diff options
| author | jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 05:39:55 +0000 |
|---|---|---|
| committer | jvoung@chromium.org <jvoung@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-08-13 05:39:55 +0000 |
| commit | 913d2062c2ee21100a2b03bd72f36c50c3b09cbe (patch) | |
| tree | 59722b50360a077e32e42df0b132c074c724aaa0 | |
| parent | 24d040765c06d2a80205a96193897b0b826e11d8 (diff) | |
| download | chromium_src-913d2062c2ee21100a2b03bd72f36c50c3b09cbe.zip chromium_src-913d2062c2ee21100a2b03bd72f36c50c3b09cbe.tar.gz chromium_src-913d2062c2ee21100a2b03bd72f36c50c3b09cbe.tar.bz2 | |
Remove rest of NaCl RunSandboxTests for outer sandbox.
We removed the test DLL/.so itself a while back (don't have the
CL handy), but we didn't remove the NaClMainPlatformDelegate
support and the commandline switches. Remove those now.
Also remove the initialize and uninitialize hooks since they
are not used, and they come with a bunch of scary warnings.
No need to have scary warnings if we don't use them.
BUG=none, cleanup
Review URL: https://chromiumcodereview.appspot.com/22875009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217209 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | components/nacl/common/nacl_cmd_line.cc | 1 | ||||
| -rw-r--r-- | components/nacl/common/nacl_switches.cc | 3 | ||||
| -rw-r--r-- | components/nacl/common/nacl_switches.h | 1 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_main.cc | 22 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_main_platform_delegate.h | 20 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_main_platform_delegate_linux.cc | 22 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_main_platform_delegate_mac.mm | 58 | ||||
| -rw-r--r-- | components/nacl/loader/nacl_main_platform_delegate_win.cc | 65 |
8 files changed, 8 insertions, 184 deletions
diff --git a/components/nacl/common/nacl_cmd_line.cc b/components/nacl/common/nacl_cmd_line.cc index b21a671..d9bbd65 100644 --- a/components/nacl/common/nacl_cmd_line.cc +++ b/components/nacl/common/nacl_cmd_line.cc @@ -18,7 +18,6 @@ void CopyNaClCommandLineArguments(CommandLine* cmd_line) { // TODO(gregoryd): check which flags of those below can be supported. static const char* const kSwitchNames[] = { switches::kNoSandbox, - switches::kTestNaClSandbox, switches::kDisableBreakpad, switches::kFullMemoryCrashReport, switches::kEnableLogging, diff --git a/components/nacl/common/nacl_switches.cc b/components/nacl/common/nacl_switches.cc index b9db537..0dfdc94 100644 --- a/components/nacl/common/nacl_switches.cc +++ b/components/nacl/common/nacl_switches.cc @@ -36,7 +36,4 @@ const char kNaClLoaderCmdPrefix[] = "nacl-loader-cmd-prefix"; // Causes the process to run as a NativeClient loader. const char kNaClLoaderProcess[] = "nacl-loader"; -// Runs the security test for the NaCl loader sandbox. -const char kTestNaClSandbox[] = "test-nacl-sandbox"; - } // namespace switches diff --git a/components/nacl/common/nacl_switches.h b/components/nacl/common/nacl_switches.h index 8b12206..9bc1bcb 100644 --- a/components/nacl/common/nacl_switches.h +++ b/components/nacl/common/nacl_switches.h @@ -18,7 +18,6 @@ extern const char kNaClGdb[]; extern const char kNaClGdbScript[]; extern const char kNaClLoaderCmdPrefix[]; extern const char kNaClLoaderProcess[]; -extern const char kTestNaClSandbox[]; } // namespace switches diff --git a/components/nacl/loader/nacl_main.cc b/components/nacl/loader/nacl_main.cc index a9ec5c9..15b6fd2 100644 --- a/components/nacl/loader/nacl_main.cc +++ b/components/nacl/loader/nacl_main.cc @@ -29,10 +29,7 @@ int NaClMain(const content::MainFunctionParams& parameters) { #if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX) NaClMainPlatformDelegate platform(parameters); - - platform.PlatformInitialize(); bool no_sandbox = parsed_command_line.HasSwitch(switches::kNoSandbox); - platform.InitSandboxTests(no_sandbox); #if defined(OS_POSIX) // The number of cores must be obtained before the invocation of @@ -43,25 +40,14 @@ int NaClMain(const content::MainFunctionParams& parameters) { if (!no_sandbox) { platform.EnableSandbox(); } - bool sandbox_test_result = platform.RunSandboxTests(); - - if (sandbox_test_result) { - NaClListener listener; + NaClListener listener; #if defined(OS_POSIX) - listener.set_number_of_cores(number_of_cores); + listener.set_number_of_cores(number_of_cores); #endif - listener.Listen(); - } else { - // This indirectly prevents the test-harness-success-cookie from being set, - // as a way of communicating test failure, because the nexe won't reply. - // TODO(jvoung): find a better way to indicate failure that doesn't - // require waiting for a