content/renderer/renderer_main_platform_delegate_linux.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/renderer/renderer_main_platform_delegate.h"
   6
   7 #include <errno.h>
   8 #include <sys/stat.h>
   9
  10 #include "base/command_line.h"
  11 #include "base/file_util.h"
  12 #include "base/logging.h"
  13 #include "content/common/sandbox_linux.h"
  14 #include "content/public/common/content_switches.h"
  15 #include "content/public/common/sandbox_init.h"
  16
  17 namespace content {
  18
  19 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
  20     const MainFunctionParams& parameters)
  21     : parameters_(parameters) {
  22 }
  23
  24 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
  25 }
  26
  27 void RendererMainPlatformDelegate::PlatformInitialize() {
  28 }
  29
  30 void RendererMainPlatformDelegate::PlatformUninitialize() {
  31 }
  32
  33 bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
  34   // The sandbox is started in the zygote process: zygote_main_linux.cc
  35   // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
  36   return true;
  37 }
  38
  39 bool RendererMainPlatformDelegate::EnableSandbox() {
  40   // The setuid sandbox is started in the zygote process: zygote_main_linux.cc
  41   // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
  42   //
  43   // The seccomp sandbox mode 1 (sandbox/linux/seccomp-legacy) and mode 2
  44   // (sandbox/linux/seccomp-bpf) are started in InitializeSandbox().
  45   InitializeSandbox();
  46   return true;
  47 }
  48
  49 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {
  50   // The LinuxSandbox class requires going through initialization before
  51   // GetStatus() and others can be used.  When we are not launched through the
  52   // Zygote, this initialization will only happen in the renderer process if
  53   // EnableSandbox() above is called, which it won't necesserily be.
  54   // This only happens with flags such as --renderer-cmd-prefix which are
  55   // for debugging.
  56   if (no_sandbox)
  57     return;
  58
  59   // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before
  60   // any renderer has been started.
  61   // Here, we test that the status of SeccompBpf in the renderer is consistent
  62   // with what LinuxSandbox::GetStatus() said we would do.
  63   class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
  64   if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBpf) {
  65     CHECK(linux_sandbox->seccomp_bpf_started());
  66   }
  67
  68   // Under the setuid sandbox, we should not be able to open any file via the
  69   // filesystem.
  70   if (linux_sandbox->GetStatus() & kSandboxLinuxSUID) {
  71     CHECK(!file_util::PathExists(FilePath("/proc/cpuinfo")));
  72   }
  73
  74 #if defined(__x86_64__)
  75   // Limit this test to architectures where seccomp BPF is active in renderers.
  76   if (linux_sandbox->seccomp_bpf_started()) {
  77     errno = 0;
  78     // This should normally return EBADF since the first argument is bogus,
  79     // but we know that under the seccomp-bpf sandbox, this should return EPERM.
  80     CHECK_EQ(fchmod(-1, 07777), -1);
  81     CHECK_EQ(errno, EPERM);
  82   }
  83 #endif  // __x86_64__
  84 }
  85
  86 }  // namespace content