diff options
| -rw-r--r-- | base/rand_util_c.h | 20 | ||||
| -rw-r--r-- | base/rand_util_posix.cc | 5 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/render_sandbox_host_linux.cc | 16 | ||||
| -rw-r--r-- | chrome/common/sandbox_methods_linux.h | 1 | ||||
| -rw-r--r-- | chrome/renderer/renderer_sandbox_support_linux.cc | 26 | ||||
| -rw-r--r-- | chrome/renderer/renderer_sandbox_support_linux.h | 3 |
6 files changed, 65 insertions, 6 deletions
diff --git a/base/rand_util_c.h b/base/rand_util_c.h new file mode 100644 index 0000000..5a0bf73 --- /dev/null +++ b/base/rand_util_c.h @@ -0,0 +1,20 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_RAND_UTIL_C_H_ +#define BASE_RAND_UTIL_C_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +// Returns an FD for /dev/urandom, possibly pre-opened before sandboxing +// was switched on. This is a C function so that Native Client can use it. +int GetUrandomFD(void); + +#ifdef __cplusplus +} +#endif + +#endif /* BASE_RAND_UTIL_C_H_ */ diff --git a/base/rand_util_posix.cc b/base/rand_util_posix.cc index c65551d..43dfd1e 100644 --- a/base/rand_util_posix.cc +++ b/base/rand_util_posix.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "base/rand_util.h" +#include "base/rand_util_c.h" #include <errno.h> #include <fcntl.h> @@ -54,3 +55,7 @@ uint64 RandUint64() { } } // namespace base + +int GetUrandomFD(void) { + return g_urandom_fd.Pointer()->fd(); +} diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc index ea8d024..53c736c 100644 --- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc +++ b/chrome/browser/renderer_host/render_sandbox_host_linux.cc @@ -19,6 +19,7 @@ #include "base/pickle.h" #include "base/process_util.h" #include "base/scoped_ptr.h" +#include "base/shared_memory.h" #include "base/string_util.h" #include "base/unix_domain_socket_posix.h" #include "chrome/common/sandbox_methods_linux.h" @@ -136,6 +137,8 @@ class SandboxIPCProcess { HandleGetChildWithInode(fd, pickle, iter, fds); } else if (kind == LinuxSandbox::METHOD_GET_STYLE_FOR_STRIKE) { HandleGetStyleForStrike(fd, pickle, iter, fds); + } else if (kind == LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT) { + HandleMakeSharedMemorySegment(fd, pickle, iter, fds); } error: @@ -329,6 +332,19 @@ class SandboxIPCProcess { SendRendererReply(fds, reply, -1); } + void HandleMakeSharedMemorySegment(int fd, const Pickle& pickle, void* iter, + std::vector<int>& fds) { + uint32_t shm_size; + if (!pickle.ReadUInt32(&iter, &shm_size)) + return; + int shm_fd = -1; + base::SharedMemory shm; + if (shm.Create(L"", false, false, shm_size)) + shm_fd = shm.handle().fd; + Pickle reply; + SendRendererReply(fds, reply, shm_fd); + } + void SendRendererReply(const std::vector<int>& fds, const Pickle& reply, int reply_fd) { struct msghdr msg; diff --git a/chrome/common/sandbox_methods_linux.h b/chrome/common/sandbox_methods_linux.h index 71c6883..ca7b60d 100644 --- a/chrome/common/sandbox_methods_linux.h +++ b/chrome/common/sandbox_methods_linux.h @@ -16,6 +16,7 @@ class LinuxSandbox { METHOD_LOCALTIME = 33, METHOD_GET_CHILD_WITH_INODE = 34, METHOD_GET_STYLE_FOR_STRIKE = 35, + METHOD_MAKE_SHARED_MEMORY_SEGMENT = 36, }; }; diff --git a/chrome/renderer/renderer_sandbox_support_linux.cc b/chrome/renderer/renderer_sandbox_support_linux.cc index 1c4a60d..f1d03e3 100644 --- a/chrome/renderer/renderer_sandbox_support_linux.cc +++ b/chrome/renderer/renderer_sandbox_support_linux.cc @@ -12,6 +12,10 @@ #include "third_party/WebKit/WebKit/chromium/public/linux/WebFontRenderStyle.h" +static int GetSandboxFD() { + return kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; +} + namespace renderer_sandbox_support { std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16) { @@ -22,9 +26,7 @@ std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16) request.WriteUInt32(utf16[i]); uint8_t buf[512]; - const int sandbox_fd = - kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; - const ssize_t n = base::SendRecvMsg(sandbox_fd, buf, sizeof(buf), NULL, + const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, request); std::string family_name; @@ -45,9 +47,7 @@ void getRenderStyleForStrike(const char* family, int sizeAndStyle, request.WriteInt(sizeAndStyle); uint8_t buf[512]; - const int sandbox_fd = - kSandboxIPCChannel + base::GlobalDescriptors::kBaseDescriptor; - const ssize_t n = base::SendRecvMsg(sandbox_fd, buf, sizeof(buf), NULL, + const ssize_t n = base::SendRecvMsg(GetSandboxFD(), buf, sizeof(buf), NULL, request); out->setDefaults(); @@ -73,4 +73,18 @@ void getRenderStyleForStrike(const char* family, int sizeAndStyle, } } +int MakeSharedMemorySegmentViaIPC(size_t length) { + Pickle request; + request.WriteInt(LinuxSandbox::METHOD_MAKE_SHARED_MEMORY_SEGMENT); + request.WriteUInt32(length); + uint8_t reply_buf[10]; + int result_fd; + ssize_t result = base::SendRecvMsg(GetSandboxFD(), + reply_buf, sizeof(reply_buf), + &result_fd, request); + if (result == -1) + return -1; + return result_fd; +} + } // namespace render_sandbox_support diff --git a/chrome/renderer/renderer_sandbox_support_linux.h b/chrome/renderer/renderer_sandbox_support_linux.h index 4ba5298..3fa318b 100644 --- a/chrome/renderer/renderer_sandbox_support_linux.h +++ b/chrome/renderer/renderer_sandbox_support_linux.h @@ -27,6 +27,9 @@ std::string getFontFamilyForCharacters(const uint16_t* utf16, size_t num_utf16); void getRenderStyleForStrike(const char* family, int sizeAndStyle, WebKit::WebFontRenderStyle* out); +// Returns a file descriptor for a shared memory segment. +int MakeSharedMemorySegmentViaIPC(size_t length); + }; // namespace render_sandbox_support #endif // CHROME_RENDERER_RENDERER_SANDBOX_SUPPORT_LINUX_H_ |