OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <pthread.h> | 9 #include <pthread.h> |
10 #include <string.h> | 10 #include <string.h> |
(...skipping 29 matching lines...) Expand all Loading... |
40 #include "sandbox/linux/services/init_process_reaper.h" | 40 #include "sandbox/linux/services/init_process_reaper.h" |
41 #include "sandbox/linux/services/libc_urandom_override.h" | 41 #include "sandbox/linux/services/libc_urandom_override.h" |
42 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | 42 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
43 #include "third_party/icu/source/i18n/unicode/timezone.h" | 43 #include "third_party/icu/source/i18n/unicode/timezone.h" |
44 #include "third_party/skia/include/ports/SkFontConfigInterface.h" | 44 #include "third_party/skia/include/ports/SkFontConfigInterface.h" |
45 | 45 |
46 #if defined(OS_LINUX) | 46 #if defined(OS_LINUX) |
47 #include <sys/prctl.h> | 47 #include <sys/prctl.h> |
48 #endif | 48 #endif |
49 | 49 |
| 50 #if defined(USE_OPENSSL) |
| 51 #include <openssl/rand.h> |
| 52 #endif |
| 53 |
50 #if defined(ENABLE_WEBRTC) | 54 #if defined(ENABLE_WEBRTC) |
51 #include "third_party/libjingle/overrides/init_webrtc.h" | 55 #include "third_party/libjingle/overrides/init_webrtc.h" |
52 #endif | 56 #endif |
53 | 57 |
54 #if defined(ADDRESS_SANITIZER) | 58 #if defined(ADDRESS_SANITIZER) |
55 #include <sanitizer/asan_interface.h> | 59 #include <sanitizer/asan_interface.h> |
56 #endif | 60 #endif |
57 | 61 |
58 namespace content { | 62 namespace content { |
59 | 63 |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 // Olson timezone ID by accessing the zoneinfo files on disk. After | 309 // Olson timezone ID by accessing the zoneinfo files on disk. After |
306 // TimeZone::createDefault is called once here, the timezone ID is | 310 // TimeZone::createDefault is called once here, the timezone ID is |
307 // cached and there's no more need to access the file system. | 311 // cached and there's no more need to access the file system. |
308 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); | 312 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); |
309 | 313 |
310 #if defined(USE_NSS) | 314 #if defined(USE_NSS) |
311 // NSS libraries are loaded before sandbox is activated. This is to allow | 315 // NSS libraries are loaded before sandbox is activated. This is to allow |
312 // successful initialization of NSS which tries to load extra library files. | 316 // successful initialization of NSS which tries to load extra library files. |
313 crypto::LoadNSSLibraries(); | 317 crypto::LoadNSSLibraries(); |
314 #elif defined(USE_OPENSSL) | 318 #elif defined(USE_OPENSSL) |
315 // OpenSSL is intentionally not supported in the sandboxed processes, see | 319 // Read a random byte in order to cause BoringSSL to open a file descriptor |
316 // http://crbug.com/99163. If that ever changes we'll likely need to init | 320 // for /dev/urandom. |
317 // OpenSSL here (at least, load the library and error strings). | 321 uint8_t scratch; |
| 322 RAND_bytes(&scratch, 1); |
318 #else | 323 #else |
319 // It's possible that another hypothetical crypto stack would not require | 324 // It's possible that another hypothetical crypto stack would not require |
320 // pre-sandbox init, but more likely this is just a build configuration error. | 325 // pre-sandbox init, but more likely this is just a build configuration error. |
321 #error Which SSL library are you using? | 326 #error Which SSL library are you using? |
322 #endif | 327 #endif |
323 #if defined(ENABLE_PLUGINS) | 328 #if defined(ENABLE_PLUGINS) |
324 // Ensure access to the Pepper plugins before the sandbox is turned on. | 329 // Ensure access to the Pepper plugins before the sandbox is turned on. |
325 PreloadPepperPlugins(); | 330 PreloadPepperPlugins(); |
326 #endif | 331 #endif |
327 #if defined(ENABLE_WEBRTC) | 332 #if defined(ENABLE_WEBRTC) |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
563 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 568 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
564 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); | 569 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); |
565 | 570 |
566 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 571 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
567 extra_fds); | 572 extra_fds); |
568 // This function call can return multiple times, once per fork(). | 573 // This function call can return multiple times, once per fork(). |
569 return zygote.ProcessRequests(); | 574 return zygote.ProcessRequests(); |
570 } | 575 } |
571 | 576 |
572 } // namespace content | 577 } // namespace content |
OLD | NEW |