diff --git a/chrome/app/chrome_main_delegate.cc b/chrome/app/chrome_main_delegate.cc index d3955c885c72a4..945cee14368b48 100644 --- a/chrome/app/chrome_main_delegate.cc +++ b/chrome/app/chrome_main_delegate.cc @@ -1152,8 +1152,7 @@ void ChromeMainDelegate::ProcessExiting(const std::string& process_type) { #if defined(OS_LINUX) void ChromeMainDelegate::ZygoteStarting( - std::vector>* - delegates) { + std::vector>* delegates) { #if defined(OS_CHROMEOS) chromeos::InitHugepagesAndMlockSelf(); #endif diff --git a/chrome/app/chrome_main_delegate.h b/chrome/app/chrome_main_delegate.h index 56fe0fdec9b466..b51eff0271ddb4 100644 --- a/chrome/app/chrome_main_delegate.h +++ b/chrome/app/chrome_main_delegate.h @@ -49,9 +49,8 @@ class ChromeMainDelegate : public content::ContentMainDelegate { const content::MainFunctionParams& main_function_params) override; void ProcessExiting(const std::string& process_type) override; #if defined(OS_LINUX) - void ZygoteStarting( - std::vector>* - delegates) override; + void ZygoteStarting(std::vector>* + delegates) override; void ZygoteForked() override; #endif service_manager::ProcessType OverrideProcessType() override; diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn index fbec875b3d3c2d..a690b2ec825785 100644 --- a/chrome/browser/BUILD.gn +++ b/chrome/browser/BUILD.gn @@ -4339,7 +4339,6 @@ static_library("browser") { if (use_x11) { deps += [ "//ui/gfx/x" ] } - deps += [ "//services/service_manager/zygote" ] } if (is_chromeos) { diff --git a/chrome/browser/memory_details.cc b/chrome/browser/memory_details.cc index 0284ed27aac684..9b25ce54763528 100644 --- a/chrome/browser/memory_details.cc +++ b/chrome/browser/memory_details.cc @@ -39,7 +39,7 @@ #include "ui/base/l10n/l10n_util.h" #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) -#include "services/service_manager/zygote/zygote_host_linux.h" +#include "content/public/browser/zygote_host/zygote_host_linux.h" #endif #if BUILDFLAG(ENABLE_EXTENSIONS) @@ -340,7 +340,7 @@ void MemoryDetails::CollectChildInfoOnUIThread() { } #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) - if (service_manager::ZygoteHost::GetInstance()->IsZygotePid(process.pid)) { + if (content::ZygoteHost::GetInstance()->IsZygotePid(process.pid)) { process.process_type = content::PROCESS_TYPE_ZYGOTE; } #endif diff --git a/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc b/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc index 71012fcae87fb0..1626655dd225ff 100644 --- a/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc +++ b/chrome/browser/resource_coordinator/tab_manager_delegate_chromeos.cc @@ -49,7 +49,6 @@ #include "content/public/browser/render_process_host.h" #include "content/public/browser/render_widget_host.h" #include "content/public/common/content_constants.h" -#include "services/service_manager/zygote/zygote_host_linux.h" #include "ui/wm/public/activation_client.h" using base::ProcessHandle; diff --git a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc index 40567210a5a4bb..481b12ba8bf907 100644 --- a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc +++ b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc @@ -25,8 +25,8 @@ #endif #if defined(OS_LINUX) +#include "content/public/browser/zygote_host/zygote_host_linux.h" #include "services/service_manager/sandbox/sandbox.h" -#include "services/service_manager/zygote/zygote_host_linux.h" #endif namespace { @@ -35,7 +35,7 @@ namespace { static void SetSandboxStatusData(content::WebUIDataSource* source) { // Get expected sandboxing status of renderers. const int status = - service_manager::ZygoteHost::GetInstance()->GetRendererSandboxStatus(); + content::ZygoteHost::GetInstance()->GetRendererSandboxStatus(); source->AddBoolean("suid", status & service_manager::SandboxLinux::kSUID); source->AddBoolean("userNs", status & service_manager::SandboxLinux::kUserNS); diff --git a/components/nacl/broker/BUILD.gn b/components/nacl/broker/BUILD.gn index 7377462909d63c..c7cf2276624ad9 100644 --- a/components/nacl/broker/BUILD.gn +++ b/components/nacl/broker/BUILD.gn @@ -26,12 +26,12 @@ source_set("broker") { "//components/nacl/common:minimal", "//components/nacl/common:switches", "//content/public/common:static_switches", + "//content/public/common/zygote:buildflags", "//ipc", "//mojo/public/cpp/platform", "//mojo/public/cpp/system", "//sandbox", "//services/service_manager/public/cpp", - "//services/service_manager/zygote:zygote_buildflags", ] if (current_cpu == target_cpu) { @@ -137,9 +137,9 @@ if (current_cpu == "x86") { deps = [ "//base", "//content/public/common:static_switches", + "//content/public/common/zygote:buildflags", "//sandbox", "//services/service_manager/sandbox", - "//services/service_manager/zygote:zygote_buildflags", ] } diff --git a/components/nacl/browser/BUILD.gn b/components/nacl/browser/BUILD.gn index d6f2729da79513..f62037801325fa 100644 --- a/components/nacl/browser/BUILD.gn +++ b/components/nacl/browser/BUILD.gn @@ -44,7 +44,6 @@ static_library("browser") { "//ppapi/host", "//ppapi/proxy:ipc", "//ppapi/shared_impl", - "//services/service_manager/zygote:zygote_buildflags", ] public_deps = [ @@ -64,7 +63,6 @@ static_library("browser") { "//components/nacl/loader:nacl_helper_integration", "//sandbox/linux:sandbox_services", "//sandbox/linux:suid_sandbox_client", - "//services/service_manager/zygote", ] if (enable_nacl_nonsfi) { diff --git a/components/nacl/browser/nacl_process_host.cc b/components/nacl/browser/nacl_process_host.cc index 767b4f49188cfa..4f6e651b9ab058 100644 --- a/components/nacl/browser/nacl_process_host.cc +++ b/components/nacl/browser/nacl_process_host.cc @@ -54,6 +54,7 @@ #include "content/public/common/content_switches.h" #include "content/public/common/process_type.h" #include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "ipc/ipc_channel.h" #include "mojo/public/cpp/system/invitation.h" #include "net/socket/socket_descriptor.h" @@ -63,10 +64,9 @@ #include "ppapi/shared_impl/ppapi_constants.h" #include "ppapi/shared_impl/ppapi_nacl_plugin_args.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/public/common/zygote/zygote_handle.h" // nogncheck #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) #if defined(OS_POSIX) @@ -185,8 +185,8 @@ class NaClSandboxedProcessLauncherDelegate #endif // OS_WIN #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle GetZygote() override { - return service_manager::GetGenericZygote(); + content::ZygoteHandle GetZygote() override { + return content::GetGenericZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/components/nacl/loader/BUILD.gn b/components/nacl/loader/BUILD.gn index 55ff9234de37bf..3be334791fff7a 100644 --- a/components/nacl/loader/BUILD.gn +++ b/components/nacl/loader/BUILD.gn @@ -43,10 +43,6 @@ source_set("minimal") { "//sandbox", "//services/service_manager/public/cpp", ] - - if (is_linux) { - deps += [ "//services/service_manager/zygote" ] - } } # This exists just to make 'gn check' happy with :minimal and @@ -56,9 +52,9 @@ source_set("minimal") { source_set("minimal_content_dummy") { check_includes = false sources = [ - "//content/public/common/common_sandbox_support_linux.h", "//content/public/common/main_function_params.h", "//content/public/common/sandbox_init.h", + "//content/public/common/zygote/sandbox_support_linux.h", ] # Deps required by the above headers. @@ -128,7 +124,6 @@ if (is_linux) { "//mojo/core/embedder", "//sandbox/linux:sandbox_services", "//services/service_manager/sandbox", - "//services/service_manager/zygote", "//url/ipc:url_ipc", ] @@ -241,7 +236,6 @@ if (is_nacl_nonsfi) { "//sandbox/linux:sandbox", "//services/service_manager/public/cpp", "//services/service_manager/sandbox", - "//services/service_manager/zygote:zygote_util", ] } diff --git a/components/nacl/loader/nacl_helper_linux.cc b/components/nacl/loader/nacl_helper_linux.cc index 12e9565f6b5bf7..273eb2afcf230d 100644 --- a/components/nacl/loader/nacl_helper_linux.cc +++ b/components/nacl/loader/nacl_helper_linux.cc @@ -36,13 +36,13 @@ #include "build/build_config.h" #include "components/nacl/common/nacl_switches.h" #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" +#include "content/public/common/zygote/send_zygote_child_ping_linux.h" +#include "content/public/common/zygote/zygote_fork_delegate_linux.h" #include "mojo/core/embedder/embedder.