Chromium Code Reviews Chromium Code Reviews
Issue 2931173003:
Implement the V2 sandbox in the process launcher. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | |
| 6 #include "base/feature_list.h" | |
| 5 #include "base/memory/ptr_util.h" | 7 #include "base/memory/ptr_util.h" |
| 6 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 7 #include "base/posix/global_descriptors.h" | 9 #include "base/posix/global_descriptors.h" |
| 8 #include "content/browser/bootstrap_sandbox_manager_mac.h" | 10 #include "content/browser/bootstrap_sandbox_manager_mac.h" |
| 9 #include "content/browser/child_process_launcher.h" | 11 #include "content/browser/child_process_launcher.h" |
| 10 #include "content/browser/child_process_launcher_helper.h" | 12 #include "content/browser/child_process_launcher_helper.h" |
| 11 #include "content/browser/child_process_launcher_helper_posix.h" | 13 #include "content/browser/child_process_launcher_helper_posix.h" |
| 12 #include "content/browser/mach_broker_mac.h" | 14 #include "content/browser/mach_broker_mac.h" |
| 15 #include "content/browser/sandbox_parameters_mac.h" | |
| 16 #include "content/grit/content_resources.h" | |
| 17 #include "content/public/browser/content_browser_client.h" | |
| 18 #include "content/public/common/content_features.h" | |
| 19 #include "content/public/common/content_paths.h" | |
| 20 #include "content/public/common/content_switches.h" | |
| 13 #include "content/public/common/result_codes.h" | 21 #include "content/public/common/result_codes.h" |
| 14 #include "content/public/common/sandboxed_process_launcher_delegate.h" | 22 #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| 15 #include "mojo/edk/embedder/scoped_platform_handle.h" | 23 #include "mojo/edk/embedder/scoped_platform_handle.h" |
| 16 #include "sandbox/mac/bootstrap_sandbox.h" | 24 #include "sandbox/mac/bootstrap_sandbox.h" |
| 17 #include "sandbox/mac/pre_exec_delegate.h" | 25 #include "sandbox/mac/pre_exec_delegate.h" |
| 26 #include "sandbox/mac/seatbelt_exec.h" | |
| 18 | 27 |
| 19 namespace content { | 28 namespace content { |
| 20 namespace internal { | 29 namespace internal { |
| 21 | 30 |
| 22 mojo::edk::ScopedPlatformHandle | 31 mojo::edk::ScopedPlatformHandle |
| 23 ChildProcessLauncherHelper::PrepareMojoPipeHandlesOnClientThread() { | 32 ChildProcessLauncherHelper::PrepareMojoPipeHandlesOnClientThread() { |
| 24 DCHECK_CURRENTLY_ON(client_thread_id_); | 33 DCHECK_CURRENTLY_ON(client_thread_id_); |
| 25 return mojo::edk::ScopedPlatformHandle(); | 34 return mojo::edk::ScopedPlatformHandle(); |
| 26 } | 35 } |
| 27 | 36 |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 40 | 49 |
| 41 void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( | 50 void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( |
| 42 const FileMappedForLaunch& files_to_register, | 51 const FileMappedForLaunch& files_to_register, |
| 43 base::LaunchOptions* options) { | 52 base::LaunchOptions* options) { |
| 44 // Convert FD mapping to FileHandleMappingVector. | 53 // Convert FD mapping to FileHandleMappingVector. |
| 45 std::unique_ptr<base::FileHandleMappingVector> fds_to_map = | 54 std::unique_ptr<base::FileHandleMappingVector> fds_to_map = |
| 46 files_to_register.GetMappingWithIDAdjustment( | 55 files_to_register.GetMappingWithIDAdjustment( |
| 47 base::GlobalDescriptors::kBaseDescriptor); | 56 base::GlobalDescriptors::kBaseDescriptor); |
| 48 | 57 |
| 49 options->environ = delegate_->GetEnvironment(); | 58 options->environ = delegate_->GetEnvironment(); |
