5 files changed, 157 insertions, 52 deletions

diff --git a/chromium/content/app/BUILD.gn b/chromium/content/app/BUILD.gn
index 703a60ebed5..5adcc191913 100644
--- a/chromium/content/app/BUILD.gn
+++ b/chromium/content/app/BUILD.gn
@@ -82,6 +82,7 @@ source_set("content_main_runner_app") {
            "//content/public/utility:utility_sources",
            "//content/renderer",
            "//content/utility",
+           "//content/zygote",
          ]
 }
 
diff --git a/chromium/content/app/content_main_runner_impl.cc b/chromium/content/app/content_main_runner_impl.cc
index 01327e6e6c5..f5e5576fd74 100644
--- a/chromium/content/app/content_main_runner_impl.cc
+++ b/chromium/content/app/content_main_runner_impl.cc
@@ -60,7 +60,9 @@
 #include "content/browser/tracing/memory_instrumentation_util.h"
 #include "content/browser/utility_process_host.h"
 #include "content/child/field_trial.h"
+#include "content/common/android/cpu_time_metrics.h"
 #include "content/common/content_constants_internal.h"
+#include "content/common/mojo_core_library_support.h"
 #include "content/common/url_schemes.h"
 #include "content/gpu/in_process_gpu_thread.h"
 #include "content/public/app/content_main_delegate.h"
@@ -74,6 +76,7 @@
 #include "content/public/common/main_function_params.h"
 #include "content/public/common/network_service_util.h"
 #include "content/public/common/sandbox_init.h"
+#include "content/public/common/zygote/zygote_buildflags.h"
 #include "content/public/gpu/content_gpu_client.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/public/utility/content_utility_client.h"
@@ -82,12 +85,16 @@
 #include "gin/v8_initializer.h"
 #include "media/base/media.h"
 #include "media/media_buildflags.h"
+#include "mojo/public/cpp/bindings/self_owned_receiver.h"
+#include "mojo/public/cpp/platform/platform_channel.h"
+#include "mojo/public/cpp/system/dynamic_library_support.h"
+#include "mojo/public/cpp/system/invitation.h"
+#include "mojo/public/mojom/base/binder.mojom.h"
 #include "ppapi/buildflags/buildflags.h"
 #include "services/network/public/cpp/features.h"
 #include "services/service_manager/embedder/switches.h"
 #include "services/service_manager/sandbox/sandbox_type.h"
 #include "services/service_manager/sandbox/switches.h"
-#include "services/service_manager/zygote/common/zygote_buildflags.h"
 #include "services/tracing/public/cpp/trace_startup.h"
 #include "third_party/blink/public/common/origin_trials/trial_token_validator.h"
 #include "ui/base/ui_base_paths.h"
@@ -115,11 +122,11 @@
 #include "content/public/common/content_descriptors.h"
 
 #if !defined(OS_MACOSX)
-#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h"
+#include "content/public/common/zygote/zygote_fork_delegate_linux.h"
 #endif
 #if !defined(OS_MACOSX) && !defined(OS_ANDROID)
+#include "content/zygote/zygote_main.h"
 #include "sandbox/linux/services/libc_interceptor.h"
-#include "services/service_manager/zygote/zygote_main.h"
 #endif
 
 #endif  // OS_POSIX || OS_FUCHSIA
@@ -127,10 +134,9 @@
 #if defined(OS_LINUX)
 #include "base/native_library.h"
 #include "base/rand_util.h"
-#include "services/service_manager/zygote/common/common_sandbox_support_linux.h"
+#include "content/public/common/zygote/sandbox_support_linux.h"
 #include "third_party/blink/public/platform/web_font_render_style.h"
 #include "third_party/boringssl/src/include/openssl/crypto.h"
-#include "third_party/boringssl/src/include/openssl/rand.h"
 #include "third_party/skia/include/core/SkFontMgr.h"
 #include "third_party/skia/include/ports/SkFontMgr_android.h"
 #include "third_party/webrtc_overrides/init_webrtc.h"  // nogncheck
@@ -149,11 +155,12 @@
 
