Create a LinuxSandbox class.

The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. (Note: this is a re-land of https://chromiumcodereview.appspot.com/10826093/ with a trivial fix for ARM architectures). BUG= TBR=piman@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10843059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149734 0039d316-1c4b-4281-b951-d872f2087c98
author: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-02 23:14:21 +0000
committer: jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-02 23:14:21 +0000
commit: 3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d (patch)
tree: 3d6a9e8e136bb7e09dbfc15970bdc9e48e5da727 /content/zygote/zygote_linux.cc
parent: 542a73f819508284ebd35a1903a6e316819e232a (diff)
download: chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.zip
chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.tar.gz
chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.tar.bz2
1 files changed, 5 insertions, 17 deletions
diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc
index 3fcd996..101ea7f 100644
--- a/content/zygote/zygote_linux.cc
+++ b/content/zygote/zygote_linux.cc
@@ -25,7 +25,7 @@
 #include "base/pickle.h"
 #include "base/posix/unix_domain_socket.h"
 #include "content/common/set_process_title.h"
-#include "content/common/sandbox_methods_linux.h"
+#include "content/common/sandbox_linux.h"
 #include "content/common/zygote_commands_linux.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/zygote_fork_delegate_linux.h"
@@ -68,13 +68,9 @@ void SELinuxTransitionToTypeOrDie(const char* type) {
 }  // namespace
 
 Zygote::Zygote(int sandbox_flags,
-               ZygoteForkDelegate* helper,
-               int proc_fd_for_seccomp)
+               ZygoteForkDelegate* helper)
     : sandbox_flags_(sandbox_flags),
       helper_(helper),
-#if defined(SECCOMP_SANDBOX)
-      proc_fd_for_seccomp_(proc_fd_for_seccomp),
-#endif
       initial_uma_sample_(0),
       initial_uma_boundary_value_(0) {
   if (helper_) {
@@ -423,17 +419,9 @@ base::ProcessId Zygote::ReadArgsAndFork(const Pickle& pickle,
                                               uma_boundary_value);
   if (!child_pid) {
     // This is the child process.
-#if defined(SECCOMP_SANDBOX)
-    if (proc_fd_for_seccomp_ >= 0) {
-      if (process_type == switches::kRendererProcess &&
-          SeccompSandboxEnabled()) {
-        SeccompSandboxSetProcFd(proc_fd_for_seccomp_);
-      } else {
-        close(proc_fd_for_seccomp_);
-      }
-      proc_fd_for_seccomp_ = -1;
-    }
-#endif
+
+    // At this point, we finally know our process type.
+    LinuxSandbox::GetInstance()->PreinitializeSandboxFinish(process_type);
 
     close(kBrowserDescriptor);  // Our socket from the browser.
     if (UsingSUIDSandbox())
author	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-02 23:14:21 +0000
committer	jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-02 23:14:21 +0000
commit	3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d (patch)
tree	3d6a9e8e136bb7e09dbfc15970bdc9e48e5da727 /content/zygote/zygote_linux.cc
parent	542a73f819508284ebd35a1903a6e316819e232a (diff)
download	chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.zip chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.tar.gz chromium_src-3426ce1981d7ace455c51c5cc74fe80e5d2d5b4d.tar.bz2