| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <signal.h> | 10 #include <signal.h> |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 #include "content/common/child_process_sandbox_support_impl_linux.h" | 37 #include "content/common/child_process_sandbox_support_impl_linux.h" |
| 38 #include "content/common/font_config_ipc_linux.h" | 38 #include "content/common/font_config_ipc_linux.h" |
| 39 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h" | 39 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h" |
| 40 #include "content/common/sandbox_linux/sandbox_linux.h" | 40 #include "content/common/sandbox_linux/sandbox_linux.h" |
| 41 #include "content/common/zygote_commands_linux.h" | 41 #include "content/common/zygote_commands_linux.h" |
| 42 #include "content/public/common/content_switches.h" | 42 #include "content/public/common/content_switches.h" |
| 43 #include "content/public/common/main_function_params.h" | 43 #include "content/public/common/main_function_params.h" |
| 44 #include "content/public/common/sandbox_linux.h" | 44 #include "content/public/common/sandbox_linux.h" |
| 45 #include "content/public/common/zygote_fork_delegate_linux.h" | 45 #include "content/public/common/zygote_fork_delegate_linux.h" |
| 46 #include "content/zygote/zygote_linux.h" | 46 #include "content/zygote/zygote_linux.h" |
| 47 #include "ppapi/features/features.h" |
| 47 #include "sandbox/linux/services/credentials.h" | 48 #include "sandbox/linux/services/credentials.h" |
| 48 #include "sandbox/linux/services/init_process_reaper.h" | 49 #include "sandbox/linux/services/init_process_reaper.h" |
| 49 #include "sandbox/linux/services/namespace_sandbox.h" | 50 #include "sandbox/linux/services/namespace_sandbox.h" |
| 50 #include "sandbox/linux/services/thread_helpers.h" | 51 #include "sandbox/linux/services/thread_helpers.h" |
| 51 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | 52 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
| 52 #include "third_party/WebKit/public/web/linux/WebFontRendering.h" | 53 #include "third_party/WebKit/public/web/linux/WebFontRendering.h" |
| 53 #include "third_party/boringssl/src/include/openssl/crypto.h" | 54 #include "third_party/boringssl/src/include/openssl/crypto.h" |
| 54 #include "third_party/boringssl/src/include/openssl/rand.h" | 55 #include "third_party/boringssl/src/include/openssl/rand.h" |
| 55 #include "third_party/icu/source/i18n/unicode/timezone.h" | 56 #include "third_party/icu/source/i18n/unicode/timezone.h" |
| 56 #include "third_party/skia/include/ports/SkFontConfigInterface.h" | 57 #include "third_party/skia/include/ports/SkFontConfigInterface.h" |
| 57 #include "third_party/skia/include/ports/SkFontMgr_android.h" | 58 #include "third_party/skia/include/ports/SkFontMgr_android.h" |
| 58 | 59 |
| 59 #if defined(OS_LINUX) | 60 #if defined(OS_LINUX) |
| 60 #include <sys/prctl.h> | 61 #include <sys/prctl.h> |
| 61 #endif | 62 #endif |
| 62 | 63 |
| 63 #if defined(ENABLE_PLUGINS) | 64 #if BUILDFLAG(ENABLE_PLUGINS) |
| 64 #include "content/common/pepper_plugin_list.h" | 65 #include "content/common/pepper_plugin_list.h" |
| 65 #include "content/public/common/pepper_plugin_info.h" | 66 #include "content/public/common/pepper_plugin_info.h" |
| 66 #endif | 67 #endif |
| 67 | 68 |
| 68 #if defined(ENABLE_WEBRTC) | 69 #if defined(ENABLE_WEBRTC) |
| 69 #include "third_party/webrtc_overrides/init_webrtc.h" | 70 #include "third_party/webrtc_overrides/init_webrtc.h" |
| 70 #endif | 71 #endif |
| 71 | 72 |
| 72 #if defined(SANITIZER_COVERAGE) | 73 #if defined(SANITIZER_COVERAGE) |
| 73 #include <sanitizer/common_interface_defs.h> | 74 #include <sanitizer/common_interface_defs.h> |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 304 CHECK_EQ(0, pthread_once(&g_libc_localtime_funcs_guard, | 305 CHECK_EQ(0, pthread_once(&g_libc_localtime_funcs_guard, |
| 305 InitLibcLocaltimeFunctions)); | 306 InitLibcLocaltimeFunctions)); |
| 306 struct tm* res = g_libc_localtime64_r(timep, result); | 307 struct tm* res = g_libc_localtime64_r(timep, result); |
