| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/syscall_broker/broker_client.h" | 5 #include "sandbox/linux/syscall_broker/broker_client.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| 11 #include <sys/types.h> | 11 #include <sys/types.h> |
| 12 | 12 |
| 13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/pickle.h" | 15 #include "base/pickle.h" |
| 16 #include "base/posix/unix_domain_socket_linux.h" | 16 #include "base/posix/unix_domain_socket_linux.h" |
| 17 #include "sandbox/linux/syscall_broker/broker_channel.h" |
| 17 #include "sandbox/linux/syscall_broker/broker_common.h" | 18 #include "sandbox/linux/syscall_broker/broker_common.h" |
| 18 #include "sandbox/linux/syscall_broker/broker_policy.h" | 19 #include "sandbox/linux/syscall_broker/broker_policy.h" |
| 19 | 20 |
| 20 #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) | 21 #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) |
| 21 #define MSG_CMSG_CLOEXEC 0x40000000 | 22 #define MSG_CMSG_CLOEXEC 0x40000000 |
| 22 #endif | 23 #endif |
| 23 | 24 |
| 24 namespace sandbox { | 25 namespace sandbox { |
| 25 | 26 |
| 26 namespace syscall_broker { | 27 namespace syscall_broker { |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 68 write_pickle.WriteInt(flags); | 69 write_pickle.WriteInt(flags); |
| 69 RAW_CHECK(write_pickle.size() <= kMaxMessageLength); | 70 RAW_CHECK(write_pickle.size() <= kMaxMessageLength); |
| 70 | 71 |
| 71 int returned_fd = -1; | 72 int returned_fd = -1; |
| 72 uint8_t reply_buf[kMaxMessageLength]; | 73 uint8_t reply_buf[kMaxMessageLength]; |
| 73 | 74 |
| 74 // Send a request (in write_pickle) as well that will include a new | 75 // Send a request (in write_pickle) as well that will include a new |
| 75 // temporary socketpair (created internally by SendRecvMsg()). | 76 // temporary socketpair (created internally by SendRecvMsg()). |
| 76 // Then read the reply on this new socketpair in reply_buf and put an | 77 // Then read the reply on this new socketpair in reply_buf and put an |
| 77 // eventual attached file descriptor in |returned_fd|. | 78 // eventual attached file descriptor in |returned_fd|. |
| 78 ssize_t msg_len = UnixDomainSocket::SendRecvMsgWithFlags(ipc_channel_, | 79 ssize_t msg_len = UnixDomainSocket::SendRecvMsgWithFlags( |
| 79 reply_buf, | 80 ipc_channel_.get(), reply_buf, sizeof(reply_buf), recvmsg_flags, |
| 80 sizeof(reply_buf), | 81 &returned_fd, write_pickle); |
| 81 recvmsg_flags, | |
| 82 &returned_fd, | |
| 83 write_pickle); | |
| 84 if (msg_len <= 0) { | 82 if (msg_len <= 0) { |
| 85 if (!quiet_failures_for_tests_) | 83 if (!quiet_failures_for_tests_) |
| 86 RAW_LOG(ERROR, "Could not make request to broker process"); | 84 RAW_LOG(ERROR, "Could not make request to broker process"); |
| 87 return -ENOMEM; | 85 return -ENOMEM; |
| 88 } | 86 } |
| 89 | 87 |
| 90 Pickle read_pickle(reinterpret_cast<char*>(reply_buf), msg_len); | 88 Pickle read_pickle(reinterpret_cast<char*>(reply_buf), msg_len); |
| 91 PickleIterator iter(read_pickle); | 89 PickleIterator iter(read_pickle); |
| 92 int return_value = -1; | 90 int return_value = -1; |
| 93 // Now deserialize the return value and eventually return the file | 91 // Now deserialize the return value and eventually return the file |
| (...skipping 18 matching lines...) Expand all Loading... |
| 112 return -ENOSYS; | 110 return -ENOSYS; |
| 113 } | 111 } |
| 114 } else { | 112 } else { |
| 115 RAW_LOG(ERROR, "Could not read pickle"); | 113 RAW_LOG(ERROR, "Could not read pickle"); |
| 116 NOTREACHED(); | 114 NOTREACHED(); |
| 117 return -ENOMEM; | 115 return -ENOMEM; |
| 118 } | 116 } |
| 119 } | 117 } |
| 120 | 118 |
| 121 BrokerClient::BrokerClient(const BrokerPolicy& broker_policy, | 119 BrokerClient::BrokerClient(const BrokerPolicy& broker_policy, |
| 122 int ipc_channel, | 120 BrokerChannel::EndPoint ipc_channel, |
| 123 bool fast_check_in_client, | 121 bool fast_check_in_client, |
| 124 bool quiet_failures_for_tests) | 122 bool quiet_failures_for_tests) |
| 125 : broker_policy_(broker_policy), | 123 : broker_policy_(broker_policy), |
| 126 ipc_channel_(ipc_channel), | 124 ipc_channel_(ipc_channel.Pass()), |
| 127 fast_check_in_client_(fast_check_in_client), | 125 fast_check_in_client_(fast_check_in_client), |
| 128 quiet_failures_for_tests_(quiet_failures_for_tests) { | 126 quiet_failures_for_tests_(quiet_failures_for_tests) { |
| 129 } | 127 } |
| 130 | 128 |
| 131 BrokerClient::~BrokerClient() { | 129 BrokerClient::~BrokerClient() { |
| 132 } | 130 } |
| 133 | 131 |
| 134 int BrokerClient::Access(const char* pathname, int mode) const { | 132 int BrokerClient::Access(const char* pathname, int mode) const { |
| 135 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode); | 133 return PathAndFlagsSyscall(COMMAND_ACCESS, pathname, mode); |
| 136 } | 134 } |
| 137 | 135 |
| 138 int BrokerClient::Open(const char* pathname, int flags) const { | 136 int BrokerClient::Open(const char* pathname, int flags) const { |
| 139 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags); | 137 return PathAndFlagsSyscall(COMMAND_OPEN, pathname, flags); |
| 140 } | 138 } |
| 141 | 139 |
| 142 } // namespace syscall_broker | 140 } // namespace syscall_broker |
| 143 | 141 |
| 144 } // namespace sandbox | 142 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 717673002:
Linux sandbox: introduce BrokerChannel (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master