OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/nacl/broker/nacl_broker_listener.h" | 5 #include "components/nacl/broker/nacl_broker_listener.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
12 #include "base/path_service.h" | 12 #include "base/path_service.h" |
13 #include "base/process/launch.h" | 13 #include "base/process/launch.h" |
14 #include "base/process/process.h" | 14 #include "base/process/process.h" |
15 #include "base/process/process_handle.h" | 15 #include "base/process/process_handle.h" |
16 #include "base/strings/string_number_conversions.h" | 16 #include "base/strings/string_number_conversions.h" |
17 #include "base/threading/thread_task_runner_handle.h" | 17 #include "base/threading/thread_task_runner_handle.h" |
18 #include "base/win/win_util.h" | 18 #include "base/win/win_util.h" |
19 #include "components/nacl/common/nacl_cmd_line.h" | 19 #include "components/nacl/common/nacl_cmd_line.h" |
20 #include "components/nacl/common/nacl_debug_exception_handler_win.h" | 20 #include "components/nacl/common/nacl_debug_exception_handler_win.h" |
21 #include "components/nacl/common/nacl_messages.h" | 21 #include "components/nacl/common/nacl_messages.h" |
| 22 #include "components/nacl/common/nacl_service.h" |
22 #include "components/nacl/common/nacl_switches.h" | 23 #include "components/nacl/common/nacl_switches.h" |
23 #include "content/public/common/content_switches.h" | 24 #include "content/public/common/content_switches.h" |
24 #include "content/public/common/mojo_channel_switches.h" | 25 #include "content/public/common/mojo_channel_switches.h" |
25 #include "content/public/common/sandbox_init.h" | 26 #include "content/public/common/sandbox_init.h" |
26 #include "ipc/ipc_channel.h" | 27 #include "ipc/ipc_channel.h" |
27 #include "mojo/edk/embedder/embedder.h" | 28 #include "mojo/edk/embedder/embedder.h" |
28 #include "mojo/edk/embedder/platform_channel_pair.h" | 29 #include "mojo/edk/embedder/platform_channel_pair.h" |
29 #include "mojo/public/cpp/system/message_pipe.h" | 30 #include "mojo/public/cpp/system/message_pipe.h" |
30 #include "sandbox/win/src/sandbox_policy.h" | 31 #include "sandbox/win/src/sandbox_policy.h" |
| 32 #include "services/service_manager/public/cpp/service_context.h" |
31 | 33 |
32 namespace { | 34 namespace { |
33 | 35 |
34 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { | 36 void SendReply(IPC::Channel* channel, int32_t pid, bool result) { |
35 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); | 37 channel->Send(new NaClProcessMsg_DebugExceptionHandlerLaunched(pid, result)); |
36 } | 38 } |
37 | 39 |
38 } // namespace | 40 } // namespace |
39 | 41 |
40 NaClBrokerListener::NaClBrokerListener() = default; | 42 NaClBrokerListener::NaClBrokerListener() = default; |
41 | 43 |
42 NaClBrokerListener::~NaClBrokerListener() = default; | 44 NaClBrokerListener::~NaClBrokerListener() = default; |
43 | 45 |
44 void NaClBrokerListener::Listen() { | 46 void NaClBrokerListener::Listen() { |
45 mojo::ScopedMessagePipeHandle handle( | 47 mojo::ScopedMessagePipeHandle channel_handle; |
46 mojo::edk::CreateChildMessagePipe( | 48 std::unique_ptr<service_manager::ServiceContext> service_context = |
47 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | 49 CreateNaClServiceContext(base::ThreadTaskRunnerHandle::Get(), |
48 switches::kMojoChannelToken))); | 50 &channel_handle); |
49 DCHECK(handle.is_valid()); | |
50 IPC::ChannelHandle channel_handle(handle.release()); | |
51 | 51 |
52 channel_ = IPC::Channel::CreateClient(channel_handle, this); | 52 channel_ = IPC::Channel::CreateClient(channel_handle.release(), this); |
