d0a8b6b606
The change is mostly mechanical replacing defined(OS_CHROMEOS) with BUILDFLAG(IS_CHROMEOS_ASH) and GN variable is_chromeos with is_chromeos_ash with some special cases (For those cases please refer to http://go/lacros-macros). The patch is made in preparation to switching lacros build from target_os=linux to target_os=chromeos. This will prevent lacros from changing behaviour after the switch. Bug: 1052397 Change-Id: Ieb265e116ff6ada5e2f99d609ff12fb9f92727e0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2534271 Commit-Queue: Yuta Hijikata <ythjkt@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Reviewed-by: Bo <boliu@chromium.org> Cr-Commit-Position: refs/heads/master@{#829687}
107 lines
3.9 KiB
C++
107 lines
3.9 KiB
C++
// Copyright 2020 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "content/browser/utility_sandbox_delegate.h"
|
|
|
|
#include "base/check.h"
|
|
#include "build/build_config.h"
|
|
#include "build/chromeos_buildflags.h"
|
|
#include "content/public/common/sandboxed_process_launcher_delegate.h"
|
|
#include "content/public/common/zygote/zygote_buildflags.h"
|
|
#include "sandbox/policy/sandbox_type.h"
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
|
|
#include "content/common/zygote/zygote_handle_impl_linux.h"
|
|
#endif
|
|
|
|
namespace content {
|
|
|
|
UtilitySandboxedProcessLauncherDelegate::
|
|
UtilitySandboxedProcessLauncherDelegate(
|
|
sandbox::policy::SandboxType sandbox_type,
|
|
const base::EnvironmentMap& env,
|
|
const base::CommandLine& cmd_line)
|
|
:
|
|
#if defined(OS_POSIX)
|
|
env_(env),
|
|
#endif
|
|
sandbox_type_(sandbox_type),
|
|
cmd_line_(cmd_line) {
|
|
#if DCHECK_IS_ON()
|
|
bool supported_sandbox_type =
|
|
sandbox_type_ == sandbox::policy::SandboxType::kNoSandbox ||
|
|
#if defined(OS_WIN)
|
|
sandbox_type_ ==
|
|
sandbox::policy::SandboxType::kNoSandboxAndElevatedPrivileges ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kXrCompositing ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kProxyResolver ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kPdfConversion ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kIconReader ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kMediaFoundationCdm ||
|
|
#endif
|
|
sandbox_type_ == sandbox::policy::SandboxType::kUtility ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kNetwork ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kCdm ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kPrintCompositor ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kPpapi ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kVideoCapture ||
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
sandbox_type_ == sandbox::policy::SandboxType::kIme ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kTts ||
|
|
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
|
|
sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
|
|
#if !defined(OS_MAC)
|
|
sandbox_type_ == sandbox::policy::SandboxType::kSharingService ||
|
|
#endif
|
|
sandbox_type_ == sandbox::policy::SandboxType::kSpeechRecognition;
|
|
DCHECK(supported_sandbox_type);
|
|
#endif // DCHECK_IS_ON()
|
|
}
|
|
|
|
UtilitySandboxedProcessLauncherDelegate::
|
|
~UtilitySandboxedProcessLauncherDelegate() {}
|
|
|
|
sandbox::policy::SandboxType
|
|
UtilitySandboxedProcessLauncherDelegate::GetSandboxType() {
|
|
return sandbox_type_;
|
|
}
|
|
|
|
#if defined(OS_POSIX)
|
|
base::EnvironmentMap UtilitySandboxedProcessLauncherDelegate::GetEnvironment() {
|
|
return env_;
|
|
}
|
|
#endif // OS_POSIX
|
|
|
|
#if defined(OS_MAC) && defined(ARCH_CPU_ARM64)
|
|
bool UtilitySandboxedProcessLauncherDelegate::LaunchX86_64() {
|
|
return launch_x86_64_;
|
|
}
|
|
#endif // OS_MAC && ARCH_CPU_ARM64
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
|
|
ZygoteHandle UtilitySandboxedProcessLauncherDelegate::GetZygote() {
|
|
// If the sandbox has been disabled for a given type, don't use a zygote.
|
|
if (sandbox::policy::IsUnsandboxedSandboxType(sandbox_type_))
|
|
return nullptr;
|
|
|
|
// Utility processes which need specialized sandboxes fork from the
|
|
// unsandboxed zygote and then apply their actual sandboxes in the forked
|
|
// process upon startup.
|
|
if (sandbox_type_ == sandbox::policy::SandboxType::kNetwork ||
|
|
#if BUILDFLAG(IS_CHROMEOS_ASH)
|
|
sandbox_type_ == sandbox::policy::SandboxType::kIme ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kTts ||
|
|
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
|
|
sandbox_type_ == sandbox::policy::SandboxType::kAudio ||
|
|
sandbox_type_ == sandbox::policy::SandboxType::kSpeechRecognition) {
|
|
return GetUnsandboxedZygote();
|
|
}
|
|
|
|
// All other types use the pre-sandboxed zygote.
|
|
return GetGenericZygote();
|
|
}
|
|
#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
|
|
|
|
} // namespace content
|