Revert r17575 and r17576. They are causing layout test errors.

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17577 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 17 insertions, 352 deletions

diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc
index b6c8b51..006d923 100644
--- a/chrome/app/chrome_dll_main.cc
+++ b/chrome/app/chrome_dll_main.cc
@@ -399,6 +399,20 @@ int ChromeMain(int argc, const char** argv) {
   InitCrashReporter();
 #endif
 
+#if defined(OS_POSIX)
+  // Bug 11776: we mistakenly created directories world-readable.
+  // Fix old instances of these directories manually.
+  // TODO(evanm): remove this code in a month or two.
+  if (user_data_dir.empty()) {
+    FilePath fix_dir;
+    CHECK(PathService::Get(chrome::DIR_USER_DATA, &fix_dir));
+    struct stat statbuf;
+    CHECK(stat(fix_dir.value().c_str(), &statbuf) == 0);
+    if ((statbuf.st_mode & 0077) != 0)
+      CHECK(chmod(fix_dir.value().c_str(), 0700) == 0);
+  }
+#endif
+
   bool single_process =
 #if defined (GOOGLE_CHROME_BUILD)
     // This is an unsupported and not fully tested mode, so don't enable it for
diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc
index 0b4ffc3..f7145a4 100644
--- a/chrome/browser/browser_main.cc
+++ b/chrome/browser/browser_main.cc
@@ -64,7 +64,6 @@
 
 #if defined(OS_LINUX)
 #include "chrome/app/breakpad_linux.h"
-#include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
 #endif
 
 // TODO(port): several win-only methods have been pulled out of this, but
@@ -219,8 +218,6 @@ void AddFirstRunNewTabs(BrowserInit* browser_init,
 
 }  // namespace
 
-extern void SkiaFontConfigUseDirectImplementation();
-
 // Main routine for running as the Browser process.
 int BrowserMain(const MainFunctionParams& parameters) {
   const CommandLine& parsed_command_line = parameters.command_line_;
@@ -249,14 +246,6 @@ int BrowserMain(const MainFunctionParams& parameters) {
   CHECK(sigaction(SIGCHLD, &action, NULL) == 0);
 #endif
 
