 | 8 |
17 #include <vector> | |
18 | |
19 #include "base/command_line.h" | |
20 #include "base/linux_util.h" | |
21 #include "base/memory/scoped_ptr.h" | |
22 #include "base/memory/shared_memory.h" | |
23 #include "base/memory/singleton.h" | 9 #include "base/memory/singleton.h" |
24 #include "base/pickle.h" | |
25 #include "base/posix/eintr_wrapper.h" | 10 #include "base/posix/eintr_wrapper.h" |
26 #include "base/posix/unix_domain_socket_linux.h" | 11 #include "content/browser/renderer_host/sandbox_ipc_linux.h" |
27 #include "base/process/launch.h" | |
28 #include "base/process/process_metrics.h" | |
29 #include "base/strings/string_number_conversions.h" | |
30 #include "base/strings/string_util.h" | |
31 #include "content/child/blink_platform_impl.h" | |
32 #include "content/common/font_config_ipc_linux.h" | |
33 #include "content/common/sandbox_linux/sandbox_linux.h" | |
34 #include "content/common/set_process_title.h" | |
35 #include "content/public/common/content_switches.h" | |
36 #include "ppapi/c/trusted/ppb_browser_font_trusted.h" | |
37 #include "skia/ext/skia_utils_base.h" | |
38 #include "third_party/WebKit/public/platform/linux/WebFontInfo.h" | |
39 #include "third_party/WebKit/public/web/WebKit.h" | |
40 #include "third_party/npapi/bindings/npapi_extensions.h" | |
41 #include "third_party/skia/include/ports/SkFontConfigInterface.h" | |
42 #include "ui/gfx/font_render_params_linux.h" | |
43 | |
44 using blink::WebCString; | |
45 using blink::WebFontInfo; | |
46 using blink::WebUChar; | |
47 using blink::WebUChar32; | |
48 | 12 |
49 namespace content { | 13 namespace content { |
50 | 14 |
51 // http://code.google.com/p/chromium/wiki/LinuxSandboxIPC | |
52 | |
53 // BEWARE: code in this file run across *processes* (not just threads). | |
54 | |
55 // This code runs in a child process | |
56 class SandboxIPCProcess { | |
57 public: | |
58 // lifeline_fd: this is the read end of a pipe which the browser process | |
59 // holds the other end of. If the browser process dies, its descriptors are | |
60 // closed and we will noticed an EOF on the pipe. That's our signal to exit. | |
61 // browser_socket: the browser's end of the sandbox IPC socketpair. From the | |
62 // point of view of the renderer, it's talking to the browser but this | |
63 // object actually services the requests. | |
64 // sandbox_cmd: the path of the sandbox executable. | |
65 SandboxIPCProcess(int lifeline_fd, int browser_socket, | |
66 std::string sandbox_cmd) | |
67 : lifeline_fd_(lifeline_fd), | |
68 browser_socket_(browser_socket) { | |
69 if (!sandbox_cmd.empty()) { | |
70 sandbox_cmd_.push_back(sandbox_cmd); | |
71 sandbox_cmd_.push_back(base::kFindInodeSwitch); | |
72 } | |
73 | |
74 // FontConfig doesn't provide a standard property to control subpixel | |
75 // positioning, so we pass the current setting through to WebKit. | |
76 WebFontInfo::setSubpixelPositioning( | |
77 gfx::GetDefaultWebkitSubpixelPositioning()); | |
78 | |
79 CommandLine& command_line = *CommandLine::ForCurrentProcess(); | |
80 command_line.AppendSwitchASCII(switches::kProcessType, | |
81 switches::kSandboxIPCProcess); | |
82 | |
83 // Update the process title. The argv was already cached by the call to | |
84 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass | |
85 // NULL here (we don't have the original argv at this point). | |
