diff options
| -rw-r--r-- | base/base.gypi | 1 | ||||
| -rw-r--r-- | base/unix_domain_socket_posix.h | 43 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/render_sandbox_host_linux.cc | 9 | ||||
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 13 | ||||
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 30 | ||||
| -rw-r--r-- | chrome/chrome_common.gypi | 18 | ||||
| -rw-r--r-- | chrome/common/font_config_ipc_linux.cc | 110 | ||||
| -rw-r--r-- | chrome/common/font_config_ipc_linux.h | 40 | ||||
| -rw-r--r-- | chrome/common/unix_domain_socket_posix.cc (renamed from base/unix_domain_socket_posix.cc) | 28 | ||||
| -rw-r--r-- | chrome/common/unix_domain_socket_posix.h | 54 | ||||
| -rw-r--r-- | chrome/renderer/renderer_sandbox_support_linux.cc | 26 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig.cpp | 5 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_control.h | 14 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_ipc.cpp | 123 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_ipc.h | 51 | ||||
| -rw-r--r-- | skia/skia.gyp | 2 |
16 files changed, 284 insertions, 283 deletions
diff --git a/base/base.gypi b/base/base.gypi index b2dc0a2..edb6b78 100644 --- a/base/base.gypi +++ b/base/base.gypi @@ -269,7 +269,6 @@ 'tracked_objects.cc', 'tracked_objects.h', 'tuple.h', - 'unix_domain_socket_posix.cc', 'utf_offset_string_conversions.cc', 'utf_offset_string_conversions.h', 'utf_string_conversion_utils.cc', diff --git a/base/unix_domain_socket_posix.h b/base/unix_domain_socket_posix.h deleted file mode 100644 index 51c821b..0000000 --- a/base/unix_domain_socket_posix.h +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef BASE_UNIX_DOMAIN_SOCKET_POSIX_H_ -#define BASE_UNIX_DOMAIN_SOCKET_POSIX_H_ -#pragma once - -#include <stdint.h> -#include <sys/types.h> -#include <vector> - -class Pickle; - -namespace base { - -// Use sendmsg to write the given msg and include a vector -// of file descriptors. Returns true iff successful. -bool SendMsg(int fd, const void* msg, size_t length, - const std::vector<int>& fds); -// Use recvmsg to read a message and an array of file descriptors. Returns -// -1 on failure. Note: will read, at most, 16 descriptors. -ssize_t RecvMsg(int fd, void* msg, size_t length, std::vector<int>* fds); -// Perform a sendmsg/recvmsg pair. -// 1. This process creates a UNIX DGRAM socketpair. -// 2. This proces writes a request to |fd| with an SCM_RIGHTS control message -// containing on end of the fresh socket pair. -// 3. This process blocks reading from the other end of the fresh socketpair. -// 4. The target process receives the request, processes it and writes the -// reply to the end of the socketpair contained in the request. -// 5. This process wakes up and continues. -// -// fd: descriptor to send the request on -// reply: buffer for the reply -// reply_len: size of |reply| -// result_fd: (may be NULL) the file descriptor returned in the reply (if any) -// request: the bytes to send in the request -ssize_t SendRecvMsg(int fd, uint8_t* reply, unsigned reply_len, int* result_fd, - const Pickle& request); - -} // namespace base - -#endif // BASE_UNIX_DOMAIN_SOCKET_POSIX_H_ diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc index 51fa55b..8f265b1 100644 --- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc +++ b/chrome/browser/renderer_host/render_sandbox_host_linux.cc @@ -26,14 +26,13 @@ #include "base/singleton.h" #include "base/string_number_conversions.h" #include "base/string_util.h" -#include "base/unix_domain_socket_posix.h" +#include "chrome/common/font_config_ipc_linux.h" #include "chrome/common/sandbox_methods_linux.h" +#include "chrome/common/unix_domain_socket_posix.h" +#include "skia/ext/SkFontHost_fontconfig_direct.h" #include "third_party/npapi/bindings/npapi_extensions.h" #include "third_party/WebKit/WebKit/chromium/public/gtk/WebFontInfo.h" -#include "SkFontHost_fontconfig_direct.h" -#include "SkFontHost_fontconfig_ipc.h" - using WebKit::WebCString; using WebKit::WebFontInfo; using WebKit::WebUChar; @@ -114,7 +113,7 @@ class SandboxIPCProcess { // error for a maximum length message. char buf[FontConfigInterface::kMaxFontFamilyLength + 128]; - const ssize_t len = base::RecvMsg(fd, buf, sizeof(buf), &fds); + const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); if (len == -1) { // TODO: should send an error reply, or the sender might block forever. NOTREACHED() diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index a908e86..6e2c7e3 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -20,15 +20,13 @@ #include "base/string_number_conversions.h" #include "base/string_util.h" #include "base/scoped_ptr.h" -#include "base/unix_domain_socket_posix.h" #include "base/utf_string_conversions.h" - #include "chrome/browser/renderer_host/render_sandbox_host_linux.h" #include "chrome/common/chrome_constants.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/process_watcher.h" #include "chrome/common/result_codes.h" - +#include "chrome/common/unix_domain_socket_posix.h" #include "sandbox/linux/suid/suid_unsafe_environment_variables.h" static void SaveSUIDUnsafeEnvironmentVariables() { @@ -154,7 +152,8 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) { std::vector<int> fds_vec; const int kExpectedLength = sizeof(kZygoteMagic); char buf[kExpectedLength]; - const ssize_t len = base::RecvMsg(fds[0], buf, sizeof(buf), &fds_vec); + const ssize_t len = UnixDomainSocket::RecvMsg(fds[0], buf, sizeof(buf), + &fds_vec); CHECK(len == kExpectedLength) << "Incorrect zygote magic length"; CHECK(0 == strcmp(buf, kZygoteMagic)) << "Incorrect zygote magic"; @@ -191,7 +190,8 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) { Pickle pickle; pickle.WriteInt(kCmdGetSandboxStatus); std::vector<int> empty_fds; - if (!base::SendMsg(control_fd_, pickle.data(), pickle.size(), empty_fds)) + if (!UnixDomainSocket::SendMsg(control_fd_, pickle.data(), pickle.size(), + empty_fds)) LOG(FATAL) << "Cannot communicate with zygote"; // We don't wait for the reply. We'll read it in ReadReply. } @@ -236,7 +236,8 @@ pid_t ZygoteHost::ForkRenderer( pid_t pid; { AutoLock lock(control_lock_); - if (!base::SendMsg(control_fd_, pickle.data(), pickle.size(), fds)) + if (!UnixDomainSocket::SendMsg(control_fd_, pickle.data(), pickle.size(), + fds)) return base::kNullProcessHandle; if (ReadReply(&pid, sizeof(pid)) != sizeof(pid)) diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index 1b26a6b..c0ba88c 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -32,24 +32,20 @@ #include "base/rand_util.h" #include "base/scoped_ptr.h" #include "base/sys_info.h" -#include "base/unix_domain_socket_posix.h" #include "build/build_config.h" - #include "chrome/browser/zygote_host_linux.h" #include "chrome/common/chrome_descriptors.h" #include "chrome/common/chrome_switches.h" +#include "chrome/common/font_config_ipc_linux.h" #include "chrome/common/main_function_params.h" #include "chrome/common/pepper_plugin_registry.h" #include "chrome/common/process_watcher.h" #include "chrome/common/result_codes.h" #include "chrome/common/sandbox_methods_linux.h" - +#include "chrome/common/unix_domain_socket_posix.h" #include "media/base/media.h" - -#include "skia/ext/SkFontHost_fontconfig_control.h" - #include "seccompsandbox/sandbox.h" - +#include "skia/ext/SkFontHost_fontconfig_control.h" #include "unicode/timezone.h" #if defined(ARCH_CPU_X86_FAMILY) && !defined(CHROMIUM_SELINUX) && \ @@ -116,8 +112,8 @@ class Zygote { // Let the ZygoteHost know we are ready to go. // The receiving code is in chrome/browser/zygote_host_linux.cc. std::vector<int> empty; - bool r = base::SendMsg(kBrowserDescriptor, kZygoteMagic, - sizeof(kZygoteMagic), empty); + bool r = UnixDomainSocket::SendMsg(kBrowserDescriptor, kZygoteMagic, + sizeof(kZygoteMagic), empty); CHECK(r) << "Sending zygote magic failed"; } @@ -141,7 +137,7 @@ class Zygote { std::vector<int> fds; static const unsigned kMaxMessageLength = 1024; char buf[kMaxMessageLength]; - const ssize_t len = base::RecvMsg(fd, buf, sizeof(buf), &fds); + const ssize_t len = UnixDomainSocket::RecvMsg(fd, buf, sizeof(buf), &fds); if (len == 0 || (len == -1 && errno == ECONNRESET)) { // EOF from the browser. We should die. @@ -297,9 +293,9 @@ class Zygote { request.WriteInt(LinuxSandbox::METHOD_GET_CHILD_WITH_INODE); request.WriteUInt64(dummy_inode); - const ssize_t r = base::SendRecvMsg(kMagicSandboxIPCDescriptor, - reply_buf, sizeof(reply_buf), - NULL, request); + const ssize_t r = UnixDomainSocket::SendRecvMsg( + kMagicSandboxIPCDescriptor, reply_buf, sizeof(reply_buf), NULL, + request); if (r == -1) { LOG(ERROR) << "Failed to get child process's real PID"; goto error; @@ -453,7 +449,7 @@ static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, std::string(reinterpret_cast<char*>(&input), sizeof(input))); uint8_t reply_buf[512]; - const ssize_t r = base::SendRecvMsg( + const ssize_t r = UnixDomainSocket::SendRecvMsg( kMagicSandboxIPCDescriptor, reply_buf, sizeof(reply_buf), NULL, request); if (r == -1) { memset(output, 0, sizeof(struct tm)); @@ -649,7 +645,8 @@ static bool EnterSandbox() { return false; } - SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); + SkiaFontConfigSetImplementation( + new FontConfigIPC(kMagicSandboxIPCDescriptor)); // Previously, we required that the binary be non-readable. This causes the // kernel to mark the process as non-dumpable at startup. The thinking was @@ -678,7 +675,8 @@ static bool EnterSandbox() { } } else if (switches::SeccompSandboxEnabled()) { PreSandboxInit(); - SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); + SkiaFontConfigSetImplementation( + new FontConfigIPC(kMagicSandboxIPCDescriptor)); } else { SkiaFontConfigUseDirectImplementation(); } diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi index 80c1b0e..20b3093 100644 --- a/chrome/chrome_common.gypi +++ b/chrome/chrome_common.gypi @@ -28,8 +28,6 @@ 'common/app_mode_common_mac.h', 'common/app_mode_common_mac.mm', 'common/bindings_policy.h', - 'common/chrome_application_mac.h', - 'common/chrome_application_mac.mm', 'common/child_process.cc', 'common/child_process.h', 'common/child_process_info.cc', @@ -40,8 +38,12 @@ 'common/child_process_logging_win.cc', 'common/child_thread.cc', 'common/child_thread.h', + 'common/chrome_application_mac.h', + 'common/chrome_application_mac.mm', 'common/chrome_counters.cc', 'common/chrome_counters.h', + 'common/chrome_version_info.cc', + 'common/chrome_version_info.h', 'common/common_param_traits.cc', 'common/common_param_traits.h', 'common/content_restriction.h', @@ -71,22 +73,24 @@ 'common/file_utilities_messages.h', 'common/font_descriptor_mac.h', 'common/font_descriptor_mac.mm', + 'common/font_config_ipc_linux.cc', + 