From d983029a4344e1b889f7f9edfc5f1305e83cf587 Mon Sep 17 00:00:00 2001 From: Ryan VanderMeulen Date: Thu, 24 Jan 2013 15:28:11 -0500 Subject: [PATCH] Backed out changeset 0cdacae4e612 (bug 786631) for bustage. --- dom/ipc/ContentChild.cpp | 11 -- dom/ipc/ContentChild.h | 2 - dom/ipc/ContentParent.cpp | 25 ++-- dom/ipc/ContentParent.h | 3 +- dom/ipc/PContent.ipdl | 8 -- ipc/chromium/src/base/process_util.h | 8 +- ipc/chromium/src/base/process_util_linux.cc | 122 ++++++++++---------- ipc/chromium/src/base/process_util_mac.mm | 4 - ipc/chromium/src/base/process_util_win.cc | 4 - ipc/glue/GeckoChildProcessHost.cpp | 11 +- ipc/glue/GeckoChildProcessHost.h | 2 - ipc/glue/IPCMessageUtils.h | 8 -- 12 files changed, 76 insertions(+), 132 deletions(-) diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp index e7a5e1d1e74c..1b606c4f1002 100644 --- a/dom/ipc/ContentChild.cpp +++ b/dom/ipc/ContentChild.cpp @@ -494,17 +494,6 @@ ContentChild::AllocPImageBridge(mozilla::ipc::Transport* aTransport, return ImageBridgeChild::StartUpInChildProcess(aTransport, aOtherProcess); } -bool -ContentChild::RecvSetProcessPrivileges(const ChildPrivileges& aPrivs) -{ - ChildPrivileges privs = (aPrivs == PRIVILEGES_DEFAULT) ? - GeckoChildProcessHost::DefaultChildPrivileges() : - aPrivs; - // If this fails, we die. - SetCurrentProcessPrivileges(privs); - return true; -} - static CancelableTask* sFirstIdleTask; static void FirstIdle(void) diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h index b92dab420902..3149a8a70b2c 100644 --- a/dom/ipc/ContentChild.h +++ b/dom/ipc/ContentChild.h @@ -80,8 +80,6 @@ public: AllocPImageBridge(mozilla::ipc::Transport* aTransport, base::ProcessId aOtherProcess) MOZ_OVERRIDE; - virtual bool RecvSetProcessPrivileges(const ChildPrivileges& aPrivs); - virtual PBrowserChild* AllocPBrowser(const IPCTabContext &aContext, const uint32_t &chromeFlags); virtual bool DeallocPBrowser(PBrowserChild*); diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 87507548fc9e..ffe9bf634d45 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -205,9 +205,7 @@ ContentParent::PreallocateAppProcess() sPreallocatedAppProcess = new ContentParent(MAGIC_PREALLOCATED_APP_MANIFEST_URL, /*isBrowserElement=*/false, - // Final privileges are set when we - // transform into our app. - base::PRIVILEGES_INHERIT); + base::PRIVILEGES_DEFAULT); sPreallocatedAppProcess->Init(); } @@ -425,14 +423,20 @@ ContentParent::CreateBrowserOrApp(const TabContext& aContext) nsRefPtr p = gAppContentParents->Get(manifestURL); if (!p) { ChildPrivileges privs = PrivilegesForApp(ownApp); - p = MaybeTakePreallocatedAppProcess(); - if (p) { - p->TransformPreallocatedIntoApp(manifestURL, privs); - } else { - NS_WARNING("Unable to use pre-allocated app process"); + if (privs != base::PRIVILEGES_DEFAULT) { p = new ContentParent(manifestURL, /* isBrowserElement = */ false, privs); p->Init(); + } else { + p = MaybeTakePreallocatedAppProcess(); + if (p) { + p->SetManifestFromPreallocated(manifestURL); + } else { + NS_WARNING("Unable to use pre-allocated app process"); + p = new ContentParent(manifestURL, /* isBrowserElement = */ false, + base::PRIVILEGES_DEFAULT); + p->Init(); + } } gAppContentParents->Put(manifestURL, p); } @@ -515,15 +519,12 @@ ContentParent::Init() } void -ContentParent::TransformPreallocatedIntoApp(const nsAString& aAppManifestURL, - ChildPrivileges aPrivs) +ContentParent::SetManifestFromPreallocated(const nsAString& aAppManifestURL) { MOZ_ASSERT(mAppManifestURL == MAGIC_PREALLOCATED_APP_MANIFEST_URL); // Clients should think of mAppManifestURL as const ... we're // bending the rules here just for the preallocation hack. const_cast(mAppManifestURL) = aAppManifestURL; - // If this fails, the child process died. - unused << SendSetProcessPrivileges(aPrivs); } void diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index 259f9fcf8d95..e0a999dba368 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -177,8 +177,7 @@ private: // Transform a pre-allocated app process into a "real" app // process, for the specified manifest URL. - void TransformPreallocatedIntoApp(const nsAString& aAppManifestURL, - ChildPrivileges aPrivs); + void SetManifestFromPreallocated(const nsAString& aAppManifestURL); /** * Mark this ContentParent as dead for the purposes of Get*(). diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl index dbd8d869ad96..1f6a9df7958b 100644 --- a/dom/ipc/PContent.ipdl +++ b/dom/ipc/PContent.ipdl @@ -36,7 +36,6 @@ using PrefTuple; using ChromePackage; using ResourceMapping; using OverrideMapping; -using base::ChildPrivileges; using IPC::Permission; using IPC::Principal; using mozilla::null_t; @@ -246,13 +245,6 @@ both: async PBlob(BlobConstructorParams params); child: - /** - * Update OS process privileges to |privs|. Can usually only be - * performed zero or one times. The child will abnormally exit if - * the privilege update fails. - */ - async SetProcessPrivileges(ChildPrivileges privs); - PMemoryReportRequest(); /** diff --git a/ipc/chromium/src/base/process_util.h b/ipc/chromium/src/base/process_util.h index f5141b18e89e..aa4db508c8f1 100644 --- a/ipc/chromium/src/base/process_util.h +++ b/ipc/chromium/src/base/process_util.h @@ -131,8 +131,7 @@ enum ChildPrivileges { PRIVILEGES_UNPRIVILEGED, PRIVILEGES_CAMERA, PRIVILEGES_VIDEO, - PRIVILEGES_INHERIT, - PRIVILEGES_LAST + PRIVILEGES_INHERIT }; #if defined(OS_WIN) @@ -180,11 +179,8 @@ bool LaunchApp(const std::vector& argv, const environment_map& env_vars_to_set, bool wait, ProcessHandle* process_handle, ProcessArchitecture arch=GetCurrentProcessArchitecture()); -#endif -// Adjust the privileges of this process to match |privs|. Only -// returns if privileges were successfully adjusted. -void SetCurrentProcessPrivileges(ChildPrivileges privs); +#endif // Executes the application specified by cl. This function delegates to one // of the above two platform-specific functions. diff --git a/ipc/chromium/src/base/process_util_linux.cc b/ipc/chromium/src/base/process_util_linux.cc index 5b47a21563e4..9e7c51c875be 100644 --- a/ipc/chromium/src/base/process_util_linux.cc +++ b/ipc/chromium/src/base/process_util_linux.cc @@ -231,7 +231,64 @@ bool LaunchApp(const std::vector& argv, argv_cstr[i] = const_cast(argv[i].c_str()); argv_cstr[argv.size()] = NULL; - SetCurrentProcessPrivileges(privs); + if (privs != PRIVILEGES_INHERIT) { + gid_t gid = CHILD_UNPRIVILEGED_GID; + uid_t uid = CHILD_UNPRIVILEGED_UID; +#ifdef MOZ_WIDGET_GONK + { + static bool checked_pix_max, pix_max_ok; + if (!checked_pix_max) { + checked_pix_max = true; + int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY); + if (fd < 0) { + DLOG(ERROR) << "Failed to open pid_max"; + _exit(127); + } + char buf[PATH_MAX]; + ssize_t len = read(fd, buf, sizeof(buf) - 1); + close(fd); + if (len < 0) { + DLOG(ERROR) << "Failed to read pid_max"; + _exit(127); + } + buf[len] = '\0'; + int pid_max = atoi(buf); + pix_max_ok = + (pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID); + } + if (!pix_max_ok) { + DLOG(ERROR) << "Can't safely get unique uid/gid"; + _exit(127); + } + gid += getpid(); + uid += getpid(); + } + if (privs == PRIVILEGES_CAMERA) { + gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW }; + if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) { + DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0]; + _exit(127); + } + } + else if (privs == PRIVILEGES_VIDEO) { + gid_t groups[] = { AID_AUDIO, AID_MEDIA }; + if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) { + DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS, path: " << argv_cstr[0]; + _exit(127); + } + } +#endif + if (setgid(gid) != 0) { + DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0]; + _exit(127); + } + if (setuid(uid) != 0) { + DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0]; + _exit(127); + } + if (chdir("/") != 0) + gProcessLog.print("==> could not chdir()\n"); + } #ifdef HAVE_PR_DUPLICATE_ENVIRONMENT execve(argv_cstr[0], argv_cstr.get(), envp); @@ -266,69 +323,6 @@ bool LaunchApp(const CommandLine& cl, return LaunchApp(cl.argv(), no_files, wait, process_handle); } -void SetCurrentProcessPrivileges(ChildPrivileges privs) { - if (privs == PRIVILEGES_INHERIT) { - return; - } - - gid_t gid = CHILD_UNPRIVILEGED_GID; - uid_t uid = CHILD_UNPRIVILEGED_UID; -#ifdef MOZ_WIDGET_GONK - { - static bool checked_pix_max, pix_max_ok; - if (!checked_pix_max) { - checked_pix_max = true; - int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY); - if (fd < 0) { - DLOG(ERROR) << "Failed to open pid_max"; - _exit(127); - } - char buf[PATH_MAX]; - ssize_t len = read(fd, buf, sizeof(buf) - 1); - close(fd); - if (len < 0) { - DLOG(ERROR) << "Failed to read pid_max"; - _exit(127); - } - buf[len] = '\0'; - int