 #if BUILDFLAG(USE_ZYGOTE_HANDLE)
 #include "content/browser/sandbox_host_linux.h"
+#include "content/browser/zygote_host/zygote_host_impl_linux.h"
+#include "content/common/zygote/zygote_communication_linux.h"
+#include "content/common/zygote/zygote_handle_impl_linux.h"
+#include "content/public/common/zygote/sandbox_support_linux.h"
+#include "content/public/common/zygote/zygote_handle.h"
 #include "media/base/media_switches.h"
-#include "services/service_manager/zygote/common/common_sandbox_support_linux.h"
-#include "services/service_manager/zygote/common/zygote_handle.h"
-#include "services/service_manager/zygote/host/zygote_communication_linux.h"
-#include "services/service_manager/zygote/host/zygote_host_impl_linux.h"
 #endif
 
 #if defined(OS_ANDROID)
@@ -231,15 +238,20 @@ pid_t LaunchZygoteHelper(base::CommandLine* cmd_line,
   // Append any switches from the browser process that need to be forwarded on
   // to the zygote/renderers.
   static const char* const kForwardSwitches[] = {
-      switches::kAndroidFontsPath, switches::kClearKeyCdmPathForTesting,
+      switches::kAndroidFontsPath,
+      switches::kClearKeyCdmPathForTesting,
       switches::kEnableLogging,  // Support, e.g., --enable-logging=stderr.
       // Need to tell the zygote that it is headless so that we don't try to use
       // the wrong type of main delegate.
       switches::kHeadless,
       // Zygote process needs to know what resources to have loaded when it
       // becomes a renderer process.
-      switches::kForceDeviceScaleFactor, switches::kLoggingLevel,
-      switches::kPpapiInProcess, switches::kRegisterPepperPlugins, switches::kV,
+      switches::kForceDeviceScaleFactor,
+      switches::kLoggingLevel,
+      switches::kMojoCoreLibraryPath,
+      switches::kPpapiInProcess,
+      switches::kRegisterPepperPlugins,
+      switches::kV,
       switches::kVModule,
   };
   cmd_line->CopySwitchesFrom(*base::CommandLine::ForCurrentProcess(),
@@ -251,10 +263,9 @@ pid_t LaunchZygoteHelper(base::CommandLine* cmd_line,
   // sandboxed processes to talk to it.
   base::FileHandleMappingVector additional_remapped_fds;
   additional_remapped_fds.emplace_back(
-      SandboxHostLinux::GetInstance()->GetChildSocket(),
-      service_manager::GetSandboxFD());
+      SandboxHostLinux::GetInstance()->GetChildSocket(), GetSandboxFD());
 
-  return service_manager::ZygoteHostImpl::GetInstance()->LaunchZygote(
+  return ZygoteHostImpl::GetInstance()->LaunchZygote(
       cmd_line, control_fd, std::move(additional_remapped_fds));
 }
 
@@ -276,15 +287,15 @@ void InitializeZygoteSandboxForBrowserProcess(
   }
 
   // Tickle the zygote host so it forks now.
-  service_manager::ZygoteHostImpl::GetInstance()->Init(parsed_command_line);
-  service_manager::CreateUnsandboxedZygote(base::BindOnce(LaunchZygoteHelper));
-  service_manager::ZygoteHandle generic_zygote =
-      service_manager::CreateGenericZygote(base::BindOnce(LaunchZygoteHelper));
+  ZygoteHostImpl::GetInstance()->Init(parsed_command_line);
+  CreateUnsandboxedZygote(base::BindOnce(LaunchZygoteHelper));
+  ZygoteHandle generic_zygote =
+      CreateGenericZygote(base::BindOnce(LaunchZygoteHelper));
 
   // TODO(kerrnel): Investigate doing this without the ZygoteHostImpl as a
   // proxy. It is currently done this way due to concerns about race
   // conditions.
-  service_manager::ZygoteHostImpl::GetInstance()->SetRendererSandboxStatus(
+  ZygoteHostImpl::GetInstance()->SetRendererSandboxStatus(
       generic_zygote->GetSandboxStatus());
 }
 #endif  // BUILDFLAG(USE_ZYGOTE_HANDLE)
@@ -330,15 +341,9 @@ void PreloadLibraryCdms() {
 
 #if BUILDFLAG(USE_ZYGOTE_HANDLE)
 void PreSandboxInit() {
-#if defined(ARCH_CPU_ARM_FAMILY)
-  // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor
-  // features. Query this before entering the sandbox.
-  CRYPTO_library_init();
-#endif
-
-  // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes
-  // will work inside the sandbox.
-  RAND_set_urandom_fd(base::GetUrandomFD());
+  // Pre-acquire resources needed by BoringSSL. See
+  // https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md
+  CRYPTO_pre_sandbox_init();
 
