diff options
author | erg <erg@chromium.org> | 2015-08-06 20:06:44 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-08-07 03:07:26 +0000 |
commit | 4196dfefc131b0a77a3e02e917b852dba8faf445 (patch) | |
tree | a291dd1a326fd48483007b94cc1440cbebb3b02f /mojo | |
parent | 862a9d9c5b475b05b6bb1741f782b8459967591e (diff) | |
download | chromium_src-4196dfefc131b0a77a3e02e917b852dba8faf445.zip chromium_src-4196dfefc131b0a77a3e02e917b852dba8faf445.tar.gz chromium_src-4196dfefc131b0a77a3e02e917b852dba8faf445.tar.bz2 |
Sandbox html_viewer on Linux.
This creates a font_service which does the same role as
font_config_ipc_linux.cc does in content/. This lets us sandbox the
html_viewer, while still being able to communicate with fontconfig.
Also prewarms the ICU timezone data, along with doing all the
prewarming that's done in the core_services sandbox.
BUG=492524
NOPRESUBMIT=true
Review URL: https://codereview.chromium.org/1274743004
Cr-Commit-Position: refs/heads/master@{#342281}
Diffstat (limited to 'mojo')
-rw-r--r-- | mojo/runner/child_process.cc | 6 | ||||
-rw-r--r-- | mojo/runner/linux_sandbox.cc | 4 | ||||
-rw-r--r-- | mojo/shell/application_manager.cc | 2 |
3 files changed, 10 insertions, 2 deletions
diff --git a/mojo/runner/child_process.cc b/mojo/runner/child_process.cc index eda7829..85ce4b3 100644 --- a/mojo/runner/child_process.cc +++ b/mojo/runner/child_process.cc @@ -310,7 +310,13 @@ int ChildProcessMain() { if (sandbox_warm) sandbox_warm(); + // TODO(erg,jln): Allowing access to all of /dev/shm/ makes it easy to + // spy on other shared memory using processes. This is a temporary hack + // so that we have some sandbox until we have proper shared memory + // support integrated into mojo. std::vector<BrokerFilePermission> permissions; + permissions.push_back( + BrokerFilePermission::ReadWriteCreateUnlinkRecursive("/dev/shm/")); sandbox.reset(new mandoline::LinuxSandbox(permissions)); sandbox->Warmup(); sandbox->EngageNamespaceSandbox(); diff --git a/mojo/runner/linux_sandbox.cc b/mojo/runner/linux_sandbox.cc index 06165b2..fb6af97 100644 --- a/mojo/runner/linux_sandbox.cc +++ b/mojo/runner/linux_sandbox.cc @@ -92,8 +92,8 @@ class SandboxPolicy : public sandbox::bpf_dsl::Policy { LinuxSandbox::LinuxSandbox(const std::vector<BrokerFilePermission>& permissions) : broker_(new sandbox::syscall_broker::BrokerProcess(EPERM, permissions)) { - broker_->Init( - base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities)); + CHECK(broker_->Init( + base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities))); policy_.reset(new SandboxPolicy(broker_.get())); } diff --git a/mojo/shell/application_manager.cc b/mojo/shell/application_manager.cc index 17de9de..bbe68cf3 100644 --- a/mojo/shell/application_manager.cc +++ b/mojo/shell/application_manager.cc @@ -383,6 +383,8 @@ void ApplicationManager::HandleFetchCallback( bool start_sandboxed = false; if (app_url == GURL("mojo://core_services/") && qualifier == "Sandboxed Core") start_sandboxed = true; + else if (app_url == GURL("mojo://html_viewer/")) + start_sandboxed = true; fetcher->AsPath(blocking_pool_, base::Bind(&ApplicationManager::RunNativeApplication, |