diff options
| author | thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-02 01:48:37 +0000 |
|---|---|---|
| committer | thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-12-02 01:48:37 +0000 |
| commit | 802a13a0b2fd257938dcd0c7b7ff4f79565331c9 (patch) | |
| tree | 26ee9878b7003dc7039ed5e3deb8bf888b596283 /chrome/common | |
| parent | 22de011a33feedc8ac0faea4f0b5aa11683c36ff (diff) | |
| download | chromium_src-802a13a0b2fd257938dcd0c7b7ff4f79565331c9.zip chromium_src-802a13a0b2fd257938dcd0c7b7ff4f79565331c9.tar.gz chromium_src-802a13a0b2fd257938dcd0c7b7ff4f79565331c9.tar.bz2 | |
Mac: Scaffolding for sandboxing GPU process.
The sandbox config allows everything for now; I will put in restrictions in a follow-up CL (which should be small).
This CL should have no visible effect (other than changing a few LOG(WARNING) to LOG(ERROR)).
BUG=48607
TEST=GPU process still works
Review URL: http://codereview.chromium.org/5491001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67939 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common')
| -rw-r--r-- | chrome/common/child_process.cc | 8 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 5 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
| -rw-r--r-- | chrome/common/sandbox_init_wrapper.h | 5 | ||||
| -rw-r--r-- | chrome/common/sandbox_init_wrapper_mac.cc | 3 | ||||
| -rw-r--r-- | chrome/common/sandbox_mac.h | 3 | ||||
| -rw-r--r-- | chrome/common/sandbox_mac.mm | 5 | ||||
| -rw-r--r-- | chrome/common/sandbox_mac_unittest_helper.mm | 11 |
8 files changed, 30 insertions, 11 deletions
diff --git a/chrome/common/child_process.cc b/chrome/common/child_process.cc index dd6fd40..af05a65 100644 --- a/chrome/common/child_process.cc +++ b/chrome/common/child_process.cc @@ -97,10 +97,10 @@ void ChildProcess::WaitForDebugger(const std::wstring& label) { // TODO(playmobil): In the long term, overriding this flag doesn't seem // right, either use our own flag or open a dialog we can use. // This is just to ease debugging in the interim. - LOG(WARNING) << label - << " (" - << getpid() - << ") paused waiting for debugger to attach @ pid"; + LOG(ERROR) << label + << " (" + << getpid() + << ") paused waiting for debugger to attach @ pid"; // Install a signal handler so that pause can be woken. struct sigaction sa; memset(&sa, 0, sizeof(sa)); diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index dab23be..7c7fb23 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -823,6 +823,9 @@ const char kNoExperiments[] = "no-experiments"; // you're for some reason tempted to pass them both. const char kNoFirstRun[] = "no-first-run"; +// Runs just the GPU process outside the sandbox. +const char kNoGpuSandbox[] = "no-gpu-sandbox"; + // Support a separate switch that enables the v8 playback extension. // The extension causes javascript calls to Date.now() and Math.random() // to return consistent values, such that subsequent loads of the same @@ -840,7 +843,7 @@ const char kNoProxyServer[] = "no-proxy-server"; // Don't send HTTP-Referer headers. const char kNoReferrers[] = "no-referrers"; -// Runs the renderer outside the sandbox. +// Disables the sandbox for all process types that are normally sandboxed. const char kNoSandbox[] = "no-sandbox"; // Does not automatically open a browser window on startup (used when launching diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index edfff8a..22b930b 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -236,6 +236,7 @@ extern const char kNoDefaultBrowserCheck[]; extern const char kNoEvents[]; extern const char kNoExperiments[]; extern const char kNoFirstRun[]; +extern const char kNoGpuSandbox[]; extern const char kNoJsRandomness[]; extern const char kNoProxyServer[]; extern const char kNoReferrers[]; diff --git a/chrome/common/sandbox_init_wrapper.h b/chrome/common/sandbox_init_wrapper.h index 56716fc..3c70a7a 100644 --- a/chrome/common/sandbox_init_wrapper.h +++ b/chrome/common/sandbox_init_wrapper.h @@ -32,8 +32,9 @@ class SandboxInitWrapper { sandbox::BrokerServices* BrokerServices() const { return broker_services_; } sandbox::TargetServices* TargetServices() const { return target_services_; } - // Initialize the sandbox for renderer and plug-in processes, depending on - // the command line flags. The browser process is not sandboxed. + // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and + // plug-in processes, depending on the command line flags. The browser + // process is not sandboxed. // Returns true if the sandbox was initialized succesfully, false if an error // occurred. If process_type isn't one that needs sandboxing true is always // returned. diff --git a/chrome/common/sandbox_init_wrapper_mac.cc b/chrome/common/sandbox_init_wrapper_mac.cc index d65ee70..229b321 100644 --- a/chrome/common/sandbox_init_wrapper_mac.cc +++ b/chrome/common/sandbox_init_wrapper_mac.cc @@ -53,9 +53,10 @@ bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line, } else if (process_type == switches::kNaClLoaderProcess) { // Native Client sel_ldr (user untrusted code) sandbox. sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER; + } else if (process_type == switches::kGpuProcess) { + sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU; } else if ((process_type == switches::kPluginProcess) || (process_type == switches::kProfileImportProcess) || - (process_type == switches::kGpuProcess) || (process_type == switches::kServiceProcess)) { return true; } else { diff --git a/chrome/common/sandbox_mac.h b/chrome/common/sandbox_mac.h index f16fdb5..10d622e 100644 --- a/chrome/common/sandbox_mac.h +++ b/chrome/common/sandbox_mac.h @@ -75,6 +75,9 @@ class Sandbox { // Native Client sandbox for the user's untrusted code. SANDBOX_TYPE_NACL_LOADER, + // GPU process. + SANDBOX_TYPE_GPU, + SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration. }; diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm index 81defc7..03170c4 100644 --- a/chrome/common/sandbox_mac.mm +++ b/chrome/common/sandbox_mac.mm @@ -314,6 +314,9 @@ NSString* LoadSandboxTemplate(Sandbox::SandboxProcessType sandbox_type) { // untrusted code within Native Client. sandbox_config_filename = @"nacl_loader"; break; + case Sandbox::SANDBOX_TYPE_GPU: + sandbox_config_filename = @"gpu"; + break; default: NOTREACHED(); return nil; @@ -465,7 +468,7 @@ bool Sandbox::EnableSandbox(SandboxProcessType sandbox_type, // Enable verbose logging if enabled on the command line. (See common.sb // for details). - const CommandLine *command_line = CommandLine::ForCurrentProcess(); + const CommandLine* command_line = CommandLine::ForCurrentProcess(); bool enable_logging = command_line->HasSwitch(switches::kEnableSandboxLogging);; if (enable_logging) { diff --git a/chrome/common/sandbox_mac_unittest_helper.mm b/chrome/common/sandbox_mac_unittest_helper.mm index 4e885b5..87b8399 100644 --- a/chrome/common/sandbox_mac_unittest_helper.mm +++ b/chrome/common/sandbox_mac_unittest_helper.mm @@ -50,13 +50,20 @@ void AddSandboxTestCase(const char* test_name, MacSandboxTestCase* test_class) { } // namespace internal -bool MacSandboxTest:: RunTestInAllSandboxTypes(const char* test_name, - const char* test_data) { +bool MacSandboxTest::RunTestInAllSandboxTypes(const char* test_name, + const char* test_data) { // Go through all the sandbox types, and run the test case in each of them // if one fails, abort. for(int i = static_cast<int>(Sandbox::SANDBOX_TYPE_FIRST_TYPE); i < Sandbox::SANDBOX_AFTER_TYPE_LAST_TYPE; ++i) { + + if (i == Sandbox::SANDBOX_TYPE_GPU) { + // TODO(thakis): Remove this once the gpu sandbox is more restricted. + // http://crbug.com/48607 + continue; + } + if (!RunTestInSandbox(static_cast<Sandbox::SandboxProcessType>(i), test_name, test_data)) { LOG(ERROR) << "Sandboxed test (" << test_name << ")" << |