86 SetProcessTitleFromCommandLine(NULL); | |
87 } | |
88 | |
89 ~SandboxIPCProcess(); | |
90 | |
91 void Run() { | |
92 struct pollfd pfds[2]; | |
93 pfds[0].fd = lifeline_fd_; | |
94 pfds[0].events = POLLIN; | |
95 pfds[1].fd = browser_socket_; | |
96 pfds[1].events = POLLIN; | |
97 | |
98 int failed_polls = 0; | |
99 for (;;) { | |
100 const int r = HANDLE_EINTR(poll(pfds, 2, -1 /* no timeout */)); | |
101 // '0' is not a possible return value with no timeout. | |
102 DCHECK_NE(0, r); | |
103 if (r < 0) { | |
104 PLOG(WARNING) << "poll"; | |
105 if (failed_polls++ == 3) { | |
106 LOG(FATAL) << "poll(2) failing. RenderSandboxHostLinux aborting."; | |
107 return; | |
108 } | |
109 continue; | |
110 } | |
111 | |
112 failed_polls = 0; | |
113 | |
114 if (pfds[0].revents) { | |
115 // our parent died so we should too. | |
116 _exit(0); | |
117 } | |
118 | |
119 if (pfds[1].revents) { | |
120 HandleRequestFromRenderer(browser_socket_); | |
121 } | |
122 } | |
123 } | |
124 | |
125 private: | |
126 void EnsureWebKitInitialized(); | |
127 | |
128 // --------------------------------------------------------------------------- | |
129 // Requests from the renderer... | |
130 | |
131 void HandleRequestFromRenderer(int fd) { | |
132 std::vector<int> fds; | |
133 | |
134 // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength | |
135 // bytes long (this is the largest message type). | |
136 // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC | |
137 // error for a maximum length message. | |
138 char buf[FontConfigIPC::kMaxFontFamilyLength + 128]; | |
139 | |
140 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); | |
141 if (len == -1) { | |
142 // TODO: should send an error reply, or the sender might block forever. | |
143 NOTREACHED() | |
144 << "Sandbox host message is larger than kMaxFontFamilyLength"; | |
145 return; | |
146 } | |
147 if (fds.empty()) | |
148 return; | |
149 | |
150 Pickle pickle(buf, len); | |
151 PickleIterator iter(pickle); | |
152 | |
153 int kind; | |
154 if (!pickle.ReadInt(&iter, &kind)) | |
155 goto error; | |
156 | |
157 if (kind == FontConfigIPC::METHOD_MATCH) { | |
158 HandleFontMatchRequest(fd, pickle, iter, fds); | |
159 } else if (kind == FontConfigIPC::METHOD_OPEN) { | |
160 HandleFontOpenRequest(fd, pickle, iter, fds); | |
161 } else if (kind == LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR) { | |
162 HandleGetFontFamilyForChar(fd, pickle, iter, fds); | |
163 } else if (kind == LinuxSandbox::METHOD_LOCALTIME) { | |
164 HandleLocaltime(fd, pickle, iter, fds); | |
165 } else if (kind == LinuxSandbox::METHOD_GET_CHILD_WITH_INODE) { | |
166 HandleGetChildWithInode(fd, pickle, iter, fds); | |
167 } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) { | |
168 HandleGetStyleForStrike(fd, pickle, iter, fds); | |
169 } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) { | |
170 HandleMakeSharedMemorySegment(fd, pickle, iter, fds); | |
171 } else if (kind == LinuxSandbox::METHOD_MATCH_WITH_FALLBACK) { | |
172 HandleMatchWithFallback(fd, pickle, iter, fds); | |
173 } | |
174 | |
175 error: | |
176 for (std::vector<int>::const_iterator | |
177 i = fds.begin(); i != fds.end(); ++i) { | |
178 close(*i); | |
179 } | |
180 } | |
181 | |
182 int FindOrAddPath(const SkString& path) { | |
183 int count = paths_.count(); | |
184 for (int i = 0; i < count; ++i) { | |
185 if (path == *paths_[i]) | |
