Chromium Code Reviews Chromium Code Reviews
Issue 258893004:
Use RecvMsgWithPid to find zygote PID instead of chrome-sandbox (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <pthread.h> | 10 #include <pthread.h> |
| 11 #include <stdio.h> | 11 #include <stdio.h> |
| 12 #include <sys/socket.h> | 12 #include <sys/socket.h> |
| 13 #include <sys/stat.h> | 13 #include <sys/stat.h> |
| 14 #include <sys/types.h> | 14 #include <sys/types.h> |
| 15 #include <sys/wait.h> | 15 #include <sys/wait.h> |
| 16 #include <unistd.h> | 16 #include <unistd.h> |
| 17 | 17 |
| 18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
| 19 #include "base/bind.h" | 19 #include "base/bind.h" |
| 20 #include "base/callback.h" | 20 #include "base/callback.h" |
| 21 #include "base/command_line.h" | 21 #include "base/command_line.h" |
| 22 #include "base/compiler_specific.h" | 22 #include "base/compiler_specific.h" |
| 23 #include "base/linux_util.h" | 23 #include "base/linux_util.h" |
| 24 #include "base/native_library.h" | 24 #include "base/native_library.h" |
| 25 #include "base/pickle.h" | 25 #include "base/pickle.h" |
| 26 #include "base/posix/eintr_wrapper.h" | |
| 26 #include "base/posix/unix_domain_socket_linux.h" | 27 #include "base/posix/unix_domain_socket_linux.h" |
| 27 #include "base/rand_util.h" | 28 #include "base/rand_util.h" |
| 28 #include "base/sys_info.h" | 29 #include "base/sys_info.h" |
| 29 #include "build/build_config.h" | 30 #include "build/build_config.h" |
| 30 #include "content/common/child_process_sandbox_support_impl_linux.h" | 31 #include "content/common/child_process_sandbox_support_impl_linux.h" |
| 31 #include "content/common/font_config_ipc_linux.h" | 32 #include "content/common/font_config_ipc_linux.h" |
| 32 #include "content/common/pepper_plugin_list.h" | 33 #include "content/common/pepper_plugin_list.h" |
| 33 #include "content/common/sandbox_linux/sandbox_linux.h" | 34 #include "content/common/sandbox_linux/sandbox_linux.h" |
| 34 #include "content/common/zygote_commands_linux.h" | 35 #include "content/common/zygote_commands_linux.h" |
| 35 #include "content/public/common/content_switches.h" | 36 #include "content/public/common/content_switches.h" |
| (...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 337 // Ensure access to the Pepper plugins before the sandbox is turned on. | 338 // Ensure access to the Pepper plugins before the sandbox is turned on. |
| 338 PreloadPepperPlugins(); | 339 PreloadPepperPlugins(); |
| 339 #endif | 340 #endif |
| 340 #if defined(ENABLE_WEBRTC) | 341 #if defined(ENABLE_WEBRTC) |
| 341 InitializeWebRtcModule(); | 342 InitializeWebRtcModule(); |
| 342 #endif | 343 #endif |
| 343 SkFontConfigInterface::SetGlobal( | 344 SkFontConfigInterface::SetGlobal( |
| 344 new FontConfigIPC(GetSandboxFD()))->unref(); | 345 new FontConfigIPC(GetSandboxFD()))->unref(); |
| 345 } | 346 } |
| 346 | 347 |
| 347 static void CloseFdAndHandleEintr(int fd) { | |
| 348 close(fd); | |
| 349 } | |
| 350 | |
| 351 static bool CreateInitProcessReaper() { | 348 static bool CreateInitProcessReaper() { |
| 352 // This "magic" socket must only appear in one process, so make sure | |
| 353 // it gets closed in the parent after fork(). | |
| 354 base::Closure zygoteid_fd_closer = | |
| 355 base::Bind(CloseFdAndHandleEintr, kZygoteIdFd); | |
| 356 // The current process becomes init(1), this function returns from a | 349 // The current process becomes init(1), this function returns from a |
| 357 // newly created process. | 350 // newly created process. |
| 358 const bool init_created = | 351 const bool init_created = sandbox::CreateInitProcessReaper(NULL); |
