| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/sandbox_ipc_linux.h" | 5 #include "content/browser/renderer_host/sandbox_ipc_linux.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <fontconfig/fontconfig.h> | 8 #include <fontconfig/fontconfig.h> |
| 9 #include <sys/poll.h> | 9 #include <sys/poll.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| 11 #include <sys/stat.h> | 11 #include <sys/stat.h> |
| 12 | 12 |
| 13 #include "base/command_line.h" | 13 #include "base/command_line.h" |
| 14 #include "base/files/scoped_file.h" |
| 14 #include "base/linux_util.h" | 15 #include "base/linux_util.h" |
| 16 #include "base/memory/scoped_vector.h" |
| 15 #include "base/memory/shared_memory.h" | 17 #include "base/memory/shared_memory.h" |
| 16 #include "base/posix/eintr_wrapper.h" | 18 #include "base/posix/eintr_wrapper.h" |
| 17 #include "base/posix/unix_domain_socket_linux.h" | 19 #include "base/posix/unix_domain_socket_linux.h" |
| 18 #include "base/process/launch.h" | 20 #include "base/process/launch.h" |
| 19 #include "base/strings/string_number_conversions.h" | 21 #include "base/strings/string_number_conversions.h" |
| 20 #include "content/common/font_config_ipc_linux.h" | 22 #include "content/common/font_config_ipc_linux.h" |
| 21 #include "content/common/sandbox_linux/sandbox_linux.h" | 23 #include "content/common/sandbox_linux/sandbox_linux.h" |
| 22 #include "content/common/set_process_title.h" | 24 #include "content/common/set_process_title.h" |
| 23 #include "content/public/common/content_switches.h" | 25 #include "content/public/common/content_switches.h" |
| 24 #include "ppapi/c/trusted/ppb_browser_font_trusted.h" | 26 #include "ppapi/c/trusted/ppb_browser_font_trusted.h" |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 _exit(0); | 181 _exit(0); |
| 180 } | 182 } |
| 181 | 183 |
| 182 if (pfds[1].revents) { | 184 if (pfds[1].revents) { |
| 183 HandleRequestFromRenderer(browser_socket_); | 185 HandleRequestFromRenderer(browser_socket_); |
| 184 } | 186 } |
| 185 } | 187 } |
| 186 } | 188 } |
| 187 | 189 |
| 188 void SandboxIPCProcess::HandleRequestFromRenderer(int fd) { | 190 void SandboxIPCProcess::HandleRequestFromRenderer(int fd) { |
| 189 std::vector<int> fds; | 191 ScopedVector<base::ScopedFD> fds; |
| 190 | 192 |
| 191 // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength | 193 // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength |
| 192 // bytes long (this is the largest message type). | 194 // bytes long (this is the largest message type). |
| 193 // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC | 195 // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC |
| 194 // error for a maximum length message. | 196 // error for a maximum length message. |
| 195 char buf[FontConfigIPC::kMaxFontFamilyLength + 128]; | 197 char buf[FontConfigIPC::kMaxFontFamilyLength + 128]; |
| 196 | 198 |
| 197 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); | 199 const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); |
| 198 if (len == -1) { | 200 if (len == -1) { |
| 199 // TODO: should send an error reply, or the sender might block forever. | 201 // TODO: should send an error reply, or the sender might block forever. |
| 200 NOTREACHED() << "Sandbox host message is larger than kMaxFontFamilyLength"; | 202 NOTREACHED() << "Sandbox host message is larger than kMaxFontFamilyLength"; |
| 201 return; | 203 return; |
| 202 } | 204 } |
