| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/zygote/zygote_linux.h" | 5 #include "content/zygote/zygote_linux.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
| 10 #include <sys/types.h> | 10 #include <sys/types.h> |
| 11 #include <sys/wait.h> | 11 #include <sys/wait.h> |
| 12 | 12 |
| 13 #include "base/command_line.h" | 13 #include "base/command_line.h" |
| 14 #include "base/debug/trace_event.h" | 14 #include "base/debug/trace_event.h" |
| 15 #include "base/file_util.h" | 15 #include "base/file_util.h" |
| 16 #include "base/linux_util.h" | 16 #include "base/linux_util.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/pickle.h" | 18 #include "base/pickle.h" |
| 19 #include "base/posix/eintr_wrapper.h" | 19 #include "base/posix/eintr_wrapper.h" |
| 20 #include "base/posix/global_descriptors.h" | 20 #include "base/posix/global_descriptors.h" |
| 21 #include "base/posix/unix_domain_socket_linux.h" | 21 #include "base/posix/unix_domain_socket_linux.h" |
| 22 #include "base/process_util.h" | 22 #include "base/process_util.h" |
| 23 #include "content/common/sandbox_linux.h" | 23 #include "content/common/sandbox_linux.h" |
| 24 #include "content/common/set_process_title.h" | 24 #include "content/common/set_process_title.h" |
| 25 #include "content/common/zygote_commands_linux.h" | 25 #include "content/common/zygote_commands_linux.h" |
| 26 #include "content/public/common/content_descriptors.h" | 26 #include "content/public/common/content_descriptors.h" |
| 27 #include "content/public/common/content_switches.h" |
| 27 #include "content/public/common/result_codes.h" | 28 #include "content/public/common/result_codes.h" |
| 28 #include "content/public/common/sandbox_linux.h" | 29 #include "content/public/common/sandbox_linux.h" |
| 29 #include "content/public/common/zygote_fork_delegate_linux.h" | 30 #include "content/public/common/zygote_fork_delegate_linux.h" |
| 30 #include "ipc/ipc_channel.h" | 31 #include "ipc/ipc_channel.h" |
| 31 #include "ipc/ipc_switches.h" | 32 #include "ipc/ipc_switches.h" |
| 32 | 33 |
| 33 #if defined(CHROMIUM_SELINUX) | 34 #if defined(CHROMIUM_SELINUX) |
| 34 #include <selinux/context.h> | 35 #include <selinux/context.h> |
| 35 #include <selinux/selinux.h> | 36 #include <selinux/selinux.h> |
| 36 #endif | 37 #endif |
| (...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 428 static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor)); | 429 static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor)); |
| 429 | 430 |
| 430 // Returns twice, once per process. | 431 // Returns twice, once per process. |
| 431 base::ProcessId child_pid = ForkWithRealPid(process_type, fds, channel_id, | 432 base::ProcessId child_pid = ForkWithRealPid(process_type, fds, channel_id, |
| 432 uma_name, uma_sample, | 433 uma_name, uma_sample, |
| 433 uma_boundary_value); | 434 uma_boundary_value); |
| 434 if (!child_pid) { | 435 if (!child_pid) { |
| 435 // This is the child process. | 436 // This is the child process. |
| 436 | 437 |
| 437 // At this point, we finally know our process type. | 438 // At this point, we finally know our process type. |
| 438 LinuxSandbox::GetInstance()->PreinitializeSandboxFinish(process_type); | 439 if (process_type == switches::kRendererProcess) { |
| 440 // The seccomp-legacy sandbox requires special handling and is only |
| 441 // ever enabled for renderers. TODO(jln): remove the seccomp-legacy |
| 442 // sandbox. |
| 443 LinuxSandbox::GetInstance()->PreinitializeSandboxFinish( |
| 444 LinuxSandbox::SANDBOX_CONFIG_RENDERER); |
| 445 } else { |
| 446 LinuxSandbox::GetInstance()->PreinitializeSandboxFinish( |
| 447 LinuxSandbox::SANDBOX_CONFIG_GENERIC); |
| 448 } |
| 439 | 449 |
| 440 close(kBrowserDescriptor); // Our socket from the browser. | 450 close(kBrowserDescriptor); // Our socket from the browser. |
| 441 if (UsingSUIDSandbox()) | 451 if (UsingSUIDSandbox()) |
| 442 close(kZygoteIdFd); // Another socket from the browser. | 452 close(kZygoteIdFd); // Another socket from the browser. |
| 443 base::GlobalDescriptors::GetInstance()->Reset(mapping); | 453 base::GlobalDescriptors::GetInstance()->Reset(mapping); |
| 444 | 454 |
| 445 #if defined(CHROMIUM_SELINUX) | 455 #if defined(CHROMIUM_SELINUX) |
| 446 SELinuxTransitionToTypeOrDie("chromium_renderer_t"); | 456 SELinuxTransitionToTypeOrDie("chromium_renderer_t"); |
| 447 #endif | 457 #endif |
| 448 | 458 |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 505 PickleIterator iter) { | 515 PickleIterator iter) { |
| 506 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) != | 516 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) != |
| 507 sizeof(sandbox_flags_)) { | 517 sizeof(sandbox_flags_)) { |
| 508 PLOG(ERROR) << "write"; | 518 PLOG(ERROR) << "write"; |
| 509 } | 519 } |
| 510 | 520 |
| 511 return false; | 521 return false; |
| 512 } | 522 } |
| 513 | 523 |
| 514 } // namespace content | 524 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13814027:
Linux: make current InitializeSandbox() private. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src