mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset 0cdacae4e612 (bug 786631) for bustage.

This commit is contained in:
Ryan VanderMeulen 2013-01-24 15:28:11 -05:00
Родитель 7c39ab921f
Коммит d983029a43
12 изменённых файлов: 76 добавлений и 132 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

11
dom/ipc/ContentChild.cpp
Просмотреть файл

@ -494,17 +494,6 @@ ContentChild::AllocPImageBridge(mozilla::ipc::Transport* aTransport,
return ImageBridgeChild::StartUpInChildProcess(aTransport, aOtherProcess);
}
bool
ContentChild::RecvSetProcessPrivileges(const ChildPrivileges& aPrivs)
{
ChildPrivileges privs = (aPrivs == PRIVILEGES_DEFAULT) ?
GeckoChildProcessHost::DefaultChildPrivileges() :
aPrivs;
// If this fails, we die.
SetCurrentProcessPrivileges(privs);
return true;
}
static CancelableTask* sFirstIdleTask;
static void FirstIdle(void)

2
dom/ipc/ContentChild.h
Просмотреть файл

@ -80,8 +80,6 @@ public:
AllocPImageBridge(mozilla::ipc::Transport* aTransport,
base::ProcessId aOtherProcess) MOZ_OVERRIDE;
virtual bool RecvSetProcessPrivileges(const ChildPrivileges& aPrivs);
virtual PBrowserChild* AllocPBrowser(const IPCTabContext &aContext,
const uint32_t &chromeFlags);
virtual bool DeallocPBrowser(PBrowserChild*);

25
dom/ipc/ContentParent.cpp
Просмотреть файл

@ -205,9 +205,7 @@ ContentParent::PreallocateAppProcess()
sPreallocatedAppProcess =
new ContentParent(MAGIC_PREALLOCATED_APP_MANIFEST_URL,
/*isBrowserElement=*/false,
// Final privileges are set when we
// transform into our app.
base::PRIVILEGES_INHERIT);
base::PRIVILEGES_DEFAULT);
sPreallocatedAppProcess->Init();
}
@ -425,14 +423,20 @@ ContentParent::CreateBrowserOrApp(const TabContext& aContext)
nsRefPtr<ContentParent> p = gAppContentParents->Get(manifestURL);
if (!p) {
ChildPrivileges privs = PrivilegesForApp(ownApp);
p = MaybeTakePreallocatedAppProcess();
if (p) {
p->TransformPreallocatedIntoApp(manifestURL, privs);
} else {
NS_WARNING("Unable to use pre-allocated app process");
if (privs != base::PRIVILEGES_DEFAULT) {
p = new ContentParent(manifestURL, /* isBrowserElement = */ false,
privs);
p->Init();
} else {
p = MaybeTakePreallocatedAppProcess();
if (p) {
p->SetManifestFromPreallocated(manifestURL);
} else {
NS_WARNING("Unable to use pre-allocated app process");
p = new ContentParent(manifestURL, /* isBrowserElement = */ false,
base::PRIVILEGES_DEFAULT);
p->Init();
}
}
gAppContentParents->Put(manifestURL, p);
}
@ -515,15 +519,12 @@ ContentParent::Init()
}
void
ContentParent::TransformPreallocatedIntoApp(const nsAString& aAppManifestURL,
ChildPrivileges aPrivs)
ContentParent::SetManifestFromPreallocated(const nsAString& aAppManifestURL)
{
MOZ_ASSERT(mAppManifestURL == MAGIC_PREALLOCATED_APP_MANIFEST_URL);
// Clients should think of mAppManifestURL as const ... we're
// bending the rules here just for the preallocation hack.
const_cast<nsString&>(mAppManifestURL) = aAppManifestURL;
// If this fails, the child process died.
unused << SendSetProcessPrivileges(aPrivs);
}
void

3
dom/ipc/ContentParent.h
Просмотреть файл

@ -177,8 +177,7 @@ private:
// Transform a pre-allocated app process into a "real" app
// process, for the specified manifest URL.
void TransformPreallocatedIntoApp(const nsAString& aAppManifestURL,
ChildPrivileges aPrivs);
void SetManifestFromPreallocated(const nsAString& aAppManifestURL);
/**
* Mark this ContentParent as dead for the purposes of Get*().

