diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-04 20:18:55 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-04 20:18:55 +0000 |
| commit | 1d87fad40da7f3ab7b0419bcf38a75645d572e04 (patch) | |
| tree | 024708e6ea006ec395660e0ea47e6935d33e69f5 /chrome/browser/renderer_host | |
| parent | d9f4d2b5eb0428821d802f86fb56f46608dddb3b (diff) | |
| download | chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.zip chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.tar.gz chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.tar.bz2 | |
Add support for running the NaCl plugin in the Linux SUID sandbox
* Add a function for getting the pre-opened FD for /dev/urandom.
This needs to be a C function because it will be used by
nacl_secure_random.c.
* Add an IPC message for creating shared memory segments, since
/dev/shm is not available inside the sandbox.
The corresponding NaCl change is http://codereview.chromium.org/669056
BUG=36676
TEST=nacl_ui_tests in conjunction with NaCl changes
http://codereview.chromium.org/669055
Patch by Mark Seaborn.
Signed-off-by: Adam Langley
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40647 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/renderer_host')
| -rw-r--r-- | chrome/browser/renderer_host/render_sandbox_host_linux.cc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc index ea8d024..53c736c 100644 --- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc +++ b/chrome/browser/renderer_host/render_sandbox_host_linux.cc @@ -19,6 +19,7 @@ #include "base/pickle.h" #include "base/process_util.h" #include "base/scoped_ptr.h" +#include "base/shared_memory.h" #include "base/string_util.h" #include "base/unix_domain_socket_posix.h" #include "chrome/common/sandbox_methods_linux.h" @@ -136,6 +137,8 @@ class SandboxIPCProcess { HandleGetChildWithInode(fd, pickle, iter, fds); } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) { HandleGetStyleForStrike(fd, pickle, iter, fds); + } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) { + HandleMakeSharedMemorySegment(fd, pickle, iter, fds); } error: @@ -329,6 +332,19 @@ class SandboxIPCProcess { SendRendererReply(fds, reply, -1); } + void HandleMakeSharedMemorySegment(int fd, const Pickle& pickle, void* iter, + std::vector<int>& fds) { + uint32_t shm_size; + if (!pickle.ReadUInt32(&iter, &shm_size)) + return; + int shm_fd = -1; + base::SharedMemory shm; + if (shm.Create(L"", false, false, shm_size)) + shm_fd = shm.handle().fd; + Pickle reply; + SendRendererReply(fds, reply, shm_fd); + } + void SendRendererReply(const std::vector<int>& fds, const Pickle& reply, int reply_fd) { struct msghdr msg; |