pid_max = atoi(buf); - pix_max_ok = - (pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID); - } - if (!pix_max_ok) { - DLOG(ERROR) << "Can't safely get unique uid/gid"; - _exit(127); - } - gid += getpid(); - uid += getpid(); - } - if (privs == PRIVILEGES_CAMERA) { - gid_t groups[] = { AID_AUDIO, AID_CAMERA, AID_SDCARD_RW }; - if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) { - DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS"; - _exit(127); - } - } - else if (privs == PRIVILEGES_VIDEO) { - gid_t groups[] = { AID_AUDIO, AID_MEDIA }; - if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) { - DLOG(ERROR) << "FAILED TO setgroups() CHILD PROCESS"; - _exit(127); - } - } -#endif - if (setgid(gid) != 0) { - DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS"; - _exit(127); - } - if (setuid(uid) != 0) { - DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS"; - _exit(127); - } - if (chdir("/") != 0) - gProcessLog.print("==> could not chdir()\n"); -} - NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name, const ProcessFilter* filter) : executable_name_(executable_name), filter_(filter) { diff --git a/ipc/chromium/src/base/process_util_mac.mm b/ipc/chromium/src/base/process_util_mac.mm index 8d003fc8750c..d9f0d4e89a2d 100644 --- a/ipc/chromium/src/base/process_util_mac.mm +++ b/ipc/chromium/src/base/process_util_mac.mm @@ -188,10 +188,6 @@ bool LaunchApp(const CommandLine& cl, return LaunchApp(cl.argv(), no_files, wait, process_handle); } -void SetCurrentProcessPrivileges(ChildPrivileges privs) { - -} - NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name, const ProcessFilter* filter) : executable_name_(executable_name), diff --git a/ipc/chromium/src/base/process_util_win.cc b/ipc/chromium/src/base/process_util_win.cc index 83df73f55fc5..b41ff5aacbdc 100644 --- a/ipc/chromium/src/base/process_util_win.cc +++ b/ipc/chromium/src/base/process_util_win.cc @@ -337,10 +337,6 @@ bool WaitForExitCode(ProcessHandle handle, int* exit_code) { return true; } -void SetCurrentProcessPrivileges(ChildPrivileges privs) { - -} - NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name, const ProcessFilter* filter) : started_iteration_(false), diff --git a/ipc/glue/GeckoChildProcessHost.cpp b/ipc/glue/GeckoChildProcessHost.cpp index 3848bcbe34e6..d99618ed5107 100644 --- a/ipc/glue/GeckoChildProcessHost.cpp +++ b/ipc/glue/GeckoChildProcessHost.cpp @@ -74,14 +74,6 @@ struct RunnableMethodTraits static void ReleaseCallee(GeckoChildProcessHost* obj) { } }; -/*static*/ -base::ChildPrivileges -GeckoChildProcessHost::DefaultChildPrivileges() -{ - return (kLowRightsSubprocesses ? - base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT); -} - GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType, ChildPrivileges aPrivileges) : ChildProcessHost(RENDER_PROCESS), // FIXME/cjones: we should own this enum @@ -464,7 +456,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector& aExt base::environment_map newEnvVars; ChildPrivileges privs = mPrivileges; if (privs == base::PRIVILEGES_DEFAULT) { - privs = DefaultChildPrivileges(); + privs = kLowRightsSubprocesses ? + base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT; } // XPCOM may not be initialized in some subprocesses. We don't want // to initialize XPCOM just for the directory service, especially diff --git a/ipc/glue/GeckoChildProcessHost.h b/ipc/glue/GeckoChildProcessHost.h index 46c70307aef6..21fa2ad090ee 100644 --- a/ipc/glue/GeckoChildProcessHost.h +++ b/ipc/glue/GeckoChildProcessHost.h @@ -29,8 +29,6 @@ public: typedef base::ChildPrivileges ChildPrivileges; typedef base::ProcessHandle ProcessHandle; - static ChildPrivileges DefaultChildPrivileges(); - GeckoChildProcessHost(GeckoProcessType aProcessType, ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT); diff --git a/ipc/glue/IPCMessageUtils.h b/ipc/glue/IPCMessageUtils.h index 21edd856506f..89e81b1e82b5 100644 --- a/ipc/glue/IPCMessageUtils.h +++ b/ipc/glue/IPCMessageUtils.h @@ -7,7 +7,6 @@ #ifndef __IPC_GLUE_IPCMESSAGEUTILS_H__ #define __IPC_GLUE_IPCMESSAGEUTILS_H__ -#include "base/process_util.h" #include "chrome/common/ipc_message_utils.h" #include "mozilla/TimeStamp.h" @@ -148,13 +147,6 @@ struct EnumSerializer { } }; -template <> -struct ParamTraits - : public EnumSerializer -{ }; - template<> struct ParamTraits {