 #if BUILDFLAG(ENABLE_PLUGINS)
   // Ensure access to the Pepper plugins before the sandbox is turned on.
@@ -388,6 +393,24 @@ void PreSandboxInit() {
 
 #endif  // OS_LINUX
 
+class ControlInterfaceBinderImpl : public mojo_base::mojom::Binder {
+ public:
+  ControlInterfaceBinderImpl() = default;
+  ~ControlInterfaceBinderImpl() override = default;
+
+  // mojo_base::mojom::Binder:
+  void Bind(mojo::GenericPendingReceiver receiver) override {
+    GetContentClient()->browser()->BindBrowserControlInterface(
+        std::move(receiver));
+  }
+};
+
+void RunControlInterfaceBinder(mojo::ScopedMessagePipeHandle pipe) {
+  mojo::MakeSelfOwnedReceiver(
+      std::make_unique<ControlInterfaceBinderImpl>(),
+      mojo::PendingReceiver<mojo_base::mojom::Binder>(std::move(pipe)));
+}
+
 }  // namespace
 
 class ContentClientCreator {
@@ -445,8 +468,7 @@ int RunZygote(ContentMainDelegate* delegate) {
 #endif
   };
 
-  std::vector<std::unique_ptr<service_manager::ZygoteForkDelegate>>
-      zygote_fork_delegates;
+  std::vector<std::unique_ptr<ZygoteForkDelegate>> zygote_fork_delegates;
   delegate->ZygoteStarting(&zygote_fork_delegates);
   media::InitializeMediaLibrary();
 
@@ -455,7 +477,7 @@ int RunZygote(ContentMainDelegate* delegate) {
 #endif
 
   // This function call can return multiple times, once per fork().
-  if (!service_manager::ZygoteMain(std::move(zygote_fork_delegates))) {
+  if (!ZygoteMain(std::move(zygote_fork_delegates))) {
     return 1;
   }
 
@@ -821,13 +843,26 @@ int ContentMainRunnerImpl::Run(bool start_service_manager_only) {
       *base::CommandLine::ForCurrentProcess();
   std::string process_type =
       command_line.GetSwitchValueASCII(switches::kProcessType);
+  // Run this logic on all child processes.
+  if (!process_type.empty()) {
+    if (process_type != service_manager::switches::kZygoteProcess) {
+      // Zygotes will run this at a later point in time when the command line
+      // has been updated.
+      InitializeFieldTrialAndFeatureList();
+      delegate_->PostFieldTrialInitialization();
+    }
 
-  // Run this logic on all child processes. Zygotes will run this at a later
-  // point in time when the command line has been updated.
-  if (!process_type.empty() &&
-      process_type != service_manager::switches::kZygoteProcess) {
-    InitializeFieldTrialAndFeatureList();
-    delegate_->PostFieldTrialInitialization();
+#if defined(OS_LINUX)
+    // If dynamic Mojo Core is being used, ensure that it's loaded very early in
+    // the child/zygote process, before any sandbox is initialized. The library
+    // is not fully initialized with IPC support until a ChildProcess is later
+    // constructed, as initialization spawns a background thread which would be
+    // unsafe here.
+    if (IsMojoCoreSharedLibraryEnabled()) {
+      CHECK_EQ(mojo::LoadCoreLibrary(GetMojoCoreSharedLibraryPath()),
+               MOJO_RESULT_OK);
+    }
+#endif  // defined(OS_LINUX)
   }
 
   MainFunctionParams main_params(command_line);
@@ -849,7 +884,9 @@ int ContentMainRunnerImpl::Run(bool start_service_manager_only) {
 
 int ContentMainRunnerImpl::RunServiceManager(MainFunctionParams& main_params,
                                              bool start_service_manager_only) {
-  TRACE_EVENT0("startup", "ContentMainRunnerImpl::RunServiceManager");
+  TRACE_EVENT_INSTANT0("startup",
+                       "ContentMainRunnerImpl::RunServiceManager (begin)",
+                       TRACE_EVENT_SCOPE_THREAD);
   if (is_browser_main_loop_started_)
     return -1;
 
