// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/zygote/zygote_main.h" #include <dlfcn.h> #include <fcntl.h> #include <pthread.h> #include <signal.h> #include <stddef.h> #include <stdint.h> #include <string.h> #include <sys/prctl.h> #include <sys/socket.h> #include <sys/types.h> #include <unistd.h> #include <utility> #include "base/command_line.h" #include "base/compiler_specific.h" #include "base/functional/bind.h" #include "base/logging.h" #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket.h" #include "base/rand_util.h" #include "base/strings/safe_sprintf.h" #include "base/strings/string_number_conversions.h" #include "base/system/sys_info.h" #include "build/build_config.h" #include "content/common/zygote/zygote_commands_linux.h" #include "content/public/common/content_descriptors.h" #include "content/public/common/zygote/sandbox_support_linux.h" #include "content/public/common/zygote/zygote_fork_delegate_linux.h" #include "content/zygote/zygote_linux.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/init_process_reaper.h" #include "sandbox/linux/services/libc_interceptor.h" #include "sandbox/linux/services/namespace_sandbox.h" #include "sandbox/linux/services/thread_helpers.h" #include "sandbox/linux/suid/client/setuid_sandbox_client.h" #include "sandbox/policy/linux/sandbox_debug_handling_linux.h" #include "sandbox/policy/linux/sandbox_linux.h" #include "sandbox/policy/sandbox.h" #include "sandbox/policy/switches.h" #include "third_party/icu/source/i18n/unicode/timezone.h" namespace content { namespace { void CloseFds(const std::vector<int>& fds) { … } base::OnceClosure ClosureFromTwoClosures(base::OnceClosure one, base::OnceClosure two) { … } } // namespace static bool CreateInitProcessReaper( base::OnceClosure post_fork_parent_callback) { … } // Enter the setuid sandbox. This requires the current process to have been // created through the setuid sandbox. static bool EnterSuidSandbox(sandbox::SetuidSandboxClient* setuid_sandbox, base::OnceClosure post_fork_parent_callback) { … } static void DropAllCapabilities(int proc_fd) { … } static void EnterNamespaceSandbox(sandbox::policy::SandboxLinux* linux_sandbox, base::OnceClosure post_fork_parent_callback) { … } static void EnterLayerOneSandbox(sandbox::policy::SandboxLinux* linux_sandbox, const bool using_layer1_sandbox, base::OnceClosure post_fork_parent_callback) { … } bool ZygoteMain( std::vector<std::unique_ptr<ZygoteForkDelegate>> fork_delegates) { … } } // namespace content
Codebase Browser
chromium