timeout. - VLOG(1) << "Sandbox test failed: Not launching NaCl process"; - } + + listener.Listen(); #else NOTIMPLEMENTED() << " not implemented startup, plugin startup dialog etc."; #endif - - platform.PlatformUninitialize(); return 0; } diff --git a/components/nacl/loader/nacl_main_platform_delegate.h b/components/nacl/loader/nacl_main_platform_delegate.h index 191831c..ca740b8 100644 --- a/components/nacl/loader/nacl_main_platform_delegate.h +++ b/components/nacl/loader/nacl_main_platform_delegate.h @@ -5,38 +5,20 @@ #ifndef CHROME_NACL_NACL_MAIN_PLATFORM_DELEGATE_H_ #define CHROME_NACL_NACL_MAIN_PLATFORM_DELEGATE_H_ -#include "base/native_library.h" +#include "base/basictypes.h" #include "content/public/common/main_function_params.h" -typedef bool (*RunNaClLoaderTests)(void); -const char kNaClLoaderTestCall[] = "RunNaClLoaderTests"; - class NaClMainPlatformDelegate { public: explicit NaClMainPlatformDelegate( const content::MainFunctionParams& parameters); ~NaClMainPlatformDelegate(); - // Called first thing and last thing in the process' lifecycle, i.e. before - // the sandbox is enabled. - void PlatformInitialize(); - void PlatformUninitialize(); - - // Gives us an opportunity to initialize state used for tests before enabling - // the sandbox. - void InitSandboxTests(bool no_sandbox); - // Initiate Lockdown. void EnableSandbox(); - // Runs the sandbox tests for the NaCl Loader, if tests supplied. - // Cannot run again, after this (resources freed). - // Returns false if the tests are supplied and fail. - bool RunSandboxTests(); - private: const content::MainFunctionParams& parameters_; - base::NativeLibrary sandbox_test_module_; DISALLOW_COPY_AND_ASSIGN(NaClMainPlatformDelegate); }; diff --git a/components/nacl/loader/nacl_main_platform_delegate_linux.cc b/components/nacl/loader/nacl_main_platform_delegate_linux.cc index e9d2f73..cbe886b 100644 --- a/components/nacl/loader/nacl_main_platform_delegate_linux.cc +++ b/components/nacl/loader/nacl_main_platform_delegate_linux.cc @@ -4,28 +4,14 @@ #include "components/nacl/loader/nacl_main_platform_delegate.h" -#include "base/command_line.h" - NaClMainPlatformDelegate::NaClMainPlatformDelegate( const content::MainFunctionParams& parameters) - : parameters_(parameters), sandbox_test_module_(NULL) { + : parameters_(parameters) { } NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { } -void NaClMainPlatformDelegate::PlatformInitialize() { -} - -void NaClMainPlatformDelegate::PlatformUninitialize() { -} - -void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - // The sandbox is started in the zygote process: zygote_main_linux.cc - // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox - return; -} - void NaClMainPlatformDelegate::EnableSandbox() { // The setuid sandbox is started in the zygote process: zygote_main_linux.cc // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox @@ -43,9 +29,3 @@ void NaClMainPlatformDelegate::EnableSandbox() { // At best, NaCl will not work. At worst, enabling the seccomp sandbox // could create a hole in the NaCl sandbox. } - -bool NaClMainPlatformDelegate::RunSandboxTests() { - // The sandbox is started in the zygote process: zygote_main_linux.cc - // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox - return true; -} diff --git a/components/nacl/loader/nacl_main_platform_delegate_mac.mm b/components/nacl/loader/nacl_main_platform_delegate_mac.mm index 67ddced..78fa539 100644 --- a/components/nacl/loader/nacl_main_platform_delegate_mac.mm +++ b/components/nacl/loader/nacl_main_platform_delegate_mac.mm @@ -5,78 +5,22 @@ #include "components/nacl/loader/nacl_main_platform_delegate.h" #import <Cocoa/Cocoa.h> -#include "base/command_line.h" #include "base/files/file_path.h" #include "base/logging.h" -#include "base/native_library.h" #include "components/nacl/common/nacl_sandbox_type_mac.h" #include "components/nacl/common/nacl_switches.h" #include "content/public/common/sandbox_init.h" NaClMainPlatformDelegate::NaClMainPlatformDelegate( const content::MainFunctionParams& parameters) - : parameters_(parameters), sandbox_test_module_(NULL) { + : parameters_(parameters) { } NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { } -// TODO(jvoung): see if this old comment (from renderer_main_platform...) -// is relevant to the nacl loader. -// TODO(mac-port): Any code needed to initialize a process for purposes of -// running a NaClLoader needs to also be reflected in chrome_main.cc for -// --single-process support. -void NaClMainPlatformDelegate::PlatformInitialize() { -} - -void NaClMainPlatformDelegate::PlatformUninitialize() { -} - -void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - const CommandLine& command_line = parameters_.command_line; - - DVLOG(1) << "Started NaClLdr with "; - const std::vector<std::string>& argstrings = command_line.argv(); - for (std::vector<std::string>::const_iterator ii = argstrings.begin(); - ii != argstrings.end(); ++ii) - DVLOG(1) << *ii; - - // Be sure not to load the sandbox test DLL if the sandbox isn't on. - // Comment-out guard and recompile if you REALLY want to test w/out the SB. - // TODO(jvoung): allow testing without sandbox, but change expected ret vals. - if (!no_sandbox) { - base::FilePath test_dll_name = - command_line.GetSwitchValuePath(switches::kTestNaClSandbox); - if (!test_dll_name.empty()) { - sandbox_test_module_ = base::LoadNativeLibrary(test_dll_name, NULL); - CHECK(sandbox_test_module_); - } - } -} - void NaClMainPlatformDelegate::EnableSandbox() { CHECK(content::InitializeSandbox(NACL_SANDBOX_TYPE_NACL_LOADER, base::FilePath())) << "Error initializing sandbox for " << switches::kNaClLoaderProcess; } - -bool NaClMainPlatformDelegate::RunSandboxTests() { - // TODO(jvoung): Win and mac should share this identical code. - bool result = true; - if (sandbox_test_module_) { - RunNaClLoaderTests run_security_tests = - reinterpret_cast<RunNaClLoaderTests>( - base::GetFunctionPointerFromNativeLibrary(sandbox_test_module_, - kNaClLoaderTestCall)); - if (run_security_tests) { - DVLOG(1) << "Running NaCl Loader security tests"; - result = (*run_security_tests)(); - } else { - VLOG(1) << "Failed to get NaCl sandbox test function"; - result = false; - } - base::UnloadNativeLibrary(sandbox_test_module_); - sandbox_test_module_ = NULL; - } - return result; -} diff --git a/components/nacl/loader/nacl_main_platform_delegate_win.cc b/components/nacl/loader/nacl_main_platform_delegate_win.cc index e79fe17..f530961 100644 --- a/components/nacl/loader/nacl_main_platform_delegate_win.cc +++ b/components/nacl/loader/nacl_main_platform_delegate_win.cc @@ -4,59 +4,17 @@ #include "components/nacl/loader/nacl_main_platform_delegate.h" -#include "base/command_line.h" -#include "base/files/file_path.h" #include "base/logging.h" -#include "base/native_library.h" -#include "components/nacl/common/nacl_switches.h" #include "sandbox/win/src/sandbox.h" NaClMainPlatformDelegate::NaClMainPlatformDelegate( const content::MainFunctionParams& parameters) - : parameters_(parameters), sandbox_test_module_(NULL) { + : parameters_(parameters) { } NaClMainPlatformDelegate::~NaClMainPlatformDelegate() { } -void NaClMainPlatformDelegate::PlatformInitialize() { - // Be mindful of what resources you acquire here. They can be used by - // malicious code if the renderer gets compromised. -} - -void NaClMainPlatformDelegate::PlatformUninitialize() { -} - -void NaClMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - const CommandLine& command_line = parameters_.command_line; - - DVLOG(1) << "Started NaClLdr with " << command_line.GetCommandLineString(); - - sandbox::TargetServices* target_services = - parameters_.sandbox_info->target_services; - - if (target_services && !no_sandbox) { - base::FilePath test_dll_name = - command_line.GetSwitchValuePath(switches::kTestNaClSandbox); - if (!test_dll_name.empty()) { - // At this point, hack on the suffix according to with bitness - // of your windows process. -#if defined(_WIN64) - DVLOG(1) << "Using 64-bit test dll\n"; - test_dll_name = test_dll_name.InsertBeforeExtension(L"64"); - test_dll_name = test_dll_name.ReplaceExtension(L"dll"); -#else - DVLOG(1) << "Using 32-bit test dll\n"; - test_dll_name = test_dll_name.ReplaceExtension(L"dll"); -#endif - DVLOG(1) << "Loading test lib " << test_dll_name.value() << "\n"; - sandbox_test_module_ = base::LoadNativeLibrary(test_dll_name, NULL); - CHECK(sandbox_test_module_); - VLOG(1) << "Testing NaCl sandbox\n"; - } - } -} - void NaClMainPlatformDelegate::EnableSandbox() { sandbox::TargetServices* target_services = parameters_.sandbox_info->target_services; @@ -71,24 +29,3 @@ void NaClMainPlatformDelegate::EnableSandbox() { // Turn the sandbox on. target_services->LowerToken(); } - -bool NaClMainPlatformDelegate::RunSandboxTests() { - // TODO(jvoung): Win and mac should share this code. - bool result = true; - if (sandbox_test_module_) { - RunNaClLoaderTests run_security_tests = - reinterpret_cast<RunNaClLoaderTests>( - base::GetFunctionPointerFromNativeLibrary(sandbox_test_module_, - kNaClLoaderTestCall)); - if (run_security_tests) { - DVLOG(1) << "Running NaCl Loader security tests"; - result = (*run_security_tests)(); - } else { - VLOG(1) << "Failed to get NaCl sandbox test function"; - result = false; - } - base::UnloadNativeLibrary(sandbox_test_module_); - sandbox_test_module_ = NULL; - } - return result; -} |