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/namespace_sandbox.h" #include "services/service_manager/embedder/descriptors.h" #include "services/service_manager/embedder/switches.h" -#include "services/service_manager/zygote/common/send_zygote_child_ping_linux.h" -#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h" #if defined(OS_NACL_NONSFI) #include "components/nacl/loader/nonsfi/nonsfi_listener.h" @@ -144,16 +144,16 @@ void ChildNaClLoaderInit(std::vector child_fds, nacl::NaClSandbox* nacl_sandbox, const std::string& channel_id) { DCHECK(child_fds.size() > - std::max(service_manager::ZygoteForkDelegate::kPIDOracleFDIndex, - service_manager::ZygoteForkDelegate::kBrowserFDIndex)); + std::max(content::ZygoteForkDelegate::kPIDOracleFDIndex, + content::ZygoteForkDelegate::kBrowserFDIndex)); // Ping the PID oracle socket. - CHECK(service_manager::SendZygoteChildPing( - child_fds[service_manager::ZygoteForkDelegate::kPIDOracleFDIndex].get())); + CHECK(content::SendZygoteChildPing( + child_fds[content::ZygoteForkDelegate::kPIDOracleFDIndex].get())); // Save the browser socket and close the rest. - base::ScopedFD browser_fd(std::move( - child_fds[service_manager::ZygoteForkDelegate::kBrowserFDIndex])); + base::ScopedFD browser_fd( + std::move(child_fds[content::ZygoteForkDelegate::kBrowserFDIndex])); child_fds.clear(); BecomeNaClLoader(std::move(browser_fd), system_info, uses_nonsfi_mode, @@ -181,7 +181,7 @@ bool HandleForkRequest(std::vector child_fds, return false; } - if (service_manager::ZygoteForkDelegate::kNumPassedFDs != child_fds.size()) { + if (content::ZygoteForkDelegate::kNumPassedFDs != child_fds.size()) { LOG(ERROR) << "nacl_helper: unexpected number of fds, got " << child_fds.size(); return false; diff --git a/components/nacl/loader/nacl_listener.cc b/components/nacl/loader/nacl_listener.cc index 99d4cb59f97199..1936930cc530c3 100644 --- a/components/nacl/loader/nacl_listener.cc +++ b/components/nacl/loader/nacl_listener.cc @@ -42,7 +42,7 @@ #include "native_client/src/public/nacl_desc.h" #if defined(OS_LINUX) -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" +#include "content/public/common/zygote/sandbox_support_linux.h" #endif #if defined(OS_POSIX) @@ -229,8 +229,8 @@ void NaClListener::Listen() { #if defined(OS_LINUX) // static int NaClListener::MakeSharedMemorySegment(size_t length, int executable) { - return service_manager::SharedMemoryIPCSupport::MakeSharedMemorySegment( - length, executable); + return content::SharedMemoryIPCSupport::MakeSharedMemorySegment(length, + executable); } #endif diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc index 0b57143c3b8e0c..0380710591862f 100644 --- a/components/nacl/zygote/nacl_fork_delegate_linux.cc +++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc @@ -130,8 +130,7 @@ bool SendIPCRequestAndReadReply(int ipc_channel, namespace nacl { void AddNaClZygoteForkDelegates( - std::vector>* - delegates) { + std::vector>* delegates) { delegates->push_back( std::make_unique(false /* nonsfi_mode */)); delegates->push_back( diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.h b/components/nacl/zygote/nacl_fork_delegate_linux.h index 3beb83f8cbff1b..7d90d13b6ef809 100644 --- a/components/nacl/zygote/nacl_fork_delegate_linux.h +++ b/components/nacl/zygote/nacl_fork_delegate_linux.h @@ -12,7 +12,7 @@ #include "base/compiler_specific.h" #include "base/gtest_prod_util.h" #include "base/macros.h" -#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h" +#include "content/public/common/zygote/zygote_fork_delegate_linux.h" namespace base { struct LaunchOptions; @@ -22,15 +22,14 @@ namespace nacl { // Appends any ZygoteForkDelegate instances needed by NaCl to |*delegates|. void AddNaClZygoteForkDelegates( - std::vector>* - delegates); + std::vector>* delegates); // The NaClForkDelegate is created during Chrome linux zygote initialization, // and provides "fork()" functionality with NaCl specific process // characteristics (specifically address space layout) as an alternative to // forking the zygote. A new delegate is passed in as an argument to // ZygoteMain(). -class NaClForkDelegate : public service_manager::ZygoteForkDelegate { +class NaClForkDelegate : public content::ZygoteForkDelegate { public: explicit NaClForkDelegate(bool nonsfi_mode); ~NaClForkDelegate() override; diff --git a/content/BUILD.gn b/content/BUILD.gn index 125c57090ecfab..6a4a067f527720 100644 --- a/content/BUILD.gn +++ b/content/BUILD.gn @@ -90,6 +90,7 @@ if (is_component_build) { sources = [ "//services/service_manager/sandbox/linux/sandbox_seccomp_bpf_linux.cc", "common/sandbox_init_linux.cc", + "common/zygote/send_zygote_child_ping_linux.cc", "public/common/content_switches.cc", "public/common/content_switches.h", ] diff --git a/content/app/BUILD.gn b/content/app/BUILD.gn index 703a60ebed5833..5adcc191913bf4 100644 --- a/content/app/BUILD.gn +++ b/content/app/BUILD.gn @@ -82,6 +82,7 @@ source_set("content_main_runner_app") { "//content/public/utility:utility_sources", "//content/renderer", "//content/utility", + "//content/zygote", ] } diff --git a/content/app/content_main_runner_impl.cc b/content/app/content_main_runner_impl.cc index 12055944205a9d..f5e5576fd74553 100644 --- a/content/app/content_main_runner_impl.cc +++ b/content/app/content_main_runner_impl.cc @@ -76,6 +76,7 @@ #include "content/public/common/main_function_params.h" #include "content/public/common/network_service_util.h" #include "content/public/common/sandbox_init.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "content/public/gpu/content_gpu_client.h" #include "content/public/renderer/content_renderer_client.h" #include "content/public/utility/content_utility_client.h" @@ -94,7 +95,6 @@ #include "services/service_manager/embedder/switches.h" #include "services/service_manager/sandbox/sandbox_type.