| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "services/shell/runner/host/child_process_base.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/debug/stack_trace.h" | |
| 9 #include "base/logging.h" | |
| 10 #include "base/macros.h" | |
| 11 #include "base/memory/ref_counted.h" | |
| 12 #include "base/message_loop/message_loop.h" | |
| 13 #include "base/single_thread_task_runner.h" | |
| 14 #include "base/synchronization/waitable_event.h" | |
| 15 #include "base/threading/thread.h" | |
| 16 #include "mojo/edk/embedder/embedder.h" | |
| 17 #include "mojo/edk/embedder/process_delegate.h" | |
| 18 #include "services/shell/runner/common/client_util.h" | |
| 19 #include "services/shell/runner/common/switches.h" | |
| 20 | |
| 21 #if defined(OS_LINUX) | |
| 22 #include "base/rand_util.h" | |
| 23 #include "base/sys_info.h" | |
| 24 #include "services/shell/runner/host/linux_sandbox.h" | |
| 25 #endif | |
| 26 | |
| 27 #if defined(OS_MACOSX) | |
| 28 #include "services/shell/runner/host/mach_broker.h" | |
| 29 #endif | |
| 30 | |
| 31 namespace shell { | |
| 32 | |
| 33 namespace { | |
| 34 | |
| 35 #if defined(OS_LINUX) | |
| 36 std::unique_ptr<LinuxSandbox> InitializeSandbox() { | |
| 37 using sandbox::syscall_broker::BrokerFilePermission; | |
| 38 // Warm parts of base in the copy of base in the mojo runner. | |
| 39 base::RandUint64(); | |
| 40 base::SysInfo::AmountOfPhysicalMemory(); | |
| 41 base::SysInfo::NumberOfProcessors(); | |
| 42 | |
| 43 // TODO(erg,jln): Allowing access to all of /dev/shm/ makes it easy to | |
| 44 // spy on other shared memory using processes. This is a temporary hack | |
| 45 // so that we have some sandbox until we have proper shared memory | |
| 46 // support integrated into mojo. | |
| 47 std::vector<BrokerFilePermission> permissions; | |
| 48 permissions.push_back( | |
| 49 BrokerFilePermission::ReadWriteCreateUnlinkRecursive("/dev/shm/")); | |
| 50 std::unique_ptr<LinuxSandbox> sandbox(new LinuxSandbox(permissions)); | |
| 51 sandbox->Warmup(); | |
| 52 sandbox->EngageNamespaceSandbox(); | |
| 53 sandbox->EngageSeccompSandbox(); | |
| 54 sandbox->Seal(); | |
| 55 return sandbox; | |
| 56 } | |
| 57 #endif | |
| 58 | |
| 59 // Should be created and initialized on the main thread and kept alive as long | |
| 60 // a Service is running in the current process. | |
| 61 class ScopedAppContext : public mojo::edk::ProcessDelegate { | |
| 62 public: | |
| 63 ScopedAppContext() | |
| 64 : io_thread_("io_thread"), | |
| 65 wait_for_shutdown_event_( | |
| 66 base::WaitableEvent::ResetPolicy::MANUAL, | |
| 67 base::WaitableEvent::InitialState::NOT_SIGNALED) { | |
| 68 // Initialize Mojo before starting any threads. | |
| 69 mojo::edk::Init(); | |
| 70 | |
| 71 // Create and start our I/O thread. | |
| 72 base::Thread::Options io_thread_options(base::MessageLoop::TYPE_IO, 0); | |
| 73 CHECK(io_thread_.StartWithOptions(io_thread_options)); | |
| 74 io_runner_ = io_thread_.task_runner().get(); | |
| 75 CHECK(io_runner_.get()); | |
| 76 | |
| 77 mojo::edk::InitIPCSupport(this, io_runner_); | |
| 78 mojo::edk::SetParentPipeHandleFromCommandLine(); | |
| 79 } | |
| 80 | |
| 81 ~ScopedAppContext() override { | |
| 82 mojo::edk::ShutdownIPCSupport(); | |
| 83 wait_for_shutdown_event_.Wait(); | |
| 84 } | |
| 85 | |
| 86 private: | |
| 87 // ProcessDelegate implementation. | |
| 88 void OnShutdownComplete() override { | |
| 89 wait_for_shutdown_event_.Signal(); | |
| 90 } | |
| 91 | |
| 92 base::Thread io_thread_; | |
| 93 scoped_refptr<base::SingleThreadTaskRunner> io_runner_; | |
| 94 | |
| 95 // Used to unblock the main thread on shutdown. | |
| 96 base::WaitableEvent wait_for_shutdown_event_; | |
| 97 | |
| 98 DISALLOW_COPY_AND_ASSIGN(ScopedAppContext); | |
| 99 }; | |
| 100 | |
| 101 } // namespace | |
| 102 | |
| 103 void ChildProcessMainWithCallback(const RunCallback& callback) { | |
| 104 DCHECK(!base::MessageLoop::current()); | |
| 105 | |
| 106 #if defined(OS_MACOSX) | |
| 107 // Send our task port to the parent. | |
| 108 MachBroker::SendTaskPortToParent(); | |
| 109 #endif | |
| 110 | |
| 111 #if !defined(OFFICIAL_BUILD) | |
| 112 // Initialize stack dumping just before initializing sandbox to make | |
| 113 // sure symbol names in all loaded libraries will be cached. | |
| 114 base::debug::EnableInProcessStackDumping(); | |
| 115 #endif | |
| 116 #if defined(OS_LINUX) | |
| 117 std::unique_ptr<LinuxSandbox> sandbox; | |
| 118 const base::CommandLine& command_line = | |
| 119 *base::CommandLine::ForCurrentProcess(); | |
| 120 if (command_line.HasSwitch(switches::kEnableSandbox)) | |
| 121 sandbox = InitializeSandbox(); | |
| 122 #endif | |
| 123 | |
| 124 ScopedAppContext app_context; | |
| 125 callback.Run(GetServiceRequestFromCommandLine()); | |
| 126 } | |
| 127 | |
| 128 } // namespace shell | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2419723002:
Move services/shell to services/service_manager (Closed)