186 return i; | |
187 } | |
188 *paths_.append() = new SkString(path); | |
189 return count; | |
190 } | |
191 | |
192 void HandleFontMatchRequest(int fd, const Pickle& pickle, PickleIterator iter, | |
193 std::vector<int>& fds) { | |
194 uint32_t requested_style; | |
195 std::string family; | |
196 if (!pickle.ReadString(&iter, &family) || | |
197 !pickle.ReadUInt32(&iter, &requested_style)) | |
198 return; | |
199 | |
200 SkFontConfigInterface::FontIdentity result_identity; | |
201 SkString result_family; | |
202 SkTypeface::Style result_style; | |
203 SkFontConfigInterface* fc = | |
204 SkFontConfigInterface::GetSingletonDirectInterface(); | |
205 const bool r = fc->matchFamilyName( | |
206 family.c_str(), static_cast<SkTypeface::Style>(requested_style), | |
207 &result_identity, &result_family, &result_style); | |
208 | |
209 Pickle reply; | |
210 if (!r) { | |
211 reply.WriteBool(false); | |
212 } else { | |
213 // Stash away the returned path, so we can give it an ID (index) | |
214 // which will later be given to us in a request to open the file. | |
215 int index = FindOrAddPath(result_identity.fString); | |
216 result_identity.fID = static_cast<uint32_t>(index); | |
217 | |
218 reply.WriteBool(true); | |
219 skia::WriteSkString(&reply, result_family); | |
220 skia::WriteSkFontIdentity(&reply, result_identity); | |
221 reply.WriteUInt32(result_style); | |
222 } | |
223 SendRendererReply(fds, reply, -1); | |
224 } | |
225 | |
226 void HandleFontOpenRequest(int fd, const Pickle& pickle, PickleIterator iter, | |
227 std::vector<int>& fds) { | |
228 uint32_t index; | |
229 if (!pickle.ReadUInt32(&iter, &index)) | |
230 return; | |
231 if (index >= static_cast<uint32_t>(paths_.count())) | |
232 return; | |
233 const int result_fd = open(paths_[index]->c_str(), O_RDONLY); | |
234 | |
235 Pickle reply; | |
236 if (result_fd == -1) { | |
237 reply.WriteBool(false); | |
238 } else { | |
239 reply.WriteBool(true); | |
240 } | |
241 | |
242 // The receiver will have its own access to the file, so we will close it | |
243 // after this send. | |
244 SendRendererReply(fds, reply, result_fd); | |
245 | |
246 if (result_fd >= 0) { | |
247 int err = IGNORE_EINTR(close(result_fd)); | |
248 DCHECK(!err); | |
249 } | |
250 } | |
251 | |
252 void HandleGetFontFamilyForChar(int fd, const Pickle& pickle, | |
253 PickleIterator iter, | |
254 std::vector<int>& fds) { | |
255 // The other side of this call is | |
256 // chrome/renderer/renderer_sandbox_support_linux.cc | |
257 | |
258 EnsureWebKitInitialized(); | |
259 WebUChar32 c; | |
260 if (!pickle.ReadInt(&iter, &c)) | |
261 return; | |
262 | |
263 std::string preferred_locale; | |
264 if (!pickle.ReadString(&iter, &preferred_locale)) | |
265 return; | |
266 | |
267 blink::WebFontFamily family; | |
268 WebFontInfo::familyForChar(c, preferred_locale.c_str(), &family); | |
269 | |
270 Pickle reply; | |
271 if (family.name.data()) { | |
272 reply.WriteString(family.name.data()); | |
273 } else { | |
274 reply.WriteString(std::string()); | |
275 } | |
276 reply.WriteBool(family.isBold); | |
277 reply.WriteBool(family.isItalic); | |
278 SendRendererReply(fds, reply, -1); | |
279 } | |
280 | |
281 void HandleGetStyleForStrike(int fd, const Pickle& pickle, | |
282 PickleIterator iter, | |
283 std::vector<int>& fds) { | |
284 std::string family; | |
285 int sizeAndStyle; | |