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #include "services/tracing/public/cpp/trace_startup.h" #include "third_party/blink/public/common/origin_trials/trial_token_validator.h" #include "ui/base/ui_base_paths.h" @@ -122,11 +122,11 @@ #include "content/public/common/content_descriptors.h" #if !defined(OS_MACOSX) -#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h" +#include "content/public/common/zygote/zygote_fork_delegate_linux.h" #endif #if !defined(OS_MACOSX) && !defined(OS_ANDROID) +#include "content/zygote/zygote_main.h" #include "sandbox/linux/services/libc_interceptor.h" -#include "services/service_manager/zygote/zygote_main.h" #endif #endif // OS_POSIX || OS_FUCHSIA @@ -134,7 +134,7 @@ #if defined(OS_LINUX) #include "base/native_library.h" #include "base/rand_util.h" -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" +#include "content/public/common/zygote/sandbox_support_linux.h" #include "third_party/blink/public/platform/web_font_render_style.h" #include "third_party/boringssl/src/include/openssl/crypto.h" #include "third_party/skia/include/core/SkFontMgr.h" @@ -155,11 +155,12 @@ #if BUILDFLAG(USE_ZYGOTE_HANDLE) #include "content/browser/sandbox_host_linux.h" +#include "content/browser/zygote_host/zygote_host_impl_linux.h" +#include "content/common/zygote/zygote_communication_linux.h" +#include "content/common/zygote/zygote_handle_impl_linux.h" +#include "content/public/common/zygote/sandbox_support_linux.h" +#include "content/public/common/zygote/zygote_handle.h" #include "media/base/media_switches.h" -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" -#include "services/service_manager/zygote/common/zygote_handle.h" -#include "services/service_manager/zygote/host/zygote_communication_linux.h" -#include "services/service_manager/zygote/host/zygote_host_impl_linux.h" #endif #if defined(OS_ANDROID) @@ -262,10 +263,9 @@ pid_t LaunchZygoteHelper(base::CommandLine* cmd_line, // sandboxed processes to talk to it. base::FileHandleMappingVector additional_remapped_fds; additional_remapped_fds.emplace_back( - SandboxHostLinux::GetInstance()->GetChildSocket(), - service_manager::GetSandboxFD()); + SandboxHostLinux::GetInstance()->GetChildSocket(), GetSandboxFD()); - return service_manager::ZygoteHostImpl::GetInstance()->LaunchZygote( + return ZygoteHostImpl::GetInstance()->LaunchZygote( cmd_line, control_fd, std::move(additional_remapped_fds)); } @@ -287,15 +287,15 @@ void InitializeZygoteSandboxForBrowserProcess( } // Tickle the zygote host so it forks now. - service_manager::ZygoteHostImpl::GetInstance()->Init(parsed_command_line); - service_manager::CreateUnsandboxedZygote(base::BindOnce(LaunchZygoteHelper)); - service_manager::ZygoteHandle generic_zygote = - service_manager::CreateGenericZygote(base::BindOnce(LaunchZygoteHelper)); + ZygoteHostImpl::GetInstance()->Init(parsed_command_line); + CreateUnsandboxedZygote(base::BindOnce(LaunchZygoteHelper)); + ZygoteHandle generic_zygote = + CreateGenericZygote(base::BindOnce(LaunchZygoteHelper)); // TODO(kerrnel): Investigate doing this without the ZygoteHostImpl as a // proxy. It is currently done this way due to concerns about race // conditions. - service_manager::ZygoteHostImpl::GetInstance()->SetRendererSandboxStatus( + ZygoteHostImpl::GetInstance()->SetRendererSandboxStatus( generic_zygote->GetSandboxStatus()); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) @@ -468,8 +468,7 @@ int RunZygote(ContentMainDelegate* delegate) { #endif }; - std::vector> - zygote_fork_delegates; + std::vector> zygote_fork_delegates; delegate->ZygoteStarting(&zygote_fork_delegates); media::InitializeMediaLibrary(); @@ -478,7 +477,7 @@ int RunZygote(ContentMainDelegate* delegate) { #endif // This function call can return multiple times, once per fork(). - if (!service_manager::ZygoteMain(std::move(zygote_fork_delegates))) { + if (!ZygoteMain(std::move(zygote_fork_delegates))) { return 1; } diff --git a/content/browser/BUILD.gn b/content/browser/BUILD.gn index 7c5aabfdb68b50..1ebd6a50636ca9 100644 --- a/content/browser/BUILD.gn +++ b/content/browser/BUILD.gn @@ -10,6 +10,7 @@ import("//build/config/ui.gni") import("//chromeos/assistant/assistant.gni") import("//components/ui_devtools/devtools.gni") import("//content/common/features.gni") +import("//content/public/common/zygote/features.gni") import("//device/vr/buildflags/buildflags.gni") import("//gpu/vulkan/features.gni") import("//media/media_options.gni") @@ -112,6 +113,7 @@ jumbo_source_set("browser") { "//content/public/browser:proto", "//content/public/common:common_sources", "//content/public/common:content_descriptor_keys", + "//content/public/common/zygote:buildflags", "//crypto", "//device/base", "//device/bluetooth", @@ -178,7 +180,6 @@ jumbo_source_set("browser") { "//services/service_manager/embedder:embedder_result_codes", "//services/service_manager/public/cpp", "//services/service_manager/public/mojom", - "//services/service_manager/zygote:zygote_buildflags", "//services/shape_detection:lib", "//services/shape_detection/public/mojom", "//services/tracing:lib", @@ -2045,13 +2046,14 @@ jumbo_source_set("browser") { sources += [ "font_service.cc", "font_service.h", + "zygote_host/zygote_host_impl_linux.cc", + "zygote_host/zygote_host_impl_linux.h", ] public_deps += [ "//components/services/font/public/mojom" ] deps += [ "//components/services/font:lib", - "//services/service_manager/zygote", "//third_party/blink/public/mojom:memory_usage_monitor_linux_mojo_bindings", ] } diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc index 064d60f239b962..4ada8596176e85 100644 --- a/content/browser/browser_main_loop.cc +++ b/content/browser/browser_main_loop.cc @@ -111,6 +111,7 @@ #include "content/public/common/main_function_params.h" #include "content/public/common/result_codes.h" #include "content/public/common/service_names.mojom.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "device/fido/hid/fido_hid_discovery.h" #include "device/gamepad/gamepad_service.h" #include "media/audio/audio_manager.h" @@ -133,7 +134,6 @@ #include "services/content/public/cpp/navigable_contents_view.h" #include "services/data_decoder/public/cpp/service_provider.h" #include "services/network/transitional_url_loader_factory_owner.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #include "skia/ext/event_tracer_impl.h" #include "skia/ext/skia_memory_dump_provider.h" #include "sql/sql_memory_dump_provider.h" diff --git a/content/browser/child_process_launcher_helper.h b/content/browser/child_process_launcher_helper.h index e47a53628cda73..fa9c372a921c22 100644 --- a/content/browser/child_process_launcher_helper.h +++ b/content/browser/child_process_launcher_helper.h @@ -17,9 +17,9 @@ #include "base/sequenced_task_runner.h" #include "build/build_config.h" #include "content/public/common/result_codes.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "mojo/public/cpp/platform/platform_channel.h" #include "mojo/public/cpp/system/invitation.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #if !defined(OS_FUCHSIA) #include "mojo/public/cpp/platform/named_platform_channel.h" @@ -44,7 +44,7 @@ #endif #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/public/common/zygote/zygote_handle.h" // nogncheck #endif namespace base { @@ -88,7 +88,7 @@ class ChildProcessLauncherHelper : base::Process process; #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle zygote = nullptr; + ZygoteHandle zygote = nullptr; #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) }; diff --git a/content/browser/child_process_launcher_helper_linux.cc b/content/browser/child_process_launcher_helper_linux.cc index e53e60ef146f80..e63dfcf43147c7 100644 --- a/content/browser/child_process_launcher_helper_linux.cc +++ b/content/browser/child_process_launcher_helper_linux.cc @@ -9,6 +9,8 @@ #include "content/browser/child_process_launcher_helper.h" #include "content/browser/child_process_launcher_helper_posix.h" #include "content/browser/sandbox_host_linux.h" +#include "content/browser/zygote_host/zygote_host_impl_linux.h" +#include "content/common/zygote/zygote_communication_linux.h" #include "content/public/browser/child_process_launcher_utils.h" #include "content/public/browser/content_browser_client.h" #include "content/public/common/content_client.h" @@ -16,11 +18,9 @@ #include "content/public/common/content_switches.h" #include "content/public/common/result_codes.h" #include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "content/public/common/zygote/sandbox_support_linux.h" +#include "content/public/common/zygote/zygote_handle.