Back out bug 786631

2013-01-17 12:50:13 -08:00 · 2013-01-17 12:50:13 -08:00 · 1d8beb4d30
--- a/ipc/chromium/src/base/process_util.h
+++ b/ipc/chromium/src/base/process_util.h
@ -131,8 +131,7 @@ enum ChildPrivileges {
  PRIVILEGES_UNPRIVILEGED,
  PRIVILEGES_CAMERA,
  PRIVILEGES_VIDEO,
-  PRIVILEGES_INHERIT,
-  PRIVILEGES_LAST
+  PRIVILEGES_INHERIT
 };

 #if defined(OS_WIN)
@ -181,10 +180,6 @@ bool LaunchApp(const std::vector<std::string>& argv,
               bool wait, ProcessHandle* process_handle,
               ProcessArchitecture arch=GetCurrentProcessArchitecture());

-// Adjust the privileges of this process to match |privs|.  Only
-// returns if privileges were successfully adjusted.
-void SetCurrentProcessPrivileges(ChildPrivileges privs);
-
 #endif

 // Executes the application specified by cl. This function delegates to one
--- a/ipc/chromium/src/base/process_util_linux.cc
+++ b/ipc/chromium/src/base/process_util_linux.cc
@ -231,7 +231,64 @@ bool LaunchApp(const std::vector<std::string>& argv,
      argv_cstr[i] = const_cast<char*>(argv[i].c_str());
    argv_cstr[argv.size()] = NULL;

-    SetCurrentProcessPrivileges(privs);
+    if (privs != PRIVILEGES_INHERIT) {
+      gid_t gid = CHILD_UNPRIVILEGED_GID;
+      uid_t uid = CHILD_UNPRIVILEGED_UID;
+#ifdef MOZ_WIDGET_GONK
+      {
+        static bool checked_pix_max, pix_max_ok;
+        if (!checked_pix_max) {
+          checked_pix_max = true;
+          int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY);
+          if (fd < 0) {
+            DLOG(ERROR) << "Failed to open pid_max";
+            _exit(127);
+          }
+          char buf[PATH_MAX];
+          ssize_t len = read(fd, buf, sizeof(buf) - 1);
+          close(fd);
+          if (len < 0) {
+            DLOG(ERROR) << "Failed to read pid_max";
+            _exit(127);
+          }
+          buf[len] = '\0';
+          int pid_max = atoi(buf);
+          pix_max_ok =
+            (pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID);
+        }
+        if (!pix_max_ok) {
+          DLOG(ERROR) << "Can't safely get unique uid/gid";
+          _exit(127);
+        }
+        gid += getpid();
+        uid += getpid();
+      }
+      if (privs == PRIVILEGES_CAMERA) {
+        gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW };
+        if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
+          DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0];
+          _exit(127);
+        }
+      }
+      else if (privs == PRIVILEGES_VIDEO) {
+        gid_t groups[] = { AID_AUDIO, AID_MEDIA };
+        if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
+          DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0];
+          _exit(127);
+        }
+      }
+#endif
+      if (setgid(gid) != 0) {
+        DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0];
+        _exit(127);
+      }
+      if (setuid(uid) != 0) {
+        DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0];
+        _exit(127);
+      }
+      if (chdir("/") != 0)
+        gProcessLog.print("==> could not chdir()\n");
+    }

 #ifdef HAVE_PR_DUPLICATE_ENVIRONMENT
    execve(argv_cstr[0], argv_cstr.get(), envp);
@ -266,69 +323,6 @@ bool LaunchApp(const CommandLine& cl,
  return LaunchApp(cl.argv(), no_files, wait, process_handle);
 }

-void SetCurrentProcessPrivileges(ChildPrivileges privs) {
-  if (privs == PRIVILEGES_INHERIT) {
-    return;
-  }
-
-  gid_t gid = CHILD_UNPRIVILEGED_GID;
-  uid_t uid = CHILD_UNPRIVILEGED_UID;
-#ifdef MOZ_WIDGET_GONK
-  {
-    static bool checked_pix_max, pix_max_ok;
-    if (!checked_pix_max) {
-      checked_pix_max = true;
-      int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY);
-      if (fd < 0) {
-        DLOG(ERROR) << "Failed to open pid_max";
-        _exit(127);
-      }
-      char buf[PATH_MAX];
-      ssize_t len = read(fd, buf, sizeof(buf) - 1);
-      close(fd);
-      if (len < 0) {
-        DLOG(ERROR) << "Failed to read pid_max";
-        _exit(127);
-      }
-      buf[len] = '\0';
-      int pid_max = atoi(buf);
-      pix_max_ok =
-        (pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID);
-    }
-    if (!pix_max_ok) {
-      DLOG(ERROR) << "Can't safely get unique uid/gid";
-      _exit(127);
-    }
-    gid += getpid();
-    uid += getpid();
-  }
-  if (privs == PRIVILEGES_CAMERA) {
-    gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW };
-    if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
-      DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS";
-      _exit(127);
-    }
-  }
-  else if (privs == PRIVILEGES_VIDEO) {
-    gid_t groups[] = { AID_AUDIO, AID_MEDIA };
-    if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
-      DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS";
-      _exit(127);
-    }
-  }
-#endif
-  if (setgid(gid) != 0) {
-    DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS";
-    _exit(127);
-  }
-  if (setuid(uid) != 0) {
-    DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS";
-    _exit(127);
-  }
-  if (chdir("/") != 0)
-    gProcessLog.print("==> could not chdir()\n");
-}
-
 NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name,
                                           const ProcessFilter* filter)
    : executable_name_(executable_name), filter_(filter) {
--- a/ipc/chromium/src/base/process_util_mac.mm
+++ b/ipc/chromium/src/base/process_util_mac.mm
@ -188,10 +188,6 @@ bool LaunchApp(const CommandLine& cl,
  return LaunchApp(cl.argv(), no_files, wait, process_handle);
 }

-void SetCurrentProcessPrivileges(ChildPrivileges privs) {
-
-}
-
 NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name,
                                           const ProcessFilter* filter)
  : executable_name_(executable_name),