286 | |
287 if (!pickle.ReadString(&iter, &family) || | |
288 !pickle.ReadInt(&iter, &sizeAndStyle)) { | |
289 return; | |
290 } | |
291 | |
292 EnsureWebKitInitialized(); | |
293 blink::WebFontRenderStyle style; | |
294 WebFontInfo::renderStyleForStrike(family.c_str(), sizeAndStyle, &style); | |
295 | |
296 Pickle reply; | |
297 reply.WriteInt(style.useBitmaps); | |
298 reply.WriteInt(style.useAutoHint); | |
299 reply.WriteInt(style.useHinting); | |
300 reply.WriteInt(style.hintStyle); | |
301 reply.WriteInt(style.useAntiAlias); | |
302 reply.WriteInt(style.useSubpixelRendering); | |
303 reply.WriteInt(style.useSubpixelPositioning); | |
304 | |
305 SendRendererReply(fds, reply, -1); | |
306 } | |
307 | |
308 void HandleLocaltime(int fd, const Pickle& pickle, PickleIterator iter, | |
309 std::vector<int>& fds) { | |
310 // The other side of this call is in zygote_main_linux.cc | |
311 | |
312 std::string time_string; | |
313 if (!pickle.ReadString(&iter, &time_string) || | |
314 time_string.size() != sizeof(time_t)) { | |
315 return; | |
316 } | |
317 | |
318 time_t time; | |
319 memcpy(&time, time_string.data(), sizeof(time)); | |
320 // We use localtime here because we need the tm_zone field to be filled | |
321 // out. Since we are a single-threaded process, this is safe. | |
322 const struct tm* expanded_time = localtime(&time); | |
323 | |
324 std::string result_string; | |
325 const char* time_zone_string = ""; | |
326 if (expanded_time != NULL) { | |
327 result_string = std::string(reinterpret_cast<const char*>(expanded_time), | |
328 sizeof(struct tm)); | |
329 time_zone_string = expanded_time->tm_zone; | |
330 } | |
331 | |
332 Pickle reply; | |
333 reply.WriteString(result_string); | |
334 reply.WriteString(time_zone_string); | |
335 SendRendererReply(fds, reply, -1); | |
336 } | |
337 | |
338 void HandleGetChildWithInode(int fd, const Pickle& pickle, | |
339 PickleIterator iter, | |
340 std::vector<int>& fds) { | |
341 // The other side of this call is in zygote_main_linux.cc | |
342 if (sandbox_cmd_.empty()) { | |
343 LOG(ERROR) << "Not in the sandbox, this should not be called"; | |
344 return; | |
345 } | |
346 | |
347 uint64_t inode; | |
348 if (!pickle.ReadUInt64(&iter, &inode)) | |
349 return; | |
350 | |
351 base::ProcessId pid = 0; | |
352 std::string inode_output; | |
353 | |
354 std::vector<std::string> sandbox_cmd = sandbox_cmd_; | |
355 sandbox_cmd.push_back(base::Int64ToString(inode)); | |
356 CommandLine get_inode_cmd(sandbox_cmd); | |
357 if (base::GetAppOutput(get_inode_cmd, &inode_output)) | |
358 base::StringToInt(inode_output, &pid); | |
359 | |
360 if (!pid) { | |
361 // Even though the pid is invalid, we still need to reply to the zygote | |
362 // and not just return here. | |
363 LOG(ERROR) << "Could not get pid"; | |
364 } | |
365 | |
366 Pickle reply; | |
367 reply.WriteInt(pid); | |
368 SendRendererReply(fds, reply, -1); | |
369 } | |
370 | |
371 void HandleMakeSharedMemorySegment(int fd, const Pickle& pickle, | |
372 PickleIterator iter, | |
373 std::vector<int>& fds) { | |
374 base::SharedMemoryCreateOptions options; | |
375 uint32_t size; | |
376 if (!pickle.ReadUInt32(&iter, &size)) | |
377 return; | |
378 options.size = size; | |
379 if (!pickle.ReadBool(&iter, &options.executable)) | |
380 return; | |
381 int shm_fd = -1; | |
382 base::SharedMemory shm; | |
