Linux: remove unmaintained SELinux code.

See https://groups.google.com/a/chromium.org/d/msg/chromium-dev/YpU7t2XaGRg/V9-diQZQQDwJ for discussion. BUG=none R=agl@chromium.org, jln@chromium.org Review URL: https://codereview.chromium.org/14771026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@200838 0039d316-1c4b-4281-b951-d872f2087c98
author: phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-05-17 17:22:14 +0000
committer: phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-05-17 17:22:14 +0000
commit: 5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e (patch)
tree: 54d23a3517d1e0bcecd0380de54f039f40209696 /content/zygote
parent: 7e75e4a8d4bc9dda2944cb5381c819c6d0249ec9 (diff)
download: chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.zip
chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.tar.gz
chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.tar.bz2
2 files changed, 1 insertions, 56 deletions
diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc
index 5d26a05..8930022 100644
--- a/content/zygote/zygote_linux.cc
+++ b/content/zygote/zygote_linux.cc
@@ -30,11 +30,6 @@
 #include "ipc/ipc_channel.h"
 #include "ipc/ipc_switches.h"
 
-#if defined(CHROMIUM_SELINUX)
-#include <selinux/context.h>
-#include <selinux/selinux.h>
-#endif
-
 // See http://code.google.com/p/chromium/wiki/LinuxZygote
 
 namespace content {
@@ -45,26 +40,6 @@ namespace {
 void SIGCHLDHandler(int signal) {
 }
 
-#if defined(CHROMIUM_SELINUX)
-void SELinuxTransitionToTypeOrDie(const char* type) {
-  security_context_t security_context;
-  if (getcon(&security_context))
-    LOG(FATAL) << "Cannot get SELinux context";
-
-  context_t context = context_new(security_context);
-  context_type_set(context, type);
-  const int r = setcon(context_str(context));
-  context_free(context);
-  freecon(security_context);
-
-  if (r) {
-    LOG(FATAL) << "dynamic transition to type '" << type << "' failed. "
-                  "(this binary has been built with SELinux support, but maybe "
-                  "the policies haven't been loaded into the kernel?)";
-  }
-}
-#endif  // CHROMIUM_SELINUX
-
 }  // namespace
 
 const int Zygote::kMagicSandboxIPCDescriptor;
@@ -441,10 +416,6 @@ base::ProcessId Zygote::ReadArgsAndFork(const Pickle& pickle,
       close(kZygoteIdFd);  // Another socket from the browser.
     base::GlobalDescriptors::GetInstance()->Reset(mapping);
 
-#if defined(CHROMIUM_SELINUX)
-    SELinuxTransitionToTypeOrDie("chromium_renderer_t");
-#endif
-
     // Reset the process-wide command line to our new command line.
     CommandLine::Reset();
     CommandLine::Init(0, NULL);
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
index ca75518..750c36d 100644
--- a/content/zygote/zygote_main_linux.cc
+++ b/content/zygote/zygote_main_linux.cc
@@ -55,10 +55,6 @@ namespace content {
 
 // See http://code.google.com/p/chromium/wiki/LinuxZygote
 
-// With SELinux we can carve out a precise sandbox, so we don't have to play
-// with intercepting libc calls.
-#if !defined(CHROMIUM_SELINUX)
-
 static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output,
                                         char* timezone_out,
                                         size_t timezone_out_len) {
@@ -250,8 +246,6 @@ struct tm* localtime64_r_override(const time_t* timep, struct tm* result) {
   }
 }
 
-#endif  // !CHROMIUM_SELINUX
-
 // This function triggers the static and lazy construction of objects that need
 // to be created before imposing the sandbox.
 static void PreSandboxInit() {
@@ -287,7 +281,6 @@ static void PreSandboxInit() {
 #endif
 }
 
-#if !defined(CHROMIUM_SELINUX)
 // Do nothing here
 static void SIGCHLDHandler(int signal) {
 }
@@ -433,30 +426,11 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
 
   return true;
 }
-#else  // CHROMIUM_SELINUX
-
-static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
-                         bool* using_suid_sandbox, bool* has_started_new_init) {
-  *using_suid_sandbox = false;
-  *has_started_new_init = false;
-
-  if (!setuid_sandbox)
-    return false;
-
-  PreSandboxInit();
-  SkFontConfigInterface::SetGlobal(
-      new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref();
-  return true;
-}
-
-#endif  // CHROMIUM_SELINUX
 
 bool ZygoteMain(const MainFunctionParams& params,
                 ZygoteForkDelegate* forkdelegate) {
-#if !defined(CHROMIUM_SELINUX)
   g_am_zygote_or_renderer = true;
   sandbox::InitLibcUrandomOverrides();
-#endif
 
   LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
   // This will pre-initialize the various sandboxes that need it.
@@ -472,7 +446,7 @@ bool ZygoteMain(const MainFunctionParams& params,
     VLOG(1) << "ZygoteMain: fork delegate is NULL";
   }
 
-  // Turn on the SELinux or SUID sandbox.
+  // Turn on the sandbox.
   bool using_suid_sandbox = false;
   bool has_started_new_init = false;
author	phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-05-17 17:22:14 +0000
committer	phajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-05-17 17:22:14 +0000
commit	5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e (patch)
tree	54d23a3517d1e0bcecd0380de54f039f40209696 /content/zygote
parent	7e75e4a8d4bc9dda2944cb5381c819c6d0249ec9 (diff)
download	chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.zip chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.tar.gz chromium_src-5d9bc78fa77fbb892561a3c1acbc030ba0ebc66e.tar.bz2