| 359 sandbox::CreateInitProcessReaper(&zygoteid_fd_closer); | |
| 360 if (!init_created) { | 352 if (!init_created) { |
| 361 LOG(ERROR) << "Error creating an init process to reap zombies"; | 353 LOG(ERROR) << "Error creating an init process to reap zombies"; |
| 362 return false; | 354 return false; |
| 363 } | 355 } |
| 364 return true; | 356 return true; |
| 365 } | 357 } |
| 366 | 358 |
| 367 // Enter the setuid sandbox. This requires the current process to have been | 359 // Enter the setuid sandbox. This requires the current process to have been |
| 368 // created through the setuid sandbox. | 360 // created through the setuid sandbox. |
| 369 static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox) { | 361 static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox) { |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 453 ZygoteForkDelegate* forkdelegate) { | 445 ZygoteForkDelegate* forkdelegate) { |
| 454 g_am_zygote_or_renderer = true; | 446 g_am_zygote_or_renderer = true; |
| 455 sandbox::InitLibcUrandomOverrides(); | 447 sandbox::InitLibcUrandomOverrides(); |
| 456 | 448 |
| 457 LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); | 449 LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); |
| 458 // This will pre-initialize the various sandboxes that need it. | 450 // This will pre-initialize the various sandboxes that need it. |
| 459 linux_sandbox->PreinitializeSandbox(); | 451 linux_sandbox->PreinitializeSandbox(); |
| 460 | 452 |
| 461 const bool must_enable_setuid_sandbox = | 453 const bool must_enable_setuid_sandbox = |
| 462 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild(); | 454 linux_sandbox->setuid_sandbox_client()->IsSuidSandboxChild(); |
| 455 if (must_enable_setuid_sandbox) { | |
| 456 // We have no use for the zygote ID descriptor anymore. | |
|
jln (very slow on Chromium)
2014/04/26 00:54:10
Maybe be more explicit? "kZygoteIdFd has been pass
mdempsky
2014/04/26 06:05:58
Done.
| |
| 457 CHECK_EQ(0, IGNORE_EINTR(close(kZygoteIdFd))); | |
| 458 } | |
| 463 | 459 |
| 464 if (forkdelegate != NULL) { | 460 if (forkdelegate != NULL) { |
| 465 VLOG(1) << "ZygoteMain: initializing fork delegate"; | 461 VLOG(1) << "ZygoteMain: initializing fork delegate"; |
| 466 forkdelegate->Init(GetSandboxFD(), must_enable_setuid_sandbox); | 462 forkdelegate->Init(GetSandboxFD(), must_enable_setuid_sandbox); |
| 467 } else { | 463 } else { |
| 468 VLOG(1) << "ZygoteMain: fork delegate is NULL"; | 464 VLOG(1) << "ZygoteMain: fork delegate is NULL"; |
| 469 } | 465 } |
| 470 | 466 |
| 471 // Turn on the first layer of the sandbox if the configuration warrants it. | 467 // Turn on the first layer of the sandbox if the configuration warrants it. |
| 472 EnterLayerOneSandbox(linux_sandbox, must_enable_setuid_sandbox); | 468 EnterLayerOneSandbox(linux_sandbox, must_enable_setuid_sandbox); |
| 473 | 469 |
| 474 int sandbox_flags = linux_sandbox->GetStatus(); | 470 int sandbox_flags = linux_sandbox->GetStatus(); |
| 475 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 471 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
| 476 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); | 472 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); |
| 477 | 473 |
| 478 Zygote zygote(sandbox_flags, forkdelegate); | 474 Zygote zygote(sandbox_flags, forkdelegate); |
| 479 // This function call can return multiple times, once per fork(). | 475 // This function call can return multiple times, once per fork(). |
| 480 return zygote.ProcessRequests(); | 476 return zygote.ProcessRequests(); |
| 481 } | 477 } |
| 482 | 478 |
| 483 } // namespace content | 479 } // namespace content |
| OLD | NEW |
