Clarifying the parameters ownership of BrowserChildProcessHost::Launch()

content/browser/gpu/gpu_process_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/gpu/gpu_process_host.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <list>
@@ skipping 188 matching lines @@
   } else {
     delete message;
   }
 }
 #endif
 
 // NOTE: changes to this class need to be reviewed by the security team.
 class GpuSandboxedProcessLauncherDelegate
     : public SandboxedProcessLauncherDelegate {
  public:
-  explicit GpuSandboxedProcessLauncherDelegate(base::CommandLine* cmd_line)
+  explicit GpuSandboxedProcessLauncherDelegate(
+      const base::CommandLine& cmd_line)
 #if defined(OS_WIN)
       : cmd_line_(cmd_line)
 #endif
   {
   }
 
   ~GpuSandboxedProcessLauncherDelegate() override {}
 
 #if defined(OS_WIN)
   bool ShouldSandbox() override {
-    bool sandbox = !cmd_line_->HasSwitch(switches::kDisableGpuSandbox);
+    bool sandbox = !cmd_line_.HasSwitch(switches::kDisableGpuSandbox);
     if (!sandbox) {
       DVLOG(1) << "GPU sandbox is disabled";
     }
     return sandbox;
   }
 
   bool DisableDefaultPolicy() override {
     return true;
   }
 
   // For the GPU process we gotten as far as USER_LIMITED. The next level
   // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL
   // backend. Note that the GPU process is connected to the interactive
   // desktop.
   bool PreSpawnTarget(sandbox::TargetPolicy* policy) override {
     if (base::win::GetVersion() > base::win::VERSION_XP) {
-      if (cmd_line_->GetSwitchValueASCII(switches::kUseGL) ==
+      if (cmd_line_.GetSwitchValueASCII(switches::kUseGL) ==
           gl::kGLImplementationDesktopName) {
         // Open GL path.
         policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                               sandbox::USER_LIMITED);
-        SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
+        SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
         policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
       } else {
         policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                               sandbox::USER_LIMITED);
 
         // UI restrictions break when we access Windows from outside our job.
         // However, we don't want a proxy window in this process because it can
         // introduce deadlocks where the renderer blocks on the gpu, which in
         // turn blocks on the browser UI thread. So, instead we forgo a window
         // message pump entirely and just add job restrictions to prevent child
         // processes.
-        SetJobLevel(*cmd_line_,
+        SetJobLevel(cmd_line_,
                     sandbox::JOB_LIMITED_USER,
                     JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS |
                     JOB_OBJECT_UILIMIT_DESKTOP |
                     JOB_OBJECT_UILIMIT_EXITWINDOWS |
                     JOB_OBJECT_UILIMIT_DISPLAYSETTINGS,
                     policy);
 
         policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
       }
     } else {
-      SetJobLevel(*cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
+      SetJobLevel(cmd_line_, sandbox::JOB_UNPROTECTED, 0, policy);
       policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
                             sandbox::USER_LIMITED);
     }
 
     // Allow the server side of GPU sockets, which are pipes that have
     // the "chrome.gpu" namespace and an arbitrary suffix.
     sandbox::ResultCode result = policy->AddRule(
         sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
         sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
         L"\\\\.\\pipe\\chrome.gpu.*");
     if (result != sandbox::SBOX_ALL_OK)
       return false;
 
     // Block this DLL even if it is not loaded by the browser process.
     policy->AddDllToUnload(L"cmsetac.dll");
 
-    if (cmd_line_->HasSwitch(switches::kEnableLogging)) {
+    if (cmd_line_.HasSwitch(switches::kEnableLogging)) {
       base::string16 log_file_path = logging::GetLogFileFullPath();
       if (!log_file_path.empty()) {
         result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                                  sandbox::TargetPolicy::FILES_ALLOW_ANY,
                                  log_file_path.c_str());
         if (result != sandbox::SBOX_ALL_OK)
           return false;
       }
     }
 
     return true;
   }
 #endif  // OS_WIN
 
   SandboxType GetSandboxType() override {
     return SANDBOX_TYPE_GPU;
   }
 
  private:
 #if defined(OS_WIN)
-  base::CommandLine* cmd_line_;
+  base::CommandLine cmd_line_;
 #endif  // OS_WIN
 };
 
 void HostLoadedShader(int host_id,
                       const std::string& key,
                       const std::string& data) {
   GpuProcessHost* host = GpuProcessHost::FromID(host_id);
   if (host)
     host->LoadedShader(key, data);
 }
@@ skipping 664 matching lines @@
   const base::CommandLine& browser_command_line =
       *base::CommandLine::ForCurrentProcess();
 
   base::CommandLine::StringType gpu_launcher =
       browser_command_line.GetSwitchValueNative(switches::kGpuLauncher);
 