'common/font_config_ipc_linux.h', 'common/geoposition.cc', 'common/geoposition.h', 'common/gpu_create_command_buffer_config.cc', 'common/gpu_create_command_buffer_config.h', 'common/gpu_feature_flags.cc', 'common/gpu_feature_flags.h', - 'common/gpu_info.h', 'common/gpu_info.cc', + 'common/gpu_info.h', 'common/gpu_messages.cc', 'common/gpu_messages.h', 'common/gpu_messages_internal.h', 'common/gpu_param_traits.h', 'common/gpu_video_common.cc', 'common/gpu_video_common.h', - 'common/guid.h', 'common/guid.cc', + 'common/guid.h', 'common/guid_posix.cc', 'common/guid_win.cc', 'common/indexed_db_key.cc', @@ -126,10 +130,10 @@ 'common/notification_type.h', 'common/pepper_file_messages.cc', 'common/pepper_file_messages.h', + 'common/process_watcher.h', 'common/process_watcher_mac.cc', 'common/process_watcher_posix.cc', 'common/process_watcher_win.cc', - 'common/process_watcher.h', 'common/property_bag.cc', 'common/property_bag.h', 'common/ref_counted_util.h', @@ -150,8 +154,8 @@ 'common/switch_utils.h', 'common/time_format.cc', 'common/time_format.h', - 'common/chrome_version_info.h', - 'common/chrome_version_info.cc', + 'common/unix_domain_socket_posix.cc', + 'common/unix_domain_socket_posix.h', 'common/webblobregistry_impl.cc', 'common/webblobregistry_impl.h', 'common/win_safe_util.cc', diff --git a/chrome/common/font_config_ipc_linux.cc b/chrome/common/font_config_ipc_linux.cc new file mode 100644 index 0000000..a2e86a9 --- /dev/null +++ b/chrome/common/font_config_ipc_linux.cc @@ -0,0 +1,110 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/common/font_config_ipc_linux.h" + +#include <errno.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/socket.h> +#include <sys/uio.h> + +#include "base/pickle.h" +#include "chrome/common/unix_domain_socket_posix.h" + +FontConfigIPC::FontConfigIPC(int fd) + : fd_(fd) { +} + +FontConfigIPC::~FontConfigIPC() { + close(fd_); +} + +bool FontConfigIPC::Match(std::string* result_family, + unsigned* result_filefaceid, + bool filefaceid_valid, unsigned filefaceid, + const std::string& family, + const void* characters, size_t characters_bytes, + bool* is_bold, bool* is_italic) { + if (family.length() > kMaxFontFamilyLength) + return false; + + Pickle request; + request.WriteInt(METHOD_MATCH); + request.WriteBool(filefaceid_valid); + if (filefaceid_valid) + request.WriteUInt32(filefaceid); + + request.WriteBool(is_bold && *is_bold); + request.WriteBool(is_bold && *is_italic); + + request.WriteUInt32(characters_bytes); + if (characters_bytes) + request.WriteBytes(characters, characters_bytes); + + request.WriteString(family); + + uint8_t reply_buf[512]; + const ssize_t r = UnixDomainSocket::SendRecvMsg(fd_, reply_buf, + sizeof(reply_buf), NULL, + request); + if (r == -1) + return false; + + Pickle reply(reinterpret_cast<char*>(reply_buf), r); + void* iter = NULL; + bool result; + if (!reply.ReadBool(&iter, &result)) + return false; + if (!result) + return false; + + uint32_t reply_filefaceid; + std::string reply_family; + bool resulting_bold, resulting_italic; + if (!reply.ReadUInt32(&iter, &reply_filefaceid) || + !reply.ReadString(&iter, &reply_family) || + !reply.ReadBool(&iter, &resulting_bold) || + !reply.ReadBool(&iter, &resulting_italic)) { + return false; + } + + *result_filefaceid = reply_filefaceid; + if (result_family) + *result_family = reply_family; + + if (is_bold) + *is_bold = resulting_bold; + if (is_italic) + *is_italic = resulting_italic; + + return true; +} + +int FontConfigIPC::Open(unsigned filefaceid) { + Pickle