| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "services/service_manager/public/cpp/standalone_service/standalone_serv
ice.h" | |
| 6 | |
| 7 #include "base/command_line.h" | |
| 8 #include "base/debug/stack_trace.h" | |
| 9 #include "base/logging.h" | |
| 10 #include "base/message_loop/message_loop.h" | |
| 11 #include "base/synchronization/waitable_event.h" | |
| 12 #include "base/threading/thread.h" | |
| 13 #include "mojo/edk/embedder/embedder.h" | |
| 14 #include "mojo/edk/embedder/process_delegate.h" | |
| 15 #include "mojo/public/cpp/system/message_pipe.h" | |
| 16 #include "services/service_manager/public/cpp/service_context.h" | |
| 17 #include "services/service_manager/runner/common/client_util.h" | |
| 18 #include "services/service_manager/runner/common/switches.h" | |
| 19 | |
| 20 #if defined(OS_LINUX) | |
| 21 #include "base/rand_util.h" | |
| 22 #include "base/sys_info.h" | |
| 23 #include "services/service_manager/public/cpp/standalone_service/linux_sandbox.h
" | |
| 24 #endif | |
| 25 | |
| 26 #if defined(OS_MACOSX) | |
| 27 #include "services/service_manager/public/cpp/standalone_service/mach_broker.h" | |
| 28 #endif | |
| 29 | |
| 30 namespace service_manager { | |
| 31 namespace { | |
| 32 | |
| 33 #if defined(OS_LINUX) | |
| 34 std::unique_ptr<LinuxSandbox> InitializeSandbox() { | |
| 35 using sandbox::syscall_broker::BrokerFilePermission; | |
| 36 // Warm parts of base in the copy of base in the mojo runner. | |
| 37 base::RandUint64(); | |
| 38 base::SysInfo::AmountOfPhysicalMemory(); | |
| 39 base::SysInfo::NumberOfProcessors(); | |
| 40 | |
| 41 // TODO(erg,jln): Allowing access to all of /dev/shm/ makes it easy to | |
| 42 // spy on other shared memory using processes. This is a temporary hack | |
| 43 // so that we have some sandbox until we have proper shared memory | |
| 44 // support integrated into mojo. | |
| 45 std::vector<BrokerFilePermission> permissions; | |
| 46 permissions.push_back( | |
| 47 BrokerFilePermission::ReadWriteCreateUnlinkRecursive("/dev/shm/")); | |
| 48 std::unique_ptr<LinuxSandbox> sandbox(new LinuxSandbox(permissions)); | |
| 49 sandbox->Warmup(); | |
| 50 sandbox->EngageNamespaceSandbox(); | |
| 51 sandbox->EngageSeccompSandbox(); | |
| 52 sandbox->Seal(); | |
| 53 return sandbox; | |
| 54 } | |
| 55 #endif | |
| 56 | |
| 57 // Should be created and initialized on the main thread and kept alive as long | |
| 58 // a Service is running in the current process. | |
| 59 class ScopedAppContext : public mojo::edk::ProcessDelegate { | |
| 60 public: | |
| 61 ScopedAppContext() | |
| 62 : io_thread_("io_thread"), | |
| 63 wait_for_shutdown_event_( | |
| 64 base::WaitableEvent::ResetPolicy::MANUAL, | |
| 65 base::WaitableEvent::InitialState::NOT_SIGNALED) { | |
| 66 mojo::edk::Init(); | |
| 67 DCHECK(io_thread_.StartWithOptions( | |
| 68 base::Thread::Options(base::MessageLoop::TYPE_IO, 0))); | |
| 69 mojo::edk::InitIPCSupport(this, io_thread_.task_runner()); | |
| 70 mojo::edk::SetParentPipeHandleFromCommandLine(); | |
| 71 } | |
| 72 | |
| 73 ~ScopedAppContext() override { | |
| 74 mojo::edk::ShutdownIPCSupport(); | |
| 75 wait_for_shutdown_event_.Wait(); | |
| 76 } | |
| 77 | |
| 78 private: | |
| 79 // ProcessDelegate implementation. | |
| 80 void OnShutdownComplete() override { | |
| 81 wait_for_shutdown_event_.Signal(); | |
| 82 } | |
| 83 | |
| 84 base::Thread io_thread_; | |
| 85 | |
| 86 // Used to unblock the main thread on shutdown. | |
| 87 base::WaitableEvent wait_for_shutdown_event_; | |
| 88 | |
| 89 DISALLOW_COPY_AND_ASSIGN(ScopedAppContext); | |
| 90 }; | |
| 91 | |
| 92 } // namespace | |
| 93 | |
| 94 void RunStandaloneService(const StandaloneServiceCallback& callback) { | |
| 95 DCHECK(!base::MessageLoop::current()); | |
| 96 | |
| 97 #if defined(OS_MACOSX) | |
| 98 // Send our task port to the parent. | |
| 99 MachBroker::SendTaskPortToParent(); | |
| 100 #endif | |
| 101 | |
| 102 #if !defined(OFFICIAL_BUILD) | |
| 103 // Initialize stack dumping just before initializing sandbox to make | |
| 104 // sure symbol names in all loaded libraries will be cached. | |
| 105 base::debug::EnableInProcessStackDumping(); | |
| 106 #endif | |
| 107 #if defined(OS_LINUX) | |
| 108 std::unique_ptr<LinuxSandbox> sandbox; | |
| 109 const base::CommandLine& command_line = | |
| 110 *base::CommandLine::ForCurrentProcess(); | |
| 111 if (command_line.HasSwitch(switches::kEnableSandbox)) | |
| 112 sandbox = InitializeSandbox(); | |
| 113 #endif | |
| 114 | |
| 115 ScopedAppContext app_context; | |
| 116 callback.Run(GetServiceRequestFromCommandLine()); | |
| 117 } | |
| 118 | |
| 119 } // namespace service_manager | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2566663004:
Revert of Build services as standalone executables (Closed)
