Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(213)

Side by Side Diff: content/browser/renderer_host/render_sandbox_host_linux.cc

Issue 240563002: Extract SandboxIPCProcess into its own file. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Update DEPS. Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/renderer_host/render_sandbox_host_linux.h" 5 #include "content/browser/renderer_host/render_sandbox_host_linux.h"
6 6
7 #include <fcntl.h>
8 #include <fontconfig/fontconfig.h>
9 #include <stdint.h>
10 #include <sys/poll.h>
11 #include <sys/socket.h> 7 #include <sys/socket.h>
12 #include <sys/stat.h>
13 #include <sys/uio.h>
14 #include <time.h>
15 #include <unistd.h>
16 8
17 #include <vector>
18
19 #include "base/command_line.h"
20 #include "base/linux_util.h"
21 #include "base/memory/scoped_ptr.h"
22 #include "base/memory/shared_memory.h"
23 #include "base/memory/singleton.h" 9 #include "base/memory/singleton.h"
24 #include "base/pickle.h"
25 #include "base/posix/eintr_wrapper.h" 10 #include "base/posix/eintr_wrapper.h"
26 #include "base/posix/unix_domain_socket_linux.h" 11 #include "content/browser/renderer_host/sandbox_ipc_linux.h"
27 #include "base/process/launch.h"
28 #include "base/process/process_metrics.h"
29 #include "base/strings/string_number_conversions.h"
30 #include "base/strings/string_util.h"
31 #include "content/child/blink_platform_impl.h"
32 #include "content/common/font_config_ipc_linux.h"
33 #include "content/common/sandbox_linux/sandbox_linux.h"
34 #include "content/common/set_process_title.h"
35 #include "content/public/common/content_switches.h"
36 #include "ppapi/c/trusted/ppb_browser_font_trusted.h"
37 #include "skia/ext/skia_utils_base.h"
38 #include "third_party/WebKit/public/platform/linux/WebFontInfo.h"
39 #include "third_party/WebKit/public/web/WebKit.h"
40 #include "third_party/npapi/bindings/npapi_extensions.h"
41 #include "third_party/skia/include/ports/SkFontConfigInterface.h"
42 #include "ui/gfx/font_render_params_linux.h"
43
44 using blink::WebCString;
45 using blink::WebFontInfo;
46 using blink::WebUChar;
47 using blink::WebUChar32;
48 12
49 namespace content { 13 namespace content {
50 14
51 // http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
52
53 // BEWARE: code in this file run across *processes* (not just threads).
54
55 // This code runs in a child process
56 class SandboxIPCProcess {
57 public:
58 // lifeline_fd: this is the read end of a pipe which the browser process
59 // holds the other end of. If the browser process dies, its descriptors are
60 // closed and we will noticed an EOF on the pipe. That's our signal to exit.
61 // browser_socket: the browser's end of the sandbox IPC socketpair. From the
62 // point of view of the renderer, it's talking to the browser but this
63 // object actually services the requests.
64 // sandbox_cmd: the path of the sandbox executable.
65 SandboxIPCProcess(int lifeline_fd, int browser_socket,
66 std::string sandbox_cmd)
67 : lifeline_fd_(lifeline_fd),
68 browser_socket_(browser_socket) {
69 if (!sandbox_cmd.empty()) {
70 sandbox_cmd_.push_back(sandbox_cmd);
71 sandbox_cmd_.push_back(base::kFindInodeSwitch);
72 }
73
74 // FontConfig doesn't provide a standard property to control subpixel
75 // positioning, so we pass the current setting through to WebKit.
76 WebFontInfo::setSubpixelPositioning(
77 gfx::GetDefaultWebkitSubpixelPositioning());
78
79 CommandLine& command_line = *CommandLine::ForCurrentProcess();
80 command_line.AppendSwitchASCII(switches::kProcessType,
81 switches::kSandboxIPCProcess);
82
83 // Update the process title. The argv was already cached by the call to
84 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
85 // NULL here (we don't have the original argv at this point).