request; + request.WriteInt(METHOD_OPEN); + request.WriteUInt32(filefaceid); + + int result_fd = -1; + uint8_t reply_buf[256]; + const ssize_t r = UnixDomainSocket::SendRecvMsg(fd_, reply_buf, + sizeof(reply_buf), + &result_fd, request); + + if (r == -1) + return -1; + + Pickle reply(reinterpret_cast<char*>(reply_buf), r); + bool result; + void* iter = NULL; + if (!reply.ReadBool(&iter, &result) || + !result) { + if (result_fd) + close(result_fd); + return -1; + } + + return result_fd; +} diff --git a/chrome/common/font_config_ipc_linux.h b/chrome/common/font_config_ipc_linux.h new file mode 100644 index 0000000..e478f6a --- /dev/null +++ b/chrome/common/font_config_ipc_linux.h @@ -0,0 +1,40 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_COMMON_FONT_CONFIG_IPC_LINUX_H_ +#define CHROME_COMMON_FONT_CONFIG_IPC_LINUX_H_ +#pragma once + +#include "skia/ext/SkFontHost_fontconfig_impl.h" + +#include <string> + +// FontConfig implementation for Skia that proxies out of process to get out +// of the sandbox. See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC +class FontConfigIPC : public FontConfigInterface { + public: + explicit FontConfigIPC(int fd); + ~FontConfigIPC(); + + // FontConfigInterface implementation. + virtual bool Match(std::string* result_family, + unsigned* result_filefaceid, + bool filefaceid_valid, + unsigned filefaceid, + const std::string& family, + const void* characters, + size_t characters_bytes, + bool* is_bold, bool* is_italic); + virtual int Open(unsigned filefaceid); + + enum Method { + METHOD_MATCH = 0, + METHOD_OPEN = 1, + }; + + private: + const int fd_; +}; + +#endif // CHROME_COMMON_FONT_CONFIG_IPC_LINUX_H_ diff --git a/base/unix_domain_socket_posix.cc b/chrome/common/unix_domain_socket_posix.cc index 73fa260..31f0135 100644 --- a/base/unix_domain_socket_posix.cc +++ b/chrome/common/unix_domain_socket_posix.cc @@ -1,8 +1,8 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "base/unix_domain_socket_posix.h" +#include "chrome/common/unix_domain_socket_posix.h" #include <errno.h> #include <unistd.h> @@ -13,10 +13,11 @@ #include "base/logging.h" #include "base/pickle.h" -namespace base { - -bool SendMsg(int fd, const void* buf, size_t length, - const std::vector<int>& fds) { +// static +bool UnixDomainSocket::SendMsg(int fd, + const void* buf, + size_t length, + const std::vector<int>& fds) { struct msghdr msg; memset(&msg, 0, sizeof(msg)); struct iovec iov = {const_cast<void*>(buf), length}; @@ -45,7 +46,11 @@ bool SendMsg(int fd, const void* buf, size_t length, return ret; } -ssize_t RecvMsg(int fd, void* buf, size_t length, std::vector<int>* fds) { +// static +ssize_t UnixDomainSocket::RecvMsg(int fd, + void* buf, + size_t length, + std::vector<int>* fds) { static const unsigned kMaxDescriptors = 16; fds->clear(); @@ -94,8 +99,12 @@ ssize_t RecvMsg(int fd, void* buf, size_t length, std::vector<int>* fds) { return r; } -ssize_t SendRecvMsg(int fd, uint8_t* reply, unsigned max_reply_len, int* result_fd, - const Pickle& request) { +// static +ssize_t UnixDomainSocket::SendRecvMsg(int fd, + uint8_t* reply, + unsigned max_reply_len, + int* result_fd, + const Pickle& request) { int fds[2]; // This socketpair is only used for the IPC and is cleaned up before @@ -140,4 +149,3 @@ ssize_t SendRecvMsg(int fd, uint8_t* reply, unsigned max_reply_len, int* result_ return reply_len; } -} // namespace base diff --git a/chrome/common/unix_domain_socket_posix.h b/chrome/common/unix_domain_socket_posix.h new file mode 100644 index 0000000..405ca95 --- /dev/null +++ b/chrome/common/unix_domain_socket_posix.h @@ -0,0 +1,54 