| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // The entry point for all Mac Chromium processes, including the outer app | 5 // The entry point for all Mac Chromium processes, including the outer app |
| 6 // bundle (browser) and helper app (renderer, plugin, and friends). | 6 // bundle (browser) and helper app (renderer, plugin, and friends). |
| 7 | 7 |
| 8 #include <dlfcn.h> | 8 #include <dlfcn.h> |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <libgen.h> | 10 #include <libgen.h> |
| 11 #include <mach-o/dyld.h> | 11 #include <mach-o/dyld.h> |
| 12 #include <stddef.h> | 12 #include <stddef.h> |
| 13 #include <stdint.h> | 13 #include <stdint.h> |
| 14 #include <stdio.h> | 14 #include <stdio.h> |
| 15 #include <stdlib.h> | 15 #include <stdlib.h> |
| 16 #include <string.h> | 16 #include <string.h> |
| 17 #include <unistd.h> | 17 #include <unistd.h> |
| 18 | 18 |
| 19 #include <string> |
| 20 #include <vector> |
| 21 |
| 19 #include "chrome/common/chrome_version.h" | 22 #include "chrome/common/chrome_version.h" |
| 20 | 23 |
| 24 #if defined(HELPER_EXECUTABLE) |
| 25 #include "sandbox/mac/seatbelt_exec.h" |
| 26 #endif // defined(HELPER_EXECUTABLE) |
| 27 |
| 28 namespace { |
| 29 |
| 21 typedef int (*ChromeMainPtr)(int, char**); | 30 typedef int (*ChromeMainPtr)(int, char**); |
| 22 | 31 |
| 23 __attribute__((visibility("default"))) int main(int argc, char* argv[]) { | |
| 24 #if defined(HELPER_EXECUTABLE) | 32 #if defined(HELPER_EXECUTABLE) |
| 25 const char* const rel_path = | 33 // The command line parameter to engage the v2 sandbox. |
| 26 "../../../" PRODUCT_FULLNAME_STRING | 34 constexpr char v2_sandbox_arg[] = "--v2-sandbox"; |
| 27 " Framework.framework/" PRODUCT_FULLNAME_STRING " Framework"; | 35 // The command line parameter for the file descriptor used to receive the |
| 28 #else | 36 // sandbox policy. |
| 29 const char* const rel_path = | 37 constexpr char fd_mapping_arg[] = "--fd_mapping="; |
| 30 "../Versions/" CHROME_VERSION_STRING "/" PRODUCT_FULLNAME_STRING | 38 |
| 31 " Framework.framework/" PRODUCT_FULLNAME_STRING " Framework"; | 39 __attribute__((noreturn)) void SandboxExec(const char* exec_path, |
| 40 int argc, |
| 41 char* argv[], |
| 42 int fd_mapping) { |
| 43 char rp[MAXPATHLEN]; |
| 44 if (realpath(exec_path, rp) == NULL) { |
| 45 perror("realpath"); |
| 46 abort(); |
| 47 } |
| 48 |
| 49 sandbox::SeatbeltExecServer server(fd_mapping); |
| 50 |
| 51 // The name of the parameter containing the executable path. |
| 52 const std::string exec_param = "EXECUTABLE_PATH"; |
| 53 // The name of the parameter containing the PID of Chrome. |
| 54 const std::string pid_param = "CHROMIUM_PID"; |
| 55 |
| 56 if (!server.SetParameter(exec_param, rp) || |
| 57 !server.SetParameter(pid_param, std::to_string(getpid()))) { |
| 58 fprintf(stderr, "Failed to set up parameters for sandbox.\n"); |
| 59 abort(); |
| 60 } |
| 61 |
| 62 if (server.InitializeSandbox() != 0) { |
| 63 fprintf(stderr, "Failed to initialize sandbox.\n"); |
| 64 abort(); |
| 65 } |
| 66 |