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" -#include "services/service_manager/zygote/common/zygote_handle.h" -#include "services/service_manager/zygote/host/zygote_communication_linux.h" -#include "services/service_manager/zygote/host/zygote_host_impl_linux.h" namespace content { namespace internal { @@ -52,8 +52,7 @@ bool ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread( if (GetProcessType() == switches::kRendererProcess) { const int sandbox_fd = SandboxHostLinux::GetInstance()->GetChildSocket(); - options->fds_to_remap.push_back( - std::make_pair(sandbox_fd, service_manager::GetSandboxFD())); + options->fds_to_remap.push_back(std::make_pair(sandbox_fd, GetSandboxFD())); } options->environment = delegate_->GetEnvironment(); @@ -69,7 +68,7 @@ ChildProcessLauncherHelper::LaunchProcessOnLauncherThread( int* launch_result) { *is_synchronous_launch = true; - service_manager::ZygoteHandle zygote_handle = + ZygoteHandle zygote_handle = base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoZygote) ? nullptr : delegate_->GetZygote(); @@ -89,8 +88,7 @@ ChildProcessLauncherHelper::LaunchProcessOnLauncherThread( if (command_line()->GetSwitchValueASCII(switches::kProcessType) == switches::kRendererProcess) oom_score = content::kLowestRendererOomScore; - service_manager::ZygoteHostImpl::GetInstance()->AdjustRendererOOMScore( - handle, oom_score); + ZygoteHostImpl::GetInstance()->AdjustRendererOOMScore(handle, oom_score); } #endif diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc index 55e4567abb1218..c76b41cca3a42c 100644 --- a/content/browser/gpu/gpu_process_host.cc +++ b/content/browser/gpu/gpu_process_host.cc @@ -55,6 +55,7 @@ #include "content/public/common/content_switches.h" #include "content/public/common/result_codes.h" #include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "gpu/command_buffer/service/gpu_switches.h" #include "gpu/config/gpu_driver_bug_list.h" #include "gpu/config/gpu_driver_bug_workaround_type.h" @@ -96,6 +97,10 @@ #include "ui/gfx/x/x11_switches.h" // nogncheck #endif +#if BUILDFLAG(USE_ZYGOTE_HANDLE) +#include "content/common/zygote/zygote_handle_impl_linux.h" +#endif + #if defined(OS_MACOSX) || defined(OS_ANDROID) #include "gpu/ipc/common/gpu_surface_tracker.h" #endif @@ -422,13 +427,13 @@ class GpuSandboxedProcessLauncherDelegate #endif // OS_WIN #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle GetZygote() override { + ZygoteHandle GetZygote() override { if (service_manager::IsUnsandboxedSandboxType(GetSandboxType())) return nullptr; // The GPU process needs a specialized sandbox, so fork from the unsandboxed // zygote and then apply the actual sandboxes in the forked process. - return service_manager::GetUnsandboxedZygote(); + return GetUnsandboxedZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/content/browser/ppapi_plugin_process_host.cc b/content/browser/ppapi_plugin_process_host.cc index 18ca6cf2de5b58..09f2cabf4c3a97 100644 --- a/content/browser/ppapi_plugin_process_host.cc +++ b/content/browser/ppapi_plugin_process_host.cc @@ -33,12 +33,12 @@ #include "content/public/common/pepper_plugin_info.h" #include "content/public/common/process_type.h" #include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "ppapi/proxy/ppapi_messages.h" #include "ppapi/shared_impl/ppapi_permissions.h" #include "services/network/public/cpp/network_connection_tracker.h" #include "services/service_manager/sandbox/sandbox_type.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #include "ui/base/ui_base_switches.h" #if defined(OS_WIN) @@ -51,7 +51,7 @@ #endif #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/public/common/zygote/zygote_handle.h" // nogncheck #endif namespace content { @@ -120,14 +120,14 @@ class PpapiPluginSandboxedProcessLauncherDelegate #endif // OS_WIN #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle GetZygote() override { + ZygoteHandle GetZygote() override { const base::CommandLine& browser_command_line = *base::CommandLine::ForCurrentProcess(); base::CommandLine::StringType plugin_launcher = browser_command_line .GetSwitchValueNative(switches::kPpapiPluginLauncher); if (is_broker_ || !plugin_launcher.empty()) return nullptr; - return service_manager::GetGenericZygote(); + return GetGenericZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc index 005e04a717c488..5a707cf1b18b73 100644 --- a/content/browser/renderer_host/render_process_host_impl.cc +++ b/content/browser/renderer_host/render_process_host_impl.cc @@ -177,6 +177,7 @@ #include "content/public/common/service_names.mojom.h" #include "content/public/common/url_constants.h" #include "content/public/common/web_preferences.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "device/gamepad/gamepad_haptics_manager.h" #include "google_apis/gaia/gaia_switches.h" #include "gpu/GLES2/gl2extchromium.h" @@ -214,7 +215,6 @@ #include "services/service_manager/public/cpp/binder_registry.h" #include "services/service_manager/public/cpp/interface_provider.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #include "storage/browser/database/database_tracker.h" #include "storage/browser/file_system/sandbox_file_system_backend.h" #include "third_party/blink/public/common/features.h" @@ -289,7 +289,7 @@ #endif #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/public/common/zygote/zygote_handle.h" // nogncheck #endif #if BUILDFLAG(CLANG_PROFILING_INSIDE_SANDBOX) @@ -434,14 +434,14 @@ class RendererSandboxedProcessLauncherDelegate #endif // OS_WIN #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle GetZygote() override { + ZygoteHandle GetZygote() override { const base::CommandLine& browser_command_line = *base::CommandLine::ForCurrentProcess(); base::CommandLine::StringType renderer_prefix = browser_command_line.GetSwitchValueNative(switches::kRendererCmdPrefix); if (!renderer_prefix.empty()) return nullptr; - return service_manager::GetGenericZygote(); + return GetGenericZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/content/browser/utility_process_host.cc b/content/browser/utility_process_host.cc index 7eb59ee4bcaf3a..9ce2d7ffb4e8d4 100644 --- a/content/browser/utility_process_host.cc +++ b/content/browser/utility_process_host.cc @@ -29,6 +29,7 @@ #include "content/public/common/content_switches.h" #include "content/public/common/process_type.h" #include "content/public/common/sandboxed_process_launcher_delegate.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "media/base/media_switches.h" #include "media/webrtc/webrtc_switches.h" #include "services/network/public/cpp/network_switches.h" @@ -37,7 +38,6 @@ #include "services/service_manager/sandbox/features.h" #include "services/service_manager/sandbox/sandbox_type.