diff options
| author | erg <erg@chromium.org> | 2015-07-28 11:46:08 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-07-28 18:46:41 +0000 |
| commit | 38edd249fa0e6b5e1e1917e6d14077467e77439c (patch) | |
| tree | fa4ac9b913ef8a8827a19b38f6d278e074af6313 /mojo/runner/child_process_host.h | |
| parent | 24a5806209d95faea058684b03a2d5f42c18ecae (diff) | |
| download | chromium_src-38edd249fa0e6b5e1e1917e6d14077467e77439c.zip chromium_src-38edd249fa0e6b5e1e1917e6d14077467e77439c.tar.gz chromium_src-38edd249fa0e6b5e1e1917e6d14077467e77439c.tar.bz2 | |
mandoline: Enable the sandbox on clipboard and tracing.
This modifies how we bring up child processes in the mandoline
shell. When sandboxing, we must raise the sandbox before we start any
threads on Linux. So we pass the path to the binary to run on the command
line in addition to passing it through mojo, so that we can pass that
file to the seccomp sandbox's file whitelist.
This is enough to get mojo:clipboard and mojo:tracing running in a
sandbox in --enable-multiprocess mode.
BUG=492524
Review URL: https://codereview.chromium.org/1239133004
Cr-Commit-Position: refs/heads/master@{#340734}
Diffstat (limited to 'mojo/runner/child_process_host.h')
| -rw-r--r-- | mojo/runner/child_process_host.h | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/mojo/runner/child_process_host.h b/mojo/runner/child_process_host.h index cbc3d64..1875ede 100644 --- a/mojo/runner/child_process_host.h +++ b/mojo/runner/child_process_host.h @@ -5,6 +5,7 @@ #ifndef MOJO_RUNNER_CHILD_PROCESS_HOST_H_ #define MOJO_RUNNER_CHILD_PROCESS_HOST_H_ +#include "base/files/file_path.h" #include "base/macros.h" #include "base/process/process.h" #include "mojo/edk/embedder/channel_info_forward.h" @@ -30,8 +31,14 @@ class Context; // remained alive until the |on_app_complete| callback is called. class ChildProcessHost { public: - // |name| is just for debugging ease. - ChildProcessHost(Context* context, const std::string& name); + // |name| is just for debugging ease. We will spawn off a process so that it + // can be sandboxed if |start_sandboxed| is true. |app_path| is a path to the + // mojo application we wish to start. |clean_app_path| cleans up transient + // applications after execution. + ChildProcessHost(Context* context, + bool start_sandboxed, + const base::FilePath& app_path, + bool clean_app_path); virtual ~ChildProcessHost(); // |Start()|s the child process; calls |DidStart()| (on the thread on which @@ -47,9 +54,7 @@ class ChildProcessHost { int Join(); // See |ChildController|: - void StartApp(const String& app_path, - bool clean_app_path, - InterfaceRequest<Application> application_request, + void StartApp(InterfaceRequest<Application> application_request, const ChildController::StartAppCallback& on_app_complete); void ExitNow(int32_t exit_code); @@ -66,7 +71,9 @@ class ChildProcessHost { void DidCreateChannel(embedder::ChannelInfo* channel_info); Context* const context_; - const std::string name_; + bool start_sandboxed_; + const base::FilePath app_path_; + bool clean_app_path_; base::Process child_process_; embedder::PlatformChannelPair platform_channel_pair_; ChildControllerPtr controller_; |