Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / renderer / renderer_main_platform_delegate_linux.cc
blob21dd251027a34863edd2793eb05723aa0404c804
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/renderer/renderer_main_platform_delegate.h"
7 #include <errno.h>
8 #include <sys/stat.h>
10 #include "base/command_line.h"
11 #include "base/files/file_util.h"
12 #include "base/logging.h"
13 #include "content/common/sandbox_linux/sandbox_linux.h"
14 #include "content/public/common/content_switches.h"
15 #include "content/public/common/sandbox_init.h"
17 namespace content {
19 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
20 const MainFunctionParams& parameters)
21 : parameters_(parameters) {
24 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
27 void RendererMainPlatformDelegate::PlatformInitialize() {
30 void RendererMainPlatformDelegate::PlatformUninitialize() {
33 bool RendererMainPlatformDelegate::EnableSandbox() {
34 // The setuid sandbox is started in the zygote process: zygote_main_linux.cc
35 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
37 // Anything else is started in InitializeSandbox().
38 LinuxSandbox::InitializeSandbox();
39 // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before
40 // any renderer has been started.
41 // Here, we test that the status of SeccompBpf in the renderer is consistent
42 // with what LinuxSandbox::GetStatus() said we would do.
43 class LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
44 if (linux_sandbox->GetStatus() & kSandboxLinuxSeccompBPF) {
45 CHECK(linux_sandbox->seccomp_bpf_started());
48 // Under the setuid sandbox, we should not be able to open any file via the
49 // filesystem.
50 if (linux_sandbox->GetStatus() & kSandboxLinuxSUID) {
51 CHECK(!base::PathExists(base::FilePath("/proc/cpuinfo")));
54 #if defined(__x86_64__)
55 // Limit this test to architectures where seccomp BPF is active in renderers.
56 if (linux_sandbox->seccomp_bpf_started()) {
57 errno = 0;
58 // This should normally return EBADF since the first argument is bogus,
59 // but we know that under the seccomp-bpf sandbox, this should return EPERM.
60 CHECK_EQ(fchmod(-1, 07777), -1);
61 CHECK_EQ(errno, EPERM);
63 #endif // __x86_64__
65 return true;
68 } // namespace content