// Copyright 2011 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <optional> #include "base/allocator/partition_alloc_support.h" #include "base/command_line.h" #include "base/debug/leak_annotations.h" #include "base/functional/bind.h" #include "base/message_loop/message_pump_type.h" #include "base/metrics/histogram_functions.h" #include "base/power_monitor/power_monitor.h" #include "base/run_loop.h" #include "base/task/single_thread_task_executor.h" #include "base/threading/hang_watcher.h" #include "base/threading/platform_thread.h" #include "base/time/time.h" #include "base/timer/hi_res_timer_manager.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "content/child/child_process.h" #include "content/common/content_switches_internal.h" #include "content/common/features.h" #include "content/public/common/content_client.h" #include "content/public/common/content_features.h" #include "content/public/common/content_switches.h" #include "content/public/common/main_function_params.h" #include "content/public/utility/content_utility_client.h" #include "content/utility/utility_thread_impl.h" #include "printing/buildflags/buildflags.h" #include "sandbox/policy/mojom/sandbox.mojom.h" #include "sandbox/policy/sandbox.h" #include "sandbox/policy/sandbox_type.h" #include "services/on_device_model/on_device_model_service.h" #include "services/screen_ai/buildflags/buildflags.h" #include "services/tracing/public/cpp/trace_startup.h" #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) #include "base/file_descriptor_store.h" #include "base/files/file_util.h" #include "base/pickle.h" #include "content/child/sandboxed_process_thread_type_handler.h" #include "content/common/gpu_pre_sandbox_hook_linux.h" #include "content/public/common/content_descriptor_keys.h" #include "content/utility/speech/speech_recognition_sandbox_hook_linux.h" #include "gpu/config/gpu_info_collector.h" #include "media/gpu/sandbox/hardware_video_encoding_sandbox_hook_linux.h" #include "sandbox/policy/linux/sandbox_linux.h" #include "services/audio/audio_sandbox_hook_linux.h" #include "services/network/network_sandbox_hook_linux.h" // gn check is not smart enough to realize that this include only applies to // Linux/ChromeOS and the BUILD.gn dependencies correctly account for that. #include "third_party/angle/src/gpu_info_util/SystemInfo.h" //nogncheck #if BUILDFLAG(ENABLE_PRINTING) #include "printing/sandbox/print_backend_sandbox_hook_linux.h" #endif #endif #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH) #include "media/gpu/sandbox/hardware_video_decoding_sandbox_hook_linux.h" #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_ASH) #if BUILDFLAG(IS_CHROMEOS_ASH) #include "chromeos/ash/components/assistant/buildflags.h" #include "chromeos/ash/services/ime/ime_sandbox_hook.h" #include "chromeos/services/tts/tts_sandbox_hook.h" #if BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #include "chromeos/ash/services/libassistant/libassistant_sandbox_hook.h" // nogncheck #endif // BUILDFLAG(ENABLE_CROS_LIBASSISTANT) #endif // BUILDFLAG(IS_CHROMEOS_ASH) #if (BUILDFLAG(ENABLE_SCREEN_AI_SERVICE) && \ (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS))) #include "services/screen_ai/public/cpp/utilities.h" // nogncheck #include "services/screen_ai/sandbox/screen_ai_sandbox_hook_linux.h" // nogncheck #endif #if BUILDFLAG(IS_MAC) #include "base/message_loop/message_pump_apple.h" #endif #if BUILDFLAG(IS_WIN) #include "base/native_library.h" #include "base/rand_util.h" #include "base/win/scoped_com_initializer.h" #include "base/win/win_util.h" #include "base/win/windows_version.h" #include "content/utility/sandbox_delegate_data.mojom.h" #include "sandbox/policy/win/sandbox_warmup.h" #include "sandbox/win/src/sandbox.h" #endif // BUILDFLAG(IS_WIN) #if BUILDFLAG(IS_WIN) sandbox::TargetServices* g_utility_target_services = nullptr; #endif // BUILDFLAG(IS_WIN) namespace content { namespace { #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) std::vector<std::string> GetNetworkContextsParentDirectories() { … } bool ShouldUseAmdGpuPolicy(sandbox::mojom::Sandbox sandbox_type) { … } #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) #if BUILDFLAG(IS_WIN) // Handle pre-lockdown sandbox hooks bool PreLockdownSandboxHook(base::span<const uint8_t> delegate_blob) { // TODO(crbug.com/40265190) Migrate other settable things to delegate_data. CHECK(!delegate_blob.empty()); content::mojom::sandbox::UtilityConfigPtr sandbox_config; if (!content::mojom::sandbox::UtilityConfig::Deserialize( delegate_blob.data(), delegate_blob.size(), &sandbox_config)) { NOTREACHED(); } if (!sandbox_config->preload_libraries.empty()) { for (const auto& library_path : sandbox_config->preload_libraries) { CHECK(library_path.IsAbsolute()); base::NativeLibraryLoadError lib_error; HMODULE h_mod = base::LoadNativeLibrary(library_path, &lib_error); // We deliberately "leak" `h_mod` so that the module stays loaded. if (!h_mod) { base::UmaHistogramSparse( "Process.Sandbox.PreloadLibraryFailed.ErrorCode", lib_error.code); // The browser should not request libraries that do not exist, so crash // on failure. wchar_t dll_name[MAX_PATH]; base::wcslcpy(dll_name, library_path.value().c_str(), MAX_PATH); base::debug::Alias(dll_name); base::debug::Alias(&lib_error); NOTREACHED(); } } } return true; } #endif // BUILDFLAG(IS_WIN) void SetUtilityThreadName(const std::string utility_sub_type) { … } } // namespace // Mainline routine for running as the utility process. int UtilityMain(MainFunctionParams parameters) { … } } // namespace content
Codebase Browser
chromium