53 CHECK(channel_->Connect()); | 53 CHECK(channel_->Connect()); |
54 run_loop_.Run(); | 54 run_loop_.Run(); |
55 } | 55 } |
56 | 56 |
57 // NOTE: changes to this method need to be reviewed by the security team. | 57 // NOTE: changes to this method need to be reviewed by the security team. |
58 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { | 58 bool NaClBrokerListener::PreSpawnTarget(sandbox::TargetPolicy* policy) { |
59 // This code is duplicated in chrome_content_browser_client.cc. | 59 // This code is duplicated in chrome_content_browser_client.cc. |
60 | 60 |
61 // Allow the server side of a pipe restricted to the "chrome.nacl." | 61 // Allow the server side of a pipe restricted to the "chrome.nacl." |
62 // namespace so that it cannot impersonate other system or other chrome | 62 // namespace so that it cannot impersonate other system or other chrome |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
131 base::HandlesToInheritVector handles; | 131 base::HandlesToInheritVector handles; |
132 handles.push_back(client_handle.get().handle); | 132 handles.push_back(client_handle.get().handle); |
133 cmd_line->AppendSwitchASCII( | 133 cmd_line->AppendSwitchASCII( |
134 mojo::edk::PlatformChannelPair::kMojoPlatformChannelHandleSwitch, | 134 mojo::edk::PlatformChannelPair::kMojoPlatformChannelHandleSwitch, |
135 base::UintToString(base::win::HandleToUint32(handles[0]))); | 135 base::UintToString(base::win::HandleToUint32(handles[0]))); |
136 const std::string mojo_child_token = mojo::edk::GenerateRandomToken(); | 136 const std::string mojo_child_token = mojo::edk::GenerateRandomToken(); |
137 const std::string mojo_channel_token = mojo::edk::GenerateRandomToken(); | 137 const std::string mojo_channel_token = mojo::edk::GenerateRandomToken(); |
138 mojo::ScopedMessagePipeHandle host_message_pipe = | 138 mojo::ScopedMessagePipeHandle host_message_pipe = |
139 mojo::edk::CreateParentMessagePipe(mojo_channel_token, | 139 mojo::edk::CreateParentMessagePipe(mojo_channel_token, |
140 mojo_child_token); | 140 mojo_child_token); |
141 cmd_line->AppendSwitchASCII(switches::kMojoChannelToken, | 141 cmd_line->AppendSwitchASCII(switches::kServiceRequestChannelToken, |
142 mojo_channel_token); | 142 mojo_channel_token); |
143 CHECK_EQ(MOJO_RESULT_OK, | 143 CHECK_EQ(MOJO_RESULT_OK, |
144 mojo::FuseMessagePipes(std::move(loader_message_pipe), | 144 mojo::FuseMessagePipes(std::move(loader_message_pipe), |
145 std::move(host_message_pipe))); | 145 std::move(host_message_pipe))); |
146 | 146 |
147 base::Process loader_process; | 147 base::Process loader_process; |
148 sandbox::ResultCode result = content::StartSandboxedProcess( | 148 sandbox::ResultCode result = content::StartSandboxedProcess( |
149 this, cmd_line, handles, &loader_process); | 149 this, cmd_line, handles, &loader_process); |
150 | 150 |
151 if (result == sandbox::SBOX_ALL_OK) { | 151 if (result == sandbox::SBOX_ALL_OK) { |
(...skipping 30 matching lines...) Expand all Loading... |
182 const std::string& startup_info) { | 182 const std::string& startup_info) { |
183 NaClStartDebugExceptionHandlerThread( | 183 NaClStartDebugExceptionHandlerThread( |
184 base::Process(process_handle), startup_info, | 184 base::Process(process_handle), startup_info, |
185 base::ThreadTaskRunnerHandle::Get(), | 185 base::ThreadTaskRunnerHandle::Get(), |
186 base::Bind(SendReply, channel_.get(), pid)); | 186 base::Bind(SendReply, channel_.get(), pid)); |
187 } | 187 } |
188 | 188 |
189 void NaClBrokerListener::OnStopBroker() { | 189 void NaClBrokerListener::OnStopBroker() { |
190 run_loop_.QuitWhenIdle(); | 190 run_loop_.QuitWhenIdle(); |
191 } | 191 } |
OLD | NEW |