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #include "ui/base/ui_base_switches.h" #include "ui/gl/gl_switches.h" @@ -53,7 +53,7 @@ #endif #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/common/zygote/zygote_handle_impl_linux.h" #endif namespace content { @@ -224,7 +224,7 @@ class UtilitySandboxedProcessLauncherDelegate #endif // OS_WIN #if BUILDFLAG(USE_ZYGOTE_HANDLE) - service_manager::ZygoteHandle GetZygote() override { + ZygoteHandle GetZygote() override { // If the sandbox has been disabled for a given type, don't use a zygote. if (service_manager::IsUnsandboxedSandboxType(sandbox_type_)) return nullptr; @@ -239,11 +239,11 @@ class UtilitySandboxedProcessLauncherDelegate #endif // OS_CHROMEOS sandbox_type_ == service_manager::SandboxType::kAudio || sandbox_type_ == service_manager::SandboxType::kSpeechRecognition) { - return service_manager::GetUnsandboxedZygote(); + return GetUnsandboxedZygote(); } // All other types use the pre-sandboxed zygote. - return service_manager::GetGenericZygote(); + return GetGenericZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/content/browser/zygote_host/OWNERS b/content/browser/zygote_host/OWNERS index 50e496afb9eda0..eb4b322bdf5928 100644 --- a/content/browser/zygote_host/OWNERS +++ b/content/browser/zygote_host/OWNERS @@ -1,7 +1,4 @@ -jln@chromium.org -kerrnel@chromium.org -rsesek@chromium.org -tsepez@chromium.org +file://content/zygote/OWNERS # TEAM: security-dev@chromium.org # COMPONENT: Internals>Sandbox diff --git a/content/zygote/zygote_browsertest.cc b/content/browser/zygote_host/zygote_browsertest.cc similarity index 87% rename from content/zygote/zygote_browsertest.cc rename to content/browser/zygote_host/zygote_browsertest.cc index 4f0de6ce3a414d..f7339c77d49541 100644 --- a/content/zygote/zygote_browsertest.cc +++ b/content/browser/zygote_host/zygote_browsertest.cc @@ -8,6 +8,7 @@ #include "base/command_line.h" #include "base/strings/string_split.h" #include "content/public/common/content_switches.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" @@ -16,11 +17,10 @@ #include "services/service_manager/embedder/switches.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" -#include "services/service_manager/zygote/host/zygote_communication_linux.h" -#include "services/service_manager/zygote/host/zygote_host_impl_linux.h" +#include "content/browser/zygote_host/zygote_host_impl_linux.h" +#include "content/common/zygote/zygote_communication_linux.h" +#include "content/common/zygote/zygote_handle_impl_linux.h" #endif namespace content { @@ -60,13 +60,13 @@ IN_PROC_BROWSER_TEST_F(LinuxZygoteBrowserTest, ZygoteSandboxes) { } // Sanity check the sandbox flags we expect to be everywhere. - const int flags = service_manager::GetGenericZygote()->GetSandboxStatus(); + const int flags = GetGenericZygote()->GetSandboxStatus(); constexpr int kExpectedFlags = service_manager::SandboxLinux::kPIDNS | service_manager::SandboxLinux::kNetNS | service_manager::SandboxLinux::kUserNS; EXPECT_EQ(kExpectedFlags, flags & kExpectedFlags); - EXPECT_EQ(service_manager::GetUnsandboxedZygote()->GetSandboxStatus(), 0); + EXPECT_EQ(GetUnsandboxedZygote()->GetSandboxStatus(), 0); } #endif @@ -100,7 +100,7 @@ IN_PROC_BROWSER_TEST_F(LinuxZygoteDisabledBrowserTest, NoZygoteWhenZygoteDisabled) { EXPECT_TRUE(NavigateToURL(shell(), GURL("data:text/html,start page"))); - EXPECT_FALSE(service_manager::ZygoteHostImpl::GetInstance()->HasZygote()); + EXPECT_FALSE(ZygoteHostImpl::GetInstance()->HasZygote()); } #endif diff --git a/services/service_manager/zygote/host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc similarity index 97% rename from services/service_manager/zygote/host/zygote_host_impl_linux.cc rename to content/browser/zygote_host/zygote_host_impl_linux.cc index 2f46ecdae63eeb..ced1c83e82b75c 100644 --- a/services/service_manager/zygote/host/zygote_host_impl_linux.cc +++ b/content/browser/zygote_host/zygote_host_impl_linux.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/host/zygote_host_impl_linux.h" +#include "content/browser/zygote_host/zygote_host_impl_linux.h" #include #include @@ -16,15 +16,15 @@ #include "base/process/memory.h" #include "base/strings/string_number_conversions.h" #include "build/build_config.h" +#include "content/common/zygote/zygote_commands_linux.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/namespace_sandbox.h" #include "sandbox/linux/suid/client/setuid_sandbox_host.h" #include "sandbox/linux/suid/common/sandbox.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_commands_linux.h" -namespace service_manager { +namespace content { namespace { @@ -139,7 +139,7 @@ void ZygoteHostImpl::SetRendererSandboxStatus(int status) { renderer_sandbox_status_ = status; } -int ZygoteHostImpl::GetRendererSandboxStatus() const { +int ZygoteHostImpl::GetRendererSandboxStatus() { return renderer_sandbox_status_; } @@ -290,4 +290,4 @@ void ZygoteHostImpl::AdjustRendererOOMScore(base::ProcessHandle pid, } #endif -} // namespace service_manager +} // namespace content diff --git a/services/service_manager/zygote/host/zygote_host_impl_linux.h b/content/browser/zygote_host/zygote_host_impl_linux.h similarity index 76% rename from services/service_manager/zygote/host/zygote_host_impl_linux.h rename to content/browser/zygote_host/zygote_host_impl_linux.h index 64d6c45680de3f..21b8323eb4965e 100644 --- a/services/service_manager/zygote/host/zygote_host_impl_linux.h +++ b/content/browser/zygote_host/zygote_host_impl_linux.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ +#ifndef CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ +#define CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ #include @@ -11,23 +11,21 @@ #include #include "base/command_line.h" -#include "base/component_export.h" #include "base/files/scoped_file.h" #include "base/process/launch.h" #include "base/process/process_handle.h" #include "base/synchronization/lock.h" - -#include "services/service_manager/zygote/zygote_host_linux.h" +#include "content/common/content_export.h" +#include "content/public/browser/zygote_host/zygote_host_linux.h" namespace base { template struct DefaultSingletonTraits; } // namespace base -namespace service_manager { +namespace content { -class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHostImpl - : public ZygoteHost { +class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost { public: // Returns the singleton instance. static ZygoteHostImpl* GetInstance(); @@ -38,7 +36,7 @@ class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHostImpl bool IsZygotePid(pid_t pid) override; void SetRendererSandboxStatus(int status); - int GetRendererSandboxStatus() const override; + int GetRendererSandboxStatus() override; pid_t LaunchZygote(base::CommandLine* cmd_line, base::ScopedFD* control_fd, @@ -70,6 +68,6 @@ class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHostImpl std::set zygote_pids_; }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ +#endif // CONTENT_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_IMPL_LINUX_H_ diff --git a/content/child/BUILD.gn b/content/child/BUILD.gn index 131caa77dd9a2e..58474970eb7b57 100644 --- a/content/child/BUILD.gn +++ b/content/child/BUILD.gn @@ -147,7 +147,6 @@ target(link_target_type, "child") { deps += [ "//components/services/font/public/cpp", "//components/services/font/public/mojom", - "//services/service_manager/zygote", ] } diff --git a/content/common/BUILD.gn b/content/common/BUILD.gn index e09f70a619f844..12f64189118621 100644 --- a/content/common/BUILD.gn +++ b/content/common/BUILD.gn @@ -5,6 +5,7 @@ import("//build/buildflag_header.gni") import("//build/config/features.gni") import("//build/config/ui.gni") +import("//content/public/common/zygote/features.gni") import("//ipc/features.gni") import("//mojo/public/tools/bindings/mojom.gni") import("//ppapi/buildflags/buildflags.gni") @@ -270,8 +271,8 @@ source_set("common") { "//services/network/public/cpp", "//services/network/public/mojom", "//services/resource_coordinator/public/cpp/memory_instrumentation", + "//services/service_manager/embedder:embedder_result_codes", "//services/service_manager/public/mojom", - "//services/service_manager/zygote:zygote_buildflags", "//services/video_capture/public/mojom", "//services/viz/public/mojom", "//skia", @@ -352,9 +353,23 @@ source_set("common") { } if (is_linux) { + sources += [ + "zygote/sandbox_support_linux.cc", + "zygote/send_zygote_child_ping_linux.cc", + "zygote/zygote_commands_linux.h", + "zygote/zygote_communication_linux.cc", + "zygote/zygote_communication_linux.h", + ] deps += [ "//third_party/fontconfig" ] } + if (use_zygote_handle) { + sources += [ + "zygote/zygote_handle_impl_linux.h", + "zygote/zygote_handle_linux.cc", + ] + } + if (is_mac || is_win || is_android || is_fuchsia) { sources -= [ "font_list_fontconfig.cc" ] } diff --git a/content/common/zygote/OWNERS b/content/common/zygote/OWNERS new file mode 100644 index 00000000000000..eb4b322bdf5928 --- /dev/null +++ b/content/common/zygote/OWNERS @@ -0,0 +1,4 @@ +file://content/zygote/OWNERS + +# TEAM: security-dev@chromium.org +# COMPONENT: Internals>Sandbox diff --git a/services/service_manager/zygote/common/common_sandbox_support_linux.cc b/content/common/zygote/sandbox_support_linux.cc similarity index 88% rename from services/service_manager/zygote/common/common_sandbox_support_linux.cc rename to content/common/zygote/sandbox_support_linux.cc index 742fab4472be79..dabc1009f72cfa 100644 --- a/services/service_manager/zygote/common/common_sandbox_support_linux.cc +++ b/content/common/zygote/sandbox_support_linux.cc @@ -2,15 +2,16 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" +#include "content/public/common/zygote/sandbox_support_linux.h" #include "base/pickle.h" #include "base/posix/global_descriptors.h" #include "base/posix/unix_domain_socket.h" +#include "build/build_config.h" #include "services/service_manager/embedder/descriptors.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" -namespace service_manager { +namespace content { #if !defined(OS_NACL_NONSFI) int SharedMemoryIPCSupport::MakeSharedMemorySegment(size_t length, @@ -35,4 +36,4 @@ int GetSandboxFD() { base::GlobalDescriptors::kBaseDescriptor; } -} // namespace service_manager +} // namespace content diff --git a/services/service_manager/zygote/common/send_zygote_child_ping_linux.cc b/content/common/zygote/send_zygote_child_ping_linux.cc similarity index 68% rename from services/service_manager/zygote/common/send_zygote_child_ping_linux.cc rename to content/common/zygote/send_zygote_child_ping_linux.cc index 1245398f52c92b..ff07250fb72ded 100644 --- a/services/service_manager/zygote/common/send_zygote_child_ping_linux.cc +++ b/content/common/zygote/send_zygote_child_ping_linux.cc @@ -2,14 +2,14 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/common/send_zygote_child_ping_linux.h" +#include "content/public/common/zygote/send_zygote_child_ping_linux.h" #include #include "base/posix/unix_domain_socket.h" -#include "services/service_manager/zygote/common/zygote_commands_linux.h" +#include "content/common/zygote/zygote_commands_linux.h" -namespace service_manager { +namespace content { bool SendZygoteChildPing(int fd) { return base::UnixDomainSocket::SendMsg(fd, kZygoteChildPingMessage, @@ -17,4 +17,4 @@ bool SendZygoteChildPing(int fd) { std::vector()); } -} // namespace service_manager +} // namespace content diff --git a/services/service_manager/zygote/common/zygote_commands_linux.h b/content/common/zygote/zygote_commands_linux.h similarity index 84% rename from services/service_manager/zygote/common/zygote_commands_linux.h rename to content/common/zygote/zygote_commands_linux.h index b1d7c718a8df69..272b5b578712c5 100644 --- a/services/service_manager/zygote/common/zygote_commands_linux.h +++ b/content/common/zygote/zygote_commands_linux.h @@ -2,14 +2,14 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_COMMANDS_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_COMMANDS_LINUX_H_ +#ifndef CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMANDS_LINUX_H_ +#define CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMANDS_LINUX_H_ #include #include "base/posix/global_descriptors.h" -namespace service_manager { +namespace content { // Contents of the initial message sent from the zygote to the browser right // after it starts. @@ -49,6 +49,6 @@ enum { kZygoteCommandForkRealPID = 4 }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_COMMANDS_LINUX_H_ +#endif // CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMANDS_LINUX_H_ diff --git a/services/service_manager/zygote/host/zygote_communication_linux.cc b/content/common/zygote/zygote_communication_linux.cc similarity index 95% rename from services/service_manager/zygote/host/zygote_communication_linux.cc rename to content/common/zygote/zygote_communication_linux.cc index a3a1fc73beab6c..4ae0b9eebb3aa4 100644 --- a/services/service_manager/zygote/host/zygote_communication_linux.cc +++ b/content/common/zygote/zygote_communication_linux.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/host/zygote_communication_linux.h" +#include "content/common/zygote/zygote_communication_linux.h" #include #include @@ -17,13 +17,14 @@ #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket.h" #include "base/stl_util.h" +#include "content/common/zygote/zygote_commands_linux.h" +#include "content/public/common/content_switches.h" #include "services/service_manager/embedder/result_codes.h" #include "services/service_manager/embedder/switches.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/zygote_commands_linux.h" #include "third_party/icu/source/i18n/unicode/timezone.h" -namespace service_manager { +namespace content { ZygoteCommunication::ZygoteCommunication(ZygoteType type) : type_(type), @@ -225,10 +226,11 @@ void ZygoteCommunication::Init( CHECK(base::PathService::Get(base::FILE_EXE, &chrome_path)); base::CommandLine cmd_line(chrome_path); - cmd_line.AppendSwitchASCII(switches::kProcessType, switches::kZygoteProcess); + cmd_line.AppendSwitchASCII(service_manager::switches::kProcessType, + service_manager::switches::kZygoteProcess); if (type_ == ZygoteType::kUnsandboxed) - cmd_line.AppendSwitch(switches::kNoZygoteSandbox); + cmd_line.AppendSwitch(service_manager::switches::kNoZygoteSandbox); const base::CommandLine& browser_command_line = *base::CommandLine::ForCurrentProcess(); @@ -279,7 +281,7 @@ base::TerminationStatus ZygoteCommunication::GetTerminationStatus( // Set this now to handle the error cases. if (exit_code) - *exit_code = RESULT_CODE_NORMAL_EXIT; + *exit_code = service_manager::RESULT_CODE_NORMAL_EXIT; int status = base::TERMINATION_STATUS_NORMAL_TERMINATION; if (len == -1) { @@ -318,4 +320,4 @@ int ZygoteCommunication::GetSandboxStatus() { return sandbox_status_; } -} // namespace service_manager +} // namespace content diff --git a/services/service_manager/zygote/host/zygote_communication_linux.h b/content/common/zygote/zygote_communication_linux.h similarity index 90% rename from services/service_manager/zygote/host/zygote_communication_linux.h rename to content/common/zygote/zygote_communication_linux.h index 77878c78bbf1c7..37d8ec3e212056 100644 --- a/services/service_manager/zygote/host/zygote_communication_linux.h +++ b/content/common/zygote/zygote_communication_linux.