| 59 | |
| 60 if (base::FeatureList::IsEnabled(features::kMacV2Sandbox) && | |
| 61 GetProcessType() == switches::kRendererProcess) { | |
| 62 seatbelt_exec_client_ = base::MakeUnique<sandbox::SeatbeltExecClient>(); | |
| 63 base::StringPiece renderer_sb = GetContentClient()->GetDataResource( | |
| 64 IDR_RENDERER_SANDBOX_V2_PROFILE, ui::SCALE_FACTOR_NONE); | |
| 65 std::string profile = renderer_sb.as_string(); | |
| 66 | |
| 67 seatbelt_exec_client_->SetProfile(profile); | |
| 68 | |
| 69 SetupRendererSandboxParameters(seatbelt_exec_client_.get()); | |
| 70 | |
| 71 int pipe = seatbelt_exec_client_->SendProfileAndGetFD(); | |
| 72 | |
| 73 base::FilePath helper_executable; | |
| 74 CHECK(PathService::Get(content::CHILD_PROCESS_EXE, &helper_executable)); | |
| 75 | |
| 76 fds_to_map->push_back(std::make_pair(pipe, pipe)); | |
| 77 | |
| 78 base::CommandLine wrapper(helper_executable); | |
| 79 wrapper.AppendSwitch(switches::kEnableV2Sandbox); | |
| 80 wrapper.AppendArg("--fd_mapping=" + std::to_string(pipe)); | |
| 81 // base::CommandLine::AppendArguments messes up the arguments. | |
|
Robert Sesek
2017/06/13 19:05:08
How so? Is this a bug?
Greg K
2017/06/14 17:21:17
This was actually a problem in the original CL tha
| |
| 82 for (size_t i = 1; i < command_line_->argv().size(); i++) | |
| 83 wrapper.AppendArg(command_line_->argv()[i]); | |
| 84 command_line_.reset(new base::CommandLine(wrapper)); | |
| 85 } | |
| 86 | |
| 50 // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below. | 87 // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below. |
| 51 options->fds_to_remap = fds_to_map.release(); | 88 options->fds_to_remap = fds_to_map.release(); |
| 52 | 89 |
| 53 // Hold the MachBroker lock for the duration of LaunchProcess. The child will | 90 // Hold the MachBroker lock for the duration of LaunchProcess. The child will |
| 54 // send its task port to the parent almost immediately after startup. The Mach | 91 // send its task port to the parent almost immediately after startup. The Mach |
| 55 // message will be delivered to the parent, but updating the record of the | 92 // message will be delivered to the parent, but updating the record of the |
| 56 // launch will wait until after the placeholder PID is inserted below. This | 93 // launch will wait until after the placeholder PID is inserted below. This |
| 57 // ensures that while the child process may send its port to the parent prior | 94 // ensures that while the child process may send its port to the parent prior |
| 58 // to the parent leaving LaunchProcess, the order in which the record in | 95 // to the parent leaving LaunchProcess, the order in which the record in |
| 59 // MachBroker is updated is correct. | 96 // MachBroker is updated is correct. |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 164 base::File OpenFileToShare(const base::FilePath& path, | 201 base::File OpenFileToShare(const base::FilePath& path, |
| 165 base::MemoryMappedFile::Region* region) { | 202 base::MemoryMappedFile::Region* region) { |
| 166 // Not used yet (until required files are described in the service manifest on | 203 // Not used yet (until required files are described in the service manifest on |
| 167 // Mac). | 204 // Mac). |
| 168 NOTREACHED(); | 205 NOTREACHED(); |
| 169 return base::File(); | 206 return base::File(); |
| 170 } | 207 } |
| 171 | 208 |
| 172 } // namespace internal | 209 } // namespace internal |
| 173 } // namespace content | 210 } // namespace content |
| OLD | NEW |
