Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_linux.cc

Issue 14411008: Linux sandbox: more paranoid checks (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address nits. Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/sandbox_linux.cc ('k') | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/zygote/zygote_linux.h" 5 #include "content/zygote/zygote_linux.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <string.h> 8 #include <string.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after
429 mapping.push_back(std::make_pair( 429 mapping.push_back(std::make_pair(
430 static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor)); 430 static_cast<uint32_t>(kSandboxIPCChannel), kMagicSandboxIPCDescriptor));
431 431
432 // Returns twice, once per process. 432 // Returns twice, once per process.
433 base::ProcessId child_pid = ForkWithRealPid(process_type, fds, channel_id, 433 base::ProcessId child_pid = ForkWithRealPid(process_type, fds, channel_id,
434 uma_name, uma_sample, 434 uma_name, uma_sample,
435 uma_boundary_value); 435 uma_boundary_value);
436 if (!child_pid) { 436 if (!child_pid) {
437 // This is the child process. 437 // This is the child process.
438 438
439 // At this point, we finally know our process type.
440 LinuxSandbox::GetInstance()->PreinitializeSandboxFinish(process_type);
441
442 close(kBrowserDescriptor); // Our socket from the browser. 439 close(kBrowserDescriptor); // Our socket from the browser.
443 if (UsingSUIDSandbox()) 440 if (UsingSUIDSandbox())
444 close(kZygoteIdFd); // Another socket from the browser. 441 close(kZygoteIdFd); // Another socket from the browser.
445 base::GlobalDescriptors::GetInstance()->Reset(mapping); 442 base::GlobalDescriptors::GetInstance()->Reset(mapping);
446 443
447 #if defined(CHROMIUM_SELINUX) 444 #if defined(CHROMIUM_SELINUX)
448 SELinuxTransitionToTypeOrDie("chromium_renderer_t"); 445 SELinuxTransitionToTypeOrDie("chromium_renderer_t");
449 #endif 446 #endif
450 447
451 // Reset the process-wide command line to our new command line. 448 // Reset the process-wide command line to our new command line.
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
507 PickleIterator iter) { 504 PickleIterator iter) {
508 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) != 505 if (HANDLE_EINTR(write(fd, &sandbox_flags_, sizeof(sandbox_flags_))) !=
509 sizeof(sandbox_flags_)) { 506 sizeof(sandbox_flags_)) {
510 PLOG(ERROR) << "write"; 507 PLOG(ERROR) << "write";
511 } 508 }
512 509
513 return false; 510 return false;
514 } 511 }
515 512
516 } // namespace content 513 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_linux.cc ('k') | content/zygote/zygote_main_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698