Add a mechanism to launch the utility process from the zygote on Linux.

Allow the users of the utility process to specify whether the zygote
should be used on Linux. This will allow sandboxing the uses of the
utility process that don't do FS access.

This is the first step to get the utility process sandboxed
on Linux. Since most of the uses of the utility process
don't do file access, launching all of those from the zygote
will simplify sandboxing the one that does: extension
unpacking.

Subsequent CLs will port the uses of the utility process
that don't do file access to launch from the zygote.

BUG=93109
TEST=No functional changes yet, but test that nothing broke by
running browser_tests::ExtensionWebstorePrivateApiTest.* and also
logging into Chromium and installing an extension from the Web Store.


Review URL: http://codereview.chromium.org/8849007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113914 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 1 deletions

diff --git a/content/browser/utility_process_host.cc b/content/browser/utility_process_host.cc
index 998f8a5..f472d92 100644
--- a/content/browser/utility_process_host.cc
+++ b/content/browser/utility_process_host.cc
@@ -46,6 +46,7 @@ UtilityProcessHost::UtilityProcessHost(Client* client,
 #else
       child_flags_(ChildProcessHost::CHILD_NORMAL),
 #endif
+      use_linux_zygote_(false),
       started_(false) {
 }
 
@@ -129,11 +130,17 @@ bool UtilityProcessHost::StartProcess() {
   cmd_line->AppendSwitchPath(switches::kUtilityProcessAllowedDir, exposed_dir_);
 #endif
 
+  bool use_zygote = false;
+
+#if defined(OS_LINUX)
+  use_zygote = !no_sandbox_ && use_linux_zygote_;
+#endif
+
   Launch(
 #if defined(OS_WIN)
       exposed_dir_,
 #elif defined(OS_POSIX)
-      false,
+      use_zygote,
       env_,
 #endif
       cmd_line);