Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(153)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/api/messaging/native_process_launcher_posix.cc

Issue 304083002: Don't use no_new_privs mode when running NM process on Linux (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/extensions/api/messaging/native_process_launcher.h" 5 #include "chrome/browser/extensions/api/messaging/native_process_launcher.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "base/file_util.h" 8 #include "base/file_util.h"
9 #include "base/files/scoped_file.h" 9 #include "base/files/scoped_file.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/path_service.h" 11 #include "base/path_service.h"
12 #include "base/posix/eintr_wrapper.h" 12 #include "base/posix/eintr_wrapper.h"
13 #include "base/process/launch.h" 13 #include "base/process/launch.h"
14 #include "chrome/common/chrome_paths.h" 14 #include "chrome/common/chrome_paths.h"
jln (very slow on Chromium) 2014/05/29 20:52:00 #include "build/build_config.h"
Sergey Ulanov 2014/05/29 21:14:52 Done.
15 15
16 namespace extensions { 16 namespace extensions {
17 17
18 namespace { 18 namespace {
19 19
20 base::FilePath FindManifestInDir(int dir_key, const std::string& host_name) { 20 base::FilePath FindManifestInDir(int dir_key, const std::string& host_name) {
21 base::FilePath base_path; 21 base::FilePath base_path;
22 if (PathService::Get(dir_key, &base_path)) { 22 if (PathService::Get(dir_key, &base_path)) {
23 base::FilePath path = base_path.Append(host_name + ".json"); 23 base::FilePath path = base_path.Append(host_name + ".json");
24 if (base::PathExists(path)) 24 if (base::PathExists(path))
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 if (HANDLE_EINTR(pipe(write_pipe_fds)) != 0) { 67 if (HANDLE_EINTR(pipe(write_pipe_fds)) != 0) {
68 LOG(ERROR) << "Bad write pipe"; 68 LOG(ERROR) << "Bad write pipe";
69 return false; 69 return false;
70 } 70 }
71 base::ScopedFD write_pipe_read_fd(write_pipe_fds[0]); 71 base::ScopedFD write_pipe_read_fd(write_pipe_fds[0]);
72 base::ScopedFD write_pipe_write_fd(write_pipe_fds[1]); 72 base::ScopedFD write_pipe_write_fd(write_pipe_fds[1]);
73 fd_map.push_back(std::make_pair(write_pipe_read_fd.get(), STDIN_FILENO)); 73 fd_map.push_back(std::make_pair(write_pipe_read_fd.get(), STDIN_FILENO));
74 74
75 base::LaunchOptions options; 75 base::LaunchOptions options;
76 options.fds_to_remap = &fd_map; 76 options.fds_to_remap = &fd_map;
77
78 #if !defined(OS_CHROMEOS)
79 // Don't use no_new_privs mode, e.g. in case the host needs to use sudo.
80 options.allow_new_privs = true;
81 #endif
82
77 if (!base::LaunchProcess(command_line, options, process_handle)) { 83 if (!base::LaunchProcess(command_line, options, process_handle)) {
78 LOG(ERROR) << "Error launching process"; 84 LOG(ERROR) << "Error launching process";
79 return false; 85 return false;
80 } 86 }
81 87
82 // We will not be reading from the write pipe, nor writing from the read pipe. 88 // We will not be reading from the write pipe, nor writing from the read pipe.
83 write_pipe_read_fd.reset(); 89 write_pipe_read_fd.reset();
84 read_pipe_write_fd.reset(); 90 read_pipe_write_fd.reset();
85 91
86 *read_file = base::File(read_pipe_read_fd.release()); 92 *read_file = base::File(read_pipe_read_fd.release());
87 *write_file = base::File(write_pipe_write_fd.release()); 93 *write_file = base::File(write_pipe_write_fd.release());
88 94
89 return true; 95 return true;
90 } 96 }
91 97
92 } // namespace extensions 98 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698