diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-05-09 14:22:11 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-05-09 15:11:45 +0000 |
commit | 2ddb2d3e14eef3de7dbd0cef553d669b9ac2361c (patch) | |
tree | e75f511546c5fd1a173e87c1f9fb11d7ac8d1af3 /chromium/content/zygote | |
parent | a4f3d46271c57e8155ba912df46a05559d14726e (diff) | |
download | qtwebengine-chromium-2ddb2d3e14eef3de7dbd0cef553d669b9ac2361c.tar.gz |
BASELINE: Update Chromium to 51.0.2704.41
Also adds in all smaller components by reversing logic for exclusion.
Change-Id: Ibf90b506e7da088ea2f65dcf23f2b0992c504422
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
Diffstat (limited to 'chromium/content/zygote')
-rw-r--r-- | chromium/content/zygote/zygote_linux.cc | 15 | ||||
-rw-r--r-- | chromium/content/zygote/zygote_main_linux.cc | 37 |
2 files changed, 45 insertions, 7 deletions
diff --git a/chromium/content/zygote/zygote_linux.cc b/chromium/content/zygote/zygote_linux.cc index 71d94da8cdf..09828fb4421 100644 --- a/chromium/content/zygote/zygote_linux.cc +++ b/chromium/content/zygote/zygote_linux.cc @@ -46,7 +46,7 @@ #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/namespace_sandbox.h" -// See http://code.google.com/p/chromium/wiki/LinuxZygote +// See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_zygote.md namespace content { @@ -108,7 +108,7 @@ bool Zygote::ProcessRequests() { // A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the // browser on it. // A SOCK_DGRAM is installed in fd 5. This is the sandbox IPC channel. - // See http://code.google.com/p/chromium/wiki/LinuxSandboxIPC + // See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandbox_ipc.md // We need to accept SIGCHLD, even though our handler is a no-op because // otherwise we cannot wait on children. (According to POSIX 2001.) @@ -237,14 +237,14 @@ bool Zygote::HandleRequestFromBrowser(int fd) { if (len == 0 || (len == -1 && errno == ECONNRESET)) { // EOF from the browser. We should die. - // TODO(earthdok): call __sanititizer_cov_dump() here to obtain code + // TODO(eugenis): call __sanititizer_cov_dump() here to obtain code // coverage for the Zygote. Currently it's not possible because of // confusion over who is responsible for closing the file descriptor. for (int fd : extra_fds_) { PCHECK(0 == IGNORE_EINTR(close(fd))); } #if !defined(SANITIZER_COVERAGE) - // TODO(earthdok): add watchdog thread before using this in builds not + // TODO(eugenis): add watchdog thread before using this in builds not // using sanitizer coverage. CHECK(extra_children_.empty()); #endif @@ -300,7 +300,6 @@ bool Zygote::HandleRequestFromBrowser(int fd) { return false; } -// TODO(jln): remove callers to this broken API. See crbug.com/274855. void Zygote::HandleReapRequest(int fd, base::PickleIterator iter) { base::ProcessId child; @@ -436,9 +435,15 @@ int Zygote::ForkWithRealPid(const std::string& process_type, DLOG(ERROR) << "Failed to find kPrimaryIPCChannel in FD mapping"; return -1; } + int mojo_channel_fd = LookUpFd(fd_mapping, kMojoIPCChannel); + if (mojo_channel_fd < 0) { + DLOG(ERROR) << "Failed to find kMojoIPCChannel in FD mapping"; + return -1; + } std::vector<int> fds; fds.push_back(ipc_channel_fd); // kBrowserFDIndex fds.push_back(pid_oracle.get()); // kPIDOracleFDIndex + fds.push_back(mojo_channel_fd); // kMojoParentFDIndex pid = helper->Fork(process_type, fds, channel_id); // Helpers should never return in the child process. diff --git a/chromium/content/zygote/zygote_main_linux.cc b/chromium/content/zygote/zygote_main_linux.cc index 8a3221a38dd..da5a1e8299f 100644 --- a/chromium/content/zygote/zygote_main_linux.cc +++ b/chromium/content/zygote/zygote_main_linux.cc @@ -6,6 +6,7 @@ #include <dlfcn.h> #include <fcntl.h> +#include <openssl/crypto.h> #include <openssl/rand.h> #include <pthread.h> #include <signal.h> @@ -46,8 +47,10 @@ #include "sandbox/linux/services/namespace_sandbox.h" #include "sandbox/linux/services/thread_helpers.h" #include "sandbox/linux/suid/client/setuid_sandbox_client.h" +#include "third_party/WebKit/public/web/linux/WebFontRendering.h" #include "third_party/icu/source/i18n/unicode/timezone.h" #include "third_party/skia/include/ports/SkFontConfigInterface.h" +#include "third_party/skia/include/ports/SkFontMgr_android.h" #if defined(OS_LINUX) #include <sys/prctl.h> @@ -84,7 +87,7 @@ void RunTwoClosures(const base::Closure* first, const base::Closure* second) { } // namespace -// See http://code.google.com/p/chromium/wiki/LinuxZygote +// See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_zygote.md static void ProxyLocaltimeCallToBrowser(time_t input, struct tm* output, char* timezone_out, @@ -148,7 +151,7 @@ static bool g_am_zygote_or_renderer = false; // // Our replacement functions can check this global and either proxy // the call to the browser over the sandbox IPC -// (http://code.google.com/p/chromium/wiki/LinuxSandboxIPC) or they can use +// (https://chromium.googlesource.com/chromium/src/+/master/docs/linux_sandbox_ipc.md) or they can use // dlsym with RTLD_NEXT to resolve the symbol, ignoring any symbols in the // current module. // @@ -333,6 +336,12 @@ static void ZygotePreSandboxInit() { // cached and there's no more need to access the file system. scoped_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault()); +#if defined(ARCH_CPU_ARM_FAMILY) + // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor + // features. Query this before entering the sandbox. + CRYPTO_library_init(); +#endif + // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes // will work inside the sandbox. RAND_set_urandom_fd(base::GetUrandomFD()); @@ -344,8 +353,32 @@ static void ZygotePreSandboxInit() { #if defined(ENABLE_WEBRTC) InitializeWebRtcModule(); #endif + SkFontConfigInterface::SetGlobal( new FontConfigIPC(GetSandboxFD()))->unref(); + + // Set the android SkFontMgr for blink. We need to ensure this is done + // before the sandbox is initialized to allow the font manager to access + // font configuration files on disk. + if (base::CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAndroidFontsPath)) { + std::string android_fonts_dir = + base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( + switches::kAndroidFontsPath); + + if (android_fonts_dir.size() > 0 && android_fonts_dir.back() != '/') + android_fonts_dir += '/'; + std::string font_config = android_fonts_dir + "fonts.xml"; + SkFontMgr_Android_CustomFonts custom; + custom.fSystemFontUse = + SkFontMgr_Android_CustomFonts::SystemFontUse::kOnlyCustom; + custom.fBasePath = android_fonts_dir.c_str(); + custom.fFontsXml = font_config.c_str(); + custom.fFallbackFontsXml = nullptr; + custom.fIsolated = true; + + blink::WebFontRendering::setSkiaFontManager(SkFontMgr_New_Android(&custom)); + } } static bool CreateInitProcessReaper(base::Closure* post_fork_parent_callback) { |