Remove --find-inode-switch hack from chrome-sandbox

sandbox/linux/suid/sandbox.c

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
 
 #include "sandbox/linux/suid/common/sandbox.h"
 
 #define _GNU_SOURCE
 #include <asm/unistd.h>
@@ skipping 12 matching lines @@
 #include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/vfs.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
-#include "sandbox/linux/suid/linux_util.h"
 #include "sandbox/linux/suid/process_util.h"
 
 #if !defined(CLONE_NEWPID)
 #define CLONE_NEWPID 0x20000000
 #endif
 #if !defined(CLONE_NEWNET)
 #define CLONE_NEWNET 0x40000000
 #endif
 
 static bool DropRoot();
@@ skipping 382 matching lines @@
     fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]);
     return 1;
   }
 
   // Allow someone to query our API version
   if (argc == 2 && 0 == strcmp(argv[1], kSuidSandboxGetApiSwitch)) {
     printf("%ld\n", kSUIDSandboxApiNumber);
     return 0;
   }
 
-  // In the SUID sandbox, if we succeed in calling MoveToNewNamespaces()
-  // below, then the zygote and all the renderers are in an alternate PID
-  // namespace and do not know their real PIDs. As such, they report the wrong
-  // PIDs to the task manager.
-  //
-  // To fix this, when the zygote spawns a new renderer, it gives the renderer
-  // a dummy socket, which has a unique inode number. Then it asks the sandbox
-  // host to find the PID of the process holding that fd by searching /proc.
-  //
-  // Since the zygote and renderers are all spawned by this setuid executable,
-  // their entries in /proc are owned by root and only readable by root. In
-  // order to search /proc for the fd we want, this setuid executable has to
-  // double as a helper and perform the search. The code block below does this
-  // when you call it with --find-inode INODE_NUMBER.
-  if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
-    pid_t pid;
-    char* endptr = NULL;
-    errno = 0;
-    ino_t inode = strtoull(argv[2], &endptr, 10);
-    if (inode == ULLONG_MAX || !endptr || *endptr || errno != 0)
-      return 1;
-    if (!FindProcessHoldingSocket(&pid, inode))
-      return 1;
-    printf("%d\n", pid);
-    return 0;
-  }
-  // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
-  // because those files are owned by root. So we need another helper here.
+  // We cannot adjust /proc/pid/oom_adj for sandboxed renderers
+  // because those files are owned by root. So we need a helper here.
   if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
     char* endptr = NULL;
     long score;
     errno = 0;
     unsigned long pid_ul = strtoul(argv[2], &endptr, 10);
     if (pid_ul == ULONG_MAX || !endptr || *endptr || errno != 0)
       return 1;
     pid_t pid = pid_ul;
     endptr = NULL;
     errno = 0;
@@ skipping 24 matching lines @@
   if (!DropRoot())
     return 1;
   if (!SetupChildEnvironment())
     return 1;
 
   execv(argv[1], &argv[1]);
   FatalError("execv failed");
 
   return 1;
 }