86 SetProcessTitleFromCommandLine(NULL);
87 }
88
89 ~SandboxIPCProcess();
90
91 void Run() {
92 struct pollfd pfds[2];
93 pfds[0].fd = lifeline_fd_;
94 pfds[0].events = POLLIN;
95 pfds[1].fd = browser_socket_;
96 pfds[1].events = POLLIN;
97
98 int failed_polls = 0;
99 for (;;) {
100 const int r = HANDLE_EINTR(poll(pfds, 2, -1 /* no timeout */));
101 // '0' is not a possible return value with no timeout.
102 DCHECK_NE(0, r);
103 if (r < 0) {
104 PLOG(WARNING) << "poll";
105 if (failed_polls++ == 3) {
106 LOG(FATAL) << "poll(2) failing. RenderSandboxHostLinux aborting.";
107 return;
108 }
109 continue;
110 }
111
112 failed_polls = 0;
113
114 if (pfds[0].revents) {
115 // our parent died so we should too.
116 _exit(0);
117 }
118
119 if (pfds[1].revents) {
120 HandleRequestFromRenderer(browser_socket_);
121 }
122 }
123 }
124
125 private:
126 void EnsureWebKitInitialized();
127
128 // ---------------------------------------------------------------------------
129 // Requests from the renderer...
130
131 void HandleRequestFromRenderer(int fd) {
132 std::vector<int> fds;
133
134 // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength
135 // bytes long (this is the largest message type).
136 // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC
137 // error for a maximum length message.
138 char buf[FontConfigIPC::kMaxFontFamilyLength + 128];
139
140 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds);
141 if (len == -1) {
142 // TODO: should send an error reply, or the sender might block forever.
143 NOTREACHED()
144 << "Sandbox host message is larger than kMaxFontFamilyLength";
145 return;
146 }
147 if (fds.empty())
148 return;
149
150 Pickle pickle(buf, len);
151 PickleIterator iter(pickle);
152
153 int kind;
154 if (!pickle.ReadInt(&iter, &kind))
155 goto error;
156
157 if (kind == FontConfigIPC::METHOD_MATCH) {
158 HandleFontMatchRequest(fd, pickle, iter, fds);
159 } else if (kind == FontConfigIPC::METHOD_OPEN) {
160 HandleFontOpenRequest(fd, pickle, iter, fds);
161 } else if (kind == LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR) {
162 HandleGetFontFamilyForChar(fd, pickle, iter, fds);
163 } else if (kind == LinuxSandbox::METHOD_LOCALTIME) {
164 HandleLocaltime(fd, pickle, iter, fds);
165 } else if (kind == LinuxSandbox::METHOD_GET_CHILD_WITH_INODE) {
166 HandleGetChildWithInode(fd, pickle, iter, fds);
167 } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) {
168 HandleGetStyleForStrike(fd, pickle, iter, fds);
169 } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) {
170 HandleMakeSharedMemorySegment(fd, pickle, iter, fds);
171 } else if (kind == LinuxSandbox::METHOD_MATCH_WITH_FALLBACK) {
172 HandleMatchWithFallback(fd, pickle, iter, fds);
173 }
174
175 error:
176 for (std::vector<int>::const_iterator
177 i = fds.begin(); i != fds.end(); ++i) {
178 close(*i);
179 }
180 }
181
182 int FindOrAddPath(const SkString& path) {
183 int count = paths_.count();
184 for (int i = 0; i < count; ++i) {
185 if (path == *paths_[i])
186 return i;
187 }
188 *paths_.append() = new SkString(path);
189 return count;
190 }
191
192 void HandleFontMatchRequest(int fd, const Pickle& pickle, PickleIterator iter,
193 std::vector<int>& fds) {
194 uint32_t requested_style;
195 std::string family;
196 if (!pickle.ReadString(&iter, &family) ||
197 !pickle.ReadUInt32(&iter, &requested_style))
198 return;
199
200 SkFontConfigInterface::FontIdentity result_identity;
201 SkString result_family;
202 SkTypeface::Style result_style;
203 SkFontConfigInterface* fc =
204 SkFontConfigInterface::GetSingletonDirectInterface();
205 const bool r = fc->matchFamilyName(
206 family.c_str(), static_cast<SkTypeface::Style>(requested_style),
207 &result_identity, &result_family, &result_style);
208
209 Pickle reply;
210 if (!r) {
211 reply.WriteBool(false);
212 } else {
213 // Stash away the returned path, so we can give it an ID (index)
214 // which will later be given to us in a request to open the file.