| 203 if (fds.empty()) | 205 if (fds.empty()) |
| 204 return; | 206 return; |
| 205 | 207 |
| 206 Pickle pickle(buf, len); | 208 Pickle pickle(buf, len); |
| 207 PickleIterator iter(pickle); | 209 PickleIterator iter(pickle); |
| 208 | 210 |
| 209 int kind; | 211 int kind; |
| 210 if (!pickle.ReadInt(&iter, &kind)) | 212 if (!pickle.ReadInt(&iter, &kind)) |
| 211 goto error; | 213 return; |
| 212 | 214 |
| 213 if (kind == FontConfigIPC::METHOD_MATCH) { | 215 if (kind == FontConfigIPC::METHOD_MATCH) { |
| 214 HandleFontMatchRequest(fd, pickle, iter, fds); | 216 HandleFontMatchRequest(fd, pickle, iter, fds.get()); |
| 215 } else if (kind == FontConfigIPC::METHOD_OPEN) { | 217 } else if (kind == FontConfigIPC::METHOD_OPEN) { |
| 216 HandleFontOpenRequest(fd, pickle, iter, fds); | 218 HandleFontOpenRequest(fd, pickle, iter, fds.get()); |
| 217 } else if (kind == LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR) { | 219 } else if (kind == LinuxSandbox::METHOD_GET_FONT_FAMILY_FOR_CHAR) { |
| 218 HandleGetFontFamilyForChar(fd, pickle, iter, fds); | 220 HandleGetFontFamilyForChar(fd, pickle, iter, fds.get()); |
| 219 } else if (kind == LinuxSandbox::METHOD_LOCALTIME) { | 221 } else if (kind == LinuxSandbox::METHOD_LOCALTIME) { |
| 220 HandleLocaltime(fd, pickle, iter, fds); | 222 HandleLocaltime(fd, pickle, iter, fds.get()); |
| 221 } else if (kind == LinuxSandbox::METHOD_GET_CHILD_WITH_INODE) { | 223 } else if (kind == LinuxSandbox::METHOD_GET_CHILD_WITH_INODE) { |
| 222 HandleGetChildWithInode(fd, pickle, iter, fds); | 224 HandleGetChildWithInode(fd, pickle, iter, fds.get()); |
| 223 } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) { | 225 } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) { |
| 224 HandleGetStyleForStrike(fd, pickle, iter, fds); | 226 HandleGetStyleForStrike(fd, pickle, iter, fds.get()); |
| 225 } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) { | 227 } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) { |
| 226 HandleMakeSharedMemorySegment(fd, pickle, iter, fds); | 228 HandleMakeSharedMemorySegment(fd, pickle, iter, fds.get()); |
| 227 } else if (kind == LinuxSandbox::METHOD_MATCH_WITH_FALLBACK) { | 229 } else if (kind == LinuxSandbox::METHOD_MATCH_WITH_FALLBACK) { |
| 228 HandleMatchWithFallback(fd, pickle, iter, fds); | 230 HandleMatchWithFallback(fd, pickle, iter, fds.get()); |
| 229 } | |
| 230 | |
| 231 error: | |
| 232 for (std::vector<int>::const_iterator i = fds.begin(); i != fds.end(); ++i) { | |
| 233 close(*i); | |
| 234 } | 231 } |
| 235 } | 232 } |
| 236 | 233 |
| 237 int SandboxIPCProcess::FindOrAddPath(const SkString& path) { | 234 int SandboxIPCProcess::FindOrAddPath(const SkString& path) { |
| 238 int count = paths_.count(); | 235 int count = paths_.count(); |
| 239 for (int i = 0; i < count; ++i) { | 236 for (int i = 0; i < count; ++i) { |
| 240 if (path == *paths_[i]) | 237 if (path == *paths_[i]) |
| 241 return i; | 238 return i; |
| 242 } | 239 } |
| 243 *paths_.append() = new SkString(path); | 240 *paths_.append() = new SkString(path); |
| 244 return count; | 241 return count; |
| 245 } | 242 } |
| 246 | 243 |
| 247 void SandboxIPCProcess::HandleFontMatchRequest(int fd, | 244 void SandboxIPCProcess::HandleFontMatchRequest( |
| 248 const Pickle& pickle, | 245 int fd, |
| 249 PickleIterator iter, | 246 const Pickle& pickle, |
| 250 std::vector<int>& fds) { | 247 PickleIterator iter, |
| 248 const std::vector<base::ScopedFD*>& fds) { |
