seccomp: refactor logic into a header file

I had hoped for this logic to get simpler, but it looks like it needs to be complicated for now. :( Review URL: http://codereview.chromium.org/7465095 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95317 0039d316-1c4b-4281-b951-d872f2087c98
author: evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-03 21:08:12 +0000
committer: evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-03 21:08:12 +0000
commit: 65f607f8a443d635d5b1ea54bac03100e9b12298 (patch)
tree: ea1826687e8bf7ca4705aa539a304c9d6e753a0b /content/browser/zygote_main_linux.cc
parent: 3db8bb08078f239887acebad75af1e32f4c7d601 (diff)
download: chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.zip
chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.tar.gz
chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.tar.bz2
1 files changed, 7 insertions, 27 deletions
diff --git a/content/browser/zygote_main_linux.cc b/content/browser/zygote_main_linux.cc
index 76fe656..2f156ed 100644
--- a/content/browser/zygote_main_linux.cc
+++ b/content/browser/zygote_main_linux.cc
@@ -35,6 +35,7 @@
 #include "content/common/process_watcher.h"
 #include "content/common/result_codes.h"
 #include "content/common/sandbox_methods_linux.h"
+#include "content/common/seccomp_sandbox.h"
 #include "content/common/set_process_title.h"
 #include "content/common/unix_domain_socket_posix.h"
 #include "content/common/zygote_fork_delegate_linux.h"
@@ -62,30 +63,9 @@ static const int kMagicSandboxIPCDescriptor = 5;
 static const int kZygoteIdDescriptor = 7;
 static bool g_suid_sandbox_active = false;
 
-// Seccomp enable/disable logic is centralized here.
-// - We define SECCOMP_SANDBOX if seccomp is compiled in at all: currently,
-//   on non-views (non-ChromeOS) non-ARM non-Clang Linux only.
-// - If we have SECCOMP_SANDBOX, we provide SeccompEnabled() as a
-//   run-time test to determine whether to turn on seccomp: currently
-//   it's behind an --enable-seccomp-sandbox switch.
-
-// This #ifdef logic must be kept in sync with
-// renderer_main_platform_delegate_linux.cc.  See TODO in that file.
-#if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) && \
-  !defined(__clang__) && !defined(OS_CHROMEOS) && !defined(TOOLKIT_VIEWS)
-#define SECCOMP_SANDBOX
-#include "seccompsandbox/sandbox.h"
-#endif
-
 #if defined(SECCOMP_SANDBOX)
-static bool SeccompEnabled() {
-  return CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox) &&
-      !CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kDisableSeccompSandbox);
-}
 static int g_proc_fd = -1;
-#endif  // SECCOMP_SANDBOX
+#endif
 
 #if defined(CHROMIUM_SELINUX)
 static void SELinuxTransitionToTypeOrDie(const char* type) {
@@ -431,7 +411,7 @@ class Zygote {
 
     if (!child) {
 #if defined(SECCOMP_SANDBOX)
-      if (SeccompEnabled() && g_proc_fd >= 0) {
+      if (SeccompSandboxEnabled() && g_proc_fd >= 0) {
         // Try to open /proc/self/maps as the seccomp sandbox needs access to it
         int proc_self_maps = openat(g_proc_fd, "self/maps", O_RDONLY);
         if (proc_self_maps >= 0) {
@@ -741,7 +721,7 @@ static bool EnterSandbox() {
       }
     }
 #if defined(SECCOMP_SANDBOX)
-  } else if (SeccompEnabled()) {
+  } else if (SeccompSandboxEnabled()) {
     PreSandboxInit();
     SkiaFontConfigSetImplementation(
         new FontConfigIPC(kMagicSandboxIPCDescriptor));
@@ -769,7 +749,7 @@ bool ZygoteMain(const MainFunctionParams& params,
 #endif
 
 #if defined(SECCOMP_SANDBOX)
-  if (SeccompEnabled()) {
+  if (SeccompSandboxEnabled()) {
     // The seccomp sandbox needs access to files in /proc, which might be denied
     // after one of the other sandboxes have been started. So, obtain a suitable
     // file handle in advance.
@@ -809,7 +789,7 @@ bool ZygoteMain(const MainFunctionParams& params,
   // The seccomp sandbox will be turned on when the renderers start. But we can
   // already check if sufficient support is available so that we only need to
   // print one error message for the entire browser session.
-  if (g_proc_fd >= 0 && SeccompEnabled()) {
+  if (g_proc_fd >= 0 && SeccompSandboxEnabled()) {
     if (!SupportsSeccompSandbox(g_proc_fd)) {
       // There are a good number of users who cannot use the seccomp sandbox
       // (e.g. because their distribution does not enable seccomp mode by
@@ -819,7 +799,7 @@ bool ZygoteMain(const MainFunctionParams& params,
                     "Seccomp sandbox. Running renderers with Seccomp "
                     "sandboxing disabled.";
     } else {
-      VLOG(1) << "Enabling experimental Seccomp sandbox.";
+      LOG(WARNING) << "Enabling experimental Seccomp sandbox.";
       sandbox_flags |= ZygoteHost::kSandboxSeccomp;
     }
   }
author	evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-03 21:08:12 +0000
committer	evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-03 21:08:12 +0000
commit	65f607f8a443d635d5b1ea54bac03100e9b12298 (patch)
tree	ea1826687e8bf7ca4705aa539a304c9d6e753a0b /content/browser/zygote_main_linux.cc
parent	3db8bb08078f239887acebad75af1e32f4c7d601 (diff)
download	chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.zip chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.tar.gz chromium_src-65f607f8a443d635d5b1ea54bac03100e9b12298.tar.bz2