| 307 #if defined(MEMORY_SANITIZER) | 308 #if defined(MEMORY_SANITIZER) |
| 308 if (res) __msan_unpoison(res, sizeof(*res)); | 309 if (res) __msan_unpoison(res, sizeof(*res)); |
| 309 if (res->tm_zone) __msan_unpoison_string(res->tm_zone); | 310 if (res->tm_zone) __msan_unpoison_string(res->tm_zone); |
| 310 #endif | 311 #endif |
| 311 return res; | 312 return res; |
| 312 } | 313 } |
| 313 | 314 |
| 314 #if defined(ENABLE_PLUGINS) | 315 #if BUILDFLAG(ENABLE_PLUGINS) |
| 315 // Loads the (native) libraries but does not initialize them (i.e., does not | 316 // Loads the (native) libraries but does not initialize them (i.e., does not |
| 316 // call PPP_InitializeModule). This is needed by the zygote on Linux to get | 317 // call PPP_InitializeModule). This is needed by the zygote on Linux to get |
| 317 // access to the plugins before entering the sandbox. | 318 // access to the plugins before entering the sandbox. |
| 318 void PreloadPepperPlugins() { | 319 void PreloadPepperPlugins() { |
| 319 std::vector<PepperPluginInfo> plugins; | 320 std::vector<PepperPluginInfo> plugins; |
| 320 ComputePepperPluginList(&plugins); | 321 ComputePepperPluginList(&plugins); |
| 321 for (const auto& plugin : plugins) { | 322 for (const auto& plugin : plugins) { |
| 322 if (!plugin.is_internal) { | 323 if (!plugin.is_internal) { |
| 323 base::NativeLibraryLoadError error; | 324 base::NativeLibraryLoadError error; |
| 324 base::NativeLibrary library = base::LoadNativeLibrary(plugin.path, | 325 base::NativeLibrary library = base::LoadNativeLibrary(plugin.path, |
| (...skipping 25 matching lines...) Expand all Loading... |
| 350 #if defined(ARCH_CPU_ARM_FAMILY) | 351 #if defined(ARCH_CPU_ARM_FAMILY) |
| 351 // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor | 352 // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor |
| 352 // features. Query this before entering the sandbox. | 353 // features. Query this before entering the sandbox. |
| 353 CRYPTO_library_init(); | 354 CRYPTO_library_init(); |
| 354 #endif | 355 #endif |
| 355 | 356 |
| 356 // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes | 357 // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes |
| 357 // will work inside the sandbox. | 358 // will work inside the sandbox. |
| 358 RAND_set_urandom_fd(base::GetUrandomFD()); | 359 RAND_set_urandom_fd(base::GetUrandomFD()); |
| 359 | 360 |
| 360 #if defined(ENABLE_PLUGINS) | 361 #if BUILDFLAG(ENABLE_PLUGINS) |
| 361 // Ensure access to the Pepper plugins before the sandbox is turned on. | 362 // Ensure access to the Pepper plugins before the sandbox is turned on. |
| 362 PreloadPepperPlugins(); | 363 PreloadPepperPlugins(); |
| 363 #endif | 364 #endif |
| 364 #if defined(ENABLE_WEBRTC) | 365 #if defined(ENABLE_WEBRTC) |
| 365 InitializeWebRtcModule(); | 366 InitializeWebRtcModule(); |
| 366 #endif | 367 #endif |
| 367 | 368 |
| 368 SkFontConfigInterface::SetGlobal( | 369 SkFontConfigInterface::SetGlobal( |
| 369 new FontConfigIPC(GetSandboxFD()))->unref(); | 370 new FontConfigIPC(GetSandboxFD()))->unref(); |
| 370 | 371 |
| (...skipping 292 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 663 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; | 664 const bool namespace_sandbox_engaged = sandbox_flags & kSandboxLinuxUserNS; |
| 664 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); | 665 CHECK_EQ(using_namespace_sandbox, namespace_sandbox_engaged); |
| 665 | 666 |
| 666 Zygote zygote(sandbox_flags, std::move(fork_delegates), extra_children, | 667 Zygote zygote(sandbox_flags, std::move(fork_delegates), extra_children, |
| 667 extra_fds); | 668 extra_fds); |
| 668 // This function call can return multiple times, once per fork(). | 669 // This function call can return multiple times, once per fork(). |
| 669 return zygote.ProcessRequests(); | 670 return zygote.ProcessRequests(); |
| 670 } | 671 } |
| 671 | 672 |
| 672 } // namespace content | 673 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2512563003:
Convert enable_plugins to a buildflag header. (Closed)
