Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/nacl/nacl_helper_linux.cc

Issue 10736017: Share the zygote's fopen overrides with nacl_helper. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/nacl/DEPS ('k') | content/content_browser.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // A mini-zygote specifically for Native Client. 5 // A mini-zygote specifically for Native Client.
6 6
7 #include "chrome/common/nacl_helper_linux.h" 7 #include "chrome/common/nacl_helper_linux.h"
8 8
9 #include <errno.h> 9 #include <errno.h>
10 #include <link.h> 10 #include <link.h>
(...skipping 11 matching lines...) Expand all
22 #include "base/global_descriptors_posix.h" 22 #include "base/global_descriptors_posix.h"
23 #include "base/json/string_escape.h" 23 #include "base/json/string_escape.h"
24 #include "base/logging.h" 24 #include "base/logging.h"
25 #include "base/message_loop.h" 25 #include "base/message_loop.h"
26 #include "base/posix/unix_domain_socket.h" 26 #include "base/posix/unix_domain_socket.h"
27 #include "base/rand_util.h" 27 #include "base/rand_util.h"
28 #include "chrome/nacl/nacl_listener.h" 28 #include "chrome/nacl/nacl_listener.h"
29 #include "crypto/nss_util.h" 29 #include "crypto/nss_util.h"
30 #include "ipc/ipc_descriptors.h" 30 #include "ipc/ipc_descriptors.h"
31 #include "ipc/ipc_switches.h" 31 #include "ipc/ipc_switches.h"
32 #include "sandbox/linux/services/libc_urandom_override.h"
32 33
33 namespace { 34 namespace {
34 35
35 // The child must mimic the behavior of zygote_main_linux.cc on the child 36 // The child must mimic the behavior of zygote_main_linux.cc on the child
36 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from 37 // side of the fork. See zygote_main_linux.cc:HandleForkRequest from
37 // if (!child) { 38 // if (!child) {
38 // Note: this code doesn't attempt to support SELINUX or the SECCOMP sandbox. 39 // Note: this code doesn't attempt to support SELINUX or the SECCOMP sandbox.
39 void BecomeNaClLoader(const std::vector<int>& child_fds, 40 void BecomeNaClLoader(const std::vector<int>& child_fds,
40 size_t prereserved_sandbox_size) { 41 size_t prereserved_sandbox_size) {
41 VLOG(1) << "NaCl loader: setting up IPC descriptor"; 42 VLOG(1) << "NaCl loader: setting up IPC descriptor";
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
194 LOG(ERROR) << "Could not parse reserved_at_zero argument value of " 195 LOG(ERROR) << "Could not parse reserved_at_zero argument value of "
195 << reserved_at_zero_switch_value; 196 << reserved_at_zero_switch_value;
196 } 197 }
197 return prereserved_sandbox_size; 198 return prereserved_sandbox_size;
198 } 199 }
199 200
200 int main(int argc, char *argv[]) { 201 int main(int argc, char *argv[]) {
201 CommandLine::Init(argc, argv); 202 CommandLine::Init(argc, argv);
202 base::AtExitManager exit_manager; 203 base::AtExitManager exit_manager;
203 base::RandUint64(); // acquire /dev/urandom fd before sandbox is raised 204 base::RandUint64(); // acquire /dev/urandom fd before sandbox is raised
205 #if !defined(CHROMIUM_SELINUX)
206 // Allows NSS to fopen() /dev/urandom.
207 sandbox::InitLibcUrandomOverrides();
208 #endif
204 #if defined(USE_NSS) 209 #if defined(USE_NSS)
205 // Configure NSS for use inside the NaCl process. 210 // Configure NSS for use inside the NaCl process.
206 // The fork check has not caused problems for NaCl, but this appears to be 211 // The fork check has not caused problems for NaCl, but this appears to be
207 // best practice (see other places LoadNSSLibraries is called.) 212 // best practice (see other places LoadNSSLibraries is called.)
208 crypto::DisableNSSForkCheck(); 213 crypto::DisableNSSForkCheck();
209 // Without this line on Linux, HMAC::Init will instantiate a singleton that 214 // Without this line on Linux, HMAC::Init will instantiate a singleton that
210 // in turn attempts to open a file. Disabling this behavior avoids a ~70 ms 215 // in turn attempts to open a file. Disabling this behavior avoids a ~70 ms
211 // stall the first time HMAC is used. 216 // stall the first time HMAC is used.
212 crypto::ForceNSSNoDBInit(); 217 crypto::ForceNSSNoDBInit();
213 // Load shared libraries before sandbox is raised. 218 // Load shared libraries before sandbox is raised.
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
254 _exit(-1); 259 _exit(-1);
255 } 260 }
256 // if fork fails, send PID=-1 to zygote 261 // if fork fails, send PID=-1 to zygote
257 if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, &badpid, 262 if (!UnixDomainSocket::SendMsg(kNaClZygoteDescriptor, &badpid,
258 sizeof(badpid), empty)) { 263 sizeof(badpid), empty)) {
259 LOG(ERROR) << "*** send() to zygote failed"; 264 LOG(ERROR) << "*** send() to zygote failed";
260 } 265 }
261 } 266 }
262 CHECK(false); // This routine must not return 267 CHECK(false); // This routine must not return
263 } 268 }
OLDNEW
« no previous file with comments | « chrome/nacl/DEPS ('k') | content/content_browser.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698