Refactor the setuid sandbox client code to its own class.

content/browser/zygote_host_impl_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/zygote_host_impl_linux.h"
 
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ skipping 13 matching lines @@
 #include "base/process_util.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "content/browser/renderer_host/render_sandbox_host_linux.h"
 #include "content/common/zygote_commands_linux.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/result_codes.h"
-#include "sandbox/linux/suid/sandbox.h"
-#include "sandbox/linux/suid/suid_unsafe_environment_variables.h"
+#include "sandbox/linux/suid/client/setuid_sandbox_client.h"
+#include "sandbox/linux/suid/common/sandbox.h"
 
 #if defined(USE_TCMALLOC)
 #include "third_party/tcmalloc/chromium/src/gperftools/heap-profiler.h"
 #endif
 
-// Set an environment variable that reflects the API version we expect from the
-// setuid sandbox. Old versions of the sandbox will ignore this.
-static void SetSandboxAPIEnvironmentVariable() {
-  scoped_ptr<base::Environment> env(base::Environment::Create());
-  env->SetVar(base::kSandboxEnvironmentApiRequest,
-              base::IntToString(base::kSUIDSandboxApiNumber));
-}
-
-static void SaveSUIDUnsafeEnvironmentVariables() {
-  // The ELF loader will clear many environment variables so we save them to
-  // different names here so that the SUID sandbox can resolve them for the
-  // renderer.
-
-  for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) {
-    const char* const envvar = kSUIDUnsafeEnvironmentVariables[i];
-    char* const saved_envvar = SandboxSavedEnvironmentVariable(envvar);
-    if (!saved_envvar)
-      continue;
-
-    scoped_ptr<base::Environment> env(base::Environment::Create());
-    std::string value;
-    if (env->GetVar(envvar, &value))
-      env->SetVar(saved_envvar, value);
-    else
-      env->UnSetVar(saved_envvar);
-
-    free(saved_envvar);
-  }
-}
-
 // static
 content::ZygoteHost* content::ZygoteHost::GetInstance() {
   return ZygoteHostImpl::GetInstance();
 }
 
 ZygoteHostImpl::ZygoteHostImpl()
     : control_fd_(-1),
       pid_(-1),
       init_(false),
       using_suid_sandbox_(false),
@@ skipping 65 matching lines @@
                  << sandbox_binary_ << " Aborting now.";
     }
 
     if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
         (st.st_uid == 0) &&
         (st.st_mode & S_ISUID) &&
         (st.st_mode & S_IXOTH)) {
       using_suid_sandbox_ = true;
       cmd_line.PrependWrapper(sandbox_binary_);
 
-      SaveSUIDUnsafeEnvironmentVariables();
-      SetSandboxAPIEnvironmentVariable();
+      scoped_ptr<sandbox::SetuidSandboxClient>
+          sandbox_client(sandbox::SetuidSandboxClient::Create());
+      sandbox_client->SetupLaunchEnvironment();
     } else {
       LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
                     "configured correctly. Rather than run without sandboxing "
                     "I'm aborting now. You need to make sure that "
                  << sandbox_binary_ << " is owned by root and has mode 4755.";
     }
   } else {
     LOG(WARNING) << "Running without the SUID sandbox! See "
         "http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment "
         "for more information on developing with the sandbox on.";
@@ skipping 332 matching lines @@
 
 pid_t ZygoteHostImpl::GetSandboxHelperPid() const {
   return RenderSandboxHostLinux::GetInstance()->pid();
 }
 
 int ZygoteHostImpl::GetSandboxStatus() const {
   if (have_read_sandbox_status_word_)
     return sandbox_status_;
   return 0;
 }