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ +#ifndef CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMUNICATION_LINUX_H_ +#define CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMUNICATION_LINUX_H_ #include #include @@ -13,23 +13,23 @@ #include #include "base/callback.h" -#include "base/component_export.h" #include "base/files/scoped_file.h" #include "base/process/kill.h" #include "base/process/launch.h" #include "base/process/process_handle.h" #include "base/synchronization/lock.h" +#include "content/common/content_export.h" namespace base { class Pickle; } // namespace base -namespace service_manager { +namespace content { // Handles interprocess communication with the Linux zygote process. The zygote // does not use standard Chrome IPC or mojo, see: // https://chromium.googlesource.com/chromium/src/+/master/docs/linux/sandbox_ipc.md -class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteCommunication { +class CONTENT_EXPORT ZygoteCommunication { public: enum class ZygoteType { kSandboxed, kUnsandboxed }; explicit ZygoteCommunication(ZygoteType type); @@ -102,6 +102,6 @@ class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteCommunication { bool init_; }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_HOST_ZYGOTE_COMMUNICATION_LINUX_H_ +#endif // CONTENT_COMMON_ZYGOTE_ZYGOTE_COMMUNICATION_LINUX_H_ diff --git a/content/common/zygote/zygote_handle_impl_linux.h b/content/common/zygote/zygote_handle_impl_linux.h new file mode 100644 index 00000000000000..6a530828514aa0 --- /dev/null +++ b/content/common/zygote/zygote_handle_impl_linux.h @@ -0,0 +1,31 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_COMMON_ZYGOTE_ZYGOTE_HANDLE_IMPL_LINUX_H_ +#define CONTENT_COMMON_ZYGOTE_ZYGOTE_HANDLE_IMPL_LINUX_H_ + +#include "content/public/common/zygote/zygote_handle.h" + +namespace content { + +using ZygoteLaunchCallback = + base::OnceCallback; + +// Allocates and initializes the global generic zygote process, and returns the +// ZygoteHandle used to communicate with it. |launch_cb| is a callback that +// should actually launch the process, after adding additional command line +// switches to the ones composed by this function. It returns the pid created, +// and provides a control fd for it. +CONTENT_EXPORT +ZygoteHandle CreateGenericZygote(ZygoteLaunchCallback launch_cb); + +// Similar to the above but for creating an unsandboxed zygote from which +// processes which need non-generic sandboxes can be derived. +CONTENT_EXPORT +ZygoteHandle CreateUnsandboxedZygote(ZygoteLaunchCallback launch_cb); +CONTENT_EXPORT ZygoteHandle GetUnsandboxedZygote(); + +} // namespace content + +#endif // CONTENT_COMMON_ZYGOTE_ZYGOTE_HANDLE_IMPL_LINUX_H_ diff --git a/services/service_manager/zygote/host/zygote_handle_linux.cc b/content/common/zygote/zygote_handle_linux.cc similarity index 82% rename from services/service_manager/zygote/host/zygote_handle_linux.cc rename to content/common/zygote/zygote_handle_linux.cc index 30f135244be037..dd0a0acaa65adc 100644 --- a/services/service_manager/zygote/host/zygote_handle_linux.cc +++ b/content/common/zygote/zygote_handle_linux.cc @@ -2,11 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/common/zygote_handle.h" +#include "content/public/common/zygote/zygote_handle.h" -#include "services/service_manager/zygote/host/zygote_communication_linux.h" +#include "content/common/zygote/zygote_communication_linux.h" +#include "content/common/zygote/zygote_handle_impl_linux.h" -namespace service_manager { +namespace content { namespace { // Intentionally leaked. @@ -41,4 +42,4 @@ ZygoteHandle GetUnsandboxedZygote() { return g_unsandboxed_zygote; } -} // namespace service_manager +} // namespace content diff --git a/content/gpu/BUILD.gn b/content/gpu/BUILD.gn index 64ebb18c5f6b0c..354cc7c3f3849b 100644 --- a/content/gpu/BUILD.gn +++ b/content/gpu/BUILD.gn @@ -96,10 +96,6 @@ target(link_target_type, "gpu_sources") { ] } - if (is_linux) { - deps += [ "//services/service_manager/zygote" ] - } - if (mojo_media_host == "gpu") { deps += [ "//media/mojo/services" ] } diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc index 826755d4d1ded8..82f55455fe365f 100644 --- a/content/gpu/gpu_main.cc +++ b/content/gpu/gpu_main.cc @@ -89,7 +89,6 @@ #include "content/gpu/gpu_sandbox_hook_linux.h" #include "content/public/common/sandbox_init.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" #endif #if defined(OS_MACOSX) diff --git a/content/public/app/content_main_delegate.cc b/content/public/app/content_main_delegate.cc index ed5b0e2c0b4d45..02985a525c9899 100644 --- a/content/public/app/content_main_delegate.cc +++ b/content/public/app/content_main_delegate.cc @@ -27,8 +27,7 @@ int ContentMainDelegate::RunProcess( #if defined(OS_LINUX) void ContentMainDelegate::ZygoteStarting( - std::vector>* - delegates) {} + std::vector>* delegates) {} #endif // defined(OS_LINUX) diff --git a/content/public/app/content_main_delegate.h b/content/public/app/content_main_delegate.h index 2d9ee9fa20a9ab..0ca924769b9800 100644 --- a/content/public/app/content_main_delegate.h +++ b/content/public/app/content_main_delegate.h @@ -21,7 +21,6 @@ class CommandLine; namespace service_manager { class BackgroundServiceManager; class Identity; -class ZygoteForkDelegate; } // namespace service_manager namespace content { @@ -31,6 +30,7 @@ class ContentClient; class ContentGpuClient; class ContentRendererClient; class ContentUtilityClient; +class ZygoteForkDelegate; struct MainFunctionParams; class CONTENT_EXPORT ContentMainDelegate { @@ -65,8 +65,7 @@ class CONTENT_EXPORT ContentMainDelegate { // specify one or more zygote delegates if it wishes by storing them in // |*delegates|. virtual void ZygoteStarting( - std::vector>* - delegates); + std::vector>* delegates); // Called every time the zygote process forks. virtual void ZygoteForked() {} diff --git a/content/public/browser/BUILD.gn b/content/public/browser/BUILD.gn index 3a393b4010fbd7..17d0782de13802 100644 --- a/content/public/browser/BUILD.gn +++ b/content/public/browser/BUILD.gn @@ -507,6 +507,10 @@ jumbo_source_set("browser_sources") { sources += [ "remote_cocoa.h" ] } + if (is_linux) { + sources += [ "zygote_host/zygote_host_linux.h" ] + } + if (!is_android) { sources += [ "authenticator_request_client_delegate.cc", diff --git a/content/public/browser/zygote_host/OWNERS b/content/public/browser/zygote_host/OWNERS new file mode 100644 index 00000000000000..eb4b322bdf5928 --- /dev/null +++ b/content/public/browser/zygote_host/OWNERS @@ -0,0 +1,4 @@ +file://content/zygote/OWNERS + +# TEAM: security-dev@chromium.org +# COMPONENT: Internals>Sandbox diff --git a/services/service_manager/zygote/zygote_host_linux.h b/content/public/browser/zygote_host/zygote_host_linux.h similarity index 71% rename from services/service_manager/zygote/zygote_host_linux.h rename to content/public/browser/zygote_host/zygote_host_linux.h index 8e6416debe6894..449ccf7b3cee68 100644 --- a/services/service_manager/zygote/zygote_host_linux.h +++ b/content/public/browser/zygote_host/zygote_host_linux.h @@ -2,15 +2,15 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_HOST_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_HOST_LINUX_H_ +#ifndef CONTENT_PUBLIC_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_LINUX_H_ +#define CONTENT_PUBLIC_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_LINUX_H_ #include -#include "base/component_export.h" #include "base/process/process.h" +#include "content/common/content_export.h" -namespace service_manager { +namespace content { // https://chromium.googlesource.com/chromium/src/+/master/docs/linux/zygote.md @@ -19,7 +19,7 @@ namespace service_manager { class ZygoteHost { public: // Returns the singleton instance. - static COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHost* GetInstance(); + static CONTENT_EXPORT ZygoteHost* GetInstance(); virtual ~ZygoteHost() {} @@ -28,7 +28,7 @@ class ZygoteHost { // Returns an int which is a bitmask of kSandboxLinux* values. Only valid // after the first render has been forked. - virtual int GetRendererSandboxStatus() const = 0; + virtual int