diff options
Diffstat (limited to 'chromium/content/public/common/zygote')
7 files changed, 204 insertions, 0 deletions
diff --git a/chromium/content/public/common/zygote/BUILD.gn b/chromium/content/public/common/zygote/BUILD.gn new file mode 100644 index 00000000000..cb8c2f8197c --- /dev/null +++ b/chromium/content/public/common/zygote/BUILD.gn @@ -0,0 +1,11 @@ +# Copyright 2020 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//build/buildflag_header.gni") +import("//content/public/common/zygote/features.gni") + +buildflag_header("buildflags") { + header = "zygote_buildflags.h" + flags = [ "USE_ZYGOTE_HANDLE=$use_zygote_handle" ] +} diff --git a/chromium/content/public/common/zygote/OWNERS b/chromium/content/public/common/zygote/OWNERS new file mode 100644 index 00000000000..eb4b322bdf5 --- /dev/null +++ b/chromium/content/public/common/zygote/OWNERS @@ -0,0 +1,4 @@ +file://content/zygote/OWNERS + +# TEAM: security-dev@chromium.org +# COMPONENT: Internals>Sandbox diff --git a/chromium/content/public/common/zygote/features.gni b/chromium/content/public/common/zygote/features.gni new file mode 100644 index 00000000000..c7580b35ff3 --- /dev/null +++ b/chromium/content/public/common/zygote/features.gni @@ -0,0 +1,5 @@ +# Copyright 2018 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +use_zygote_handle = is_posix && !is_android && !is_mac diff --git a/chromium/content/public/common/zygote/sandbox_support_linux.h b/chromium/content/public/common/zygote/sandbox_support_linux.h new file mode 100644 index 00000000000..279f983f3f8 --- /dev/null +++ b/chromium/content/public/common/zygote/sandbox_support_linux.h @@ -0,0 +1,42 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ + +#include <stddef.h> + +#include "build/build_config.h" +#include "content/common/content_export.h" + +class NaClListener; + +namespace content { + +#if !defined(OS_NACL_NONSFI) +// TODO(crbug.com/982879): Remove this when NaCl is unshipped. +class CONTENT_EXPORT SharedMemoryIPCSupport { + private: + friend class ::NaClListener; + + // Returns a file descriptor for a shared memory segment. The + // executable flag indicates that the caller intends to use mprotect + // with PROT_EXEC after making a mapping, but not that it intends to + // mmap with PROT_EXEC in the first place. (Some systems, such as + // ChromeOS, disallow PROT_EXEC in mmap on /dev/shm files but do allow + // PROT_EXEC in mprotect on mappings from such files. This function + // can yield an object that has that constraint.) + static int MakeSharedMemorySegment(size_t length, bool executable); + + SharedMemoryIPCSupport() = delete; +}; +#endif + +// Gets the well-known file descriptor on which we expect to find the +// sandbox IPC channel. +CONTENT_EXPORT int GetSandboxFD(); + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ diff --git a/chromium/content/public/common/zygote/send_zygote_child_ping_linux.h b/chromium/content/public/common/zygote/send_zygote_child_ping_linux.h new file mode 100644 index 00000000000..cc08f264e07 --- /dev/null +++ b/chromium/content/public/common/zygote/send_zygote_child_ping_linux.h @@ -0,0 +1,18 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ + +#include "content/common/content_export.h" + +namespace content { + +// Sends a zygote child "ping" message to browser process via socket |fd|. +// Returns true on success. +CONTENT_EXPORT bool SendZygoteChildPing(int fd); + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ diff --git a/chromium/content/public/common/zygote/zygote_fork_delegate_linux.h b/chromium/content/public/common/zygote/zygote_fork_delegate_linux.h new file mode 100644 index 00000000000..12f784b0f85 --- /dev/null +++ b/chromium/content/public/common/zygote/zygote_fork_delegate_linux.h @@ -0,0 +1,90 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ + +#include <unistd.h> + +#include <string> +#include <vector> + +// TODO(jln) base::TerminationStatus should be forward declared when switching +// to C++11. +#include "base/process/kill.h" + +namespace content { + +// The ZygoteForkDelegate allows the Chrome Linux zygote to delegate +// fork operations to another class that knows