-#if defined(OS_LINUX)
-  // Construct the sandbox host on the UI thread.
-  Singleton<RenderSandboxHostLinux>::get();
-
-  // Configure Skia in this process to use fontconfig directly.
-  SkiaFontConfigUseDirectImplementation();
-#endif
-
   // Do platform-specific things (such as finishing initializing Cocoa)
   // prior to instantiating the message loop. This could be turned into a
   // broadcast notification.
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc
index 7e8d30e..8cee7ae 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.cc
+++ b/chrome/browser/renderer_host/browser_render_process_host.cc
@@ -36,7 +36,6 @@
 #include "chrome/browser/profile.h"
 #if defined(OS_LINUX)
 #include "chrome/browser/renderer_host/render_crash_handler_host_linux.h"
-#include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
 #endif
 #include "chrome/browser/renderer_host/render_view_host.h"
 #include "chrome/browser/renderer_host/render_widget_helper.h"
@@ -346,10 +345,6 @@ bool BrowserRenderProcessHost::Init() {
         Singleton<RenderCrashHandlerHostLinux>()->GetDeathSignalSocket();
     if (crash_signal_fd >= 0)
       fds_to_map.push_back(std::make_pair(crash_signal_fd, 4));
-    const int sandbox_ipc_fd =
-        Singleton<RenderSandboxHostLinux>()->GetRendererSocket();
-    if (sandbox_ipc_fd >= 0)
-      fds_to_map.push_back(std::make_pair(sandbox_ipc_fd, 5));
 #endif
     base::LaunchApp(cmd_line.argv(), fds_to_map, false, &process);
 #endif
diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc
deleted file mode 100644
index 13d96a8..0000000
--- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc
+++ /dev/null
@@ -1,257 +0,0 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/renderer_host/render_sandbox_host_linux.h"
-
-#include <stdint.h>
-#include <unistd.h>
-#include <sys/uio.h>
-#include <sys/socket.h>
-#include <sys/epoll.h>
-
-#include "base/eintr_wrapper.h"
-#include "base/process_util.h"
-#include "base/logging.h"
-#include "base/message_loop.h"
-
-#include "SkFontHost_fontconfig_direct.h"
-#include "SkFontHost_fontconfig_ipc.h"
-
-// http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
-
-// BEWARE: code in this file run across *processes* (not just threads).
-
-// This code runs in a child process
-class SandboxIPCProcess {
- public:
-  // lifeline_fd: this is the read end of a pipe which the browser process
-  //   holds the other end of. If the browser process dies, it's descriptors are
-  //   closed and we will noticed an EOF on the pipe. That's our signal to exit.
-  // browser_socket: the 'browser's end of the sandbox IPC socketpair. From the
-  //   point of view of the renderer's, it's talking to the browser but this
-  //   object actually services the requests.
-  SandboxIPCProcess(int lifeline_fd, int browser_socket)
-      : lifeline_fd_(lifeline_fd),
-        browser_socket_(browser_socket),
-        font_config_(new FontConfigDirect()) {
-    base::InjectiveMultimap multimap;
-    multimap.push_back(base::InjectionArc(0, lifeline_fd, false));
-    multimap.push_back(base::InjectionArc(0, browser_socket, false));
-
-    base::CloseSuperfluousFds(multimap);
-  }
-
-  void Run() {
-    const int epollfd = epoll_create(2);
-    CHECK(epollfd >= 0);
-    struct epoll_event ev;
-
-    ev.events = EPOLLIN;
-    ev.data.fd = lifeline_fd_;
-    CHECK(0 == epoll_ctl(epollfd, EPOLL_CTL_ADD, lifeline_fd_, &ev));
-
-    ev.events = EPOLLIN;
-    ev.data.fd = browser_socket_;
-    CHECK(0 == epoll_ctl(epollfd, EPOLL_CTL_ADD, browser_socket_, &ev));
-
-    for (;;) {
-      CHECK(1 == HANDLE_EINTR(epoll_wait(epollfd, &ev, 1, -1)));
-      if (ev.data.fd == lifeline_fd_) {
-        // our parent died so we should too.
-        _exit(0);
-      } else {
-        CHECK(ev.data.fd == browser_socket_);
-        HandleRequest(browser_socket_);
-      }
-    }
-  }
-
-  void HandleRequest(int fd) {
-    struct msghdr msg = {0};
-    struct iovec iov;
-    uint8_t buf[1024];
-    uint8_t control_buf[CMSG_SPACE(sizeof(int))];
-    iov.iov_base = buf;
-    iov.iov_len = sizeof(buf);
-    msg.msg_iov = &iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = control_buf;
-    msg.msg_controllen = sizeof(control_buf);
-
-    const ssize_t n = HANDLE_EINTR(recvmsg(fd, &msg, 0));
-
-    if (n < 1) {
-      LOG(ERROR) << "Error reading from sandbox IPC socket. Sandbox IPC is"
-                 << " disabled."
-                 << " n:" << n
-                 << " errno:" << errno;
-      _exit(1);
-      return;
-    }
-
-    if (msg.msg_controllen != sizeof(control_buf) ||
-        n < static_cast<ssize_t>(sizeof(uint16_t)) ||
-        msg.msg_flags) {
-      LOG(ERROR) << "Sandbox IPC: missing control message or truncated message:"
-                 << " n:" << n
-                 << " msg.msg_controllen:" << msg.msg_controllen
-                 << " msg.msg_flags:" << msg.msg_flags;
-      return;
-    }
-
-    // Get the reply socket from the control message
-    int reply_fd = -1;
-    struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
-    if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
-      // The client cannot send us additional descriptors because the control
-      // message buffer is only sized for a single int.
-      reply_fd = *reinterpret_cast<int*>(CMSG_DATA(cmsg));
-    } else {
-      LOG(ERROR) << "Sandbox IPC: message without reply descriptor:"
-                 << " n:" << n
-                 << " msg.msg_controllen:" << msg.msg_controllen
-                 << " cmsg->cmsg_level:" << cmsg->cmsg_level
-                 << " cmsg->cmsg_type:" << cmsg->cmsg_type;
-      return;
-    }
-
-    const uint16_t request_type = *reinterpret_cast<uint16_t*>(buf);
-    switch (request_type) {
-      case FontConfigIPC::METHOD_MATCH:
-        return FontConfigMatch(reply_fd, buf, n);
-      case FontConfigIPC::METHOD_OPEN:
-        return FontConfigOpen(reply_fd, buf, n);
-      default:
-        LOG(ERROR) << "Sandbox IPC: message with unknown type:"
-                   << " request_type:" << request_type;
-        HANDLE_EINTR(close(reply_fd));
-    }
-  }
-
-  // Send a reply to a client
-  //   reply_fd: the reply channel given to us by the client
-  //   iov, iov_len: the contents of the reply message
-  //   extra_fd: an fd to include in the reply, or -1
-  //
-  // Both reply_fd and extra_fd (if any) are closed.