383 if (shm.Create(options)) | |
384 shm_fd = shm.handle().fd; | |
385 Pickle reply; | |
386 SendRendererReply(fds, reply, shm_fd); | |
387 } | |
388 | |
389 void HandleMatchWithFallback(int fd, const Pickle& pickle, | |
390 PickleIterator iter, | |
391 std::vector<int>& fds) { | |
392 // Unlike the other calls, for which we are an indirection in front of | |
393 // WebKit or Skia, this call is always made via this sandbox helper | |
394 // process. Therefore the fontconfig code goes in here directly. | |
395 | |
396 std::string face; | |
397 bool is_bold, is_italic; | |
398 uint32 charset, fallback_family; | |
399 | |
400 if (!pickle.ReadString(&iter, &face) || | |
401 face.empty() || | |
402 !pickle.ReadBool(&iter, &is_bold) || | |
403 !pickle.ReadBool(&iter, &is_italic) || | |
404 !pickle.ReadUInt32(&iter, &charset) || | |
405 !pickle.ReadUInt32(&iter, &fallback_family)) { | |
406 return; | |
407 } | |
408 | |
409 FcLangSet* langset = FcLangSetCreate(); | |
410 bool is_lgc = MSCharSetToFontconfig(langset, charset); | |
411 | |
412 FcPattern* pattern = FcPatternCreate(); | |
413 FcPatternAddString(pattern, FC_FAMILY, | |
414 reinterpret_cast<const FcChar8*>(face.c_str())); | |
415 | |
416 // TODO(thestig) Check if we can access Chrome's per-script font preference | |
417 // here and select better default fonts for non-LGC case. | |
418 std::string generic_font_name; | |
419 if (is_lgc) { | |
420 switch (fallback_family) { | |
421 case PP_BROWSERFONT_TRUSTED_FAMILY_SERIF: | |
422 generic_font_name = "Times New Roman"; | |
423 break; | |
424 case PP_BROWSERFONT_TRUSTED_FAMILY_SANSSERIF: | |
425 generic_font_name = "Arial"; | |
426 break; | |
427 case PP_BROWSERFONT_TRUSTED_FAMILY_MONOSPACE: | |
428 generic_font_name = "Courier New"; | |
429 break; | |
430 } | |
431 } | |
432 if (!generic_font_name.empty()) { | |
433 const FcChar8* fc_generic_font_name = | |
434 reinterpret_cast<const FcChar8*>(generic_font_name.c_str()); | |
435 FcPatternAddString(pattern, FC_FAMILY, fc_generic_font_name); | |
436 } | |
437 | |
438 if (is_bold) | |
439 FcPatternAddInteger(pattern, FC_WEIGHT, FC_WEIGHT_BOLD); | |
440 if (is_italic) | |
441 FcPatternAddInteger(pattern, FC_SLANT, FC_SLANT_ITALIC); | |
442 FcPatternAddLangSet(pattern, FC_LANG, langset); | |
443 FcPatternAddBool(pattern, FC_SCALABLE, FcTrue); | |
444 FcConfigSubstitute(NULL, pattern, FcMatchPattern); | |
445 FcDefaultSubstitute(pattern); | |
446 | |
447 FcResult result; | |
448 FcFontSet* font_set = FcFontSort(0, pattern, 0, 0, &result); | |
449 int font_fd = -1; | |
450 int good_enough_index = -1; | |
451 bool good_enough_index_set = false; | |
452 | |
453 if (font_set) { | |
454 for (int i = 0; i < font_set->nfont; ++i) { | |
455 FcPattern* current = font_set->fonts[i]; | |
456 | |
457 // Older versions of fontconfig have a bug where they cannot select | |
458 // only scalable fonts so we have to manually filter the results. | |
459 FcBool is_scalable; | |
460 if (FcPatternGetBool(current, FC_SCALABLE, 0, | |
461 &is_scalable) != FcResultMatch || | |
462 !is_scalable) { | |
463 continue; | |
464 } | |
465 | |
466 FcChar8* c_filename; | |
467 if (FcPatternGetString(current, FC_FILE, 0, &c_filename) != | |
468 FcResultMatch) { | |
469 continue; | |
470 } | |
471 | |
472 // We only want to return sfnt (TrueType) based fonts. We don't have a | |