| 251 uint32_t requested_style; | 249 uint32_t requested_style; |
| 252 std::string family; | 250 std::string family; |
| 253 if (!pickle.ReadString(&iter, &family) || | 251 if (!pickle.ReadString(&iter, &family) || |
| 254 !pickle.ReadUInt32(&iter, &requested_style)) | 252 !pickle.ReadUInt32(&iter, &requested_style)) |
| 255 return; | 253 return; |
| 256 | 254 |
| 257 SkFontConfigInterface::FontIdentity result_identity; | 255 SkFontConfigInterface::FontIdentity result_identity; |
| 258 SkString result_family; | 256 SkString result_family; |
| 259 SkTypeface::Style result_style; | 257 SkTypeface::Style result_style; |
| 260 SkFontConfigInterface* fc = | 258 SkFontConfigInterface* fc = |
| (...skipping 15 matching lines...) Expand all Loading... |
| 276 result_identity.fID = static_cast<uint32_t>(index); | 274 result_identity.fID = static_cast<uint32_t>(index); |
| 277 | 275 |
| 278 reply.WriteBool(true); | 276 reply.WriteBool(true); |
| 279 skia::WriteSkString(&reply, result_family); | 277 skia::WriteSkString(&reply, result_family); |
| 280 skia::WriteSkFontIdentity(&reply, result_identity); | 278 skia::WriteSkFontIdentity(&reply, result_identity); |
| 281 reply.WriteUInt32(result_style); | 279 reply.WriteUInt32(result_style); |
| 282 } | 280 } |
| 283 SendRendererReply(fds, reply, -1); | 281 SendRendererReply(fds, reply, -1); |
| 284 } | 282 } |
| 285 | 283 |
| 286 void SandboxIPCProcess::HandleFontOpenRequest(int fd, | 284 void SandboxIPCProcess::HandleFontOpenRequest( |
| 287 const Pickle& pickle, | 285 int fd, |
| 288 PickleIterator iter, | 286 const Pickle& pickle, |
| 289 std::vector<int>& fds) { | 287 PickleIterator iter, |
| 288 const std::vector<base::ScopedFD*>& fds) { |
| 290 uint32_t index; | 289 uint32_t index; |
| 291 if (!pickle.ReadUInt32(&iter, &index)) | 290 if (!pickle.ReadUInt32(&iter, &index)) |
| 292 return; | 291 return; |
| 293 if (index >= static_cast<uint32_t>(paths_.count())) | 292 if (index >= static_cast<uint32_t>(paths_.count())) |
| 294 return; | 293 return; |
| 295 const int result_fd = open(paths_[index]->c_str(), O_RDONLY); | 294 const int result_fd = open(paths_[index]->c_str(), O_RDONLY); |
| 296 | 295 |
| 297 Pickle reply; | 296 Pickle reply; |
| 298 if (result_fd == -1) { | 297 if (result_fd == -1) { |
| 299 reply.WriteBool(false); | 298 reply.WriteBool(false); |
| 300 } else { | 299 } else { |
| 301 reply.WriteBool(true); | 300 reply.WriteBool(true); |
| 302 } | 301 } |
| 303 | 302 |
| 304 // The receiver will have its own access to the file, so we will close it | 303 // The receiver will have its own access to the file, so we will close it |
| 305 // after this send. | 304 // after this send. |
| 306 SendRendererReply(fds, reply, result_fd); | 305 SendRendererReply(fds, reply, result_fd); |
| 307 | 306 |
| 308 if (result_fd >= 0) { | 307 if (result_fd >= 0) { |
| 309 int err = IGNORE_EINTR(close(result_fd)); | 308 int err = IGNORE_EINTR(close(result_fd)); |
| 310 DCHECK(!err); | 309 DCHECK(!err); |
| 311 } | 310 } |
| 312 } | 311 } |
| 313 | 312 |
| 314 void SandboxIPCProcess::HandleGetFontFamilyForChar(int fd, | 313 void SandboxIPCProcess::HandleGetFontFamilyForChar( |
| 315 const Pickle& pickle, | 314 int fd, |
| 316 PickleIterator iter, | 315 const Pickle& pickle, |
| 317 std::vector<int>& fds) { | 316 PickleIterator iter, |
| 317 const std::vector<base::ScopedFD*>& fds) { |
