Chromium Code Reviews Chromium Code Reviews
Issue 2931173003:
Implement the V2 sandbox in the process launcher. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | |
| 6 #include "base/feature_list.h" | |
| 7 #include "base/files/file_util.h" | |
| 8 #include "base/mac/bundle_locations.h" | |
| 9 #include "base/mac/mac_util.h" | |
| 5 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| 6 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 7 #include "base/posix/global_descriptors.h" | 12 #include "base/posix/global_descriptors.h" |
| 8 #include "content/browser/bootstrap_sandbox_manager_mac.h" | 13 #include "content/browser/bootstrap_sandbox_manager_mac.h" |
| 9 #include "content/browser/child_process_launcher.h" | 14 #include "content/browser/child_process_launcher.h" |
| 10 #include "content/browser/child_process_launcher_helper.h" | 15 #include "content/browser/child_process_launcher_helper.h" |
| 11 #include "content/browser/child_process_launcher_helper_posix.h" | 16 #include "content/browser/child_process_launcher_helper_posix.h" |
| 12 #include "content/browser/mach_broker_mac.h" | 17 #include "content/browser/mach_broker_mac.h" |
| 18 #include "content/common/sandbox_mac.h" | |
| 19 #include "content/grit/content_resources.h" | |
| 20 #include "content/public/browser/content_browser_client.h" | |
| 21 #include "content/public/common/content_client.h" | |
| 22 #include "content/public/common/content_paths.h" | |
| 23 #include "content/public/common/content_switches.h" | |
| 13 #include "content/public/common/result_codes.h" | 24 #include "content/public/common/result_codes.h" |
| 14 #include "content/public/common/sandboxed_process_launcher_delegate.h" | 25 #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| 15 #include "mojo/edk/embedder/scoped_platform_handle.h" | 26 #include "mojo/edk/embedder/scoped_platform_handle.h" |
| 16 #include "sandbox/mac/bootstrap_sandbox.h" | 27 #include "sandbox/mac/bootstrap_sandbox.h" |
| 17 #include "sandbox/mac/pre_exec_delegate.h" | 28 #include "sandbox/mac/pre_exec_delegate.h" |
| 29 #include "sandbox/mac/seatbelt_exec.h" | |
| 30 | |
| 31 #include <unistd.h> | |
| 18 | 32 |
| 19 namespace content { | 33 namespace content { |
| 20 namespace internal { | 34 namespace internal { |
| 21 | 35 |
| 22 mojo::edk::ScopedPlatformHandle | 36 mojo::edk::ScopedPlatformHandle |
| 23 ChildProcessLauncherHelper::PrepareMojoPipeHandlesOnClientThread() { | 37 ChildProcessLauncherHelper::PrepareMojoPipeHandlesOnClientThread() { |
| 24 DCHECK_CURRENTLY_ON(client_thread_id_); | 38 DCHECK_CURRENTLY_ON(client_thread_id_); |
| 25 return mojo::edk::ScopedPlatformHandle(); | 39 return mojo::edk::ScopedPlatformHandle(); |
| 26 } | 40 } |
| 27 | 41 |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 40 | 54 |
| 41 void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( | 55 void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( |
| 42 const FileMappedForLaunch& files_to_register, | 56 const FileMappedForLaunch& files_to_register, |
| 43 base::LaunchOptions* options) { | 57 base::LaunchOptions* options) { |
| 44 // Convert FD mapping to FileHandleMappingVector. | 58 // Convert FD mapping to FileHandleMappingVector. |
| 45 std::unique_ptr<base::FileHandleMappingVector> fds_to_map = | 59 std::unique_ptr<base::FileHandleMappingVector> fds_to_map = |
| 46 files_to_register.GetMappingWithIDAdjustment( | 60 files_to_register.GetMappingWithIDAdjustment( |
| 47 base::GlobalDescriptors::kBaseDescriptor); | 61 base::GlobalDescriptors::kBaseDescriptor); |
| 48 | 62 |
| 49 options->environ = delegate_->GetEnvironment(); | 63 options->environ = delegate_->GetEnvironment(); |
| 64 | |
| 65 base::Feature kV2SandboxFeature{"V2SandboxFeature", | |
|
Robert Sesek
2017/06/12 21:13:54
This should go in content_features.cc/h and needs
Greg K
2017/06/13 18:27:21
Done.