-  void SendReplyAndClose(int reply_fd, const struct iovec* iov,
-                         unsigned iov_len, int extra_fd) {
-    struct msghdr msg = {0};
-    msg.msg_iov = const_cast<struct iovec*>(iov);
-    msg.msg_iovlen = iov_len;
-
-    uint8_t control_buf[CMSG_SPACE(sizeof(int))];
-
-    if (extra_fd >= 0) {
-      msg.msg_control = control_buf;
-      msg.msg_controllen = sizeof(control_buf);
-
-      struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
-      cmsg->cmsg_level = SOL_SOCKET;
-      cmsg->cmsg_type = SCM_RIGHTS;
-      cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-      *reinterpret_cast<int*>(CMSG_DATA(cmsg)) = extra_fd;
-    }
-
-    HANDLE_EINTR(sendmsg(reply_fd, &msg, MSG_NOSIGNAL | MSG_DONTWAIT));
-    HANDLE_EINTR(close(reply_fd));
-    if (extra_fd >= 0)
-      HANDLE_EINTR(close(extra_fd));
-  }
-
-  void FontConfigMatch(int reply_fd, const uint8_t* request_bytes,
-                       unsigned request_len) {
-    if (request_len < sizeof(FontConfigIPC::MatchRequest))
-      return (void) HANDLE_EINTR(close(reply_fd));
-
-    const FontConfigIPC::MatchRequest* request =
-        reinterpret_cast<const FontConfigIPC::MatchRequest*>(request_bytes);
-
-    if (request_len != sizeof(FontConfigIPC::MatchRequest) + request->family_len)
-      return (void) HANDLE_EINTR(close(reply_fd));
-
-    const std::string family(
-        reinterpret_cast<const char*>(request_bytes + sizeof(*request)),
-        request->family_len);
-    std::string result_family;
-    unsigned result_fileid;
-
-    const bool r = font_config_->Match(
-        &result_family, &result_fileid, request->fileid_valid, request->fileid,
-        family, request->is_bold, request->is_italic);
-
-    struct iovec iov[2];
-    FontConfigIPC::MatchReply reply;
-    memset(&reply, 0, sizeof(reply));
-
-    iov[0].iov_base = &reply;
-    iov[0].iov_len = sizeof(reply);
-
-    if (r) {
-      reply.result = 1;
-      reply.result_fileid = result_fileid;
-      reply.filename_len = result_family.size();
-
-      iov[1].iov_base = const_cast<char*>(result_family.data());
-      iov[1].iov_len = result_family.size();
-    }
-
-    SendReplyAndClose(reply_fd, iov, r ? 2 : 1, -1 /* no fd */);
-  }
-
-  void FontConfigOpen(int reply_fd, const uint8_t* request_bytes,
-                      unsigned request_len) {
-    if (request_len < sizeof(FontConfigIPC::OpenRequest))
-      return (void) HANDLE_EINTR(close(reply_fd));
-
-    const FontConfigIPC::OpenRequest* request =
-        reinterpret_cast<const FontConfigIPC::OpenRequest*>(request_bytes);
-
-    FontConfigDirect* fc = reinterpret_cast<FontConfigDirect*>(font_config_);
-
-    const int result_fd = fc->Open(request->fileid);
-
-    FontConfigIPC::OpenReply reply;
-    reply.result = result_fd >= 0 ? 1 : 0;
-
-    struct iovec iov;
-    iov.iov_base = &reply;
-    iov.iov_len = sizeof(reply);
-
-    SendReplyAndClose(reply_fd, &iov, 1, result_fd);
-  }
-
- private:
-  const int lifeline_fd_;
-  const int browser_socket_;
-  FontConfigDirect* const font_config_;
-};
-
-// -----------------------------------------------------------------------------
-
-// Runs on the main thread at startup.
-RenderSandboxHostLinux::RenderSandboxHostLinux() {
-  int fds[2];
-  CHECK(socketpair(AF_UNIX, SOCK_DGRAM, 0, fds) == 0);
-
-  renderer_socket_ = fds[0];
-  const int browser_socket = fds[1];
-
-  int pipefds[2];
-  CHECK(0 == pipe(pipefds));
-  const int child_lifeline_fd = pipefds[0];
-  childs_lifeline_fd_ = pipefds[1];
-
-  const pid_t child = fork();
-  if (child == 0) {
-    SandboxIPCProcess handler(child_lifeline_fd, browser_socket);
-    handler.Run();
-    _exit(0);
-  }
-}
-
-RenderSandboxHostLinux::~RenderSandboxHostLinux() {
-  HANDLE_EINTR(close(renderer_socket_));
-  HANDLE_EINTR(close(childs_lifeline_fd_));
-}
diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.h b/chrome/browser/renderer_host/render_sandbox_host_linux.h
deleted file mode 100644
index 43fa447..0000000
--- a/chrome/browser/renderer_host/render_sandbox_host_linux.h
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// http://code.google.com/p/chromium/wiki/LinuxSandboxIPC
-
-#ifndef CHROME_BROWSER_RENDERER_HOST_RENDER_SANDBOX_HOST_LINUX_H_
-#define CHROME_BROWSER_RENDERER_HOST_RENDER_SANDBOX_HOST_LINUX_H_
-
-#include "base/singleton.h"
-#include "base/thread.h"
-#include "base/message_loop.h"
-
-// This is a singleton object which handles sandbox requests from the
-// renderers.
-class RenderSandboxHostLinux {
- public:
-  // Get the file descriptor which renderers should be given in order to signal
-  // crashes to the browser.
-  int GetRendererSocket() const { return renderer_socket_; }
-
- private:
-  friend struct DefaultSingletonTraits<RenderSandboxHostLinux>;
-  // This object must be constructed on the main thread.
-  RenderSandboxHostLinux();
-  ~RenderSandboxHostLinux();
-
-  int renderer_socket_;
-  int childs_lifeline_fd_;
-
-  DISALLOW_EVIL_CONSTRUCTORS(RenderSandboxHostLinux);
-};
-
-#endif  // CHROME_BROWSER_RENDERER_HOST_RENDER_SANDBOX_HOST_LINUX_H_
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp
index 20518ea..0fc4a1d 100644
--- a/chrome/chrome.gyp
+++ b/chrome/chrome.gyp
@@ -1183,8 +1183,6 @@
         'browser/renderer_host/download_throttling_resource_handler.h',
         'browser/renderer_host/render_process_host.cc',
         'browser/renderer_host/render_process_host.h',
-        'browser/renderer_host/render_sandbox_host_linux.cc',
-        'browser/renderer_host/render_sandbox_host_linux.h',
         'browser/renderer_host/render_view_host.cc',
         'browser/renderer_host/render_view_host.h',
         'browser/renderer_host/render_view_host_delegate.h',
@@ -1591,7 +1589,6 @@
             # '../build/linux/system.gyp:dbus-glib',
             # '../build/linux/system.gyp:gnome-keyring',
             '../build/linux/system.gyp:gtk',
-            '../skia/skia.gyp:skia',
           ],
           'sources!': [
             'browser/extensions/extension_shelf.cc',
diff --git a/chrome/renderer/renderer_main_platform_delegate_linux.cc b/chrome/renderer/renderer_main_platform_delegate_linux.cc
index e997bc9..6502129 100644
--- a/chrome/renderer/renderer_main_platform_delegate_linux.cc
+++ b/chrome/renderer/renderer_main_platform_delegate_linux.cc
@@ -4,10 +4,7 @@
 
