summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-16 15:32:36 +0000
committermseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-16 15:32:36 +0000
commitd30ce6ef3a1ced147da1eeab0780bc8e5fce7238 (patch)
treeabda59e11b93627d9e2d1cdc1d2a217e20f12aa4
parent7f8ce3d9311fd6233f993bef7a66fc7912dfd8d1 (diff)
downloadchromium_src-d30ce6ef3a1ced147da1eeab0780bc8e5fce7238.zip
chromium_src-d30ce6ef3a1ced147da1eeab0780bc8e5fce7238.tar.gz
chromium_src-d30ce6ef3a1ced147da1eeab0780bc8e5fce7238.tar.bz2
Move BrokerDuplicateHandle() to be declared in content/public
This is necessary so that BrokerDuplicateHandle() can be used from chrome/browser while passing the check_deps rules. BUG=http://code.google.com/p/nativeclient/issues/detail?id=2719 TEST=build Review URL: https://chromiumcodereview.appspot.com/10082018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132405 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--content/common/gpu/client/command_buffer_proxy_impl.cc6
-rw-r--r--content/common/gpu/gpu_command_buffer_stub.cc4
-rw-r--r--content/common/sandbox_policy.cc74
-rw-r--r--content/common/sandbox_policy.h6
-rw-r--r--content/plugin/webplugin_proxy.cc4
-rw-r--r--content/public/common/sandbox_init.h19
-rw-r--r--content/renderer/webplugin_delegate_proxy.cc4
7 files changed, 66 insertions, 51 deletions
diff --git a/content/common/gpu/client/command_buffer_proxy_impl.cc b/content/common/gpu/client/command_buffer_proxy_impl.cc
index 1bb1887..ce54be75 100644
--- a/content/common/gpu/client/command_buffer_proxy_impl.cc
+++ b/content/common/gpu/client/command_buffer_proxy_impl.cc
@@ -21,7 +21,7 @@
#include "ui/gfx/size.h"
#if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
#endif
using gpu::Buffer;
@@ -240,7 +240,7 @@ int32 CommandBufferProxyImpl::CreateTransferBuffer(
base::SharedMemoryHandle handle = shm->handle();
#if defined(OS_WIN)
// Windows needs to explicitly duplicate the handle out to another process.
- if (!sandbox::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
+ if (!content::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
&handle, FILE_MAP_WRITE, 0)) {
return -1;
}
@@ -271,7 +271,7 @@ int32 CommandBufferProxyImpl::RegisterTransferBuffer(
base::SharedMemoryHandle handle = shared_memory->handle();
#if defined(OS_WIN)
// Windows needs to explicitly duplicate the handle out to another process.
- if (!sandbox::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
+ if (!content::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
&handle, FILE_MAP_WRITE, 0)) {
return -1;
}
diff --git a/content/common/gpu/gpu_command_buffer_stub.cc b/content/common/gpu/gpu_command_buffer_stub.cc
index 1f22bce..90876b6 100644
--- a/content/common/gpu/gpu_command_buffer_stub.cc
+++ b/content/common/gpu/gpu_command_buffer_stub.cc
@@ -24,7 +24,7 @@
#include "ui/gfx/gl/gl_switches.h"
#if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
#endif
GpuCommandBufferStub::SurfaceState::SurfaceState(int32 surface_id,
@@ -508,7 +508,7 @@ void GpuCommandBufferStub::OnGetTransferBuffer(
if (buffer.shared_memory) {
#if defined(OS_WIN)
transfer_buffer = NULL;
- sandbox::BrokerDuplicateHandle(buffer.shared_memory->handle(),
+ content::BrokerDuplicateHandle(buffer.shared_memory->handle(),
channel_->renderer_pid(), &transfer_buffer, FILE_MAP_READ |
FILE_MAP_WRITE, 0);
CHECK(transfer_buffer != NULL);
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc
index dc07070..da359a8 100644
--- a/content/common/sandbox_policy.cc
+++ b/content/common/sandbox_policy.cc
@@ -22,6 +22,7 @@
#include "content/public/common/content_client.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/process_type.h"
+#include "content/public/common/sandbox_init.h"
#include "sandbox/src/sandbox.h"
#include "ui/gfx/gl/gl_switches.h"
@@ -458,41 +459,6 @@ bool InitTargetServices(sandbox::TargetServices* target_services) {
return SBOX_ALL_OK == result;
}
-bool BrokerDuplicateHandle(HANDLE source_handle,
- DWORD target_process_id,
- HANDLE* target_handle,
- DWORD desired_access,
- DWORD options) {
- // If our process is the target just duplicate the handle.
- if (::GetCurrentProcessId() == target_process_id) {
- return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
- ::GetCurrentProcess(), target_handle,
- desired_access, FALSE, options);
-
- }
-
- // Try the broker next
- if (g_target_services &&
- g_target_services->DuplicateHandle(source_handle, target_process_id,
- target_handle, desired_access,
- options) == SBOX_ALL_OK) {
- return true;
- }
-
- // Finally, see if we already have access to the process.