215 int index = FindOrAddPath(result_identity.fString);
216 result_identity.fID = static_cast<uint32_t>(index);
217
218 reply.WriteBool(true);
219 skia::WriteSkString(&reply, result_family);
220 skia::WriteSkFontIdentity(&reply, result_identity);
221 reply.WriteUInt32(result_style);
222 }
223 SendRendererReply(fds, reply, -1);
224 }
225
226 void HandleFontOpenRequest(int fd, const Pickle& pickle, PickleIterator iter,
227 std::vector<int>& fds) {
228 uint32_t index;
229 if (!pickle.ReadUInt32(&iter, &index))
230 return;
231 if (index >= static_cast<uint32_t>(paths_.count()))
232 return;
233 const int result_fd = open(paths_[index]->c_str(), O_RDONLY);
234
235 Pickle reply;
236 if (result_fd == -1) {
237 reply.WriteBool(false);
238 } else {
239 reply.WriteBool(true);
240 }
241
242 // The receiver will have its own access to the file, so we will close it
243 // after this send.
244 SendRendererReply(fds, reply, result_fd);
245
246 if (result_fd >= 0) {
247 int err = IGNORE_EINTR(close(result_fd));
248 DCHECK(!err);
249 }
250 }
251
252 void HandleGetFontFamilyForChar(int fd, const Pickle& pickle,
253 PickleIterator iter,
254 std::vector<int>& fds) {
255 // The other side of this call is
256 // chrome/renderer/renderer_sandbox_support_linux.cc
257
258 EnsureWebKitInitialized();
259 WebUChar32 c;
260 if (!pickle.ReadInt(&iter, &c))
261 return;
262
263 std::string preferred_locale;
264 if (!pickle.ReadString(&iter, &preferred_locale))
265 return;
266
267 blink::WebFontFamily family;
268 WebFontInfo::familyForChar(c, preferred_locale.c_str(), &family);
269
270 Pickle reply;
271 if (family.name.data()) {
272 reply.WriteString(family.name.data());
273 } else {
274 reply.WriteString(std::string());
275 }
276 reply.WriteBool(family.isBold);
277 reply.WriteBool(family.isItalic);
278 SendRendererReply(fds, reply, -1);
279 }
280
281 void HandleGetStyleForStrike(int fd, const Pickle& pickle,
282 PickleIterator iter,
283 std::vector<int>& fds) {
284 std::string family;
285 int sizeAndStyle;
286
287 if (!pickle.ReadString(&iter, &family) ||
288 !pickle.ReadInt(&iter, &sizeAndStyle)) {
289 return;
290 }
291
292 EnsureWebKitInitialized();
293 blink::WebFontRenderStyle style;
294 WebFontInfo::renderStyleForStrike(family.c_str(), sizeAndStyle, &style);
295
296 Pickle reply;
297 reply.WriteInt(style.useBitmaps);
298 reply.WriteInt(style.useAutoHint);
299 reply.WriteInt(style.useHinting);
300 reply.WriteInt(style.hintStyle);
301 reply.WriteInt(style.useAntiAlias);
302 reply.WriteInt(style.useSubpixelRendering);
303 reply.WriteInt(style.useSubpixelPositioning);
304
305 SendRendererReply(fds, reply, -1);
306 }
307
308 void HandleLocaltime(int fd, const Pickle& pickle, PickleIterator iter,
309 std::vector<int>& fds) {
310 // The other side of this call is in zygote_main_linux.cc
311
312 std::string time_string;
313 if (!pickle.ReadString(&iter, &time_string) ||
314 time_string.size() != sizeof(time_t)) {
315 return;
316 }
317
318 time_t time;
319 memcpy(&time, time_string.data(), sizeof(time));
320 // We use localtime here because we need the tm_zone field to be filled
321 // out. Since we are a single-threaded process, this is safe.
