diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-04 20:18:55 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-04 20:18:55 +0000 |
| commit | 1d87fad40da7f3ab7b0419bcf38a75645d572e04 (patch) | |
| tree | 024708e6ea006ec395660e0ea47e6935d33e69f5 /chrome/renderer | |
| parent | d9f4d2b5eb0428821d802f86fb56f46608dddb3b (diff) | |
| download | chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.zip chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.tar.gz chromium_src-1d87fad40da7f3ab7b0419bcf38a75645d572e04.tar.bz2 | |
Add support for running the NaCl plugin in the Linux SUID sandbox
* Add a function for getting the pre-opened FD for /dev/urandom.
This needs to be a C function because it will be used by
nacl_secure_random.c.
* Add an IPC message for creating shared memory segments, since
/dev/shm is not available inside the sandbox.
The corresponding NaCl change is http://codereview.chromium.org/669056
BUG=36676
TEST=nacl_ui_tests in conjunction with NaCl changes
http://codereview.chromium.org/669055
Patch by Mark Seaborn.
Signed-off-by: Adam Langley
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40647 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/renderer_sandbox_support_linux.cc | 26 | ||||
| -rw-r--r-- | chrome/renderer/renderer_sandbox_support_linux.h | 3 |
2 files changed, 23 insertions, 6 deletions
diff --git a/chrome/renderer/renderer_sandbox_support_linux.cc b/chrome/renderer/renderer_sandbox_support_linux.cc index 1c4a60d..f1d03e3 100644 --- a/chrome/renderer/renderer_sandbox_support_linux.cc +++ b/chrome/renderer/renderer_sandbox_support_linux.cc @@ -12,6 +12,10 @@ #include "third_party/WebKit/WebKit/chromium/public/linux/WebFontRenderStyle.h" +static int GetSandboxFD() { + return kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; +} + namespace renderer_sandbox_support { std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16) { @@ -22,9 +26,7 @@ std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16) request.WriteUInt32(utf16[i]); uint8_t buf[512]; - const int sandbox_fd = - kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; - const ssize_t n = base::SendRecvMsg(sandbox_fd, buf, sizeof(buf), NULL, + const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, request); std::string family_name; @@ -45,9 +47,7 @@ void getRenderStyleForStrike(const char* family, int sizeAndStyle, request.WriteInt(sizeAndStyle); uint8_t buf[512]; - const int sandbox_fd = - kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; - const ssize_t n = base::SendRecvMsg(sandbox_fd, buf, sizeof(buf), NULL, + const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, request); out->setDefaults(); @@ -73,4 +73,18 @@ void getRenderStyleForStrike(const char* family, int sizeAndStyle, } } +int MakeSharedMemorySegmentViaIPC(size_t length) { + Pickle request; + request.WriteInt(LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT); + request.WriteUInt32(length); + uint8_t reply_buf[10]; + int result_fd; + ssize_t result = base::SendRecvMsg(GetSandboxFD(), + reply_buf, sizeof(reply_buf), + &result_fd, request); + if (result == -1) + return -1; + return result_fd; +} + } // namespace render_sandbox_support diff --git a/chrome/renderer/renderer_sandbox_support_linux.h b/chrome/renderer/renderer_sandbox_support_linux.h index 4ba5298..3fa318b 100644 --- a/chrome/renderer/renderer_sandbox_support_linux.h +++ b/chrome/renderer/renderer_sandbox_support_linux.h @@ -27,6 +27,9 @@ std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16); void getRenderStyleForStrike(const char* family, int sizeAndStyle, WebKit::WebFontRenderStyle* out); +// Returns a file descriptor for a shared memory segment. +int MakeSharedMemorySegmentViaIPC(size_t length); + }; // namespace render_sandbox_support #endif // CHROME_RENDERER_RENDERER_SANDBOX_SUPPORT_LINUX_H_ |