Chromium Code Reviews Chromium Code Reviews
Issue 2931173003:
Implement the V2 sandbox in the process launcher. (Closed)
| Index: content/browser/child_process_launcher_helper_mac.cc |
| diff --git a/content/browser/child_process_launcher_helper_mac.cc b/content/browser/child_process_launcher_helper_mac.cc |
| index 30435b6dff14702d1c34a272f4d4432c7bf73f0e..bb9da77330d8f93d86d417a5a3a1348cec650669 100644 |
| --- a/content/browser/child_process_launcher_helper_mac.cc |
| +++ b/content/browser/child_process_launcher_helper_mac.cc |
| @@ -2,6 +2,11 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| +#include "base/command_line.h" |
| +#include "base/feature_list.h" |
| +#include "base/files/file_util.h" |
| +#include "base/mac/bundle_locations.h" |
| +#include "base/mac/mac_util.h" |
| #include "base/memory/ptr_util.h" |
| #include "base/path_service.h" |
| #include "base/posix/global_descriptors.h" |
| @@ -10,11 +15,20 @@ |
| #include "content/browser/child_process_launcher_helper.h" |
| #include "content/browser/child_process_launcher_helper_posix.h" |
| #include "content/browser/mach_broker_mac.h" |
| +#include "content/common/sandbox_mac.h" |
| +#include "content/grit/content_resources.h" |
| +#include "content/public/browser/content_browser_client.h" |
| +#include "content/public/common/content_client.h" |
| +#include "content/public/common/content_paths.h" |
| +#include "content/public/common/content_switches.h" |
| #include "content/public/common/result_codes.h" |
| #include "content/public/common/sandboxed_process_launcher_delegate.h" |
| #include "mojo/edk/embedder/scoped_platform_handle.h" |
| #include "sandbox/mac/bootstrap_sandbox.h" |
| #include "sandbox/mac/pre_exec_delegate.h" |
| +#include "sandbox/mac/seatbelt_exec.h" |
| + |
| +#include <unistd.h> |
| namespace content { |
| namespace internal { |
| @@ -47,6 +61,82 @@ void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( |
| base::GlobalDescriptors::kBaseDescriptor); |
| options->environ = delegate_->GetEnvironment(); |
| + |
| + base::Feature kV2SandboxFeature{"V2SandboxFeature", |
|
Robert Sesek
2017/06/12 21:13:54
This should go in content_features.cc/h and needs
Greg K
2017/06/13 18:27:21
Done.
|
| + base::FEATURE_DISABLED_BY_DEFAULT}; |
| + if (base::FeatureList::IsEnabled(kV2SandboxFeature) && |
| + GetProcessType() == std::string(switches::kRendererProcess)) { |
| + base::StringPiece renderer_sb = GetContentClient()->GetDataResource( |
| + IDR_RENDERER_SANDBOX_V2_PROFILE, ui::SCALE_FACTOR_NONE); |
| + |
| + seatbelt_exec_client_ = base::MakeUnique<sandbox::SeatbeltExecClient>(); |
| + |
| + const base::CommandLine* command_line = |
| + base::CommandLine::ForCurrentProcess(); |
| + bool enable_logging = |
| + command_line->HasSwitch(switches::kEnableSandboxLogging); |
| + |
| + CHECK(seatbelt_exec_client_->SetBooleanParameter( |
| + Sandbox::kSandboxEnableLogging, enable_logging)); |
| + CHECK(seatbelt_exec_client_->SetBooleanParameter( |
| + Sandbox::kSandboxDisableDenialLogging, !enable_logging)); |
| + |
| + std::string homedir = |
| + Sandbox::GetCanonicalSandboxPath(base::GetHomeDir()).value(); |
| + CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxHomedirAsLiteral, |
| + homedir)); |
| + |
| + bool elcap_or_later = base::mac::IsAtLeastOS10_11(); |
| + CHECK(seatbelt_exec_client_->SetBooleanParameter( |
| + Sandbox::kSandboxElCapOrLater, elcap_or_later)); |
| + |
| + std::string bundle_path = |
| + Sandbox::GetCanonicalSandboxPath(base::mac::MainBundlePath()).value(); |
| + CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxBundlePath, |
| + bundle_path)); |
| + |
| + std::string bundle_id = base::mac::GetOuterBundleIdentifier(); |
| + CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxChromeBundleId, |
| + bundle_id)); |
| + |
| + CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxChromePID, |
| + std::to_string(getpid()))); |
| + |
| + std::string logging_path = |
| + GetContentClient()->browser()->GetLoggingFileName().value(); |
| + CHECK(seatbelt_exec_client_->SetParameter( |
| + Sandbox::kSandboxLoggingPathAsLiteral, logging_path)); |
| + |
| +#if defined(COMPONENT_BUILD) |
| + // For component builds, allow access to one directory level higher, where |
| + // the dylibs live. |
| + base::FilePath bundle_path = base::mac::MainBundlePath(); |
| + base::FilePath component_path = bundle_path.Append(".."); |
| + std::string component_path_canonical = |
| + Sandbox::GetCanonicalSandboxPath(component_path).value(); |
| + CHECK(seatbelt_exec_client_->SetParameter(Sandbox::kSandboxComponentPath, |
| + component_path_canonical)); |
| +#endif |
| + |
| + std::string profile = renderer_sb.as_string(); |
| + seatbelt_exec_client_->SetProfile(profile); |
| + |
| + int pipe = seatbelt_exec_client_->SendProfileAndGetFD(); |
| + fds_to_map->push_back(std::make_pair(pipe, pipe)); |
| + |
| + base::FilePath helper_executable; |
| + CHECK(PathService::Get(content::CHILD_PROCESS_EXE, &helper_executable)); |
| + |
| + base::CommandLine wrapper(helper_executable); |
| + |
| + wrapper.AppendSwitch(switches::kEnableV2Sandbox); |
| + wrapper.AppendArg("--fd_mapping=" + std::to_string(pipe)); |
| + // base::CommandLine::AppendArguments messes up the arguments. |
| + for (size_t i = 1; i < command_line_->argv().size(); i++) |
| + wrapper.AppendArg(command_line_->argv()[i]); |
| + command_line_.reset(new base::CommandLine(wrapper)); |
| + } |
| + |
| // fds_to_remap will de deleted in AfterLaunchOnLauncherThread() below. |
| options->fds_to_remap = fds_to_map.release(); |
