Initial version of the Seccomp sandbox. Imported from http://code.google.com/p/seccompsandbox/

Make the seccomp sandbox dependant on the --enable-seccomp-sandbox flag Review URL: http://codereview.chromium.org/165310 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23087 0039d316-1c4b-4281-b951-d872f2087c98
author: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-11 21:46:07 +0000
committer: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-11 21:46:07 +0000
commit: 0fb2bd939380e4d46bad10eb597bff4980ca7db2 (patch)
tree: 79d017b24dfb4d91059b856da7b8ad43764d76e6 /chrome
parent: 135b165d2bca7a9a7302eb4f771dc713c8100edb (diff)
download: chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.zip
chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.gz
chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.bz2
6 files changed, 29 insertions, 2 deletions
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc
index 07b7c7e..eddbdda 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.cc
+++ b/chrome/browser/renderer_host/browser_render_process_host.cc
@@ -317,6 +317,7 @@ bool BrowserRenderProcessHost::Init() {
     switches::kRendererStartupDialog,
     switches::kNoSandbox,
     switches::kTestSandbox,
+    switches::kEnableSeccompSandbox,
 #if !defined (GOOGLE_CHROME_BUILD)
     // This is an unsupported and not fully tested mode, so don't enable it for
     // official Chrome builds.
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp
index fb4b257..947c4a9 100644
--- a/chrome/chrome.gyp
+++ b/chrome/chrome.gyp
@@ -3132,6 +3132,9 @@
               ],
             }],
           ],
+          'dependencies': [
+            '../sandbox/sandbox.gyp:sandbox',
+          ],
         }],
         ['OS=="mac" or OS=="win"', {
           'dependencies': [
@@ -3933,6 +3936,7 @@
           'dependencies': [
             '../build/linux/system.gyp:gtk',
             '../build/linux/system.gyp:nss',
+            '../sandbox/sandbox.gyp:*',
           ],
           'sources!': [
             # This test is mostly about renaming downloads to safe file
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index f6e0678..b0a59bf 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -554,6 +554,9 @@ const wchar_t kEnableSessionStorage[] = L"enable-session-storage";
 // Allows debugging of sandboxed processes (see zygote_main_linux.cc).
 const wchar_t kAllowSandboxDebugging[] = L"allow-sandbox-debugging";
 
+// Enable the seccomp sandbox (Linux only)
+const wchar_t kEnableSeccompSandbox[] = L"enable-seccomp-sandbox";
+
 // Triggers a pletora of diagnostic modes.
 const wchar_t kDiagnostics[] = L"diagnostics";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 4465096..3d47067 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -214,6 +214,8 @@ extern const wchar_t kEnableSessionStorage[];
 
 extern const wchar_t kAllowSandboxDebugging[];
 
+extern const wchar_t kEnableSeccompSandbox[];
+
 extern const wchar_t kDiagnostics[];
 
 extern const wchar_t kDisableCustomJumpList[];
diff --git a/chrome/renderer/renderer_main.cc b/chrome/renderer/renderer_main.cc
index 37f0069..b2b392c 100644
--- a/chrome/renderer/renderer_main.cc
+++ b/chrome/renderer/renderer_main.cc
@@ -131,12 +131,20 @@ int RendererMain(const MainFunctionParams& parameters) {
   }
 
   {
+#if !defined(OS_LINUX)
+    // TODO(markus): Check if it is OK to unconditionally move this
+    // instruction down.
     RenderProcess render_process;
     render_process.set_main_thread(new RenderThread());
+#endif
     bool run_loop = true;
     if (!no_sandbox) {
       run_loop = platform.EnableSandbox();
     }
+#if defined(OS_LINUX)
+    RenderProcess render_process;
+    render_process.set_main_thread(new RenderThread());
+#endif
 
     platform.RunSandboxTests();
 
diff --git a/chrome/renderer/renderer_main_platform_delegate_linux.cc b/chrome/renderer/renderer_main_platform_delegate_linux.cc
index 34e04d2..5e8555d 100644
--- a/chrome/renderer/renderer_main_platform_delegate_linux.cc
+++ b/chrome/renderer/renderer_main_platform_delegate_linux.cc
@@ -4,9 +4,11 @@
 
 #include "chrome/renderer/renderer_main_platform_delegate.h"
 
+#include "base/command_line.h"
 #include "base/debug_util.h"
+#include "sandbox/linux/seccomp/sandbox.h"
 
-// This is a no op class because we do not have a sandbox on linux.
+#include "chrome/common/chrome_switches.h"
 
 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
     const MainFunctionParams& parameters)
@@ -29,8 +31,15 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
-  // The sandbox is started in the zygote process: zygote_main_linux.cc
+  // The setuid sandbox is started in the zygote process: zygote_main_linux.cc
   // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
+  //
+  // The seccomp sandbox is started in the renderer.
+  // http://code.google.com/p/seccompsandbox/
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableSeccompSandbox)) {
+    StartSeccompSandbox();
+  }
   return true;
 }
author	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-11 21:46:07 +0000
committer	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-11 21:46:07 +0000
commit	0fb2bd939380e4d46bad10eb597bff4980ca7db2 (patch)
tree	79d017b24dfb4d91059b856da7b8ad43764d76e6 /chrome
parent	135b165d2bca7a9a7302eb4f771dc713c8100edb (diff)
download	chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.zip chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.gz chromium_src-0fb2bd939380e4d46bad10eb597bff4980ca7db2.tar.bz2