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROME_COMMON_UNIX_DOMAIN_SOCKET_POSIX_H_ +#define CHROME_COMMON_UNIX_DOMAIN_SOCKET_POSIX_H_ +#pragma once + +#include <stdint.h> +#include <sys/types.h> +#include <vector> + +class Pickle; + +class UnixDomainSocket { + public: + // Use sendmsg to write the given msg and include a vector of file + // descriptors. Returns true if successful. + static bool SendMsg(int fd, + const void* msg, + size_t length, + const std::vector<int>& fds); + + // Use recvmsg to read a message and an array of file descriptors. Returns + // -1 on failure. Note: will read, at most, 16 descriptors. + static ssize_t RecvMsg(int fd, + void* msg, + size_t length, + std::vector<int>* fds); + + // Perform a sendmsg/recvmsg pair. + // 1. This process creates a UNIX DGRAM socketpair. + // 2. This proces writes a request to |fd| with an SCM_RIGHTS control + // message containing on end of the fresh socket pair. + // 3. This process blocks reading from the other end of the fresh + // socketpair. + // 4. The target process receives the request, processes it and writes the + // reply to the end of the socketpair contained in the request. + // 5. This process wakes up and continues. + // + // fd: descriptor to send the request on + // reply: buffer for the reply + // reply_len: size of |reply| + // result_fd: (may be NULL) the file descriptor returned in the reply + // (if any) + // request: the bytes to send in the request + static ssize_t SendRecvMsg(int fd, + uint8_t* reply, + unsigned reply_len, + int* result_fd, + const Pickle& request); +}; + +#endif // CHROME_COMMON_UNIX_DOMAIN_SOCKET_POSIX_H_ diff --git a/chrome/renderer/renderer_sandbox_support_linux.cc b/chrome/renderer/renderer_sandbox_support_linux.cc index 29fae48..539c9a4 100644 --- a/chrome/renderer/renderer_sandbox_support_linux.cc +++ b/chrome/renderer/renderer_sandbox_support_linux.cc @@ -1,6 +1,6 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. Use of this -// source code is governed by a BSD-style license that can be found in the -// LICENSE file. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. #include "chrome/renderer/renderer_sandbox_support_linux.h" @@ -10,9 +10,9 @@ #include "base/global_descriptors_posix.h" #include "base/pickle.h" #include "base/scoped_ptr.h" -#include "base/unix_domain_socket_posix.h" #include "chrome/common/chrome_descriptors.h" #include "chrome/common/sandbox_methods_linux.h" +#include "chrome/common/unix_domain_socket_posix.h" #include "third_party/WebKit/WebKit/chromium/public/linux/WebFontRenderStyle.h" @@ -31,8 +31,8 @@ std::string getFontFamilyForCharacters(const uint16_t* utf16, request.WriteUInt32(utf16[i]); uint8_t buf[512]; - const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, - request); + const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf, + sizeof(buf), NULL, request); std::string family_name; if (n != -1) { @@ -52,8 +52,8 @@ void getRenderStyleForStrike(const char* family, int sizeAndStyle, request.WriteInt(sizeAndStyle); uint8_t buf[512]; - const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, - request); + const ssize_t n = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), buf, + sizeof(buf), NULL, request); out->setDefaults(); if (n == -1) { @@ -84,9 +84,9 @@ int MakeSharedMemorySegmentViaIPC(size_t length, bool executable) { request.WriteUInt32(length); uint8_t reply_buf[10]; int result_fd; - ssize_t result = base::SendRecvMsg(GetSandboxFD(), - reply_buf, sizeof(reply_buf), - &result_fd, request); + ssize_t result = UnixDomainSocket::SendRecvMsg(GetSandboxFD(), + reply_buf, sizeof(reply_buf), + &result_fd, request); if (result == -1) return -1; return result_fd; @@ -102,8 +102,8 @@ int MatchFontWithFallback(const std::string& face, bool bold, request.WriteUInt32(charset); uint8_t reply_buf[64]; int fd = -1; - base::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf), - &fd, request); + UnixDomainSocket::SendRecvMsg(GetSandboxFD(), reply_buf, sizeof(reply_buf), + &fd, request); return fd; } diff --git a/skia/ext/SkFontHost_fontconfig.cpp b/skia/ext/SkFontHost_fontconfig.cpp index 68a3820..e1153eb 100644 --- a/skia/ext/SkFontHost_fontconfig.cpp +++ b/skia/ext/SkFontHost_fontconfig.cpp @@ -35,7 +35,6 @@ #include "SkStream.h" #include "SkFontHost_fontconfig_impl.h" #include "SkFontHost_fontconfig_direct.h" -#include "SkFontHost_fontconfig_ipc.h" static FontConfigInterface* global_fc_impl = NULL; @@ -45,10 +44,10 @@ void SkiaFontConfigUseDirectImplementation() { global_fc_impl = new FontConfigDirect; } -void SkiaFontConfigUseIPCImplementation(int fd) { +void SkiaFontConfigSetImplementation(FontConfigInterface* font_config) { if (global_fc_impl) delete global_fc_impl; - global_fc_impl = new FontConfigIPC(fd); + global_fc_impl = font_config; } static FontConfigInterface* GetFcImpl() { diff --git a/skia/ext/SkFontHost_fontconfig_control.h b/skia/ext/SkFontHost_fontconfig_control.h index f9f0146..568320f 100644 --- a/skia/ext/SkFontHost_fontconfig_control.h +++ b/skia/ext/SkFontHost_fontconfig_control.h @@ -19,9 +19,17 @@ #define FontConfigControl_DEFINED #pragma once -// http://code.google.com/p/chromium/wiki/LinuxSandboxIPC +// Sets the Skia FontHost to use the direct (non-IPC, requires filesystem +// access) FontConfig implementation. Any previously-set FontConfigInterface +// will be freed. +void SkiaFontConfigUseDirectImplementation(); -extern void SkiaFontConfigUseDirectImplementation(); -extern void SkiaFontConfigUseIPCImplementation(int fd); +// Sets the Skia FontHost to use the given implementation of FontConfig. This +// is normally used to configure the IPC-based implementation to get out of +// the sandbox. +// +// Ownership of the given pointer is transferred, and any previously-set +// FontConfigInterface will be freed. +void SkiaFontConfigSetImplementation(FontConfigInterface* font_config); #endif // FontConfigControl_DEFINED diff --git a/skia/ext/SkFontHost_fontconfig_ipc.cpp b/skia/ext/SkFontHost_fontconfig_ipc.cpp deleted file mode 100644 index 23a07f4..0000000 --- a/skia/ext/SkFontHost_fontconfig_ipc.cpp +++ /dev/null @@ -1,123 +0,0 @@ -/* libs/graphics/ports/SkFontHost_fontconfig_direct.cpp -** -** Copyright 2009, Google Inc. -** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at -** -** http://www.apache.org/licenses/LICENSE-2.0 -** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and -** limitations under the License. -*/ - -// http://code.google.com/p/chromium/wiki/LinuxSandboxIPC - -#include "SkFontHost_fontconfig_ipc.h" - -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/socket.h> -#include <sys/uio.h> - -#include "base/pickle.h" -#include "base/unix_domain_socket_posix.h" - -FontConfigIPC::FontConfigIPC(int fd) - : fd_(fd) { -} - -FontConfigIPC::~FontConfigIPC() { - close(fd_); -} - -bool FontConfigIPC::Match(std::string* result_family, - unsigned* result_filefaceid, - bool filefaceid_valid, unsigned filefaceid, - const std::string& family, - const void* characters, size_t characters_bytes, - bool* is_bold, bool* is_italic) { - if (family.length() > kMaxFontFamilyLength) - return false; - - Pickle