1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
--- src/3rdparty/chromium/content/app/content_main_runner_impl.cc.orig 2023-12-12 22:08:45 UTC
+++ src/3rdparty/chromium/content/app/content_main_runner_impl.cc
@@ -142,13 +142,13 @@
#include "content/browser/posix_file_descriptor_info_impl.h"
#include "content/public/common/content_descriptors.h"
-#if !BUILDFLAG(IS_MAC)
+#if !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_BSD)
#include "content/public/common/zygote/zygote_fork_delegate_linux.h"
#endif
#endif // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
#include "base/files/file_path_watcher_inotify.h"
#include "base/native_library.h"
#include "base/rand_util.h"
@@ -183,12 +183,16 @@
#include "content/public/common/zygote/zygote_handle.h"
#include "content/zygote/zygote_main.h"
#include "media/base/media_switches.h"
+#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
#if BUILDFLAG(ENABLE_WEBRTC)
#include "third_party/webrtc_overrides/init_webrtc.h" // nogncheck
#endif
-#endif // BUILDFLAG(USE_ZYGOTE_HANDLE)
+#if BUILDFLAG(IS_BSD)
+#include "base/system/sys_info.h"
+#endif
+
#if BUILDFLAG(IS_ANDROID)
#include "base/system/sys_info.h"
#include "content/browser/android/battery_metrics.h"
@@ -378,7 +382,7 @@ void InitializeZygoteSandboxForBrowserProcess(
}
#endif // BUILDFLAG(USE_ZYGOTE)
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
#if BUILDFLAG(ENABLE_PPAPI)
// Loads the (native) libraries but does not initialize them (i.e., does not
@@ -416,7 +420,10 @@ void PreSandboxInit() {
void PreSandboxInit() {
// Ensure the /dev/urandom is opened.
+ // we use arc4random
+#if !BUILDFLAG(IS_BSD)
base::GetUrandomFD();
+#endif
// May use sysinfo(), sched_getaffinity(), and open various /sys/ and /proc/
// files.
@@ -427,9 +434,16 @@ void PreSandboxInit() {
// https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md
CRYPTO_pre_sandbox_init();
+#if BUILDFLAG(IS_BSD)
+ // "cache" the amount of physical memory before pledge(2)
+ base::SysInfo::AmountOfPhysicalMemoryMB();
+#endif
+
+#if !BUILDFLAG(IS_BSD)
// Pre-read /proc/sys/fs/inotify/max_user_watches so it doesn't have to be
// allowed by the sandbox.
base::GetMaxNumberOfInotifyWatches();
+#endif
#if BUILDFLAG(ENABLE_PPAPI)
// Ensure access to the Pepper plugins before the sandbox is turned on.
@@ -838,11 +852,10 @@ int ContentMainRunnerImpl::Initialize(ContentMainParam
kFieldTrialDescriptor + base::GlobalDescriptors::kBaseDescriptor);
#endif // !BUILDFLAG(IS_ANDROID)
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_OPENBSD)
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
g_fds->Set(kCrashDumpSignal,
kCrashDumpSignal + base::GlobalDescriptors::kBaseDescriptor);
-#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) ||
- // BUILDFLAG(IS_OPENBSD)
+#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#endif // !BUILDFLAG(IS_WIN)
@@ -1039,8 +1052,20 @@ int ContentMainRunnerImpl::Initialize(ContentMainParam
process_type == switches::kZygoteProcess) {
PreSandboxInit();
}
+#elif BUILDFLAG(IS_BSD)
+ PreSandboxInit();
#endif
+#if BUILDFLAG(IS_BSD)
+ if (process_type.empty()) {
+ sandbox::policy::SandboxLinux::Options sandbox_options;
+ sandbox::policy::SandboxLinux::GetInstance()->InitializeSandbox(
+ sandbox::policy::SandboxTypeFromCommandLine(
+ *base::CommandLine::ForCurrentProcess()),
+ sandbox::policy::SandboxLinux::PreSandboxHook(), sandbox_options);
+ }
+#endif
+
delegate_->SandboxInitialized(process_type);
#if BUILDFLAG(USE_ZYGOTE)
@@ -1108,7 +1133,7 @@ int NO_STACK_PROTECTOR ContentMainRunnerImpl::Run() {
->ReconfigureAfterFeatureListInit(process_type);
}
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD)
// If dynamic Mojo Core is being used, ensure that it's loaded very early in
// the child/zygote process, before any sandbox is initialized. The library
// is not fully initialized with IPC support until a ChildProcess is later
@@ -1143,6 +1168,11 @@ int NO_STACK_PROTECTOR ContentMainRunnerImpl::Run() {
content_main_params_.reset();
RegisterMainThreadFactories();
+
+#if BUILDFLAG(IS_BSD)
+ if (!process_type.empty())
+ PreSandboxInit();
+#endif
if (process_type.empty())
return RunBrowser(std::move(main_params), start_minimal_browser);
|
