ac24004e38
This is a reland of https://chromium-review.googlesource.com/c/chromium/src/+/1109964 Tbr'ing previous reviewers from that CL as the exact change has been previously reviewed there. The revert was done manually in response to flakiness of viz_browser tests in MSAN. See issue https://crbug.com/860349 - my analysis is in issue https://crbug.com/860445 where I disable this test. In short, I believe my CL exposed a previously existing race condition in that test. Instead of Chromium IPC macro-defined messages or Mojo, Chrome on Linux uses hand-pickled IPC messages through a special purpose file descriptor to send messages from the renderer to the browser host in order to access FontConfig for font matching and font fallback. This system is described in docs/linux_sandbox_ipc.md. For the "Font Matching by Full Font Name / PS Name" effort, see issue 828317, additional out of process font methods are needed. Instead of adding them to this legacy hand-written IPC, we modernize the Linux Sandbox IPC mechanism and upgrade it to using Mojo interface definitions and a service architecture, in which a font service running in an unsandboxed utility process answers FontConfig requests from the renderer. Previous CLs [1], [2] prepared the Font Service to have testing and additional font fallback and render-style-for-strike methods. Now we can move Blink over to using this Mojo interface and remove the traditional sandbox IPC handlers since we do not use the file descriptor based IPC anymore for FontConfig acces. For more details, please refer to the design doc in issue 839344. [1] https://chromium-review.googlesource.com/c/chromium/src/+/1091754 [2] https://chromium-review.googlesource.com/c/chromium/src/+/1087951 Bug: 855021 Change-Id: I74663c5685a7797089e4d69354453146c245e20a Tbr: skyostil@chromium.org, michaelpg@chromium.org, rsesek@chromium.org, halliwell@chromium.org, thestig@chromium.org, piman@chromium.org, eae@chromium.org Reviewed-on: https://chromium-review.googlesource.com/1127028 Commit-Queue: Dominik Röttsches <drott@chromium.org> Reviewed-by: Dominik Röttsches <drott@chromium.org> Cr-Commit-Position: refs/heads/master@{#572930}
53 lines
1.6 KiB
C++
53 lines
1.6 KiB
C++
// Copyright 2014 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandbox_ipc.md
|
|
|
|
#ifndef CONTENT_BROWSER_SANDBOX_IPC_LINUX_H_
|
|
#define CONTENT_BROWSER_SANDBOX_IPC_LINUX_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "base/files/scoped_file.h"
|
|
#include "base/macros.h"
|
|
#include "base/pickle.h"
|
|
#include "base/threading/simple_thread.h"
|
|
#include "content/common/content_export.h"
|
|
#include "third_party/icu/source/common/unicode/uchar.h"
|
|
|
|
namespace content {
|
|
|
|
class SandboxIPCHandler : public base::DelegateSimpleThread::Delegate {
|
|
public:
|
|
// lifeline_fd: the read end of a pipe which the main thread holds
|
|
// the other end of.
|
|
// browser_socket: the browser's end of the sandbox IPC socketpair.
|
|
SandboxIPCHandler(int lifeline_fd, int browser_socket);
|
|
~SandboxIPCHandler() override;
|
|
|
|
void Run() override;
|
|
|
|
private:
|
|
void HandleRequestFromChild(int fd);
|
|
|
|
void HandleMakeSharedMemorySegment(int fd,
|
|
base::PickleIterator iter,
|
|
const std::vector<base::ScopedFD>& fds);
|
|
|
|
void SendRendererReply(const std::vector<base::ScopedFD>& fds,
|
|
const base::Pickle& reply,
|
|
int reply_fd);
|
|
|
|
const int lifeline_fd_;
|
|
const int browser_socket_;
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(SandboxIPCHandler);
|
|
};
|
|
|
|
} // namespace content
|
|
|
|
#endif // CONTENT_BROWSER_RENDERER_HOST_SANDBOX_IPC_LINUX_H_
|