diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-06 12:48:11 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-10-13 09:33:43 +0000 |
| commit | 7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3 (patch) | |
| tree | fa14ba0ca8d2683ba2efdabd246dc9b18a1229c6 /chromium/content/utility/speech | |
| parent | 79b4f909db1049fca459c07cca55af56a9b54fe3 (diff) | |
| download | qtwebengine-chromium-7b5b123ac58f58ffde0f4f6e488bcd09aa4decd3.tar.gz | |
BASELINE: Update Chromium to 84.0.4147.141
Change-Id: Ib85eb4cfa1cbe2b2b81e5022c8cad5c493969535
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/content/utility/speech')
5 files changed, 106 insertions, 0 deletions
diff --git a/chromium/content/utility/speech/BUILD.gn b/chromium/content/utility/speech/BUILD.gn new file mode 100644 index 00000000000..7a8ad15b25e --- /dev/null +++ b/chromium/content/utility/speech/BUILD.gn @@ -0,0 +1,19 @@ +# Copyright 2020 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +source_set("speech_recognition_sandbox_hook") { + sources = [ + "speech_recognition_sandbox_hook_linux.cc", + "speech_recognition_sandbox_hook_linux.h", + ] + + deps = [ + "//base", + "//components/component_updater:component_updater", + "//components/soda:constants", + "//sandbox/linux:sandbox_services", + ] + + public_deps = [ "//services/service_manager/sandbox" ] +} diff --git a/chromium/content/utility/speech/DEPS b/chromium/content/utility/speech/DEPS new file mode 100644 index 00000000000..4e9e1336acb --- /dev/null +++ b/chromium/content/utility/speech/DEPS @@ -0,0 +1,5 @@ +include_rules = [ + "+components/soda", + "+sandbox", + "+services/service_manager/sandbox", +] diff --git a/chromium/content/utility/speech/OWNERS b/chromium/content/utility/speech/OWNERS new file mode 100644 index 00000000000..0aa0cfce167 --- /dev/null +++ b/chromium/content/utility/speech/OWNERS @@ -0,0 +1,3 @@ +per-file speech_recognition_sandbox_hook_linux.*=file://sandbox/linux/OWNERS + +# COMPONENT: Internals>Sandbox diff --git a/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.cc b/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.cc new file mode 100644 index 00000000000..6d8e9ed2e41 --- /dev/null +++ b/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.cc @@ -0,0 +1,60 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "content/utility/speech/speech_recognition_sandbox_hook_linux.h" + +#include <dlfcn.h> + +#include "components/soda/constants.h" +#include "sandbox/linux/syscall_broker/broker_command.h" +#include "sandbox/linux/syscall_broker/broker_file_permission.h" + +using sandbox::syscall_broker::BrokerFilePermission; +using sandbox::syscall_broker::MakeBrokerCommandSet; + +namespace speech { + +namespace { + +// Gets the file permissions required by the Speech On-Device API (SODA). +std::vector<BrokerFilePermission> GetSodaFilePermissions( + base::FilePath latest_version_dir) { + std::vector<BrokerFilePermission> permissions{ + BrokerFilePermission::ReadOnly("/dev/urandom")}; + + // This may happen if a user doesn't have a SODA installation. + if (!latest_version_dir.empty()) { + permissions.push_back(BrokerFilePermission::ReadOnlyRecursive( + latest_version_dir.AsEndingWithSeparator().value())); + permissions.push_back( + BrokerFilePermission::ReadOnly(latest_version_dir.value())); + } + + return permissions; +} + +} // namespace + +bool SpeechRecognitionPreSandboxHook( + service_manager::SandboxLinux::Options options) { + void* soda_library = dlopen(GetSodaBinaryPath().value().c_str(), + RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE); + DCHECK(soda_library); + + auto* instance = service_manager::SandboxLinux::GetInstance(); + instance->StartBrokerProcess(MakeBrokerCommandSet({ + sandbox::syscall_broker::COMMAND_ACCESS, + sandbox::syscall_broker::COMMAND_OPEN, + sandbox::syscall_broker::COMMAND_READLINK, + sandbox::syscall_broker::COMMAND_STAT, + }), + GetSodaFilePermissions(GetSodaDirectory()), + service_manager::SandboxLinux::PreSandboxHook(), + options); + instance->EngageNamespaceSandboxIfPossible(); + + return true; +} + +} // namespace speech diff --git a/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.h b/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.h new file mode 100644 index 00000000000..7fdfd3b7436 --- /dev/null +++ b/chromium/content/utility/speech/speech_recognition_sandbox_hook_linux.h @@ -0,0 +1,19 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_UTILITY_SPEECH_SPEECH_RECOGNITION_SANDBOX_HOOK_LINUX_H_ +#define CONTENT_UTILITY_SPEECH_SPEECH_RECOGNITION_SANDBOX_HOOK_LINUX_H_ + +#include "services/service_manager/sandbox/linux/sandbox_linux.h" + +namespace speech { + +// Opens the libsoda.so binary and grants broker file permissions to the +// necessary files required by the binary. +bool SpeechRecognitionPreSandboxHook( + service_manager::SandboxLinux::Options options); + +} // namespace speech + +#endif // CONTENT_UTILITY_SPEECH_SPEECH_RECOGNITION_SANDBOX_HOOK_LINUX_H_ |