Merge from Chromium at DEPS revision r216972

This commit was generated by merge_to_master.py. Change-Id: I01cb28d94e3fcf99e3624d75cafa50d929787ddd
author: Ben Murdoch <benm@google.com> 2013-08-12 14:20:17 +0100
committer: Ben Murdoch <benm@google.com> 2013-08-12 14:20:17 +0100
commit: ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16 (patch)
tree: aa3b1013e823cb7bdee9ece936928292f57b31f4 /content/browser/browser_main_loop.cc
parent: f7fa989080f1e63c6a8aa24d5434922d52d9f51e (diff)
download: chromium_org-ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16.tar.gz
1 files changed, 36 insertions, 28 deletions
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc
index 1c6b1a033e..c51b5c5912 100644
--- a/content/browser/browser_main_loop.cc
+++ b/content/browser/browser_main_loop.cc
@@ -7,10 +7,12 @@
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/debug/trace_event.h"
+#include "base/file_util.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
+#include "base/path_service.h"
 #include "base/pending_task.h"
 #include "base/power_monitor/power_monitor.h"
 #include "base/power_monitor/power_monitor_device_source.h"
@@ -120,48 +122,54 @@ void SetupSandbox(const CommandLine& parsed_command_line) {
   TRACE_EVENT0("startup", "SetupSandbox");
   // TODO(evanm): move this into SandboxWrapper; I'm just trying to move this
   // code en masse out of chrome_main for now.
-  const char* sandbox_binary = NULL;
+  base::FilePath sandbox_binary;
+  bool env_chrome_devel_sandbox_set = false;
   struct stat st;
 
-  // In Chromium branded builds, developers can set an environment variable to
-  // use the development sandbox. See
-  // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
-  if (stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid())
-    sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
-
-#if defined(LINUX_SANDBOX_PATH)
-  if (!sandbox_binary)
-    sandbox_binary = LINUX_SANDBOX_PATH;
-#endif
-
   const bool want_setuid_sandbox =
       !parsed_command_line.HasSwitch(switches::kNoSandbox) &&
       !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox);
 
   if (want_setuid_sandbox) {
+    base::FilePath exe_dir;
+    if (PathService::Get(base::DIR_EXE, &exe_dir)) {
+      base::FilePath sandbox_candidate = exe_dir.AppendASCII("chrome-sandbox");
+      if (base::PathExists(sandbox_candidate))
+        sandbox_binary = sandbox_candidate;
+    }
+
+    // In user-managed builds, including development builds, an environment
+    // variable is required to enable the sandbox. See
+    // http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
+    if (sandbox_binary.empty() &&
+        stat(base::kProcSelfExe, &st) == 0 && st.st_uid == getuid()) {
+      const char* devel_sandbox_path = getenv("CHROME_DEVEL_SANDBOX");
+      if (devel_sandbox_path) {
+        env_chrome_devel_sandbox_set = true;
+        sandbox_binary = base::FilePath(devel_sandbox_path);
+      }
+    }
+
     static const char no_suid_error[] = "Running without the SUID sandbox! See "
         "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment "
         "for more information on developing with the sandbox on.";
-    if (!sandbox_binary) {
-      // This needs to be fatal. Talk to security@chromium.org if you feel
-      // otherwise.
-      LOG(FATAL) << no_suid_error;
-    }
-    // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as
-    // opposed to a non existing one) is not fatal yet. This is needed because
-    // of existing bots and scripts. Fix it (crbug.com/245376).
-    if (sandbox_binary && *sandbox_binary == '\0')
+    if (sandbox_binary.empty()) {
+      if (!env_chrome_devel_sandbox_set) {
+        // This needs to be fatal. Talk to security@chromium.org if you feel
+        // otherwise.
+        LOG(FATAL) << no_suid_error;
+      }
+
+      // TODO(jln): an empty CHROME_DEVEL_SANDBOX environment variable (as
+      // opposed to a non existing one) is not fatal yet. This is needed
+      // because of existing bots and scripts. Fix it (crbug.com/245376).
       LOG(ERROR) << no_suid_error;
-  }
-
-  std::string sandbox_cmd;
-  if (want_setuid_sandbox && sandbox_binary) {
-    sandbox_cmd = sandbox_binary;
+    }
   }
 
   // Tickle the sandbox host and zygote host so they fork now.
-  RenderSandboxHostLinux::GetInstance()->Init(sandbox_cmd);
-  ZygoteHostImpl::GetInstance()->Init(sandbox_cmd);
+  RenderSandboxHostLinux::GetInstance()->Init(sandbox_binary.value());
+  ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value());
 }
 #endif
author	Ben Murdoch <benm@google.com>	2013-08-12 14:20:17 +0100
committer	Ben Murdoch <benm@google.com>	2013-08-12 14:20:17 +0100
commit	ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16 (patch)
tree	aa3b1013e823cb7bdee9ece936928292f57b31f4 /content/browser/browser_main_loop.cc
parent	f7fa989080f1e63c6a8aa24d5434922d52d9f51e (diff)
download	chromium_org-ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16.tar.gz