| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // A mini-zygote specifically for Native Client. | 5 // A mini-zygote specifically for Native Client. |
| 6 | 6 |
| 7 #include "components/nacl/loader/nacl_helper_linux.h" | 7 #include "components/nacl/loader/nacl_helper_linux.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 // it with a dummy. | 84 // it with a dummy. |
| 85 const int sandbox_ipc_channel = | 85 const int sandbox_ipc_channel = |
| 86 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; | 86 base::GlobalDescriptors::kBaseDescriptor + kSandboxIPCChannel; |
| 87 | 87 |
| 88 ReplaceFDWithDummy(sandbox_ipc_channel); | 88 ReplaceFDWithDummy(sandbox_ipc_channel); |
| 89 | 89 |
| 90 // Install crash signal handlers before disallowing system calls. | 90 // Install crash signal handlers before disallowing system calls. |
| 91 nacl::nonsfi::InitializeSignalHandler(); | 91 nacl::nonsfi::InitializeSignalHandler(); |
| 92 } | 92 } |
| 93 | 93 |
| 94 // Always ignore SIGPIPE, for consistency with other Chrome processes and |
| 95 // because some IPC code, such as sync_socket_posix.cc, requires this. |
| 96 // We do this before seccomp-bpf is initialized. |
| 97 PCHECK(signal(SIGPIPE, SIG_IGN) != SIG_ERR); |
| 98 |
| 94 // Finish layer-1 sandbox initialization and initialize the layer-2 sandbox. | 99 // Finish layer-1 sandbox initialization and initialize the layer-2 sandbox. |
| 95 CHECK(!nacl_sandbox->HasOpenDirectory()); | 100 CHECK(!nacl_sandbox->HasOpenDirectory()); |
| 96 nacl_sandbox->InitializeLayerTwoSandbox(uses_nonsfi_mode); | 101 nacl_sandbox->InitializeLayerTwoSandbox(uses_nonsfi_mode); |
| 97 nacl_sandbox->SealLayerOneSandbox(); | 102 nacl_sandbox->SealLayerOneSandbox(); |
| 98 nacl_sandbox->CheckSandboxingStateWithPolicy(); | 103 nacl_sandbox->CheckSandboxingStateWithPolicy(); |
| 99 | 104 |
| 100 base::GlobalDescriptors::GetInstance()->Set(kPrimaryIPCChannel, | 105 base::GlobalDescriptors::GetInstance()->Set(kPrimaryIPCChannel, |
| 101 browser_fd.release()); | 106 browser_fd.release()); |
| 102 | 107 |
| 103 base::MessageLoopForIO main_message_loop; | 108 base::MessageLoopForIO main_message_loop; |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 433 // Now handle requests from the Zygote. | 438 // Now handle requests from the Zygote. |
| 434 while (true) { | 439 while (true) { |
| 435 bool request_handled = HandleZygoteRequest( | 440 bool request_handled = HandleZygoteRequest( |
| 436 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); | 441 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); |
| 437 // Do not turn this into a CHECK() without thinking about robustness | 442 // Do not turn this into a CHECK() without thinking about robustness |
| 438 // against malicious IPC requests. | 443 // against malicious IPC requests. |
| 439 DCHECK(request_handled); | 444 DCHECK(request_handled); |
| 440 } | 445 } |
| 441 NOTREACHED(); | 446 NOTREACHED(); |
| 442 } | 447 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 288063004:
Always Ignore SIGPIPE for NaCl both in SFI mode and non SFI mode. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src