473 // very good way of detecting this so we'll filter based on the | |
474 // filename. | |
475 bool is_sfnt = false; | |
476 static const char kSFNTExtensions[][5] = { | |
477 ".ttf", ".otc", ".TTF", ".ttc", "" | |
478 }; | |
479 const size_t filename_len = strlen(reinterpret_cast<char*>(c_filename)); | |
480 for (unsigned j = 0; ; j++) { | |
481 if (kSFNTExtensions[j][0] == 0) { | |
482 // None of the extensions matched. | |
483 break; | |
484 } | |
485 const size_t ext_len = strlen(kSFNTExtensions[j]); | |
486 if (filename_len > ext_len && | |
487 memcmp(c_filename + filename_len - ext_len, | |
488 kSFNTExtensions[j], ext_len) == 0) { | |
489 is_sfnt = true; | |
490 break; | |
491 } | |
492 } | |
493 | |
494 if (!is_sfnt) | |
495 continue; | |
496 | |
497 // This font is good enough to pass muster, but we might be able to do | |
498 // better with subsequent ones. | |
499 if (!good_enough_index_set) { | |
500 good_enough_index = i; | |
501 good_enough_index_set = true; | |
502 } | |
503 | |
504 FcValue matrix; | |
505 bool have_matrix = FcPatternGet(current, FC_MATRIX, 0, &matrix) == 0; | |
506 | |
507 if (is_italic && have_matrix) { | |
508 // we asked for an italic font, but fontconfig is giving us a | |
509 // non-italic font with a transformation matrix. | |
510 continue; | |
511 } | |
512 | |
513 FcValue embolden; | |
514 const bool have_embolden = | |
515 FcPatternGet(current, FC_EMBOLDEN, 0, &embolden) == 0; | |
516 | |
517 if (is_bold && have_embolden) { | |
518 // we asked for a bold font, but fontconfig gave us a non-bold font | |
519 // and asked us to apply fake bolding. | |
520 continue; | |
521 } | |
522 | |
523 font_fd = open(reinterpret_cast<char*>(c_filename), O_RDONLY); | |
524 if (font_fd >= 0) | |
525 break; | |
526 } | |
527 } | |
528 | |
529 if (font_fd == -1 && good_enough_index_set) { | |
530 // We didn't find a font that we liked, so we fallback to something | |
531 // acceptable. | |
532 FcPattern* current = font_set->fonts[good_enough_index]; | |
533 FcChar8* c_filename; | |
534 FcPatternGetString(current, FC_FILE, 0, &c_filename); | |
535 font_fd = open(reinterpret_cast<char*>(c_filename), O_RDONLY); | |
536 } | |
537 | |
538 if (font_set) | |
539 FcFontSetDestroy(font_set); | |
540 FcPatternDestroy(pattern); | |
541 | |
542 Pickle reply; | |
543 SendRendererReply(fds, reply, font_fd); | |
544 | |
545 if (font_fd >= 0) { | |
546 if (IGNORE_EINTR(close(font_fd)) < 0) | |
547 PLOG(ERROR) << "close"; | |
548 } | |
549 } | |
550 | |
551 // MSCharSetToFontconfig translates a Microsoft charset identifier to a | |
552 // fontconfig language set by appending to |langset|. | |
553 // Returns true if |langset| is Latin/Greek/Cyrillic. | |
554 static bool MSCharSetToFontconfig(FcLangSet* langset, unsigned fdwCharSet) { | |
555 // We have need to translate raw fdwCharSet values into terms that | |
556 // fontconfig can understand. (See the description of fdwCharSet in the MSDN | |
557 // documentation for CreateFont: | |
558 // http://msdn.microsoft.com/en-us/library/dd183499(VS.85).aspx ) | |
559 // | |
560 // Although the argument is /called/ 'charset', the actual values conflate | |
561 // character sets (which are sets of Unicode code points) and character | |
562 // encodings (which are algorithms for turning a series of bits into a | |
563 // series of code points.) Sometimes the values will name a language, | |
