OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "services/shell/runner/host/child_process_base.h" | |
6 | |
7 #include "base/command_line.h" | |
8 #include "base/debug/stack_trace.h" | |
9 #include "base/logging.h" | |
10 #include "base/macros.h" | |
11 #include "base/memory/ref_counted.h" | |
12 #include "base/message_loop/message_loop.h" | |
13 #include "base/single_thread_task_runner.h" | |
14 #include "base/synchronization/waitable_event.h" | |
15 #include "base/threading/thread.h" | |
16 #include "mojo/edk/embedder/embedder.h" | |
17 #include "mojo/edk/embedder/process_delegate.h" | |
18 #include "services/shell/runner/common/client_util.h" | |
19 #include "services/shell/runner/common/switches.h" | |
20 | |
21 #if defined(OS_LINUX) | |
22 #include "base/rand_util.h" | |
23 #include "base/sys_info.h" | |
24 #include "services/shell/runner/host/linux_sandbox.h" | |
25 #endif | |
26 | |
27 #if defined(OS_MACOSX) | |
28 #include "services/shell/runner/host/mach_broker.h" | |
29 #endif | |
30 | |
31 namespace shell { | |
32 | |
33 namespace { | |
34 | |
35 #if defined(OS_LINUX) | |
36 std::unique_ptr<LinuxSandbox> InitializeSandbox() { | |
37 using sandbox::syscall_broker::BrokerFilePermission; | |
38 // Warm parts of base in the copy of base in the mojo runner. | |
39 base::RandUint64(); | |
40 base::SysInfo::AmountOfPhysicalMemory(); | |
41 base::SysInfo::NumberOfProcessors(); | |
42 | |
43 // TODO(erg,jln): Allowing access to all of /dev/shm/ makes it easy to | |
44 // spy on other shared memory using processes. This is a temporary hack | |
45 // so that we have some sandbox until we have proper shared memory | |
46 // support integrated into mojo. | |
47 std::vector<BrokerFilePermission> permissions; | |
48 permissions.push_back( | |
49 BrokerFilePermission::ReadWriteCreateUnlinkRecursive("/dev/shm/")); | |
50 std::unique_ptr<LinuxSandbox> sandbox(new LinuxSandbox(permissions)); | |
51 sandbox->Warmup(); | |
52 sandbox->EngageNamespaceSandbox(); | |
53 sandbox->EngageSeccompSandbox(); | |
54 sandbox->Seal(); | |
55 return sandbox; | |
56 } | |
57 #endif | |
58 | |
59 // Should be created and initialized on the main thread and kept alive as long | |
60 // a Service is running in the current process. | |
61 class ScopedAppContext : public mojo::edk::ProcessDelegate { | |
62 public: | |
63 ScopedAppContext() | |
64 : io_thread_("io_thread"), | |
65 wait_for_shutdown_event_( | |
66 base::WaitableEvent::ResetPolicy::MANUAL, | |
67 base::WaitableEvent::InitialState::NOT_SIGNALED) { | |
68 // Initialize Mojo before starting any threads. | |
69 mojo::edk::Init(); | |
70 | |
71 // Create and start our I/O thread. | |
72 base::Thread::Options io_thread_options(base::MessageLoop::TYPE_IO, 0); | |
73 CHECK(io_thread_.StartWithOptions(io_thread_options)); | |
74 io_runner_ = io_thread_.task_runner().get(); | |
75 CHECK(io_runner_.get()); | |
76 | |
77 mojo::edk::InitIPCSupport(this, io_runner_); | |
78 mojo::edk::SetParentPipeHandleFromCommandLine(); | |
79 } | |
80 | |
81 ~ScopedAppContext() override { | |
82 mojo::edk::ShutdownIPCSupport(); | |
83 wait_for_shutdown_event_.Wait(); | |
84 } | |
85 | |
86 private: | |
87 // ProcessDelegate implementation. | |
88 void OnShutdownComplete() override { | |
89 wait_for_shutdown_event_.Signal(); | |
90 } | |
91 | |
92 base::Thread io_thread_; | |
93 scoped_refptr<base::SingleThreadTaskRunner> io_runner_; | |
94 | |
95 // Used to unblock the main thread on shutdown. | |
96 base::WaitableEvent wait_for_shutdown_event_; | |
97 | |
98 DISALLOW_COPY_AND_ASSIGN(ScopedAppContext); | |
99 }; | |
100 | |
101 } // namespace | |
102 | |
103 void ChildProcessMainWithCallback(const RunCallback& callback) { | |
104 DCHECK(!base::MessageLoop::current()); | |
105 | |
106 #if defined(OS_MACOSX) | |
107 // Send our task port to the parent. | |
108 MachBroker::SendTaskPortToParent(); | |
109 #endif | |
110 | |
111 #if !defined(OFFICIAL_BUILD) | |
112 // Initialize stack dumping just before initializing sandbox to make | |
113 // sure symbol names in all loaded libraries will be cached. | |
114 base::debug::EnableInProcessStackDumping(); | |
115 #endif | |
116 #if defined(OS_LINUX) | |
117 std::unique_ptr<LinuxSandbox> sandbox; | |
118 const base::CommandLine& command_line = | |
119 *base::CommandLine::ForCurrentProcess(); | |
120 if (command_line.HasSwitch(switches::kEnableSandbox)) | |
121 sandbox = InitializeSandbox(); | |
122 #endif | |
123 | |
124 ScopedAppContext app_context; | |
125 callback.Run(GetServiceRequestFromCommandLine()); | |
126 } | |
127 | |
128 } // namespace shell | |
OLD | NEW |