@@ -893,6 +930,7 @@ int ContentMainRunnerImpl::RunServiceManager(MainFunctionParams& main_params,
     // but before the IO thread is started.
     if (base::FeatureList::IsEnabled(base::HangWatcher::kEnableHangWatcher)) {
       hang_watcher_ = new base::HangWatcher();
+      hang_watcher_->Start();
       ANNOTATE_LEAKING_OBJECT_PTR(hang_watcher_);
     }
 
@@ -905,6 +943,10 @@ int ContentMainRunnerImpl::RunServiceManager(MainFunctionParams& main_params,
 
     tracing::InitTracingPostThreadPoolStartAndFeatureList();
 
+#if defined(OS_ANDROID)
+    SetupCpuTimeMetrics();
+#endif
+
     if (should_start_service_manager_only)
       ForceInProcessNetworkService(true);
 
@@ -918,6 +960,17 @@ int ContentMainRunnerImpl::RunServiceManager(MainFunctionParams& main_params,
 
     service_manager_environment_ = std::make_unique<ServiceManagerEnvironment>(
         BrowserTaskExecutor::CreateIOThread());
+
+    const base::CommandLine& command_line =
+        *base::CommandLine::ForCurrentProcess();
+    if (mojo::PlatformChannel::CommandLineHasPassedEndpoint(command_line)) {
+      mojo::PlatformChannelEndpoint endpoint =
+          mojo::PlatformChannel::RecoverPassedEndpointFromCommandLine(
+              command_line);
+      auto invitation = mojo::IncomingInvitation::Accept(std::move(endpoint));
+      RunControlInterfaceBinder(invitation.ExtractMessagePipe(0));
+    }
+
     download::SetIOTaskRunner(
         service_manager_environment_->io_thread()->task_runner());
 
diff --git a/chromium/content/app/content_service_manager_main_delegate.cc b/chromium/content/app/content_service_manager_main_delegate.cc
index 86d0a470a7c..1983ab5b217 100644
--- a/chromium/content/app/content_service_manager_main_delegate.cc
+++ b/chromium/content/app/content_service_manager_main_delegate.cc
@@ -6,11 +6,19 @@
 
 #include "base/command_line.h"
 #include "content/app/content_main_runner_impl.h"
+#include "content/common/mojo_core_library_support.h"
 #include "content/public/app/content_main_delegate.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/service_names.mojom.h"
+#include "mojo/core/embedder/embedder.h"
+#include "mojo/public/cpp/platform/platform_channel.h"
+#include "mojo/public/cpp/system/dynamic_library_support.h"
 #include "services/service_manager/embedder/switches.h"
 
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
 namespace content {
 
 ContentServiceManagerMainDelegate::ContentServiceManagerMainDelegate(
@@ -63,14 +71,50 @@ ContentServiceManagerMainDelegate::OverrideProcessType() {
   return content_main_params_.delegate->OverrideProcessType();
 }
 
-void ContentServiceManagerMainDelegate::OverrideMojoConfiguration(
+void ContentServiceManagerMainDelegate::InitializeMojo(
     mojo::core::Configuration* config) {
-  // If this is the browser process and there's no remote service manager, we
-  // will serve as the global Mojo broker.
-  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kProcessType)) {
-    config->is_broker_process = true;
+  // If this is the browser process and there's no Mojo invitation pipe on the
+  // command line, we will serve as the global Mojo broker.
+  const auto& command_line = *base::CommandLine::ForCurrentProcess();
+  const bool is_browser = !command_line.HasSwitch(switches::kProcessType);
+  if (is_browser) {
+    if (mojo::PlatformChannel::CommandLineHasPassedEndpoint(command_line)) {
+      config->is_broker_process = false;
+      config->force_direct_shared_memory_allocation = true;
+    } else {
+      config->is_broker_process = true;
+    }
+  } else {
+#if defined(OS_WIN)
+    if (base::win::GetVersion() >= base::win::Version::WIN8_1) {
+      // On Windows 8.1 and later it's not necessary to broker shared memory
+      // allocation, as even sandboxed processes can allocate their own without
+      // trouble.
+      config->force_direct_shared_memory_allocation = true;
+    }
+#endif
+  }
+
+  if (!IsMojoCoreSharedLibraryEnabled()) {
+    mojo::core::Init(*config);
+    return;
+  }
+
+  if (!is_browser) {
+    // Note that when dynamic Mojo Core is used, initialization for child
+    // processes happens elsewhere. See ContentMainRunnerImpl::Run() and
+    // ChildProcess construction.
+    return;
   }
+
+  MojoInitializeFlags flags = MOJO_INITIALIZE_FLAG_NONE;
+  if (config->is_broker_process)
+    flags |= MOJO_INITIALIZE_FLAG_AS_BROKER;
+  if (config->force_direct_shared_memory_allocation)
+    flags |= MOJO_INITIALIZE_FLAG_FORCE_DIRECT_SHARED_MEMORY_ALLOCATION;
+  MojoResult result =
+      mojo::LoadAndInitializeCoreLibrary(GetMojoCoreSharedLibraryPath(), flags);
+  CHECK_EQ(MOJO_RESULT_OK, result);
 }
 
