Use CRYPTO_pre_sandbox_init from BoringSSL.

This uses a BoringSSL abstraction for reading things like /proc/cpuinfo or opening /dev/urandom ahead of time. Rather than using RAND_set_urandom_fd to pass the //base copy of /dev/urandom to BoringSSL, we ask BoringSSL to open it internally (which it may not need at all if the system supports getrandom). This also means we may later be able to have base::RandBytes call into BoringSSL and pick up getrandom, etc., support. See https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md Change-Id: I7c9160fb76a5f20a360974408605f2f8438ae177 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203227Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#769948}

Use CRYPTO_pre_sandbox_init from BoringSSL.
This uses a BoringSSL abstraction for reading things like /proc/cpuinfo or opening /dev/urandom ahead of time. Rather than using RAND_set_urandom_fd to pass the //base copy of /dev/urandom to BoringSSL, we ask BoringSSL to open it internally (which it may not need at all if the system supports getrandom). This also means we may later be able to have base::RandBytes call into BoringSSL and pick up getrandom, etc., support. See https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md Change-Id: I7c9160fb76a5f20a360974408605f2f8438ae177 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203227Reviewed-by: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#769948}
26d4e3ec · David Benjamin · Commit Bot · 2ef7a65e · 26d4e3ec
Commit 26d4e3ec authored May 19, 2020 by David Benjamin Committed by Commit Bot May 19, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 10 deletions

content/app/content_main_runner_impl.cc content/app/content_main_runner_impl.cc +3 -10

No files found.
--- a/content/app/content_main_runner_impl.cc
+++ b/content/app/content_main_runner_impl.cc
@@ -130,7 +130,6 @@
 #include "services/service_manager/zygote/common/common_sandbox_support_linux.h"
 #include "third_party/blink/public/platform/web_font_render_style.h"
 #include "third_party/boringssl/src/include/openssl/crypto.h"
-#include "third_party/boringssl/src/include/openssl/rand.h"
 #include "third_party/skia/include/core/SkFontMgr.h"
 #include "third_party/skia/include/ports/SkFontMgr_android.h"
 #include "third_party/webrtc_overrides/init_webrtc.h"  // nogncheck
@@ -330,15 +329,9 @@ void PreloadLibraryCdms() {
 #if BUILDFLAG(USE_ZYGOTE_HANDLE)
 void PreSandboxInit() {
-#if defined(ARCH_CPU_ARM_FAMILY)
+  // Pre-acquire resources needed by BoringSSL. See
-  // On ARM, BoringSSL requires access to /proc/cpuinfo to determine processor
+  // https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md
-  // features. Query this before entering the sandbox.
+  CRYPTO_pre_sandbox_init();
-  CRYPTO_library_init();
-#endif
-  // Pass BoringSSL a copy of the /dev/urandom file descriptor so RAND_bytes
-  // will work inside the sandbox.
-  RAND_set_urandom_fd(base::GetUrandomFD());
 #if BUILDFLAG(ENABLE_PLUGINS)
  // Ensure access to the Pepper plugins before the sandbox is turned on.