8
dom/ipc/PContent.ipdl
Просмотреть файл

@ -36,7 +36,6 @@ using PrefTuple;
using ChromePackage;
using ResourceMapping;
using OverrideMapping;
using base::ChildPrivileges;
using IPC::Permission;
using IPC::Principal;
using mozilla::null_t;
@ -246,13 +245,6 @@ both:
async PBlob(BlobConstructorParams params);
child:
/**
* Update OS process privileges to |privs|. Can usually only be
* performed zero or one times. The child will abnormally exit if
* the privilege update fails.
*/
async SetProcessPrivileges(ChildPrivileges privs);
PMemoryReportRequest();
/**

8
ipc/chromium/src/base/process_util.h
Просмотреть файл

@ -131,8 +131,7 @@ enum ChildPrivileges {
PRIVILEGES_UNPRIVILEGED,
PRIVILEGES_CAMERA,
PRIVILEGES_VIDEO,
PRIVILEGES_INHERIT,
PRIVILEGES_LAST
PRIVILEGES_INHERIT
};
#if defined(OS_WIN)
@ -180,11 +179,8 @@ bool LaunchApp(const std::vector<std::string>& argv,
const environment_map& env_vars_to_set,
bool wait, ProcessHandle* process_handle,
ProcessArchitecture arch=GetCurrentProcessArchitecture());
#endif
// Adjust the privileges of this process to match |privs|. Only
// returns if privileges were successfully adjusted.
void SetCurrentProcessPrivileges(ChildPrivileges privs);
#endif
// Executes the application specified by cl. This function delegates to one
// of the above two platform-specific functions.

122
ipc/chromium/src/base/process_util_linux.cc
Просмотреть файл

@ -231,7 +231,64 @@ bool LaunchApp(const std::vector<std::string>& argv,
argv_cstr[i] = const_cast<char*>(argv[i].c_str());
argv_cstr[argv.size()] = NULL;
SetCurrentProcessPrivileges(privs);
if (privs != PRIVILEGES_INHERIT) {
gid_t gid = CHILD_UNPRIVILEGED_GID;
uid_t uid = CHILD_UNPRIVILEGED_UID;
#ifdef MOZ_WIDGET_GONK
{
static bool checked_pix_max, pix_max_ok;
if (!checked_pix_max) {
checked_pix_max = true;
int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY);
if (fd < 0) {
DLOG(ERROR) << "Failed to open pid_max";
_exit(127);
}
char buf[PATH_MAX];
ssize_t len = read(fd, buf, sizeof(buf) - 1);
close(fd);
if (len < 0) {
DLOG(ERROR) << "Failed to read pid_max";
_exit(127);
}
buf[len] = '\0';
int pid_max = atoi(buf);
pix_max_ok =
(pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID);
}
if (!pix_max_ok) {
DLOG(ERROR) << "Can't safely get unique uid/gid";
_exit(127);
}
gid += getpid();
uid += getpid();
}
if (privs == PRIVILEGES_CAMERA) {
gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW };
if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0];
_exit(127);
}
}
else if (privs == PRIVILEGES_VIDEO) {
gid_t groups[] = { AID_AUDIO, AID_MEDIA };
if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0];
_exit(127);
}
}
#endif
if (setgid(gid) != 0) {
DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0];
_exit(127);
}
if (setuid(uid) != 0) {
DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0];
_exit(127);
}
if (chdir("/") != 0)
gProcessLog.print("==> could not chdir()\n");
}
#ifdef HAVE_PR_DUPLICATE_ENVIRONMENT
execve(argv_cstr[0], argv_cstr.get(), envp);
@ -266,69 +323,6 @@ bool LaunchApp(const CommandLine& cl,
return LaunchApp(cl.argv(), no_files, wait, process_handle);
}
void SetCurrentProcessPrivileges(ChildPrivileges privs) {
if (privs == PRIVILEGES_INHERIT) {
return;
}
gid_t gid = CHILD_UNPRIVILEGED_GID;
uid_t uid = CHILD_UNPRIVILEGED_UID;
#ifdef MOZ_WIDGET_GONK
{
static bool checked_pix_max, pix_max_ok;
if (!checked_pix_max) {
checked_pix_max = true;
int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY);
if (fd < 0) {
DLOG(ERROR) << "Failed to open pid_max";
_exit(127);
}
char buf[PATH_MAX];
ssize_t len = read(fd, buf, sizeof(buf) - 1);
close(fd);
if (len < 0) {
DLOG(ERROR) << "Failed to read pid_max";
_exit(127);
}
buf[len] = '\0';
int pid_max = atoi(buf);
pix_max_ok =
(pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID);
}
if (!pix_max_ok) {
DLOG(ERROR) << "Can't safely get unique uid/gid";
_exit(127);
}
gid += getpid();
uid += getpid();
}
if (privs == PRIVILEGES_CAMERA) {
gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW };
if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS";
_exit(127);
}
}
else if (privs == PRIVILEGES_VIDEO) {
gid_t groups[] = { AID_AUDIO, AID_MEDIA };
if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS";
_exit(127);
}
}
#endif
if (setgid(gid) != 0) {
DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS";
_exit(127);
}
if (setuid(uid) != 0) {
DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS";
_exit(127);
}
if (chdir("/") != 0)
gProcessLog.print("==> could not chdir()\n");
}
NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name,
const ProcessFilter* filter)
: executable_name_(executable_name), filter_(filter) {