564 // sometimes they'll name an encoding. In the latter case I'm assuming that | |
565 // they mean the set of code points in the domain of that encoding. | |
566 // | |
567 // fontconfig deals with ISO 639-1 language codes: | |
568 // http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes | |
569 // | |
570 // So, for each of the documented fdwCharSet values I've had to take a | |
571 // guess at the set of ISO 639-1 languages intended. | |
572 | |
573 bool is_lgc = false; | |
574 switch (fdwCharSet) { | |
575 case NPCharsetAnsi: | |
576 // These values I don't really know what to do with, so I'm going to map | |
577 // them to English also. | |
578 case NPCharsetDefault: | |
579 case NPCharsetMac: | |
580 case NPCharsetOEM: | |
581 case NPCharsetSymbol: | |
582 is_lgc = true; | |
583 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("en")); | |
584 break; | |
585 case NPCharsetBaltic: | |
586 // The three baltic languages. | |
587 is_lgc = true; | |
588 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("et")); | |
589 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("lv")); | |
590 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("lt")); | |
591 break; | |
592 case NPCharsetChineseBIG5: | |
593 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("zh-tw")); | |
594 break; | |
595 case NPCharsetGB2312: | |
596 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("zh-cn")); | |
597 break; | |
598 case NPCharsetEastEurope: | |
599 // A scattering of eastern European languages. | |
600 is_lgc = true; | |
601 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("pl")); | |
602 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("cs")); | |
603 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("sk")); | |
604 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("hu")); | |
605 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("hr")); | |
606 break; | |
607 case NPCharsetGreek: | |
608 is_lgc = true; | |
609 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("el")); | |
610 break; | |
611 case NPCharsetHangul: | |
612 case NPCharsetJohab: | |
613 // Korean | |
614 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ko")); | |
615 break; | |
616 case NPCharsetRussian: | |
617 is_lgc = true; | |
618 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ru")); | |
619 break; | |
620 case NPCharsetShiftJIS: | |
621 // Japanese | |
622 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ja")); | |
623 break; | |
624 case NPCharsetTurkish: | |
625 is_lgc = true; | |
626 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("tr")); | |
627 break; | |
628 case NPCharsetVietnamese: | |
629 is_lgc = true; | |
630 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("vi")); | |
631 break; | |
632 case NPCharsetArabic: | |
633 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ar")); | |
634 break; | |
635 case NPCharsetHebrew: | |
636 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("he")); | |
637 break; | |
638 case NPCharsetThai: | |
639 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("th")); | |
640 break; | |
641 // default: | |
642 // Don't add any languages in that case that we don't recognise the | |
643 // constant. | |
644 } | |
645 return is_lgc; | |
646 } | |
647 | |
648 void SendRendererReply(const std::vector<int>& fds, const Pickle& reply, | |