| 318 // The other side of this call is | 318 // The other side of this call is |
| 319 // chrome/renderer/renderer_sandbox_support_linux.cc | 319 // chrome/renderer/renderer_sandbox_support_linux.cc |
| 320 | 320 |
| 321 EnsureWebKitInitialized(); | 321 EnsureWebKitInitialized(); |
| 322 WebUChar32 c; | 322 WebUChar32 c; |
| 323 if (!pickle.ReadInt(&iter, &c)) | 323 if (!pickle.ReadInt(&iter, &c)) |
| 324 return; | 324 return; |
| 325 | 325 |
| 326 std::string preferred_locale; | 326 std::string preferred_locale; |
| 327 if (!pickle.ReadString(&iter, &preferred_locale)) | 327 if (!pickle.ReadString(&iter, &preferred_locale)) |
| 328 return; | 328 return; |
| 329 | 329 |
| 330 blink::WebFontFamily family; | 330 blink::WebFontFamily family; |
| 331 WebFontInfo::familyForChar(c, preferred_locale.c_str(), &family); | 331 WebFontInfo::familyForChar(c, preferred_locale.c_str(), &family); |
| 332 | 332 |
| 333 Pickle reply; | 333 Pickle reply; |
| 334 if (family.name.data()) { | 334 if (family.name.data()) { |
| 335 reply.WriteString(family.name.data()); | 335 reply.WriteString(family.name.data()); |
| 336 } else { | 336 } else { |
| 337 reply.WriteString(std::string()); | 337 reply.WriteString(std::string()); |
| 338 } | 338 } |
| 339 reply.WriteBool(family.isBold); | 339 reply.WriteBool(family.isBold); |
| 340 reply.WriteBool(family.isItalic); | 340 reply.WriteBool(family.isItalic); |
| 341 SendRendererReply(fds, reply, -1); | 341 SendRendererReply(fds, reply, -1); |
| 342 } | 342 } |
| 343 | 343 |
| 344 void SandboxIPCProcess::HandleGetStyleForStrike(int fd, | 344 void SandboxIPCProcess::HandleGetStyleForStrike( |
| 345 const Pickle& pickle, | 345 int fd, |
| 346 PickleIterator iter, | 346 const Pickle& pickle, |
| 347 std::vector<int>& fds) { | 347 PickleIterator iter, |
| 348 const std::vector<base::ScopedFD*>& fds) { |
| 348 std::string family; | 349 std::string family; |
| 349 int sizeAndStyle; | 350 int sizeAndStyle; |
| 350 | 351 |
| 351 if (!pickle.ReadString(&iter, &family) || | 352 if (!pickle.ReadString(&iter, &family) || |
| 352 !pickle.ReadInt(&iter, &sizeAndStyle)) { | 353 !pickle.ReadInt(&iter, &sizeAndStyle)) { |
| 353 return; | 354 return; |
| 354 } | 355 } |
| 355 | 356 |
| 356 EnsureWebKitInitialized(); | 357 EnsureWebKitInitialized(); |
| 357 blink::WebFontRenderStyle style; | 358 blink::WebFontRenderStyle style; |
| 358 WebFontInfo::renderStyleForStrike(family.c_str(), sizeAndStyle, &style); | 359 WebFontInfo::renderStyleForStrike(family.c_str(), sizeAndStyle, &style); |
| 359 | 360 |
| 360 Pickle reply; | 361 Pickle reply; |
| 361 reply.WriteInt(style.useBitmaps); | 362 reply.WriteInt(style.useBitmaps); |
| 362 reply.WriteInt(style.useAutoHint); | 363 reply.WriteInt(style.useAutoHint); |
| 363 reply.WriteInt(style.useHinting); | 364 reply.WriteInt(style.useHinting); |
| 364 reply.WriteInt(style.hintStyle); | 365 reply.WriteInt(style.hintStyle); |
| 365 reply.WriteInt(style.useAntiAlias); | 366 reply.WriteInt(style.useAntiAlias); |
| 366 reply.WriteInt(style.useSubpixelRendering); | 367 reply.WriteInt(style.useSubpixelRendering); |
| 367 reply.WriteInt(style.useSubpixelPositioning); | 368 reply.WriteInt(style.useSubpixelPositioning); |
| 368 | 369 |
| 369 SendRendererReply(fds, reply, -1); | 370 SendRendererReply(fds, reply, -1); |
| 370 } | 371 } |
| 371 | 372 |
| 372 void SandboxIPCProcess::HandleLocaltime(int fd, | 373 void SandboxIPCProcess::HandleLocaltime( |
| 373 const Pickle& pickle, | 374 int fd, |
