| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/broker_process.h" | 5 #include "sandbox/linux/services/broker_process.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <sys/syscall.h> | 10 #include <sys/syscall.h> |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 CHECK(!initialized_); | 142 CHECK(!initialized_); |
| 143 int socket_pair[2]; | 143 int socket_pair[2]; |
| 144 // Use SOCK_SEQPACKET, because we need to preserve message boundaries | 144 // Use SOCK_SEQPACKET, because we need to preserve message boundaries |
| 145 // but we also want to be notified (recvmsg should return and not block) | 145 // but we also want to be notified (recvmsg should return and not block) |
| 146 // when the connection has been broken (one of the processes died). | 146 // when the connection has been broken (one of the processes died). |
| 147 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) { | 147 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, socket_pair)) { |
| 148 LOG(ERROR) << "Failed to create socketpair"; | 148 LOG(ERROR) << "Failed to create socketpair"; |
| 149 return false; | 149 return false; |
| 150 } | 150 } |
| 151 | 151 |
| 152 #if !defined(THREAD_SANITIZER) |
| 152 DCHECK_EQ(1, base::GetNumberOfThreads(base::GetCurrentProcessHandle())); | 153 DCHECK_EQ(1, base::GetNumberOfThreads(base::GetCurrentProcessHandle())); |
| 154 #endif |
| 153 int child_pid = fork(); | 155 int child_pid = fork(); |
| 154 if (child_pid == -1) { | 156 if (child_pid == -1) { |
| 155 close(socket_pair[0]); | 157 close(socket_pair[0]); |
| 156 close(socket_pair[1]); | 158 close(socket_pair[1]); |
| 157 return false; | 159 return false; |
| 158 } | 160 } |
| 159 if (child_pid) { | 161 if (child_pid) { |
| 160 // We are the parent and we have just forked our broker process. | 162 // We are the parent and we have just forked our broker process. |
| 161 close(socket_pair[0]); | 163 close(socket_pair[0]); |
| 162 // We should only be able to write to the IPC channel. We'll always send | 164 // We should only be able to write to the IPC channel. We'll always send |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 510 GetFileNameInWhitelist(allowed_w_files_, requested_filename, | 512 GetFileNameInWhitelist(allowed_w_files_, requested_filename, |
| 511 file_to_open); | 513 file_to_open); |
| 512 return allowed_for_read_and_write; | 514 return allowed_for_read_and_write; |
| 513 } | 515 } |
| 514 default: | 516 default: |
| 515 return false; | 517 return false; |
| 516 } | 518 } |
| 517 } | 519 } |
| 518 | 520 |
| 519 } // namespace sandbox. | 521 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 188193002:
Linux sandbox: add basic Yama support (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src