649 int reply_fd) { | |
650 struct msghdr msg; | |
651 memset(&msg, 0, sizeof(msg)); | |
652 struct iovec iov = {const_cast<void*>(reply.data()), reply.size()}; | |
653 msg.msg_iov = &iov; | |
654 msg.msg_iovlen = 1; | |
655 | |
656 char control_buffer[CMSG_SPACE(sizeof(int))]; | |
657 | |
658 if (reply_fd != -1) { | |
659 struct stat st; | |
660 if (fstat(reply_fd, &st) == 0 && S_ISDIR(st.st_mode)) { | |
661 LOG(FATAL) << "Tried to send a directory descriptor over sandbox IPC"; | |
662 // We must never send directory descriptors to a sandboxed process | |
663 // because they can use openat with ".." elements in the path in order | |
664 // to escape the sandbox and reach the real filesystem. | |
665 } | |
666 | |
667 struct cmsghdr *cmsg; | |
668 msg.msg_control = control_buffer; | |
669 msg.msg_controllen = sizeof(control_buffer); | |
670 cmsg = CMSG_FIRSTHDR(&msg); | |
671 cmsg->cmsg_level = SOL_SOCKET; | |
672 cmsg->cmsg_type = SCM_RIGHTS; | |
673 cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
674 memcpy(CMSG_DATA(cmsg), &reply_fd, sizeof(reply_fd)); | |
675 msg.msg_controllen = cmsg->cmsg_len; | |
676 } | |
677 | |
678 if (HANDLE_EINTR(sendmsg(fds[0], &msg, MSG_DONTWAIT)) < 0) | |
679 PLOG(ERROR) << "sendmsg"; | |
680 } | |
681 | |
682 // --------------------------------------------------------------------------- | |
683 | |
684 const int lifeline_fd_; | |
685 const int browser_socket_; | |
686 std::vector<std::string> sandbox_cmd_; | |
687 scoped_ptr<BlinkPlatformImpl> webkit_platform_support_; | |
688 SkTDArray<SkString*> paths_; | |
689 }; | |
690 | |
691 SandboxIPCProcess::~SandboxIPCProcess() { | |
692 paths_.deleteAll(); | |
693 if (webkit_platform_support_) | |
694 blink::shutdownWithoutV8(); | |
695 } | |
696 | |
697 void SandboxIPCProcess::EnsureWebKitInitialized() { | |
698 if (webkit_platform_support_) | |
699 return; | |
700 webkit_platform_support_.reset(new BlinkPlatformImpl); | |
701 blink::initializeWithoutV8(webkit_platform_support_.get()); | |
702 } | |
703 | |
704 // ----------------------------------------------------------------------------- | |
705 | |
706 // Runs on the main thread at startup. | 15 // Runs on the main thread at startup. |
707 RenderSandboxHostLinux::RenderSandboxHostLinux() | 16 RenderSandboxHostLinux::RenderSandboxHostLinux() |
708 : initialized_(false), | 17 : initialized_(false), |
709 renderer_socket_(0), | 18 renderer_socket_(0), |
710 childs_lifeline_fd_(0), | 19 childs_lifeline_fd_(0), |
711 pid_(0) { | 20 pid_(0) { |
712 } | 21 } |
713 | 22 |
714 // static | 23 // static |
715 RenderSandboxHostLinux* RenderSandboxHostLinux::GetInstance() { | 24 RenderSandboxHostLinux* RenderSandboxHostLinux::GetInstance() { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
764 RenderSandboxHostLinux::~RenderSandboxHostLinux() { | 73 RenderSandboxHostLinux::~RenderSandboxHostLinux() { |
765 if (initialized_) { | 74 if (initialized_) { |
766 if (IGNORE_EINTR(close(renderer_socket_)) < 0) | 75 if (IGNORE_EINTR(close(renderer_socket_)) < 0) |
767 PLOG(ERROR) << "close"; | 76 PLOG(ERROR) << "close"; |
768 if (IGNORE_EINTR(close(childs_lifeline_fd_)) < 0) | 77 if (IGNORE_EINTR(close(childs_lifeline_fd_)) < 0) |
769 PLOG(ERROR) << "close"; | 78 PLOG(ERROR) << "close"; |
770 } | 79 } |
771 } | 80 } |
772 | 81 |
773 } // namespace content | 82 } // namespace content |
OLD | NEW |