 #if defined(OS_ANDROID)
   // crbug.com/447735. readlink("self/proc/exe") sometimes fails on Android
   // at startup with EACCES. As a workaround ignore this here, since the
   // executable name is actually not used or useful anyways.
-  base::CommandLine* cmd_line =
-      new base::CommandLine(base::CommandLine::NO_PROGRAM);
+  std::unique_ptr<base::CommandLine> cmd_line =
+      base::MakeUnique<base::CommandLine>(base::CommandLine::NO_PROGRAM);
 #else
 #if defined(OS_LINUX)
   int child_flags = gpu_launcher.empty() ? ChildProcessHost::CHILD_ALLOW_SELF :
                                            ChildProcessHost::CHILD_NORMAL;
 #else
   int child_flags = ChildProcessHost::CHILD_NORMAL;
 #endif
 
   base::FilePath exe_path = ChildProcessHost::GetChildPath(child_flags);
   if (exe_path.empty())
     return false;
 
-  base::CommandLine* cmd_line = new base::CommandLine(exe_path);
+  std::unique_ptr<base::CommandLine> cmd_line =
+      base::MakeUnique<base::CommandLine>(exe_path);
 #endif
 
   cmd_line->AppendSwitchASCII(switches::kProcessType, switches::kGpuProcess);
 
-  BrowserChildProcessHostImpl::CopyFeatureAndFieldTrialFlags(cmd_line);
+  BrowserChildProcessHostImpl::CopyFeatureAndFieldTrialFlags(cmd_line.get());
 
 #if defined(OS_WIN)
   cmd_line->AppendArg(switches::kPrefetchArgumentGpu);
 #endif  // defined(OS_WIN)
 
   if (kind_ == GPU_PROCESS_KIND_UNSANDBOXED)
     cmd_line->AppendSwitch(switches::kDisableGpuSandbox);
 
   // TODO(penghuang): Replace all GPU related switches with GpuPreferences.
   // https://crbug.com/590825
   // If you want a browser command-line switch passed to the GPU process
   // you need to add it to |kSwitchNames| at the beginning of this file.
   cmd_line->CopySwitchesFrom(browser_command_line, kSwitchNames,
                              arraysize(kSwitchNames));
   cmd_line->CopySwitchesFrom(
       browser_command_line, switches::kGLSwitchesCopiedFromGpuProcessHost,
       switches::kGLSwitchesCopiedFromGpuProcessHostNumSwitches);
 
   GetContentClient()->browser()->AppendExtraCommandLineSwitches(
-      cmd_line, process_->GetData().id);
+      cmd_line.get(), process_->GetData().id);
 
-  GpuDataManagerImpl::GetInstance()->AppendGpuCommandLine(cmd_line,
+  GpuDataManagerImpl::GetInstance()->AppendGpuCommandLine(cmd_line.get(),
                                                           gpu_preferences);
   if (cmd_line->HasSwitch(switches::kUseGL)) {
     swiftshader_rendering_ =
         (cmd_line->GetSwitchValueASCII(switches::kUseGL) == "swiftshader");
   }
 
   bool current_gpu_type_enabled =
       swiftshader_rendering_ ? gpu_enabled_ : hardware_gpu_enabled_;
   if (!current_gpu_type_enabled) {
     SendOutstandingReplies();
     return false;
   }
 
   UMA_HISTOGRAM_BOOLEAN("GPU.GPUProcessSoftwareRendering",
                         swiftshader_rendering_);
 
   // If specified, prepend a launcher program to the command line.
   if (!gpu_launcher.empty())
     cmd_line->PrependWrapper(gpu_launcher);
 
-  process_->Launch(new GpuSandboxedProcessLauncherDelegate(cmd_line), cmd_line,
-                   true);
+  std::unique_ptr<GpuSandboxedProcessLauncherDelegate> delegate =
+      base::MakeUnique<GpuSandboxedProcessLauncherDelegate>(*cmd_line);
+  process_->Launch(std::move(delegate), std::move(cmd_line), true);
   process_launched_ = true;
 
   UMA_HISTOGRAM_ENUMERATION("GPU.GPUProcessLifetimeEvents",
                             LAUNCHED, GPU_PROCESS_LIFETIME_EVENT_MAX);
   return true;
 }
 
 void GpuProcessHost::SendOutstandingReplies() {
   valid_ = false;
   // First send empty channel handles for all EstablishChannel requests.
@@ skipping 132 matching lines @@
   TRACE_EVENT0("gpu", "GpuProcessHost::OnCacheShader");
   ClientIdToShaderCacheMap::iterator iter =
       client_id_to_shader_cache_.find(client_id);
   // If the cache doesn't exist then this is an off the record profile.
   if (iter == client_id_to_shader_cache_.end())
     return;
   iter->second->Cache(GetShaderPrefixKey() + ":" + key, shader);
 }
 
 }  // namespace content