322 const struct tm* expanded_time = localtime(&time);
323
324 std::string result_string;
325 const char* time_zone_string = "";
326 if (expanded_time != NULL) {
327 result_string = std::string(reinterpret_cast<const char*>(expanded_time),
328 sizeof(struct tm));
329 time_zone_string = expanded_time->tm_zone;
330 }
331
332 Pickle reply;
333 reply.WriteString(result_string);
334 reply.WriteString(time_zone_string);
335 SendRendererReply(fds, reply, -1);
336 }
337
338 void HandleGetChildWithInode(int fd, const Pickle& pickle,
339 PickleIterator iter,
340 std::vector<int>& fds) {
341 // The other side of this call is in zygote_main_linux.cc
342 if (sandbox_cmd_.empty()) {
343 LOG(ERROR) << "Not in the sandbox, this should not be called";
344 return;
345 }
346
347 uint64_t inode;
348 if (!pickle.ReadUInt64(&iter, &inode))
349 return;
350
351 base::ProcessId pid = 0;
352 std::string inode_output;
353
354 std::vector<std::string> sandbox_cmd = sandbox_cmd_;
355 sandbox_cmd.push_back(base::Int64ToString(inode));
356 CommandLine get_inode_cmd(sandbox_cmd);
357 if (base::GetAppOutput(get_inode_cmd, &inode_output))
358 base::StringToInt(inode_output, &pid);
359
360 if (!pid) {
361 // Even though the pid is invalid, we still need to reply to the zygote
362 // and not just return here.
363 LOG(ERROR) << "Could not get pid";
364 }
365
366 Pickle reply;
367 reply.WriteInt(pid);
368 SendRendererReply(fds, reply, -1);
369 }
370
371 void HandleMakeSharedMemorySegment(int fd, const Pickle& pickle,
372 PickleIterator iter,
373 std::vector<int>& fds) {
374 base::SharedMemoryCreateOptions options;
375 uint32_t size;
376 if (!pickle.ReadUInt32(&iter, &size))
377 return;
378 options.size = size;
379 if (!pickle.ReadBool(&iter, &options.executable))
380 return;
381 int shm_fd = -1;
382 base::SharedMemory shm;
383 if (shm.Create(options))
384 shm_fd = shm.handle().fd;
385 Pickle reply;
386 SendRendererReply(fds, reply, shm_fd);
387 }
388
389 void HandleMatchWithFallback(int fd, const Pickle& pickle,
390 PickleIterator iter,
391 std::vector<int>& fds) {
392 // Unlike the other calls, for which we are an indirection in front of
393 // WebKit or Skia, this call is always made via this sandbox helper
394 // process. Therefore the fontconfig code goes in here directly.
395
396 std::string face;
397 bool is_bold, is_italic;
398 uint32 charset, fallback_family;
399
400 if (!pickle.ReadString(&iter, &face) ||
401 face.empty() ||
402 !pickle.ReadBool(&iter, &is_bold) ||
403 !pickle.ReadBool(&iter, &is_italic) ||
404 !pickle.ReadUInt32(&iter, &charset) ||
405 !pickle.ReadUInt32(&iter, &fallback_family)) {
406 return;
407 }
408
409 FcLangSet* langset = FcLangSetCreate();
410 bool is_lgc = MSCharSetToFontconfig(langset, charset);
411
412 FcPattern* pattern = FcPatternCreate();
413 FcPatternAddString(pattern, FC_FAMILY,
414 reinterpret_cast<const FcChar8*>(face.c_str()));
415
416 // TODO(thestig) Check if we can access Chrome's per-script font preference
417 // here and select better default fonts for non-LGC case.