request; - request.WriteInt(METHOD_MATCH); - request.WriteBool(filefaceid_valid); - if (filefaceid_valid) - request.WriteUInt32(filefaceid); - - request.WriteBool(is_bold && *is_bold); - request.WriteBool(is_bold && *is_italic); - - request.WriteUInt32(characters_bytes); - if (characters_bytes) - request.WriteBytes(characters, characters_bytes); - - request.WriteString(family); - - uint8_t reply_buf[512]; - const ssize_t r = base::SendRecvMsg(fd_, reply_buf, sizeof(reply_buf), NULL, - request); - if (r == -1) - return false; - - Pickle reply(reinterpret_cast<char*>(reply_buf), r); - void* iter = NULL; - bool result; - if (!reply.ReadBool(&iter, &result)) - return false; - if (!result) - return false; - - uint32_t reply_filefaceid; - std::string reply_family; - bool resulting_bold, resulting_italic; - if (!reply.ReadUInt32(&iter, &reply_filefaceid) || - !reply.ReadString(&iter, &reply_family) || - !reply.ReadBool(&iter, &resulting_bold) || - !reply.ReadBool(&iter, &resulting_italic)) { - return false; - } - - *result_filefaceid = reply_filefaceid; - if (result_family) - *result_family = reply_family; - - if (is_bold) - *is_bold = resulting_bold; - if (is_italic) - *is_italic = resulting_italic; - - return true; -} - -int FontConfigIPC::Open(unsigned filefaceid) { - Pickle request; - request.WriteInt(METHOD_OPEN); - request.WriteUInt32(filefaceid); - - int result_fd = -1; - uint8_t reply_buf[256]; - const ssize_t r = base::SendRecvMsg(fd_, reply_buf, sizeof(reply_buf), - &result_fd, request); - - if (r == -1) - return -1; - - Pickle reply(reinterpret_cast<char*>(reply_buf), r); - bool result; - void* iter = NULL; - if (!reply.ReadBool(&iter, &result) || - !result) { - if (result_fd) - close(result_fd); - return -1; - } - - return result_fd; -} diff --git a/skia/ext/SkFontHost_fontconfig_ipc.h b/skia/ext/SkFontHost_fontconfig_ipc.h deleted file mode 100644 index 9a10c6e..0000000 --- a/skia/ext/SkFontHost_fontconfig_ipc.h +++ /dev/null @@ -1,51 +0,0 @@ -/* libs/graphics/ports/SkFontHost_fontconfig_ipc.h -** -** Copyright 2009, Google Inc. -** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at -** -** http://www.apache.org/licenses/LICENSE-2.0 -** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and -** limitations under the License. -*/ - -#ifndef FontConfigIPC_DEFINED -#define FontConfigIPC_DEFINED -#pragma once - -// http://code.google.com/p/chromium/wiki/LinuxSandboxIPC - -#include <map> -#include <string> - -#include "SkFontHost_fontconfig_impl.h" - -class FontConfigIPC : public FontConfigInterface { - public: - FontConfigIPC(int fd); - ~FontConfigIPC(); - - // FontConfigInterface implementation. - virtual bool Match(std::string* result_family, unsigned* result_filefaceid, - bool filefaceid_valid, unsigned filefaceid, - const std::string& family, - const void* characters, size_t characters_bytes, - bool* is_bold, bool* is_italic); - virtual int Open(unsigned filefaceid); - - enum Method { - METHOD_MATCH = 0, - METHOD_OPEN = 1, - }; - - private: - const int fd_; -}; - -#endif // FontConfigIPC_DEFINED diff --git a/skia/skia.gyp b/skia/skia.gyp index 9ff333d..f7f44d4 100644 --- a/skia/skia.gyp +++ b/skia/skia.gyp @@ -618,10 +618,8 @@ '-Wno-unused-function', ], 'sources': [ - # http://code.google.com/p/chromium/wiki/LinuxSandboxIPC 'ext/SkFontHost_fontconfig.cpp', 'ext/SkFontHost_fontconfig_direct.cpp', - 'ext/SkFontHost_fontconfig_ipc.cpp', '../third_party/skia/src/core/SkBlitter_ARGB32_Subpixel.cpp', '../third_party/skia/src/ports/SkFontHost_FreeType_Subpixel.cpp', '../third_party/skia/src/core/SkFontHost.cpp', |