4
ipc/chromium/src/base/process_util_mac.mm
Просмотреть файл

@ -188,10 +188,6 @@ bool LaunchApp(const CommandLine& cl,
return LaunchApp(cl.argv(), no_files, wait, process_handle);
}
void SetCurrentProcessPrivileges(ChildPrivileges privs) {
}
NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name,
const ProcessFilter* filter)
: executable_name_(executable_name),

4
ipc/chromium/src/base/process_util_win.cc
Просмотреть файл

@ -337,10 +337,6 @@ bool WaitForExitCode(ProcessHandle handle, int* exit_code) {
return true;
}
void SetCurrentProcessPrivileges(ChildPrivileges privs) {
}
NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name,
const ProcessFilter* filter)
: started_iteration_(false),

11
ipc/glue/GeckoChildProcessHost.cpp
Просмотреть файл

@ -74,14 +74,6 @@ struct RunnableMethodTraits<GeckoChildProcessHost>
static void ReleaseCallee(GeckoChildProcessHost* obj) { }
};
/*static*/
base::ChildPrivileges
GeckoChildProcessHost::DefaultChildPrivileges()
{
return (kLowRightsSubprocesses ?
base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT);
}
GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType,
ChildPrivileges aPrivileges)
: ChildProcessHost(RENDER_PROCESS), // FIXME/cjones: we should own this enum
@ -464,7 +456,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
base::environment_map newEnvVars;
ChildPrivileges privs = mPrivileges;
if (privs == base::PRIVILEGES_DEFAULT) {
privs = DefaultChildPrivileges();
privs = kLowRightsSubprocesses ?
base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT;
}
// XPCOM may not be initialized in some subprocesses. We don't want
// to initialize XPCOM just for the directory service, especially

2
ipc/glue/GeckoChildProcessHost.h
Просмотреть файл

@ -29,8 +29,6 @@ public:
typedef base::ChildPrivileges ChildPrivileges;
typedef base::ProcessHandle ProcessHandle;
static ChildPrivileges DefaultChildPrivileges();
GeckoChildProcessHost(GeckoProcessType aProcessType,
ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);

8
ipc/glue/IPCMessageUtils.h
Просмотреть файл

@ -7,7 +7,6 @@
#ifndef __IPC_GLUE_IPCMESSAGEUTILS_H__
#define __IPC_GLUE_IPCMESSAGEUTILS_H__
#include "base/process_util.h"
#include "chrome/common/ipc_message_utils.h"
#include "mozilla/TimeStamp.h"
@ -148,13 +147,6 @@ struct EnumSerializer {
}
};
template <>
struct ParamTraits<base::ChildPrivileges>
: public EnumSerializer<base::ChildPrivileges,
base::PRIVILEGES_DEFAULT,
base::PRIVILEGES_LAST>
{ };
template<>
struct ParamTraits<int8_t>
{