| 67 std::vector<char*> new_argv; |
| 68 for (int i = 1; i < argc; ++i) { |
| 69 if (strcmp(argv[i], v2_sandbox_arg) != 0 && |
| 70 strncmp(argv[i], fd_mapping_arg, strlen(fd_mapping_arg)) != 0) { |
| 71 new_argv.push_back(argv[i]); |
| 72 } |
| 73 } |
| 74 new_argv.push_back(nullptr); |
| 75 |
| 76 // The helper executable re-executes itself under the sandbox. |
| 77 execv(exec_path, new_argv.data()); |
| 78 perror("execve"); |
| 79 abort(); |
| 80 } |
| 32 #endif // defined(HELPER_EXECUTABLE) | 81 #endif // defined(HELPER_EXECUTABLE) |
| 33 | 82 |
| 83 } // namespace |
| 84 |
| 85 __attribute__((visibility("default"))) int main(int argc, char* argv[]) { |
| 34 uint32_t exec_path_size = 0; | 86 uint32_t exec_path_size = 0; |
| 35 int rv = _NSGetExecutablePath(NULL, &exec_path_size); | 87 int rv = _NSGetExecutablePath(NULL, &exec_path_size); |
| 36 if (rv != -1) { | 88 if (rv != -1) { |
| 37 fprintf(stderr, "_NSGetExecutablePath: get length failed\n"); | 89 fprintf(stderr, "_NSGetExecutablePath: get length failed\n"); |
| 38 abort(); | 90 abort(); |
| 39 } | 91 } |
| 40 | 92 |
| 41 char* exec_path = new char[exec_path_size]; | 93 char* exec_path = new char[exec_path_size]; |
| 42 if (!exec_path) { | |
| 43 fprintf(stderr, "malloc %u: %s\n", exec_path_size, strerror(errno)); | |
| 44 abort(); | |
| 45 } | |
| 46 | |
| 47 rv = _NSGetExecutablePath(exec_path, &exec_path_size); | 94 rv = _NSGetExecutablePath(exec_path, &exec_path_size); |
| 48 if (rv != 0) { | 95 if (rv != 0) { |
| 49 fprintf(stderr, "_NSGetExecutablePath: get path failed\n"); | 96 fprintf(stderr, "_NSGetExecutablePath: get path failed\n"); |
| 50 abort(); | 97 abort(); |
| 51 } | 98 } |
| 52 | 99 |
| 100 #if defined(HELPER_EXECUTABLE) |
| 101 bool enable_v2_sandbox = false; |
| 102 int fd_mapping = -1; |
| 103 for (int i = 1; i < argc; i++) { |
| 104 if (strcmp(argv[i], v2_sandbox_arg) == 0) { |
| 105 enable_v2_sandbox = true; |
| 106 } else if (strncmp(argv[i], fd_mapping_arg, strlen(fd_mapping_arg)) == 0) { |
| 107 // Parse --fd_mapping=X to get the file descriptor X. |
| 108 std::string arg(argv[i]); |
| 109 std::string fd_str = arg.substr(strlen(fd_mapping_arg), arg.length()); |
| 110 fd_mapping = std::stoi(fd_str); |
| 111 } |
| 112 } |
| 113 if (enable_v2_sandbox && fd_mapping == -1) { |
| 114 fprintf(stderr, "Must pass a valid file descriptor to --fd_mapping.\n"); |
| 115 abort(); |
| 116 } |
| 117 |
| 118 // SandboxExec either aborts or execs, but there is no return. |
| 119 if (enable_v2_sandbox) |
| 120 SandboxExec(exec_path, argc, argv, fd_mapping); |
| 121 |
| 122 const char* const rel_path = |
| 123 "../../../" PRODUCT_FULLNAME_STRING |
| 124 " Framework.framework/" PRODUCT_FULLNAME_STRING " Framework"; |
| 125 #else |
| 126 const char* const rel_path = |
| 127 "../Versions/" CHROME_VERSION_STRING "/" PRODUCT_FULLNAME_STRING |
| 128 " Framework.framework/" PRODUCT_FULLNAME_STRING " Framework"; |
| 129 #endif // defined(HELPER_EXECUTABLE) |
| 130 |
