Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/services/broker_process.cc

Issue 11569028: Linux Sandbox: Basic support for GPU broker. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address a few nits. Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/services/broker_process.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/services/broker_process.h" 5 #include "sandbox/linux/services/broker_process.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/socket.h> 8 #include <sys/socket.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
103 allowed_w_files_(allowed_w_files), 103 allowed_w_files_(allowed_w_files),
104 ipc_socketpair_(-1) { 104 ipc_socketpair_(-1) {
105 } 105 }
106 106
107 BrokerProcess::~BrokerProcess() { 107 BrokerProcess::~BrokerProcess() {
108 if (initialized_ && ipc_socketpair_ != -1) { 108 if (initialized_ && ipc_socketpair_ != -1) {
109 void (HANDLE_EINTR(close(ipc_socketpair_))); 109 void (HANDLE_EINTR(close(ipc_socketpair_)));
110 } 110 }
111 } 111 }
112 112
113 bool BrokerProcess::Init(void* sandbox_callback) { 113 bool BrokerProcess::Init(bool (*sandbox_callback)(void)) {
114 CHECK(!initialized_); 114 CHECK(!initialized_);
115 CHECK_EQ(sandbox_callback, (void*) NULL) <<
116 "sandbox_callback is not implemented";
117 int socket_pair[2]; 115 int socket_pair[2];
118 // Use SOCK_SEQPACKET, because we need to preserve message boundaries 116 // Use SOCK_SEQPACKET, because we need to preserve message boundaries
119 // but we also want to be notified (recvmsg should return and not block) 117 // but we also want to be notified (recvmsg should return and not block)
120 // when the connection has been broken (one of the processes died). 118 // when the connection has been broken (one of the processes died).
121 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) { 119 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) {
122 LOG(ERROR) << "Failed to create socketpair"; 120 LOG(ERROR) << "Failed to create socketpair";
123 return false; 121 return false;
124 } 122 }
125 123
126 int child_pid = fork(); 124 int child_pid = fork();
(...skipping 14 matching lines...) Expand all
141 initialized_ = true; 139 initialized_ = true;
142 return true; 140 return true;
143 } else { 141 } else {
144 // We are the broker. 142 // We are the broker.
145 (void) HANDLE_EINTR(close(socket_pair[1])); 143 (void) HANDLE_EINTR(close(socket_pair[1]));
146 // We should only be able to read from this IPC channel. We will send our 144 // We should only be able to read from this IPC channel. We will send our
147 // replies on a new file descriptor attached to the requests. 145 // replies on a new file descriptor attached to the requests.
148 shutdown(socket_pair[0], SHUT_WR); 146 shutdown(socket_pair[0], SHUT_WR);
149 ipc_socketpair_ = socket_pair[0]; 147 ipc_socketpair_ = socket_pair[0];
150 is_child_ = true; 148 is_child_ = true;
151 // TODO(jln): activate a sandbox here. 149 // Enable the sandbox if provided.
150 if (sandbox_callback) {
151 CHECK(sandbox_callback());
152 }
152 initialized_ = true; 153 initialized_ = true;
153 for (;;) { 154 for (;;) {
154 HandleRequest(); 155 HandleRequest();
155 } 156 }
156 _exit(1); 157 _exit(1);
157 } 158 }
158 NOTREACHED(); 159 NOTREACHED();
159 } 160 }
160 161
161 // This function needs to be async signal safe. 162 // This function needs to be async signal safe.
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
341 GetFileNameInWhitelist(allowed_w_files_, requested_filename, 342 GetFileNameInWhitelist(allowed_w_files_, requested_filename,
342 file_to_open); 343 file_to_open);
343 return allowed_for_read_and_write; 344 return allowed_for_read_and_write;
344 } 345 }
345 default: 346 default:
346 return false; 347 return false;
347 } 348 }
348 } 349 }
349 350
350 } // namespace sandbox. 351 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/services/broker_process.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698