| 374 PickleIterator iter, | 375 const Pickle& pickle, |
| 375 std::vector<int>& fds) { | 376 PickleIterator iter, |
| 377 const std::vector<base::ScopedFD*>& fds) { |
| 376 // The other side of this call is in zygote_main_linux.cc | 378 // The other side of this call is in zygote_main_linux.cc |
| 377 | 379 |
| 378 std::string time_string; | 380 std::string time_string; |
| 379 if (!pickle.ReadString(&iter, &time_string) || | 381 if (!pickle.ReadString(&iter, &time_string) || |
| 380 time_string.size() != sizeof(time_t)) { | 382 time_string.size() != sizeof(time_t)) { |
| 381 return; | 383 return; |
| 382 } | 384 } |
| 383 | 385 |
| 384 time_t time; | 386 time_t time; |
| 385 memcpy(&time, time_string.data(), sizeof(time)); | 387 memcpy(&time, time_string.data(), sizeof(time)); |
| 386 // We use localtime here because we need the tm_zone field to be filled | 388 // We use localtime here because we need the tm_zone field to be filled |
| 387 // out. Since we are a single-threaded process, this is safe. | 389 // out. Since we are a single-threaded process, this is safe. |
| 388 const struct tm* expanded_time = localtime(&time); | 390 const struct tm* expanded_time = localtime(&time); |
| 389 | 391 |
| 390 std::string result_string; | 392 std::string result_string; |
| 391 const char* time_zone_string = ""; | 393 const char* time_zone_string = ""; |
| 392 if (expanded_time != NULL) { | 394 if (expanded_time != NULL) { |
| 393 result_string = std::string(reinterpret_cast<const char*>(expanded_time), | 395 result_string = std::string(reinterpret_cast<const char*>(expanded_time), |
| 394 sizeof(struct tm)); | 396 sizeof(struct tm)); |
| 395 time_zone_string = expanded_time->tm_zone; | 397 time_zone_string = expanded_time->tm_zone; |
| 396 } | 398 } |
| 397 | 399 |
| 398 Pickle reply; | 400 Pickle reply; |
| 399 reply.WriteString(result_string); | 401 reply.WriteString(result_string); |
| 400 reply.WriteString(time_zone_string); | 402 reply.WriteString(time_zone_string); |
| 401 SendRendererReply(fds, reply, -1); | 403 SendRendererReply(fds, reply, -1); |
| 402 } | 404 } |
| 403 | 405 |
| 404 void SandboxIPCProcess::HandleGetChildWithInode(int fd, | 406 void SandboxIPCProcess::HandleGetChildWithInode( |
| 405 const Pickle& pickle, | 407 int fd, |
| 406 PickleIterator iter, | 408 const Pickle& pickle, |
| 407 std::vector<int>& fds) { | 409 PickleIterator iter, |
| 410 const std::vector<base::ScopedFD*>& fds) { |
| 408 // The other side of this call is in zygote_main_linux.cc | 411 // The other side of this call is in zygote_main_linux.cc |
| 409 if (sandbox_cmd_.empty()) { | 412 if (sandbox_cmd_.empty()) { |
| 410 LOG(ERROR) << "Not in the sandbox, this should not be called"; | 413 LOG(ERROR) << "Not in the sandbox, this should not be called"; |
| 411 return; | 414 return; |
| 412 } | 415 } |
| 413 | 416 |
| 414 uint64_t inode; | 417 uint64_t inode; |
| 415 if (!pickle.ReadUInt64(&iter, &inode)) | 418 if (!pickle.ReadUInt64(&iter, &inode)) |
| 416 return; | 419 return; |
| 417 | 420 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 428 // Even though the pid is invalid, we still need to reply to the zygote | 431 // Even though the pid is invalid, we still need to reply to the zygote |
| 429 // and not just return here. | 432 // and not just return here. |
| 430 LOG(ERROR) << "Could not get pid"; | 433 LOG(ERROR) << "Could not get pid"; |
| 431 } | 434 } |
| 432 | 435 |