418 std::string generic_font_name;
419 if (is_lgc) {
420 switch (fallback_family) {
421 case PP_BROWSERFONT_TRUSTED_FAMILY_SERIF:
422 generic_font_name = "Times New Roman";
423 break;
424 case PP_BROWSERFONT_TRUSTED_FAMILY_SANSSERIF:
425 generic_font_name = "Arial";
426 break;
427 case PP_BROWSERFONT_TRUSTED_FAMILY_MONOSPACE:
428 generic_font_name = "Courier New";
429 break;
430 }
431 }
432 if (!generic_font_name.empty()) {
433 const FcChar8* fc_generic_font_name =
434 reinterpret_cast<const FcChar8*>(generic_font_name.c_str());
435 FcPatternAddString(pattern, FC_FAMILY, fc_generic_font_name);
436 }
437
438 if (is_bold)
439 FcPatternAddInteger(pattern, FC_WEIGHT, FC_WEIGHT_BOLD);
440 if (is_italic)
441 FcPatternAddInteger(pattern, FC_SLANT, FC_SLANT_ITALIC);
442 FcPatternAddLangSet(pattern, FC_LANG, langset);
443 FcPatternAddBool(pattern, FC_SCALABLE, FcTrue);
444 FcConfigSubstitute(NULL, pattern, FcMatchPattern);
445 FcDefaultSubstitute(pattern);
446
447 FcResult result;
448 FcFontSet* font_set = FcFontSort(0, pattern, 0, 0, &result);
449 int font_fd = -1;
450 int good_enough_index = -1;
451 bool good_enough_index_set = false;
452
453 if (font_set) {
454 for (int i = 0; i < font_set->nfont; ++i) {
455 FcPattern* current = font_set->fonts[i];
456
457 // Older versions of fontconfig have a bug where they cannot select
458 // only scalable fonts so we have to manually filter the results.
459 FcBool is_scalable;
460 if (FcPatternGetBool(current, FC_SCALABLE, 0,
461 &is_scalable) != FcResultMatch ||
462 !is_scalable) {
463 continue;
464 }
465
466 FcChar8* c_filename;
467 if (FcPatternGetString(current, FC_FILE, 0, &c_filename) !=
468 FcResultMatch) {
469 continue;
470 }
471
472 // We only want to return sfnt (TrueType) based fonts. We don't have a
473 // very good way of detecting this so we'll filter based on the
474 // filename.
475 bool is_sfnt = false;
476 static const char kSFNTExtensions[][5] = {
477 ".ttf", ".otc", ".TTF", ".ttc", ""
478 };
479 const size_t filename_len = strlen(reinterpret_cast<char*>(c_filename));
480 for (unsigned j = 0; ; j++) {
481 if (kSFNTExtensions[j][0] == 0) {
482 // None of the extensions matched.
483 break;
484 }
485 const size_t ext_len = strlen(kSFNTExtensions[j]);
486 if (filename_len > ext_len &&
487 memcmp(c_filename + filename_len - ext_len,
488 kSFNTExtensions[j], ext_len) == 0) {
489 is_sfnt = true;
490 break;
491 }
492 }
493
494 if (!is_sfnt)
495 continue;
496
497 // This font is good enough to pass muster, but we might be able to do
498 // better with subsequent ones.
499 if (!good_enough_index_set) {
500 good_enough_index = i;
501 good_enough_index_set = true;
502 }
503
504 FcValue matrix;
505 bool have_matrix = FcPatternGet(current, FC_MATRIX, 0, &matrix) == 0;
506
507 if (is_italic && have_matrix) {
508 // we asked for an italic font, but fontconfig is giving us a
509 // non-italic font with a transformation matrix.
510 continue;
511 }
512
513 FcValue embolden;
514 const bool have_embolden =
515 FcPatternGet(current, FC_EMBOLDEN, 0, &embolden) == 0;
516
517 if (is_bold && have_embolden) {
518 // we asked for a bold font, but fontconfig gave us a non-bold font
519 // and asked us to apply fake bolding.