 std::vector<service_manager::Manifest>
diff --git a/chromium/content/app/content_service_manager_main_delegate.h b/chromium/content/app/content_service_manager_main_delegate.h
index 0b4042aec2a..ae9796957e5 100644
--- a/chromium/content/app/content_service_manager_main_delegate.h
+++ b/chromium/content/app/content_service_manager_main_delegate.h
@@ -29,7 +29,7 @@ class ContentServiceManagerMainDelegate : public service_manager::MainDelegate {
   int RunEmbedderProcess() override;
   void ShutDownEmbedderProcess() override;
   service_manager::ProcessType OverrideProcessType() override;
-  void OverrideMojoConfiguration(mojo::core::Configuration* config) override;
+  void InitializeMojo(mojo::core::Configuration* config) override;
   std::vector<service_manager::Manifest> GetServiceManifests() override;
   bool ShouldLaunchAsServiceProcess(
       const service_manager::Identity& identity) override;
diff --git a/chromium/content/app/service_manager_environment.cc b/chromium/content/app/service_manager_environment.cc
index bcb71ae479b..0a67ac3cd89 100644
--- a/chromium/content/app/service_manager_environment.cc
+++ b/chromium/content/app/service_manager_environment.cc
@@ -6,10 +6,12 @@
 
 #include <utility>
 
+#include "base/command_line.h"
 #include "build/build_config.h"
 #include "content/browser/browser_process_sub_thread.h"
 #include "content/browser/service_manager/service_manager_context.h"
 #include "content/browser/startup_data_impl.h"
+#include "content/common/mojo_core_library_support.h"
 #include "content/public/common/content_features.h"
 #include "content/public/common/service_manager_connection.h"
 #include "mojo/core/embedder/embedder.h"
@@ -22,13 +24,18 @@ ServiceManagerEnvironment::ServiceManagerEnvironment(
     : io_thread_(std::move(io_thread)) {
   scoped_refptr<base::SingleThreadTaskRunner> mojo_ipc_task_runner =
       io_thread_->task_runner();
-  if (base::FeatureList::IsEnabled(features::kMojoDedicatedThread)) {
-    mojo_ipc_thread_.StartWithOptions(
-        base::Thread::Options(base::MessagePumpType::IO, 0));
-    mojo_ipc_task_runner = mojo_ipc_thread_.task_runner();
+  if (!IsMojoCoreSharedLibraryEnabled()) {
+    // NOTE: If Mojo Core was loaded via shared library, IPC support is already
+    // initialized.
+    if (base::FeatureList::IsEnabled(features::kMojoDedicatedThread)) {
+      mojo_ipc_thread_.StartWithOptions(
+          base::Thread::Options(base::MessagePumpType::IO, 0));
+      mojo_ipc_task_runner = mojo_ipc_thread_.task_runner();
+    }
+    mojo_ipc_support_ = std::make_unique<mojo::core::ScopedIPCSupport>(
+        mojo_ipc_task_runner,
+        mojo::core::ScopedIPCSupport::ShutdownPolicy::FAST);
   }
-  mojo_ipc_support_ = std::make_unique<mojo::core::ScopedIPCSupport>(
-      mojo_ipc_task_runner, mojo::core::ScopedIPCSupport::ShutdownPolicy::FAST);
   service_manager_context_ =
       std::make_unique<ServiceManagerContext>(io_thread_->task_runner());
   ServiceManagerConnection::GetForProcess()->Start();