| Index: components/nacl/zygote/nacl_fork_delegate_linux.cc
|
| diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc
|
| index 0e5f8e7eccc23c1a44a5a718c34164aa1271385e..51a9aec4fe3bb1c80afff66f876c63d773902198 100644
|
| --- a/components/nacl/zygote/nacl_fork_delegate_linux.cc
|
| +++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc
|
| @@ -27,6 +27,8 @@
|
| #include "base/process/kill.h"
|
| #include "base/process/launch.h"
|
| #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
|
| +#include "build/build_config.h"
|
| +#include "components/nacl/common/nacl_nonsfi_util.h"
|
| #include "components/nacl/common/nacl_paths.h"
|
| #include "components/nacl/common/nacl_switches.h"
|
| #include "components/nacl/loader/nacl_helper_linux.h"
|
| @@ -108,14 +110,26 @@ bool SendIPCRequestAndReadReply(int ipc_channel,
|
|
|
| } // namespace.
|
|
|
| -NaClForkDelegate::NaClForkDelegate()
|
| - : status_(kNaClHelperUnused),
|
| - fd_(-1) {}
|
| +namespace nacl {
|
| +
|
| +void AddNaClZygoteForkDelegates(
|
| + ScopedVector<content::ZygoteForkDelegate>* delegates) {
|
| + delegates->push_back(new NaClForkDelegate(false /* nonsfi_mode */));
|
| + delegates->push_back(new NaClForkDelegate(true /* nonsfi_mode */));
|
| +}
|
| +
|
| +NaClForkDelegate::NaClForkDelegate(bool nonsfi_mode)
|
| + : nonsfi_mode_(nonsfi_mode), status_(kNaClHelperUnused), fd_(-1) {
|
| +}
|
|
|
| void NaClForkDelegate::Init(const int sandboxdesc,
|
| const bool enable_layer1_sandbox) {
|
| VLOG(1) << "NaClForkDelegate::Init()";
|
| - int fds[2];
|
| +
|
| + // Only launch the non-SFI helper process if non-SFI mode is enabled.
|
| + if (nonsfi_mode_ && !IsNonSFIModeEnabled()) {
|
| + return;
|
| + }
|
|
|
| scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client(
|
| sandbox::SetuidSandboxClient::Create());
|
| @@ -127,7 +141,8 @@ void NaClForkDelegate::Init(const int sandboxdesc,
|
| // Confirm a hard-wired assumption.
|
| DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor);
|
|
|
| - CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);
|
| + int fds[2];
|
| + PCHECK(0 == socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds));
|
| base::FileHandleMappingVector fds_to_map;
|
| fds_to_map.push_back(std::make_pair(fds[1], kNaClZygoteDescriptor));
|
| fds_to_map.push_back(std::make_pair(sandboxdesc, nacl_sandbox_descriptor));
|
| @@ -262,7 +277,8 @@ void NaClForkDelegate::Init(const int sandboxdesc,
|
| void NaClForkDelegate::InitialUMA(std::string* uma_name,
|
| int* uma_sample,
|
| int* uma_boundary_value) {
|
| - *uma_name = "NaCl.Client.Helper.InitState";
|
| + *uma_name = nonsfi_mode_ ? "NaCl.Client.HelperNonSFI.InitState"
|
| + : "NaCl.Client.Helper.InitState";
|
| *uma_sample = status_;
|
| *uma_boundary_value = kNaClHelperStatusBoundary;
|
| }
|
| @@ -279,10 +295,14 @@ bool NaClForkDelegate::CanHelp(const std::string& process_type,
|
| std::string* uma_name,
|
| int* uma_sample,
|
| int* uma_boundary_value) {
|
| - if (process_type != switches::kNaClLoaderProcess &&
|
| - process_type != switches::kNaClLoaderNonSfiProcess)
|
| + // We can only help with a specific process type depending on nonsfi_mode_.
|
| + const char* helpable_process_type = nonsfi_mode_
|
| + ? switches::kNaClLoaderNonSfiProcess
|
| + : switches::kNaClLoaderProcess;
|
| + if (process_type != helpable_process_type)
|
| return false;
|
| - *uma_name = "NaCl.Client.Helper.StateOnFork";
|
| + *uma_name = nonsfi_mode_ ? "NaCl.Client.HelperNonSFI.StateOnFork"
|
| + : "NaCl.Client.Helper.StateOnFork";
|
| *uma_sample = status_;
|
| *uma_boundary_value = kNaClHelperStatusBoundary;
|
| return true;
|
| @@ -305,9 +325,7 @@ pid_t NaClForkDelegate::Fork(const std::string& process_type,
|
| write_pickle.WriteInt(nacl::kNaClForkRequest);
|
| // TODO(hamaji): When we split the helper binary for non-SFI mode
|
| // from nacl_helper, stop sending this information.
|
| - const bool uses_nonsfi_mode =
|
| - process_type == switches::kNaClLoaderNonSfiProcess;
|
| - write_pickle.WriteBool(uses_nonsfi_mode);
|
| + write_pickle.WriteBool(nonsfi_mode_);
|
| write_pickle.WriteString(channel_id);
|
|
|
| char reply_buf[kNaClMaxIPCMessageLength];
|
| @@ -375,3 +393,5 @@ bool NaClForkDelegate::GetTerminationStatus(pid_t pid, bool known_dead,
|
| *exit_code = remote_exit_code;
|
| return true;
|
| }
|
| +
|
| +} // namespace nacl
|
|
|
Chromium Code Reviews
Issue 279693002:
Split NaCl SFI and non-SFI helpers into separate processes (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src