#include "sandbox/policy/sandbox.h"
#include "third_party/icu/source/i18n/unicode/timezone.h"
-#if BUILDFLAG(IS_TIZEN_TV)
-#include "third_party/icu/source/i18n/unicode/timezone.h"
+#if BUILDFLAG(IS_TIZEN)
+#include <dlfcn.h>
+#include <security-manager/security-manager.h>
#endif
// See
: sandbox_flags_(sandbox_flags),
helpers_(std::move(helpers)),
initial_uma_index_(0),
+#if BUILDFLAG(IS_TIZEN)
+ injected_bundle_handle_(nullptr),
+#endif
to_reap_(),
ipc_backchannel_(ipc_backchannel) {}
-Zygote::~Zygote() {}
+Zygote::~Zygote() {
+#if BUILDFLAG(IS_TIZEN)
+ if (injected_bundle_handle_)
+ dlclose(injected_bundle_handle_);
+#endif
+}
bool Zygote::ProcessRequests() {
// A SOCK_SEQPACKET socket is installed in fd 3. We get commands from the
case kZygoteCommandReinitializeLogging:
HandleReinitializeLoggingRequest(iter, std::move(fds));
return false;
+#if BUILDFLAG(IS_TIZEN)
+ case kZygoteCommandLoadInjectedBundle:
+ HandleLoadInjectedBundle(fd, iter);
+ return false;
+ case kZygoteCommandDropProcessPrivileges:
+ HandleDropProcessPrivileges(fd, iter);
+ return false;
+#endif
#if BUILDFLAG(IS_TIZEN_TV)
case kZygoteCommandSetTimeZoneOffset:
HandleSetTimeZoneOffset(iter);
icu::UnicodeString::fromUTF8(time_zone_offset)));
}
#endif
+
+#if BUILDFLAG(IS_TIZEN)
+typedef void (*DynamicPreloading)(void);
+void Zygote::HandleLoadInjectedBundle(int fd, base::PickleIterator iter) {
+ std::string injected_bundle_path;
+ if (!iter.ReadString(&injected_bundle_path))
+ return;
+
+ injected_bundle_handle_ = dlopen(injected_bundle_path.c_str(), RTLD_LAZY);
+ if (!injected_bundle_handle_) {
+ LOG(ERROR) << "No handle to " << injected_bundle_path.c_str() << " error "
+ << dlerror();
+ return;
+ }
+
+ DynamicPreloading dp = reinterpret_cast<DynamicPreloading>(
+ dlsym(injected_bundle_handle_, "DynamicPreloading"));
+ if (dp) {
+ dp();
+ } else {
+ LOG(ERROR) << "Fail to load symbol 'DynamicPreloading'"
+ << ", error " << dlerror();
+ }
+}
+
+void Zygote::HandleDropProcessPrivileges(int fd, base::PickleIterator iter) {
+ std::string app_id;
+ if (!iter.ReadString(&app_id))
+ return;
+
+#if BUILDFLAG(IS_TIZEN_TV)
+ std::string smack_label;
+ if (!base::ReadFileToString(base::FilePath("/proc/self/attr/current"),
+ &smack_label)) {
+ LOG(ERROR) << "Fail to get smack label";
+ } else {
+ if (smack_label.compare("System::Privileged") != 0) {
+ LOG(INFO) << app_id << " is Already app process "
+ << ", smack_label " << smack_label;
+ return;
+ }
+ }
+#endif // BUILDFLAG(IS_TIZEN_TV)
+
+ int error = security_manager_prepare_app(app_id.c_str());
+ if (error) {
+ LOG(ERROR) << "Fail on security_manager_prepare_app"
+ << ", error code " << error;
+ }
+}
+#endif // BUILDFLAG(IS_TIZEN)
} // namespace content
void HandleSetTimeZoneOffset(base::PickleIterator iter);
#endif
+#if BUILDFLAG(IS_TIZEN)
+ // Get a library path from |iter|, and load it via dlopen().
+ // This step will reduce the launching time of
+ // actual web application launching.
+ // The loaded handle must be closed on termination.
+ void HandleLoadInjectedBundle(int fd, base::PickleIterator iter);
+
+ // Handle a 'drop privileges' request from the browser: this means
+ // that a new application will be launched and the browser
+ // will request a new renderer process. Thus before forking new process,
+ // zygote process should has restrict privileges.
+
+ // Get an actual application ID, and manipulate privileges of current process.
+ void HandleDropProcessPrivileges(int fd, base::PickleIterator iter);
+#endif
+
// The Zygote needs to keep some information about each process. Most
// notably what the PID of the process is inside the PID namespace of
// the Zygote and whether or not a process was started by the
// Count of how many fork delegates for which we've invoked InitialUMA().
size_t initial_uma_index_;
+#if BUILDFLAG(IS_TIZEN)
+ // This contains the FD that must be closed when current process is
+ // terminated.
+ void* injected_bundle_handle_;
+#endif
+
// The vector contains the child processes that need to be reaped.
std::vector<ZygoteProcessInfo> to_reap_;