| 433 Pickle reply; | 436 Pickle reply; |
| 434 reply.WriteInt(pid); | 437 reply.WriteInt(pid); |
| 435 SendRendererReply(fds, reply, -1); | 438 SendRendererReply(fds, reply, -1); |
| 436 } | 439 } |
| 437 | 440 |
| 438 void SandboxIPCProcess::HandleMakeSharedMemorySegment(int fd, | 441 void SandboxIPCProcess::HandleMakeSharedMemorySegment( |
| 439 const Pickle& pickle, | 442 int fd, |
| 440 PickleIterator iter, | 443 const Pickle& pickle, |
| 441 std::vector<int>& fds) { | 444 PickleIterator iter, |
| 445 const std::vector<base::ScopedFD*>& fds) { |
| 442 base::SharedMemoryCreateOptions options; | 446 base::SharedMemoryCreateOptions options; |
| 443 uint32_t size; | 447 uint32_t size; |
| 444 if (!pickle.ReadUInt32(&iter, &size)) | 448 if (!pickle.ReadUInt32(&iter, &size)) |
| 445 return; | 449 return; |
| 446 options.size = size; | 450 options.size = size; |
| 447 if (!pickle.ReadBool(&iter, &options.executable)) | 451 if (!pickle.ReadBool(&iter, &options.executable)) |
| 448 return; | 452 return; |
| 449 int shm_fd = -1; | 453 int shm_fd = -1; |
| 450 base::SharedMemory shm; | 454 base::SharedMemory shm; |
| 451 if (shm.Create(options)) | 455 if (shm.Create(options)) |
| 452 shm_fd = shm.handle().fd; | 456 shm_fd = shm.handle().fd; |
| 453 Pickle reply; | 457 Pickle reply; |
| 454 SendRendererReply(fds, reply, shm_fd); | 458 SendRendererReply(fds, reply, shm_fd); |
| 455 } | 459 } |
| 456 | 460 |
| 457 void SandboxIPCProcess::HandleMatchWithFallback(int fd, | 461 void SandboxIPCProcess::HandleMatchWithFallback( |
| 458 const Pickle& pickle, | 462 int fd, |
| 459 PickleIterator iter, | 463 const Pickle& pickle, |
| 460 std::vector<int>& fds) { | 464 PickleIterator iter, |
| 465 const std::vector<base::ScopedFD*>& fds) { |
| 461 // Unlike the other calls, for which we are an indirection in front of | 466 // Unlike the other calls, for which we are an indirection in front of |
| 462 // WebKit or Skia, this call is always made via this sandbox helper | 467 // WebKit or Skia, this call is always made via this sandbox helper |
| 463 // process. Therefore the fontconfig code goes in here directly. | 468 // process. Therefore the fontconfig code goes in here directly. |
| 464 | 469 |
| 465 std::string face; | 470 std::string face; |
| 466 bool is_bold, is_italic; | 471 bool is_bold, is_italic; |
| 467 uint32 charset, fallback_family; | 472 uint32 charset, fallback_family; |
| 468 | 473 |
| 469 if (!pickle.ReadString(&iter, &face) || face.empty() || | 474 if (!pickle.ReadString(&iter, &face) || face.empty() || |
| 470 !pickle.ReadBool(&iter, &is_bold) || | 475 !pickle.ReadBool(&iter, &is_bold) || |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 606 | 611 |
| 607 Pickle reply; | 612 Pickle reply; |
| 608 SendRendererReply(fds, reply, font_fd); | 613 SendRendererReply(fds, reply, font_fd); |
| 609 | 614 |
| 610 if (font_fd >= 0) { | 615 if (font_fd >= 0) { |
| 611 if (IGNORE_EINTR(close(font_fd)) < 0) | 616 if (IGNORE_EINTR(close(font_fd)) < 0) |
| 612 PLOG(ERROR) << "close"; | 617 PLOG(ERROR) << "close"; |
| 613 } | 618 } |
| 614 } | 619 } |
| 615 | 620 |
| 616 void SandboxIPCProcess::SendRendererReply(const std::vector<int>& fds, | 621 void SandboxIPCProcess::SendRendererReply( |
| 617 const Pickle& reply, | 622 const std::vector<base::ScopedFD*>& fds, |
| 618 int reply_fd) { | 623 const Pickle& reply, |
| 624 int reply_fd) { |
| 619 struct msghdr msg; | 625 struct msghdr msg; |
