| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <string.h> | 10 #include <string.h> |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 #include "sandbox/linux/services/init_process_reaper.h" | 40 #include "sandbox/linux/services/init_process_reaper.h" |
| 41 #include "sandbox/linux/services/libc_urandom_override.h" | 41 #include "sandbox/linux/services/libc_urandom_override.h" |
| 42 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" | 42 #include "sandbox/linux/suid/client/setuid_sandbox_client.h" |
| 43 #include "third_party/icu/source/i18n/unicode/timezone.h" | 43 #include "third_party/icu/source/i18n/unicode/timezone.h" |
| 44 #include "third_party/skia/include/ports/SkFontConfigInterface.h" | 44 #include "third_party/skia/include/ports/SkFontConfigInterface.h" |
| 45 | 45 |
| 46 #if defined(OS_LINUX) | 46 #if defined(OS_LINUX) |
| 47 #include <sys/prctl.h> | 47 #include <sys/prctl.h> |
| 48 #endif | 48 #endif |
| 49 | 49 |
| 50 #if defined(USE_OPENSSL) |
| 51 #include <openssl/rand.h> |
| 52 #endif |
| 53 |
| 50 #if defined(ENABLE_WEBRTC) | 54 #if defined(ENABLE_WEBRTC) |
| 51 #include "third_party/libjingle/overrides/init_webrtc.h" | 55 #include "third_party/libjingle/overrides/init_webrtc.h" |
| 52 #endif | 56 #endif |
| 53 | 57 |
| 54 #if defined(ADDRESS_SANITIZER) | 58 #if defined(ADDRESS_SANITIZER) |
| 55 #include <sanitizer/asan_interface.h> | 59 #include <sanitizer/asan_interface.h> |
| 56 #endif | 60 #endif |
| 57 | 61 |
| 58 namespace content { | 62 namespace content { |
| 59 | 63 |
| (...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 305 // Olson timezone ID by accessing the zoneinfo files on disk. After | 309 // Olson timezone ID by accessing the zoneinfo files on disk. After |
| 306 // TimeZone::createDefault is called once here, the timezone ID is | 310 // TimeZone::createDefault is called once here, the timezone ID is |
| 307 // cached and there's no more need to access the file system. | 311 // cached and there's no more need to access the file system. |
| 308 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); | 312 scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); |
| 309 | 313 |
| 310 #if defined(USE_NSS) | 314 #if defined(USE_NSS) |
| 311 // NSS libraries are loaded before sandbox is activated. This is to allow | 315 // NSS libraries are loaded before sandbox is activated. This is to allow |
| 312 // successful initialization of NSS which tries to load extra library files. | 316 // successful initialization of NSS which tries to load extra library files. |
| 313 crypto::LoadNSSLibraries(); | 317 crypto::LoadNSSLibraries(); |
| 314 #elif defined(USE_OPENSSL) | 318 #elif defined(USE_OPENSSL) |
| 315 // OpenSSL is intentionally not supported in the sandboxed processes, see | 319 // Read a random byte in order to cause BoringSSL to open a file descriptor |
| 316 // http://crbug.com/99163. If that ever changes we'll likely need to init | 320 // for /dev/urandom. |
| 317 // OpenSSL here (at least, load the library and error strings). | 321 uint8_t scratch; |
| 322 RAND_bytes(&scratch, 1); |
| 318 #else | 323 #else |
| 319 // It's possible that another hypothetical crypto stack would not require | 324 // It's possible that another hypothetical crypto stack would not require |
| 320 // pre-sandbox init, but more likely this is just a build configuration error. | 325 // pre-sandbox init, but more likely this is just a build configuration error. |
| 321 #error Which SSL library are you using? | 326 #error Which SSL library are you using? |
| 322 #endif | 327 #endif |
| 323 #if defined(ENABLE_PLUGINS) | 328 #if defined(ENABLE_PLUGINS) |
| 324 // Ensure access to the Pepper plugins before the sandbox is turned on. | 329 // Ensure access to the Pepper plugins before the sandbox is turned on. |
| 325 PreloadPepperPlugins(); | 330 PreloadPepperPlugins(); |
| 326 #endif | 331 #endif |
| 327 #if defined(ENABLE_WEBRTC) | 332 #if defined(ENABLE_WEBRTC) |
| (...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 563 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 568 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
| 564 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); | 569 CHECK_EQ(must_enable_setuid_sandbox, setuid_sandbox_engaged); |
| 565 | 570 |
| 566 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 571 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
| 567 extra_fds); | 572 extra_fds); |
| 568 // This function call can return multiple times, once per fork(). | 573 // This function call can return multiple times, once per fork(). |
| 569 return zygote.ProcessRequests(); | 574 return zygote.ProcessRequests(); |
| 570 } | 575 } |
| 571 | 576 |
| 572 } // namespace content | 577 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