520 continue;
521 }
522
523 font_fd = open(reinterpret_cast<char*>(c_filename), O_RDONLY);
524 if (font_fd >= 0)
525 break;
526 }
527 }
528
529 if (font_fd == -1 && good_enough_index_set) {
530 // We didn't find a font that we liked, so we fallback to something
531 // acceptable.
532 FcPattern* current = font_set->fonts[good_enough_index];
533 FcChar8* c_filename;
534 FcPatternGetString(current, FC_FILE, 0, &c_filename);
535 font_fd = open(reinterpret_cast<char*>(c_filename), O_RDONLY);
536 }
537
538 if (font_set)
539 FcFontSetDestroy(font_set);
540 FcPatternDestroy(pattern);
541
542 Pickle reply;
543 SendRendererReply(fds, reply, font_fd);
544
545 if (font_fd >= 0) {
546 if (IGNORE_EINTR(close(font_fd)) < 0)
547 PLOG(ERROR) << "close";
548 }
549 }
550
551 // MSCharSetToFontconfig translates a Microsoft charset identifier to a
552 // fontconfig language set by appending to |langset|.
553 // Returns true if |langset| is Latin/Greek/Cyrillic.
554 static bool MSCharSetToFontconfig(FcLangSet* langset, unsigned fdwCharSet) {
555 // We have need to translate raw fdwCharSet values into terms that
556 // fontconfig can understand. (See the description of fdwCharSet in the MSDN
557 // documentation for CreateFont:
558 // http://msdn.microsoft.com/en-us/library/dd183499(VS.85).aspx )
559 //
560 // Although the argument is /called/ 'charset', the actual values conflate
561 // character sets (which are sets of Unicode code points) and character
562 // encodings (which are algorithms for turning a series of bits into a
563 // series of code points.) Sometimes the values will name a language,
564 // sometimes they'll name an encoding. In the latter case I'm assuming that
565 // they mean the set of code points in the domain of that encoding.
566 //
567 // fontconfig deals with ISO 639-1 language codes:
568 // http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes
569 //
570 // So, for each of the documented fdwCharSet values I've had to take a
571 // guess at the set of ISO 639-1 languages intended.
572
573 bool is_lgc = false;
574 switch (fdwCharSet) {
575 case NPCharsetAnsi:
576 // These values I don't really know what to do with, so I'm going to map
577 // them to English also.
578 case NPCharsetDefault:
579 case NPCharsetMac:
580 case NPCharsetOEM:
581 case NPCharsetSymbol:
582 is_lgc = true;
583 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("en"));
584 break;
585 case NPCharsetBaltic:
586 // The three baltic languages.
587 is_lgc = true;
588 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("et"));
589 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("lv"));
590 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("lt"));
591 break;
592 case NPCharsetChineseBIG5:
593 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("zh-tw"));
594 break;
595 case NPCharsetGB2312:
596 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("zh-cn"));
597 break;
598 case NPCharsetEastEurope:
599 // A scattering of eastern European languages.
600 is_lgc = true;
601 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("pl"));
602 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("cs"));
603 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("sk"));
604 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("hu"));
605 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("hr"));
606 break;
607 case NPCharsetGreek:
608 is_lgc = true;
609 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("el"));
610 break;
611 case NPCharsetHangul:
612 case NPCharsetJohab:
613 // Korean
614 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ko"));
615 break;
616 case NPCharsetRussian:
617 is_lgc = true;
618 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ru"));
619 break;
620 case NPCharsetShiftJIS:
621 // Japanese
622 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ja"));
623 break;
624 case NPCharsetTurkish:
625 is_lgc = true;
626 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("tr"));
627 break;
628 case NPCharsetVietnamese:
629 is_lgc = true;
630 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("vi"));
631 break;
632 case NPCharsetArabic:
633 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("ar"));
634 break;
635 case NPCharsetHebrew:
636 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("he"));
637 break;
638 case NPCharsetThai:
639 FcLangSetAdd(langset, reinterpret_cast<const FcChar8*>("th"));
640 break;
641 // default:
642 // Don't add any languages in that case that we don't recognise the
643 // constant.
