diff options
Diffstat (limited to 'content/zygote')
| -rw-r--r-- | content/zygote/zygote_linux.cc | 29 | ||||
| -rw-r--r-- | content/zygote/zygote_main_linux.cc | 28 |
2 files changed, 1 insertions, 56 deletions
diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc index 5d26a05..8930022 100644 --- a/content/zygote/zygote_linux.cc +++ b/content/zygote/zygote_linux.cc @@ -30,11 +30,6 @@ #include "ipc/ipc_channel.h" #include "ipc/ipc_switches.h" -#if defined(CHROMIUM_SELINUX) -#include <selinux/context.h> -#include <selinux/selinux.h> -#endif - // See http://code.google.com/p/chromium/wiki/LinuxZygote namespace content { @@ -45,26 +40,6 @@ namespace { void SIGCHLDHandler(int signal) { } -#if defined(CHROMIUM_SELINUX) -void SELinuxTransitionToTypeOrDie(const char* type) { - security_context_t security_context; - if (getcon(&security_context)) - LOG(FATAL) << "Cannot get SELinux context"; - - context_t context = context_new(security_context); - context_type_set(context, type); - const int r = setcon(context_str(context)); - context_free(context); - freecon(security_context); - - if (r) { - LOG(FATAL) << "dynamic transition to type '" << type << "' failed. " - "(this binary has been built with SELinux support, but maybe " - "the policies haven't been loaded into the kernel?)"; - } -} -#endif // CHROMIUM_SELINUX - } // namespace const int Zygote::kMagicSandboxIPCDescriptor; @@ -441,10 +416,6 @@ base::ProcessId Zygote::ReadArgsAndFork(const Pickle& pickle, close(kZygoteIdFd); // Another socket from the browser. base::GlobalDescriptors::GetInstance()->Reset(mapping); -#if defined(CHROMIUM_SELINUX) - SELinuxTransitionToTypeOrDie("chromium_renderer_t"); -#endif - // Reset the process-wide command line to our new command line. CommandLine::Reset(); CommandLine::Init(0, NULL); diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc index ca75518..750c36d 100644 --- a/content/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -55,10 +55,6 @@ namespace content { // See http://code.google.com/p/chromium/wiki/LinuxZygote -// With SELinux we can carve out a precise sandbox, so we don't have to play -// with intercepting libc calls. -#if !defined(CHROMIUM_SELINUX) - static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, char* timezone_out, size_t timezone_out_len) { @@ -250,8 +246,6 @@ struct tm* localtime64_r_override(const time_t* timep, struct tm* result) { } } -#endif // !CHROMIUM_SELINUX - // This function triggers the static and lazy construction of objects that need // to be created before imposing the sandbox. static void PreSandboxInit() { @@ -287,7 +281,6 @@ static void PreSandboxInit() { #endif } -#if !defined(CHROMIUM_SELINUX) // Do nothing here static void SIGCHLDHandler(int signal) { } @@ -433,30 +426,11 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox, return true; } -#else // CHROMIUM_SELINUX - -static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox, - bool* using_suid_sandbox, bool* has_started_new_init) { - *using_suid_sandbox = false; - *has_started_new_init = false; - - if (!setuid_sandbox) - return false; - - PreSandboxInit(); - SkFontConfigInterface::SetGlobal( - new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor))->unref(); - return true; -} - -#endif // CHROMIUM_SELINUX bool ZygoteMain(const MainFunctionParams& params, ZygoteForkDelegate* forkdelegate) { -#if !defined(CHROMIUM_SELINUX) g_am_zygote_or_renderer = true; sandbox::InitLibcUrandomOverrides(); -#endif LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance(); // This will pre-initialize the various sandboxes that need it. @@ -472,7 +446,7 @@ bool ZygoteMain(const MainFunctionParams& params, VLOG(1) << "ZygoteMain: fork delegate is NULL"; } - // Turn on the SELinux or SUID sandbox. + // Turn on the sandbox. bool using_suid_sandbox = false; bool has_started_new_init = false; |