| 53 // Slice off the last part of the main executable path, and append the | 131 // Slice off the last part of the main executable path, and append the |
| 54 // version framework information. | 132 // version framework information. |
| 55 const char* parent_dir = dirname(exec_path); | 133 const char* parent_dir = dirname(exec_path); |
| 56 if (!parent_dir) { | 134 if (!parent_dir) { |
| 57 fprintf(stderr, "dirname %s: %s\n", exec_path, strerror(errno)); | 135 fprintf(stderr, "dirname %s: %s\n", exec_path, strerror(errno)); |
| 58 abort(); | 136 abort(); |
| 59 } | 137 } |
| 60 delete[] exec_path; | 138 delete[] exec_path; |
| 61 | 139 |
| 62 const size_t parent_path_len = strlen(parent_dir); | 140 const size_t parent_dir_len = strlen(parent_dir); |
| 63 const size_t rel_path_len = strlen(rel_path); | 141 const size_t rel_path_len = strlen(rel_path); |
| 64 // 2 accounts for a trailing NUL byte and the '/' in the middle of the paths. | 142 // 2 accounts for a trailing NUL byte and the '/' in the middle of the paths. |
| 65 const size_t framework_path_size = parent_path_len + rel_path_len + 2; | 143 const size_t framework_path_size = parent_dir_len + rel_path_len + 2; |
| 66 char* framework_path = new char[framework_path_size]; | 144 char* framework_path = new char[framework_path_size]; |
| 67 if (!framework_path) { | |
| 68 fprintf(stderr, "malloc %zu: %s\n", framework_path_size, strerror(errno)); | |
| 69 abort(); | |
| 70 } | |
| 71 snprintf(framework_path, framework_path_size, "%s/%s", parent_dir, rel_path); | 145 snprintf(framework_path, framework_path_size, "%s/%s", parent_dir, rel_path); |
| 72 | 146 |
| 73 void* library = dlopen(framework_path, RTLD_LAZY | RTLD_LOCAL | RTLD_FIRST); | 147 void* library = dlopen(framework_path, RTLD_LAZY | RTLD_LOCAL | RTLD_FIRST); |
| 74 if (!library) { | 148 if (!library) { |
| 75 fprintf(stderr, "dlopen %s: %s\n", framework_path, dlerror()); | 149 fprintf(stderr, "dlopen %s: %s\n", framework_path, dlerror()); |
| 76 abort(); | 150 abort(); |
| 77 } | 151 } |
| 78 delete[] framework_path; | 152 delete[] framework_path; |
| 79 | 153 |
| 80 const ChromeMainPtr chrome_main = | 154 const ChromeMainPtr chrome_main = |
| 81 reinterpret_cast<ChromeMainPtr>(dlsym(library, "ChromeMain")); | 155 reinterpret_cast<ChromeMainPtr>(dlsym(library, "ChromeMain")); |
| 82 if (!chrome_main) { | 156 if (!chrome_main) { |
| 83 fprintf(stderr, "dlsym ChromeMain: %s\n", dlerror()); | 157 fprintf(stderr, "dlsym ChromeMain: %s\n", dlerror()); |
| 84 abort(); | 158 abort(); |
| 85 } | 159 } |
| 86 rv = chrome_main(argc, argv); | 160 rv = chrome_main(argc, argv); |
| 87 | 161 |
| 88 // exit, don't return from main, to avoid the apparent removal of main from | 162 // exit, don't return from main, to avoid the apparent removal of main from |
| 89 // stack backtraces under tail call optimization. | 163 // stack backtraces under tail call optimization. |
| 90 exit(rv); | 164 exit(rv); |
| 91 } | 165 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2891933005:
Plumb sandbox rules through the helper executable. (Closed)
