Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(577)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_linux.h

Issue 10837081: Revert 149692 - Create a LinuxSandbox class. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/public/common/sandbox_linux.h ('k') | content/zygote/zygote_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_ZYGOTE_ZYGOTE_H_ 5 #ifndef CONTENT_ZYGOTE_ZYGOTE_H_
6 #define CONTENT_ZYGOTE_ZYGOTE_H_ 6 #define CONTENT_ZYGOTE_ZYGOTE_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/hash_tables.h" 11 #include "base/hash_tables.h"
12 #include "base/process.h" 12 #include "base/process.h"
13 #include "content/common/seccomp_sandbox.h"
13 14
14 class Pickle; 15 class Pickle;
15 class PickleIterator; 16 class PickleIterator;
16 17
17 namespace content { 18 namespace content {
18 19
19 class ZygoteForkDelegate; 20 class ZygoteForkDelegate;
20 21
21 // This is the object which implements the zygote. The ZygoteMain function, 22 // This is the object which implements the zygote. The ZygoteMain function,
22 // which is called from ChromeMain, simply constructs one of these objects and 23 // which is called from ChromeMain, simply constructs one of these objects and
23 // runs it. 24 // runs it.
24 class Zygote { 25 class Zygote {
25 public: 26 public:
27 // The proc_fd_for_seccomp should be a file descriptor to /proc under the
28 // seccomp sandbox. This is not needed when not using seccomp, and should be
29 // -1 in those cases.
26 Zygote(int sandbox_flags, 30 Zygote(int sandbox_flags,
27 ZygoteForkDelegate* helper); 31 ZygoteForkDelegate* helper,
32 int proc_fd_for_seccomp);
28 ~Zygote(); 33 ~Zygote();
29 34
30 bool ProcessRequests(); 35 bool ProcessRequests();
31 36
32 static const int kBrowserDescriptor = 3; 37 static const int kBrowserDescriptor = 3;
33 static const int kMagicSandboxIPCDescriptor = 5; 38 static const int kMagicSandboxIPCDescriptor = 5;
34 39
35 private: 40 private:
36 // Returns true if the SUID sandbox is active. 41 // Returns true if the SUID sandbox is active.
37 bool UsingSUIDSandbox() const; 42 bool UsingSUIDSandbox() const;
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
86 91
87 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs 92 // In the SUID sandbox, we try to use a new PID namespace. Thus the PIDs
88 // fork() returns are not the real PIDs, so we need to map the Real PIDS 93 // fork() returns are not the real PIDs, so we need to map the Real PIDS
89 // into the sandbox PID namespace. 94 // into the sandbox PID namespace.
90 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap; 95 typedef base::hash_map<base::ProcessHandle, base::ProcessHandle> ProcessMap;
91 ProcessMap real_pids_to_sandbox_pids; 96 ProcessMap real_pids_to_sandbox_pids;
92 97
93 const int sandbox_flags_; 98 const int sandbox_flags_;
94 ZygoteForkDelegate* helper_; 99 ZygoteForkDelegate* helper_;
95 100
101 #if defined(SECCOMP_SANDBOX)
102 // File descriptor to proc under seccomp, -1 when not using seccomp.
103 int proc_fd_for_seccomp_;
104 #endif
105
96 // These might be set by helper_->InitialUMA. They supply a UMA enumeration 106 // These might be set by helper_->InitialUMA. They supply a UMA enumeration
97 // sample we should report on the first fork. 107 // sample we should report on the first fork.
98 std::string initial_uma_name_; 108 std::string initial_uma_name_;
99 int initial_uma_sample_; 109 int initial_uma_sample_;
100 int initial_uma_boundary_value_; 110 int initial_uma_boundary_value_;
101 }; 111 };
102 112
103 } // namespace content 113 } // namespace content
104 114
105 #endif // CONTENT_ZYGOTE_ZYGOTE_H_ 115 #endif // CONTENT_ZYGOTE_ZYGOTE_H_
OLDNEW
« no previous file with comments | « content/public/common/sandbox_linux.h ('k') | content/zygote/zygote_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698