Zygote most of the uses of the utility process on Linux

Allow the user of the utility process to specify whether the zygote should be used on Linux. This allows to sandbox all the uses of the utility process that don't do FS access, which right now are all except extension unpacking and NPAPI plugin listing. This is the first step to get the utility process sandboxed on Linux. Since most of the uses of the utility process don't do file access, launching all of those from the zygote will simplify sandboxing the one that does: extension unpacking. BUG=93109 TEST=Try installing an extension from the web store. Review URL: http://codereview.chromium.org/8770025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113027 0039d316-1c4b-4281-b951-d872f2087c98

Zygote most of the uses of the utility process on Linux
Allow the user of the utility process to specify whether the zygote should be used on Linux. This allows to sandbox all the uses of the utility process that don't do FS access, which right now are all except extension unpacking and NPAPI plugin listing. This is the first step to get the utility process sandboxed on Linux. Since most of the uses of the utility process don't do file access, launching all of those from the zygote will simplify sandboxing the one that does: extension unpacking. BUG=93109 TEST=Try installing an extension from the web store. Review URL: http://codereview.chromium.org/8770025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113027 0039d316-1c4b-4281-b951-d872f2087c98
2d5ad67d · jorgelo@chromium.org · f4cab50a · 2d5ad67d · 2d5ad67d · 2d5ad67d
Commit 2d5ad67d authored Dec 05, 2011 by jorgelo@chromium.org
6 changed files
--- a/chrome/browser/extensions/sandboxed_extension_unpacker.cc
+++ b/chrome/browser/extensions/sandboxed_extension_unpacker.cc
@@ -261,6 +261,9 @@ void SandboxedExtensionUnpacker::OnProcessCrashed(int exit_code) {
 void SandboxedExtensionUnpacker::StartProcessOnIOThread(
    const FilePath& temp_crx_path) {
  UtilityProcessHost* host = new UtilityProcessHost(this, thread_identifier_);
+  // Don't launch the utility process from the zygote on Linux since
+  // extension unpacking needs FS access.
+  host->set_use_linux_zygote(false);
  // Grant the subprocess access to the entire subdir the extension file is
  // in, so that it can unpack to that dir.
  host->set_exposed_dir(temp_crx_path.DirName());

--- a/chrome/browser/importer/external_process_importer_client.cc
+++ b/chrome/browser/importer/external_process_importer_client.cc
@@ -77,6 +77,7 @@ void ExternalProcessImporterClient::StartProcessOnIOThread(
    BrowserThread::ID thread_id) {
  utility_process_host_ = new UtilityProcessHost(this, thread_id);
  utility_process_host_->set_no_sandbox(true);
+  utility_process_host_->set_use_linux_zygote(false);
 #if defined(OS_MACOSX)
  base::environment_vector env;

--- a/content/app/content_main.cc
+++ b/content/app/content_main.cc
@@ -192,6 +192,7 @@ int RunZygote(const content::MainFunctionParams& main_function_params,
    { switches::kRendererProcess,    RendererMain },
    { switches::kWorkerProcess,      WorkerMain },
    { switches::kPpapiPluginProcess, PpapiPluginMain },
+    { switches::kUtilityProcess,     UtilityMain },
  };
  scoped_ptr<content::ZygoteForkDelegate> zygote_fork_delegate;

--- a/content/browser/plugin_loader_posix.cc
+++ b/content/browser/plugin_loader_posix.cc
@@ -96,6 +96,7 @@ void PluginLoaderPosix::LoadPluginsInternal() {
  process_host_ = new UtilityProcessHost(this, BrowserThread::IO);
  process_host_->set_no_sandbox(true);
+  process_host_->set_use_linux_zygote(false);
 #if defined(OS_MACOSX)
  process_host_->set_child_flags(ChildProcessHost::CHILD_ALLOW_HEAP_EXECUTION);
 #endif

--- a/content/browser/utility_process_host.cc
+++ b/content/browser/utility_process_host.cc
@@ -43,8 +43,10 @@ UtilityProcessHost::UtilityProcessHost(Client* client,
      no_sandbox_(false),
 #if defined(OS_LINUX)
      child_flags_(ChildProcessHost::CHILD_ALLOW_SELF),
+      use_linux_zygote_(true),
 #else
      child_flags_(ChildProcessHost::CHILD_NORMAL),
+      use_linux_zygote_(false),
 #endif
      started_(false) {
 }
@@ -115,8 +117,7 @@ bool UtilityProcessHost::StartProcess() {
    cmd_line->AppendSwitch(switches::kDebugPluginLoading);
 #if defined(OS_POSIX)
-  // TODO(port): Sandbox this on Linux.  Also, zygote this to work with
+  // TODO(port): Sandbox extension unpacking on Linux.
-  // Linux updating.
  bool has_cmd_prefix = browser_command_line.HasSwitch(
      switches::kUtilityCmdPrefix);
  if (has_cmd_prefix) {
@@ -129,11 +130,17 @@ bool UtilityProcessHost::StartProcess() {
  cmd_line->AppendSwitchPath(switches::kUtilityProcessAllowedDir, exposed_dir_);
 #endif
+  bool use_zygote = false;
+#if defined(OS_LINUX)
+  use_zygote = !no_sandbox_ && use_linux_zygote_;
+#endif
  Launch(
 #if defined(OS_WIN)
      exposed_dir_,
 #elif defined(OS_POSIX)
-      false,
+      use_zygote,
      env_,
 #endif
      cmd_line);

--- a/content/browser/utility_process_host.h
+++ b/content/browser/utility_process_host.h
@@ -66,6 +66,8 @@ class CONTENT_EXPORT UtilityProcessHost : public BrowserChildProcessHost {
  void set_exposed_dir(const FilePath& dir) { exposed_dir_ = dir; }
  void set_no_sandbox(bool flag) { no_sandbox_ = flag; }
  void set_child_flags(int flags) { child_flags_ = flags; }
+  void set_use_linux_zygote(bool flag) { use_linux_zygote_ = flag; }
 #if defined(OS_POSIX)
  void set_env(const base::environment_vector& env) { env_ = env; }
 #endif
@@ -104,6 +106,12 @@ class CONTENT_EXPORT UtilityProcessHost : public BrowserChildProcessHost {
  base::environment_vector env_;
+  // If the |no_sandbox_| flag is off, and we are on Linux, launch the
+  // utility process from the zygote. Defaults to true on Linux, and to
+  // false on all other platforms.
+  // Can only be used for tasks that do not require FS access.
+  bool use_linux_zygote_;
  bool started_;
  DISALLOW_COPY_AND_ASSIGN(UtilityProcessHost);