644 }
645 return is_lgc;
646 }
647
648 void SendRendererReply(const std::vector<int>& fds, const Pickle& reply,
649 int reply_fd) {
650 struct msghdr msg;
651 memset(&msg, 0, sizeof(msg));
652 struct iovec iov = {const_cast<void*>(reply.data()), reply.size()};
653 msg.msg_iov = &iov;
654 msg.msg_iovlen = 1;
655
656 char control_buffer[CMSG_SPACE(sizeof(int))];
657
658 if (reply_fd != -1) {
659 struct stat st;
660 if (fstat(reply_fd, &st) == 0 && S_ISDIR(st.st_mode)) {
661 LOG(FATAL) << "Tried to send a directory descriptor over sandbox IPC";
662 // We must never send directory descriptors to a sandboxed process
663 // because they can use openat with ".." elements in the path in order
664 // to escape the sandbox and reach the real filesystem.
665 }
666
667 struct cmsghdr *cmsg;
668 msg.msg_control = control_buffer;
669 msg.msg_controllen = sizeof(control_buffer);
670 cmsg = CMSG_FIRSTHDR(&msg);
671 cmsg->cmsg_level = SOL_SOCKET;
672 cmsg->cmsg_type = SCM_RIGHTS;
673 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
674 memcpy(CMSG_DATA(cmsg), &reply_fd, sizeof(reply_fd));
675 msg.msg_controllen = cmsg->cmsg_len;
676 }
677
678 if (HANDLE_EINTR(sendmsg(fds[0], &msg, MSG_DONTWAIT)) < 0)
679 PLOG(ERROR) << "sendmsg";
680 }
681
682 // ---------------------------------------------------------------------------
683
684 const int lifeline_fd_;
685 const int browser_socket_;
686 std::vector<std::string> sandbox_cmd_;
687 scoped_ptr<BlinkPlatformImpl> webkit_platform_support_;
688 SkTDArray<SkString*> paths_;
689 };
690
691 SandboxIPCProcess::~SandboxIPCProcess() {
692 paths_.deleteAll();
693 if (webkit_platform_support_)
694 blink::shutdownWithoutV8();
695 }
696
697 void SandboxIPCProcess::EnsureWebKitInitialized() {
698 if (webkit_platform_support_)
699 return;
700 webkit_platform_support_.reset(new BlinkPlatformImpl);
701 blink::initializeWithoutV8(webkit_platform_support_.get());
702 }
703
704 // -----------------------------------------------------------------------------
705
706 // Runs on the main thread at startup. 15 // Runs on the main thread at startup.
707 RenderSandboxHostLinux::RenderSandboxHostLinux() 16 RenderSandboxHostLinux::RenderSandboxHostLinux()
708 : initialized_(false), 17 : initialized_(false),
709 renderer_socket_(0), 18 renderer_socket_(0),
710 childs_lifeline_fd_(0), 19 childs_lifeline_fd_(0),
711 pid_(0) { 20 pid_(0) {
712 } 21 }
713 22
714 // static 23 // static
715 RenderSandboxHostLinux* RenderSandboxHostLinux::GetInstance() { 24 RenderSandboxHostLinux* RenderSandboxHostLinux::GetInstance() {
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
764 RenderSandboxHostLinux::~RenderSandboxHostLinux() { 73 RenderSandboxHostLinux::~RenderSandboxHostLinux() {
765 if (initialized_) { 74 if (initialized_) {
766 if (IGNORE_EINTR(close(renderer_socket_)) < 0) 75 if (IGNORE_EINTR(close(renderer_socket_)) < 0)
767 PLOG(ERROR) << "close"; 76 PLOG(ERROR) << "close";
768 if (IGNORE_EINTR(close(childs_lifeline_fd_)) < 0) 77 if (IGNORE_EINTR(close(childs_lifeline_fd_)) < 0)
769 PLOG(ERROR) << "close"; 78 PLOG(ERROR) << "close";
770 } 79 }
771 } 80 }
772 81
773 } // namespace content 82 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/render_sandbox_host_linux.h ('k') | content/browser/renderer_host/sandbox_ipc_linux.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698