 #include "chrome/renderer/renderer_main_platform_delegate.h"
 
-#include <stdlib.h>
-
 #include "base/debug_util.h"
-#include "base/eintr_wrapper.h"
 
 // This is a no op class because we do not have a sandbox on linux.
 
@@ -19,9 +16,6 @@ RendererMainPlatformDelegate::RendererMainPlatformDelegate(
 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
 }
 
-extern void SkiaFontConfigUseIPCImplementation(int fd);
-extern void SkiaFontConfigUseDirectImplementation();
-
 void RendererMainPlatformDelegate::PlatformInitialize() {
 }
 
@@ -29,51 +23,18 @@ void RendererMainPlatformDelegate::PlatformUninitialize() {
 }
 
 bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
-  // Our sandbox support is in the very early stages
+  // We have no sandbox.
   // http://code.google.com/p/chromium/issues/detail?id=8081
   return true;
 }
 
 bool RendererMainPlatformDelegate::EnableSandbox() {
-  // Our sandbox support is in the very early stages
+  // We have no sandbox.
   // http://code.google.com/p/chromium/issues/detail?id=8081
-
-  const char* const sandbox_fd_string = getenv("SBX_D");
-  if (sandbox_fd_string) {
-    // The SUID sandbox sets this environment variable to a file descriptor
-    // over which we can signal that we have completed our startup and can be
-    // chrooted.
-
-    char* endptr;
-    const long fd_long = strtol(sandbox_fd_string, &endptr, 10);
-    if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX)
-      return false;
-    const int fd = fd_long;
-
-    static const char kChrootMe = 'C';
-    static const char kChrootMeSuccess = 'O';
-
-    if (HANDLE_EINTR(write(fd, &kChrootMe, 1)) != 1)
-      return false;
-
-    char reply;
-    if (HANDLE_EINTR(read(fd, &reply, 1)) != 1)
-      return false;
-    if (reply != kChrootMeSuccess)
-      return false;
-    if (chdir("/") == -1)
-      return false;
-
-    static const int kMagicSandboxIPCDescriptor = 5;
-    SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor);
-  } else {
-    SkiaFontConfigUseDirectImplementation();
-  }
-
   return true;
 }
 
 void RendererMainPlatformDelegate::RunSandboxTests() {
-  // Our sandbox support is in the very early stages
+  // We have no sandbox.
   // http://code.google.com/p/chromium/issues/detail?id=8081
 }