- base::win::ScopedHandle target_process;
- target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
- target_process_id));
- if (target_process.IsValid()) {
- return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
- target_process, target_handle,
- desired_access, FALSE, options);
- }
-
- return false;
-}
-
-
base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
const FilePath& exposed_dir) {
const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
@@ -688,3 +654,41 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
}
} // namespace sandbox
+
+namespace content {
+
+bool BrokerDuplicateHandle(HANDLE source_handle,
+ DWORD target_process_id,
+ HANDLE* target_handle,
+ DWORD desired_access,
+ DWORD options) {
+ // If our process is the target just duplicate the handle.
+ if (::GetCurrentProcessId() == target_process_id) {
+ return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
+ ::GetCurrentProcess(), target_handle,
+ desired_access, FALSE, options);
+
+ }
+
+ // Try the broker next
+ if (g_target_services &&
+ g_target_services->DuplicateHandle(source_handle, target_process_id,
+ target_handle, desired_access,
+ options) == sandbox::SBOX_ALL_OK) {
+ return true;
+ }
+
+ // Finally, see if we already have access to the process.
+ base::win::ScopedHandle target_process;
+ target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
+ target_process_id));
+ if (target_process.IsValid()) {
+ return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
+ target_process, target_handle,
+ desired_access, FALSE, options);
+ }
+
+ return false;
+}
+
+} // namespace content
diff --git a/content/common/sandbox_policy.h b/content/common/sandbox_policy.h
index 34c374e..53e4c2f 100644
--- a/content/common/sandbox_policy.h
+++ b/content/common/sandbox_policy.h
@@ -23,12 +23,6 @@ CONTENT_EXPORT bool InitBrokerServices(
CONTENT_EXPORT bool InitTargetServices(
sandbox::TargetServices* target_services);
-CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
- DWORD target_process_id,
- HANDLE* target_handle,
- DWORD desired_access,
- DWORD options);
-
// Starts a sandboxed process with the given directory unsandboxed
// and returns a handle to it.
CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess(
diff --git a/content/plugin/webplugin_proxy.cc b/content/plugin/webplugin_proxy.cc
index 704058d..ee1c721 100644
--- a/content/plugin/webplugin_proxy.cc
+++ b/content/plugin/webplugin_proxy.cc
@@ -36,7 +36,7 @@
#endif
#if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
#endif
using WebKit::WebBindings;
@@ -133,7 +133,7 @@ void WebPluginProxy::WillDestroyWindow(gfx::PluginWindowHandle window) {
#if defined(OS_WIN)
void WebPluginProxy::SetWindowlessPumpEvent(HANDLE pump_messages_event) {
HANDLE pump_messages_event_for_renderer = NULL;
- sandbox::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),
+ content::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),
&pump_messages_event_for_renderer,
SYNCHRONIZE | EVENT_MODIFY_STATE, 0);
DCHECK(pump_messages_event_for_renderer != NULL);
diff --git a/content/public/common/sandbox_init.h b/content/public/common/sandbox_init.h
index 26b7d38..8952323 100644
--- a/content/public/common/sandbox_init.h
+++ b/content/public/common/sandbox_init.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -6,6 +6,7 @@
#define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
#pragma once
+#include "base/process.h"
#include "build/build_config.h"
#include "content/common/content_export.h"
@@ -20,6 +21,7 @@ class FilePath;
namespace content {
#if defined(OS_WIN)
+
// Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
// processes, depending on the command line flags. Although The browser process
// is not sandboxed, this also needs to be called because it will initialize
@@ -29,7 +31,19 @@ namespace content {
// returned.
CONTENT_EXPORT bool InitializeSandbox(
sandbox::SandboxInterfaceInfo* sandbox_info);
+
+// This is a restricted version of Windows' DuplicateHandle() function
+// that works inside the sandbox and can send handles but not retrieve
+// them. Unlike DuplicateHandle(), it takes a process ID rather than
+// a process handle. It returns true on success, false otherwise.
+CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
+ DWORD target_process_id,
+ HANDLE* target_handle,
+ DWORD desired_access,
+ DWORD options);
+
#elif defined(OS_MACOSX)
+
// Initialize the sandbox of the given |sandbox_type|, optionally specifying a
// directory to allow access to. Note specifying a directory needs to be
// supported by the sandbox profile associated with the given |sandbox_type|.
@@ -46,8 +60,11 @@ CONTENT_EXPORT bool InitializeSandbox(
// taken and true is always returned.
CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
const FilePath& allowed_path);
+
#elif defined(OS_LINUX)
+
CONTENT_EXPORT void InitializeSandbox();
+
#endif
} // namespace content
diff --git a/content/renderer/webplugin_delegate_proxy.cc b/content/renderer/webplugin_delegate_proxy.cc
index 16739b3..d319dbd 100644
--- a/content/renderer/webplugin_delegate_proxy.cc
+++ b/content/renderer/webplugin_delegate_proxy.cc
@@ -62,7 +62,7 @@
#endif
#if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
#endif
using WebKit::WebBindings;
@@ -503,7 +503,7 @@ static void CopyTransportDIBHandleForMessage(
#elif defined(OS_WIN)
// On Windows we need to duplicate the handle for the plugin process.
*handle_out = NULL;
- sandbox::BrokerDuplicateHandle(handle_in, peer_pid, handle_out,
+ content::BrokerDuplicateHandle(handle_in, peer_pid, handle_out,
FILE_MAP_READ | FILE_MAP_WRITE, 0);
DCHECK(*handle_out != NULL);
#else