how to do some +// specialized version of fork. +class ZygoteForkDelegate { + public: + // A ZygoteForkDelegate is created during Chrome linux zygote + // initialization, and provides "fork()" functionality as an + // alternative to forking the zygote. A new delegate is passed in + // as an argument to ZygoteMain(). + virtual ~ZygoteForkDelegate() {} + + // Initialization happens in the zygote after it has been + // started by ZygoteMain. + // If |enable_layer1_sandbox| is true, the delegate must enable a + // layer-1 sandbox such as the setuid sandbox. + virtual void Init(int sandboxdesc, bool enable_layer1_sandbox) = 0; + + // After Init, supply a UMA_HISTOGRAM_ENUMERATION the delegate would like + // reported to the browser process. (Note: Because these reports are + // piggy-backed onto fork responses that don't otherwise contain UMA reports, + // this method may not be called until much later.) + virtual void InitialUMA(std::string* uma_name, + int* uma_sample, + int* uma_boundary_value) = 0; + + // Returns 'true' if the delegate would like to handle a given fork + // request. Otherwise returns false. Optionally, fills in uma_name et al + // with a report the helper wants to make via UMA_HISTOGRAM_ENUMERATION. + virtual bool CanHelp(const std::string& process_type, + std::string* uma_name, + int* uma_sample, + int* uma_boundary_value) = 0; + + // Indexes of FDs in the vector passed to Fork(). + enum { + // Used to pass in the descriptor for talking to the Browser. + // Because the children use ChannelMojo, this is actually the Mojo fd. + kBrowserFDIndex, + // The PID oracle is used in the protocol for discovering the + // child process's real PID from within the SUID sandbox. + // The child process is required to write to the socket after + // successfully forking. + kPIDOracleFDIndex, + kNumPassedFDs // Number of FDs in the vector passed to Fork(). + }; + + // Delegate forks, returning a -1 on failure. Outside the + // suid sandbox, Fork() returns the Linux process ID. + // This method is not aware of any potential pid namespaces, so it'll + // return a raw pid just like fork() would. + // Delegate is responsible for communicating the channel ID to the + // newly created child process. + virtual pid_t Fork(const std::string& process_type, + const std::vector<int>& fds, + const std::string& channel_id) = 0; + + // The fork delegate must also assume the role of waiting for its children + // since the caller will not be their parents and cannot do it. |pid| here + // should be a pid that has been returned by the Fork() method. i.e. This + // method is completely unaware of eventual PID namespaces due to sandboxing. + // |known_dead| indicates that the process is already dead and that a + // blocking wait() should be performed. In this case, GetTerminationStatus() + // will send a SIGKILL to the target process first. + virtual bool GetTerminationStatus(pid_t pid, + bool known_dead, + base::TerminationStatus* status, + int* exit_code) = 0; +}; + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ diff --git a/chromium/content/public/common/zygote/zygote_handle.h b/chromium/content/public/common/zygote/zygote_handle.h new file mode 100644 index 00000000000..95a6e6113ec --- /dev/null +++ b/chromium/content/public/common/zygote/zygote_handle.h @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ + +#include "base/callback.h" +#include "base/command_line.h" +#include "base/files/scoped_file.h" +#include "build/build_config.h" +#include "content/common/content_export.h" +#include "content/public/common/zygote/zygote_buildflags.h" + +#if !BUILDFLAG(USE_ZYGOTE_HANDLE) +#error "Can not use zygote handles without USE_ZYGOTE_HANDLE" +#endif + +namespace content { + +#if defined(OS_POSIX) +class ZygoteCommunication; +using ZygoteHandle = ZygoteCommunication*; +#else +// Perhaps other ports may USE_ZYGOTE_HANDLE here somdeday. +#error "Can not use zygote handles on this platform" +#endif // defined(OS_POSIX) + +// Gets the generic global zygote used to launch sandboxed children. +CONTENT_EXPORT ZygoteHandle GetGenericZygote(); + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ |