Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1584)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/mac/bootstrap_sandbox.cc

Issue 347783002: Alter the design of the bootstrap sandbox to only take over the bootstrap port of children when nec… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: bootstrap_check_in Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/mac/bootstrap_sandbox.h ('K') | « sandbox/mac/bootstrap_sandbox.h ('k') | sandbox/mac/bootstrap_sandbox_unittest.mm » ('j') | sandbox/mac/launchd_interception_server.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/mac/bootstrap_sandbox.cc
diff --git a/sandbox/mac/bootstrap_sandbox.cc b/sandbox/mac/bootstrap_sandbox.cc
index 6407c68f59f541cd051c35085e12bd83ce393876..a90f570eb47487524acecdd11e903c8e60eeeb40 100644
--- a/sandbox/mac/bootstrap_sandbox.cc
+++ b/sandbox/mac/bootstrap_sandbox.cc
@@ -4,9 +4,13 @@
#include "sandbox/mac/bootstrap_sandbox.h"
+#include <servers/bootstrap.h>
+#include <unistd.h>
+
#include "base/logging.h"
+#include "base/mac/foundation_util.h"
#include "base/mac/mach_logging.h"
-
+#include "base/strings/stringprintf.h"
#include "sandbox/mac/launchd_interception_server.h"
namespace sandbox {
@@ -19,41 +23,28 @@ scoped_ptr<BootstrapSandbox> BootstrapSandbox::Create() {
scoped_ptr<BootstrapSandbox> sandbox(new BootstrapSandbox());
sandbox->server_.reset(new LaunchdInterceptionServer(sandbox.get()));
- if (!sandbox->server_->Initialize())
- return null.Pass();
-
- mach_port_t port = sandbox->server_->server_port();
- kern_return_t kr = mach_port_insert_right(mach_task_self(), port, port,
- MACH_MSG_TYPE_MAKE_SEND);
+ // Check in with launchd to get the receive right for the server that is
+ // published in the bootstrap namespace.
+ mach_port_t port = MACH_PORT_NULL;
+ kern_return_t kr = bootstrap_check_in(bootstrap_port,
+ sandbox->server_bootstrap_name().c_str(), &port);
if (kr != KERN_SUCCESS) {
- MACH_LOG(ERROR, kr) << "Failed to insert send right on bootstrap port.";
+ BOOTSTRAP_LOG(ERROR, kr)
+ << "Failed to bootstrap_check_in the sandbox server.";
return null.Pass();
}
- base::mac::ScopedMachSendRight scoped_right(port);
-
- // Note that the extern global bootstrap_port (in bootstrap.h) will not
- // be changed here. The parent only has its bootstrap port replaced
- // permanently because changing it repeatedly in a multi-threaded program
- // could lead to unsafe access patterns. In a single-threaded program,
- // the port would be restored after fork(). See the design document for
- // a larger discussion.
- //
- // By not changing the global bootstrap_port, users of the bootstrap port
- // in the parent can potentially skip an unnecessary indirection through
- // the sandbox server.
- kr = task_set_special_port(mach_task_self(), TASK_BOOTSTRAP_PORT, port);
- if (kr != KERN_SUCCESS) {
- MACH_LOG(ERROR, kr) << "Failed to set new bootstrap port.";
+ base::mac::ScopedMachReceiveRight scoped_port(port);
+
+ // Start the sandbox server.
+ if (sandbox->server_->Initialize(scoped_port.get()))
+ ignore_result(scoped_port.release()); // Transferred to server_.
+ else
return null.Pass();
- }
return sandbox.Pass();
}
BootstrapSandbox::~BootstrapSandbox() {
- kern_return_t kr = task_set_special_port(mach_task_self(),
- TASK_BOOTSTRAP_PORT, real_bootstrap_port_);
- MACH_CHECK(kr == KERN_SUCCESS, kr);
}
void BootstrapSandbox::RegisterSandboxPolicy(
@@ -69,6 +60,7 @@ void BootstrapSandbox::RegisterSandboxPolicy(
void BootstrapSandbox::PrepareToForkWithPolicy(int sandbox_policy_id) {
base::AutoLock lock(lock_);
+ // Verify that this is a real policy.
CHECK(policies_.find(sandbox_policy_id) != policies_.end());
CHECK_EQ(kNotAPolicy, effective_policy_id_)
<< "Cannot nest calls to PrepareToForkWithPolicy()";
@@ -89,6 +81,7 @@ void BootstrapSandbox::FinishedFork(base::ProcessHandle handle) {
CHECK_NE(kNotAPolicy, effective_policy_id_)
<< "Must PrepareToForkWithPolicy() before FinishedFork()";
+ // Apply the policy to the new process.
if (handle != base::kNullProcessHandle) {
const auto& existing_process = sandboxed_processes_.find(handle);
CHECK(existing_process == sandboxed_processes_.end());
@@ -125,7 +118,10 @@ const BootstrapSandboxPolicy* BootstrapSandbox::PolicyForProcess(
}
BootstrapSandbox::BootstrapSandbox()
- : real_bootstrap_port_(MACH_PORT_NULL),
+ : server_bootstrap_name_(
+ base::StringPrintf("%s.sandbox.%d", base::mac::BaseBundleID(),
+ getpid())),
+ real_bootstrap_port_(MACH_PORT_NULL),
effective_policy_id_(kNotAPolicy) {
mach_port_t port = MACH_PORT_NULL;
kern_return_t kr = task_get_special_port(
« sandbox/mac/bootstrap_sandbox.h ('K') | « sandbox/mac/bootstrap_sandbox.h ('k') | sandbox/mac/bootstrap_sandbox_unittest.mm » ('j') | sandbox/mac/launchd_interception_server.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698