| 620 memset(&msg, 0, sizeof(msg)); | 626 memset(&msg, 0, sizeof(msg)); |
| 621 struct iovec iov = {const_cast<void*>(reply.data()), reply.size()}; | 627 struct iovec iov = {const_cast<void*>(reply.data()), reply.size()}; |
| 622 msg.msg_iov = &iov; | 628 msg.msg_iov = &iov; |
| 623 msg.msg_iovlen = 1; | 629 msg.msg_iovlen = 1; |
| 624 | 630 |
| 625 char control_buffer[CMSG_SPACE(sizeof(int))]; | 631 char control_buffer[CMSG_SPACE(sizeof(int))]; |
| 626 | 632 |
| 627 if (reply_fd != -1) { | 633 if (reply_fd != -1) { |
| 628 struct stat st; | 634 struct stat st; |
| 629 if (fstat(reply_fd, &st) == 0 && S_ISDIR(st.st_mode)) { | 635 if (fstat(reply_fd, &st) == 0 && S_ISDIR(st.st_mode)) { |
| 630 LOG(FATAL) << "Tried to send a directory descriptor over sandbox IPC"; | 636 LOG(FATAL) << "Tried to send a directory descriptor over sandbox IPC"; |
| 631 // We must never send directory descriptors to a sandboxed process | 637 // We must never send directory descriptors to a sandboxed process |
| 632 // because they can use openat with ".." elements in the path in order | 638 // because they can use openat with ".." elements in the path in order |
| 633 // to escape the sandbox and reach the real filesystem. | 639 // to escape the sandbox and reach the real filesystem. |
| 634 } | 640 } |
| 635 | 641 |
| 636 struct cmsghdr* cmsg; | 642 struct cmsghdr* cmsg; |
| 637 msg.msg_control = control_buffer; | 643 msg.msg_control = control_buffer; |
| 638 msg.msg_controllen = sizeof(control_buffer); | 644 msg.msg_controllen = sizeof(control_buffer); |
| 639 cmsg = CMSG_FIRSTHDR(&msg); | 645 cmsg = CMSG_FIRSTHDR(&msg); |
| 640 cmsg->cmsg_level = SOL_SOCKET; | 646 cmsg->cmsg_level = SOL_SOCKET; |
| 641 cmsg->cmsg_type = SCM_RIGHTS; | 647 cmsg->cmsg_type = SCM_RIGHTS; |
| 642 cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | 648 cmsg->cmsg_len = CMSG_LEN(sizeof(int)); |
| 643 memcpy(CMSG_DATA(cmsg), &reply_fd, sizeof(reply_fd)); | 649 memcpy(CMSG_DATA(cmsg), &reply_fd, sizeof(reply_fd)); |
| 644 msg.msg_controllen = cmsg->cmsg_len; | 650 msg.msg_controllen = cmsg->cmsg_len; |
| 645 } | 651 } |
| 646 | 652 |
| 647 if (HANDLE_EINTR(sendmsg(fds[0], &msg, MSG_DONTWAIT)) < 0) | 653 if (HANDLE_EINTR(sendmsg(fds[0]->get(), &msg, MSG_DONTWAIT)) < 0) |
| 648 PLOG(ERROR) << "sendmsg"; | 654 PLOG(ERROR) << "sendmsg"; |
| 649 } | 655 } |
| 650 | 656 |
| 651 SandboxIPCProcess::~SandboxIPCProcess() { | 657 SandboxIPCProcess::~SandboxIPCProcess() { |
| 652 paths_.deleteAll(); | 658 paths_.deleteAll(); |
| 653 if (webkit_platform_support_) | 659 if (webkit_platform_support_) |
| 654 blink::shutdownWithoutV8(); | 660 blink::shutdownWithoutV8(); |
| 655 } | 661 } |
| 656 | 662 |
| 657 void SandboxIPCProcess::EnsureWebKitInitialized() { | 663 void SandboxIPCProcess::EnsureWebKitInitialized() { |
| 658 if (webkit_platform_support_) | 664 if (webkit_platform_support_) |
| 659 return; | 665 return; |
| 660 webkit_platform_support_.reset(new BlinkPlatformImpl); | 666 webkit_platform_support_.reset(new BlinkPlatformImpl); |
| 661 blink::initializeWithoutV8(webkit_platform_support_.get()); | 667 blink::initializeWithoutV8(webkit_platform_support_.get()); |
| 662 } | 668 } |
| 663 | 669 |
| 664 } // namespace content | 670 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 258543006:
Change UnixDomainSocket::RecvMsg to return ScopedVector<base::ScopedFD> (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src