| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SANDBOX_LINUX_SYSCALL_BROKER_BROKER_COMMON_H_ |
| 6 #define SANDBOX_LINUX_SYSCALL_BROKER_BROKER_COMMON_H_ |
| 7 |
| 8 #include <fcntl.h> |
| 9 #include <stdint.h> |
| 10 |
| 11 #include <string> |
| 12 #include <vector> |
| 13 |
| 14 namespace sandbox { |
| 15 |
| 16 namespace syscall_broker { |
| 17 |
| 18 static const size_t kMaxMessageLength = 4096; |
| 19 |
| 20 // Some flags are local to the current process and cannot be sent over a Unix |
| 21 // socket. They need special treatment from the client. |
| 22 // O_CLOEXEC is tricky because in theory another thread could call execve() |
| 23 // before special treatment is made on the client, so a client needs to call |
| 24 // recvmsg(2) with MSG_CMSG_CLOEXEC. |
| 25 // To make things worse, there are two CLOEXEC related flags, FD_CLOEXEC (see |
| 26 // F_GETFD in fcntl(2)) and O_CLOEXEC (see F_GETFL in fcntl(2)). O_CLOEXEC |
| 27 // doesn't affect the semantics on execve(), it's merely a note that the |
| 28 // descriptor was originally opened with O_CLOEXEC as a flag. And it is sent |
| 29 // over unix sockets just fine, so a receiver that would (incorrectly) look at |
| 30 // O_CLOEXEC instead of FD_CLOEXEC may be tricked in thinking that the file |
| 31 // descriptor will or won't be closed on execve(). |
| 32 static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC; |
| 33 |
| 34 enum IPCCommands { |
| 35 kCommandInvalid = 0, |
| 36 kCommandOpen, |
| 37 kCommandAccess, |
| 38 }; |
| 39 |
| 40 } // namespace syscall_broker |
| 41 |
| 42 } // namespace sandbox |
| 43 |
| 44 #endif // SANDBOX_LINUX_SYSCALL_BROKER_BROKER_COMMON_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 688843003:
Linux sandbox: refactor BrokerProcess class (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master