| |
| 66 base::FEATURE_DISABLED_BY_DEFAULT}; | |
| 67 if (base::FeatureList::IsEnabled(kV2SandboxFeature) && | |
| 68 GetProcessType() == std::string(switches::kRendererProcess)) { | |
| 69 base::StringPiece renderer_sb = GetContentClient()->GetDataResource( | |
| 70 IDR_RENDERER_SANDBOX_V2_PROFILE, ui::SCALE_FACTOR_NONE); | |
| 71 | |
| 72 seatbelt_exec_client_ = base::MakeUnique<sandbox::SeatbeltExecClient>(); | |
| 73 | |
| 74 const base::CommandLine* command_line = | |
| 75 base::CommandLine::ForCurrentProcess(); | |
| 76 bool enable_logging = | |
| 77 command_line->HasSwitch(switches::kEnableSandboxLogging); | |
| 78 | |
| 79 CHECK(seatbelt_exec_client_->SetBooleanParameter( | |
| 80 Sandbox::kSandboxEnableLogging, enable_logging)); | |
| 81 CHECK(seatbelt_exec_client_->SetBooleanParameter( | |
| 82 Sandbox::kSandboxDisableDenialLogging, !enable_logging)); | |
| 83 | |
| 84 std::string homedir = | |
| 85 Sandbox::GetCanonicalSandboxPath(base::GetHomeDir()).value(); | |
| 86 CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxHomedirAsLiteral, | |
| 87 homedir)); | |
| 88 | |
| 89 bool elcap_or_later = base::mac::IsAtLeastOS10_11(); | |
| 90 CHECK(seatbelt_exec_client_->SetBooleanParameter( | |
| 91 Sandbox::kSandboxElCapOrLater, elcap_or_later)); | |
| 92 | |
| 93 std::string bundle_path = | |
| 94 Sandbox::GetCanonicalSandboxPath(base::mac::MainBundlePath()).value(); | |
| 95 CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxBundlePath, | |
| 96 bundle_path)); | |
| 97 | |
| 98 std::string bundle_id = base::mac::GetOuterBundleIdentifier(); | |
| 99 CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxChromeBundleId, | |
| 100 bundle_id)); | |
| 101 | |
| 102 CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxChromePID, | |
| 103 std::to_string(getpid()))); | |
| 104 | |
| 105 std::string logging_path = | |
| 106 GetContentClient()->browser()->GetLoggingFileName().value(); | |
| 107 CHECK(seatbelt_exec_client_->SetParameter( | |
| 108 Sandbox::kSandboxLoggingPathAsLiteral, logging_path)); | |
| 109 | |
| 110 #if defined(COMPONENT_BUILD) | |
| 111 // For component builds, allow access to one directory level higher, where | |
| 112 // the dylibs live. | |
| 113 base::FilePath bundle_path = base::mac::MainBundlePath(); | |
| 114 base::FilePath component_path = bundle_path.Append(".."); | |
| 115 std::string component_path_canonical = | |
| 116 Sandbox::GetCanonicalSandboxPath(component_path).value(); | |
| 117 CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxComponentPath, | |
| 118 component_path_canonical)); | |
| 119 #endif | |
| 120 | |
| 121 std::string profile = renderer_sb.as_string(); | |
| 122 seatbelt_exec_client_->SetProfile(profile); | |
| 123 | |
| 124 int pipe = seatbelt_exec_client_->SendProfileAndGetFD(); | |
| 125 fds_to_map->push_back(std::make_pair(pipe, pipe)); | |
| 126 | |
| 127 base::FilePath helper_executable; | |
| 128 CHECK(PathService::Get(content::CHILD_PROCESS_EXE, &helper_executable)); | |
| 129 | |
| 130 base::CommandLine wrapper(helper_executable); | |
| 131 | |
| 132 wrapper.AppendSwitch(switches::kEnableV2Sandbox); | |
| 133 wrapper.AppendArg("--fd_mapping=" + std::to_string(pipe)); | |
| 134 // base::CommandLine::AppendArguments messes up the arguments. | |
| 135 for (size_t i = 1; i < command_line_->argv().size(); i++) | |
| 136 wrapper.AppendArg(command_line_->argv()[i]); | |
| 137 command_line_.reset(new base::CommandLine(wrapper)); | |
| 138 } | |
| 139 | |
| 50 // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below. | 140 // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below. |
| 51 options->fds_to_remap = fds_to_map.release(); | 141 options->fds_to_remap = fds_to_map.release(); |
| 52 | 142 |
| 53 // Hold the MachBroker lock for the duration of LaunchProcess. The child will | 143 // Hold the MachBroker lock for the duration of LaunchProcess. The child will |
| 54 // send its task port to the parent almost immediately after startup. The Mach | 144 // send its task port to the parent almost immediately after startup. The Mach |
| 55 // message will be delivered to the parent, but updating the record of the | 145 // message will be delivered to the parent, but updating the record of the |
| 56 // launch will wait until after the placeholder PID is inserted below. This | 146 // launch will wait until after the placeholder PID is inserted below. This |
| 57 // ensures that while the child process may send its port to the parent prior | 147 // ensures that while the child process may send its port to the parent prior |
| 58 // to the parent leaving LaunchProcess, the order in which the record in | 148 // to the parent leaving LaunchProcess, the order in which the record in |
| 59 // MachBroker is updated is correct. | 149 // MachBroker is updated is correct. |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 164 base::File OpenFileToShare(const base::FilePath& path, | 254 base::File OpenFileToShare(const base::FilePath& path, |
| 165 base::MemoryMappedFile::Region* region) { | 255 base::MemoryMappedFile::Region* region) { |
| 166 // Not used yet (until required files are described in the service manifest on | 256 // Not used yet (until required files are described in the service manifest on |
| 167 // Mac). | 257 // Mac). |
| 168 NOTREACHED(); | 258 NOTREACHED(); |
| 169 return base::File(); | 259 return base::File(); |
| 170 } | 260 } |
| 171 | 261 |
| 172 } // namespace internal | 262 } // namespace internal |
| 173 } // namespace content | 263 } // namespace content |
| OLD | NEW |
