Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Issue 2613653003: Move some basic early process init into Service Manager (Closed)
Patch Set: fix mac shutdown order Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/BUILD.gn ('k') | content/common/set_process_title.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h" 5 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
6 6
7 #include <dlfcn.h> 7 #include <dlfcn.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sys/socket.h> 10 #include <sys/socket.h>
11 #include <sys/stat.h> 11 #include <sys/stat.h>
12 #include <sys/types.h> 12 #include <sys/types.h>
13 #include <unistd.h> 13 #include <unistd.h>
14 14
15 #include <memory> 15 #include <memory>
16 #include <string> 16 #include <string>
17 #include <vector> 17 #include <vector>
18 18
19 #include "base/bind.h" 19 #include "base/bind.h"
20 #include "base/command_line.h" 20 #include "base/command_line.h"
21 #include "base/compiler_specific.h" 21 #include "base/compiler_specific.h"
22 #include "base/files/file_enumerator.h" 22 #include "base/files/file_enumerator.h"
23 #include "base/logging.h" 23 #include "base/logging.h"
24 #include "base/macros.h" 24 #include "base/macros.h"
25 #include "base/memory/ptr_util.h" 25 #include "base/memory/ptr_util.h"
26 #include "base/strings/stringprintf.h" 26 #include "base/strings/stringprintf.h"
27 #include "build/build_config.h" 27 #include "build/build_config.h"
28 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h" 28 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
29 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" 29 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
30 #include "content/common/set_process_title.h"
31 #include "content/public/common/content_switches.h" 30 #include "content/public/common/content_switches.h"
32 #include "sandbox/linux/bpf_dsl/bpf_dsl.h" 31 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 32 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
34 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" 33 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
35 #include "sandbox/linux/syscall_broker/broker_file_permission.h" 34 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
36 #include "sandbox/linux/syscall_broker/broker_process.h" 35 #include "sandbox/linux/syscall_broker/broker_process.h"
37 #include "sandbox/linux/system_headers/linux_syscalls.h" 36 #include "sandbox/linux/system_headers/linux_syscalls.h"
37 #include "services/service_manager/embedder/set_process_title.h"
38 38
39 using sandbox::arch_seccomp_data; 39 using sandbox::arch_seccomp_data;
40 using sandbox::bpf_dsl::Allow; 40 using sandbox::bpf_dsl::Allow;
41 using sandbox::bpf_dsl::ResultExpr; 41 using sandbox::bpf_dsl::ResultExpr;
42 using sandbox::bpf_dsl::Trap; 42 using sandbox::bpf_dsl::Trap;
43 using sandbox::syscall_broker::BrokerFilePermission; 43 using sandbox::syscall_broker::BrokerFilePermission;
44 using sandbox::syscall_broker::BrokerProcess; 44 using sandbox::syscall_broker::BrokerProcess;
45 using sandbox::SyscallSets; 45 using sandbox::SyscallSets;
46 46
47 namespace content { 47 namespace content {
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
217 base::CommandLine::ForCurrentProcess()->GetArgs(); 217 base::CommandLine::ForCurrentProcess()->GetArgs();
218 base::CommandLine::Reset(); 218 base::CommandLine::Reset();
219 base::CommandLine::Init(0, NULL); 219 base::CommandLine::Init(0, NULL);
220 base::CommandLine::ForCurrentProcess()->InitFromArgv(exec); 220 base::CommandLine::ForCurrentProcess()->InitFromArgv(exec);
221 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII( 221 base::CommandLine::ForCurrentProcess()->AppendSwitchASCII(
222 switches::kProcessType, "gpu-broker"); 222 switches::kProcessType, "gpu-broker");
223 223
224 // Update the process title. The argv was already cached by the call to 224 // Update the process title. The argv was already cached by the call to
225 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass 225 // SetProcessTitleFromCommandLine in content_main_runner.cc, so we can pass
226 // NULL here (we don't have the original argv at this point). 226 // NULL here (we don't have the original argv at this point).
227 SetProcessTitleFromCommandLine(NULL); 227 service_manager::SetProcessTitleFromCommandLine(nullptr);
228 } 228 }
229 229
230 bool UpdateProcessTypeAndEnableSandbox( 230 bool UpdateProcessTypeAndEnableSandbox(
231 sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void)) { 231 sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void)) {
232 DCHECK(broker_sandboxer_allocator); 232 DCHECK(broker_sandboxer_allocator);
233 UpdateProcessTypeToGpuBroker(); 233 UpdateProcessTypeToGpuBroker();
234 return SandboxSeccompBPF::StartSandboxWithExternalPolicy( 234 return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
235 base::WrapUnique(broker_sandboxer_allocator()), base::ScopedFD()); 235 base::WrapUnique(broker_sandboxer_allocator()), base::ScopedFD());
236 } 236 }
237 237
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after
385 } 385 }
386 386
387 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions); 387 broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions);
388 // The initialization callback will perform generic initialization and then 388 // The initialization callback will perform generic initialization and then
389 // call broker_sandboxer_callback. 389 // call broker_sandboxer_callback.
390 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox, 390 CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
391 broker_sandboxer_allocator))); 391 broker_sandboxer_allocator)));
392 } 392 }
393 393
394 } // namespace content 394 } // namespace content
OLDNEW
« no previous file with comments | « content/common/BUILD.gn ('k') | content/common/set_process_title.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698