GetRendererSandboxStatus() = 0; // Adjust the OOM score of the given renderer's PID. The allowed // range for the score is [0, 1000], where higher values are more @@ -37,6 +37,6 @@ class ZygoteHost { int score) = 0; }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_HOST_LINUX_H_ +#endif // CONTENT_PUBLIC_BROWSER_ZYGOTE_HOST_ZYGOTE_HOST_LINUX_H_ diff --git a/content/public/common/BUILD.gn b/content/public/common/BUILD.gn index cbf44b6d1e0fd4..a85f429a0d1a0d 100644 --- a/content/public/common/BUILD.gn +++ b/content/public/common/BUILD.gn @@ -7,6 +7,7 @@ import("//build/config/chromecast_build.gni") import("//build/config/features.gni") import("//build/config/jumbo.gni") import("//build/config/ui.gni") +import("//content/public/common/zygote/features.gni") import("//media/media_options.gni") import("//mojo/public/tools/bindings/mojom.gni") import("//ppapi/buildflags/buildflags.gni") @@ -202,6 +203,7 @@ jumbo_source_set("common_sources") { ":renderer_type", ":service_names", "//content/common", + "//content/public/common/zygote:buildflags", "//ipc", "//media/capture:capture_base", "//mojo/public/cpp/bindings", @@ -232,7 +234,6 @@ jumbo_source_set("common_sources") { "//services/network/public/cpp", "//services/service_manager/embedder:embedder_result_codes", "//services/service_manager/public/cpp", - "//services/service_manager/zygote:zygote_buildflags", "//skia", "//storage/common", "//third_party/blink/public/common", @@ -255,12 +256,20 @@ jumbo_source_set("common_sources") { deps += [ "//content/public/android:jni" ] } + if (is_chromeos) { + public_deps += [ "//media/capture/video/chromeos/public" ] + } + if (is_linux) { - deps += [ "//services/service_manager/zygote" ] + sources += [ + "zygote/sandbox_support_linux.h", + "zygote/send_zygote_child_ping_linux.h", + "zygote/zygote_fork_delegate_linux.h", + ] } - if (is_chromeos) { - public_deps += [ "//media/capture/video/chromeos/public" ] + if (use_zygote_handle) { + sources += [ "zygote/zygote_handle.h" ] } if (rtc_use_pipewire) { diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc index 7d64de9a0a4bfe..f24ff2313d2d97 100644 --- a/content/public/common/content_switches.cc +++ b/content/public/common/content_switches.cc @@ -837,6 +837,9 @@ const char kWebglAntialiasingMode[] = "webgl-antialiasing-mode"; // Set a default sample count for webgl if msaa is enabled. const char kWebglMSAASampleCount[] = "webgl-msaa-sample-count"; +// The prefix used when starting the zygote process. (i.e. 'gdb --args') +const char kZygoteCmdPrefix[] = "zygote-cmd-prefix"; + // Enables specified backend for the Web OTP API. const char kWebOtpBackend[] = "web-otp-backend"; diff --git a/content/public/common/content_switches.h b/content/public/common/content_switches.h index 73bcf1a5f6cb50..45613ae2c3b1fe 100644 --- a/content/public/common/content_switches.h +++ b/content/public/common/content_switches.h @@ -225,6 +225,7 @@ CONTENT_EXPORT extern const char kValidateInputEventStream[]; CONTENT_EXPORT extern const char kWaitForDebuggerChildren[]; CONTENT_EXPORT extern const char kWebglAntialiasingMode[]; CONTENT_EXPORT extern const char kWebglMSAASampleCount[]; +CONTENT_EXPORT extern const char kZygoteCmdPrefix[]; CONTENT_EXPORT extern const char kWebOtpBackend[]; CONTENT_EXPORT extern const char kWebOtpBackendSmsVerification[]; diff --git a/content/public/common/sandboxed_process_launcher_delegate.cc b/content/public/common/sandboxed_process_launcher_delegate.cc index ee8e819d6dab82..f28909f5eb11f9 100644 --- a/content/public/common/sandboxed_process_launcher_delegate.cc +++ b/content/public/common/sandboxed_process_launcher_delegate.cc @@ -5,7 +5,7 @@ #include "content/public/common/sandboxed_process_launcher_delegate.h" #include "build/build_config.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" +#include "content/public/common/zygote/zygote_buildflags.h" namespace content { @@ -33,10 +33,10 @@ bool SandboxedProcessLauncherDelegate::ShouldLaunchElevated() { #endif // defined(OS_WIN) #if BUILDFLAG(USE_ZYGOTE_HANDLE) -service_manager::ZygoteHandle SandboxedProcessLauncherDelegate::GetZygote() { +ZygoteHandle SandboxedProcessLauncherDelegate::GetZygote() { // Default to the sandboxed zygote. If a more lax sandbox is needed, then the // child class should override this method and use the unsandboxed zygote. - return service_manager::GetGenericZygote(); + return GetGenericZygote(); } #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) diff --git a/content/public/common/sandboxed_process_launcher_delegate.h b/content/public/common/sandboxed_process_launcher_delegate.h index 9d7fd9cf229c63..03336bc17085b9 100644 --- a/content/public/common/sandboxed_process_launcher_delegate.h +++ b/content/public/common/sandboxed_process_launcher_delegate.h @@ -10,12 +10,12 @@ #include "base/process/process.h" #include "build/build_config.h" #include "content/common/content_export.h" +#include "content/public/common/zygote/zygote_buildflags.h" #include "services/service_manager/sandbox/sandbox_delegate.h" #include "services/service_manager/sandbox/sandbox_type.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" #if BUILDFLAG(USE_ZYGOTE_HANDLE) -#include "services/service_manager/zygote/common/zygote_handle.h" // nogncheck +#include "content/public/common/zygote/zygote_handle.h" // nogncheck #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) namespace content { @@ -43,7 +43,7 @@ class CONTENT_EXPORT SandboxedProcessLauncherDelegate #if BUILDFLAG(USE_ZYGOTE_HANDLE) // Returns the zygote used to launch the process. - virtual service_manager::ZygoteHandle GetZygote(); + virtual ZygoteHandle GetZygote(); #endif // BUILDFLAG(USE_ZYGOTE_HANDLE) #if defined(OS_POSIX) diff --git a/content/public/common/zygote/BUILD.gn b/content/public/common/zygote/BUILD.gn new file mode 100644 index 00000000000000..cb8c2f8197c8c1 --- /dev/null +++ b/content/public/common/zygote/BUILD.gn @@ -0,0 +1,11 @@ +# Copyright 2020 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//build/buildflag_header.gni") +import("//content/public/common/zygote/features.gni") + +buildflag_header("buildflags") { + header = "zygote_buildflags.h" + flags = [ "USE_ZYGOTE_HANDLE=$use_zygote_handle" ] +} diff --git a/content/public/common/zygote/OWNERS b/content/public/common/zygote/OWNERS new file mode 100644 index 00000000000000..eb4b322bdf5928 --- /dev/null +++ b/content/public/common/zygote/OWNERS @@ -0,0 +1,4 @@ +file://content/zygote/OWNERS + +# TEAM: security-dev@chromium.org +# COMPONENT: Internals>Sandbox diff --git a/services/service_manager/zygote/common/zygote_features.gni b/content/public/common/zygote/features.gni similarity index 100% rename from services/service_manager/zygote/common/zygote_features.gni rename to content/public/common/zygote/features.gni diff --git a/services/service_manager/zygote/common/common_sandbox_support_linux.h b/content/public/common/zygote/sandbox_support_linux.h similarity index 69% rename from services/service_manager/zygote/common/common_sandbox_support_linux.h rename to content/public/common/zygote/sandbox_support_linux.h index 051d8ba0318500..279f983f3f86fd 100644 --- a/services/service_manager/zygote/common/common_sandbox_support_linux.h +++ b/content/public/common/zygote/sandbox_support_linux.h @@ -2,21 +2,21 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_COMMON_SANDBOX_SUPPORT_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_COMMON_SANDBOX_SUPPORT_LINUX_H_ +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ #include -#include "base/component_export.h" #include "build/build_config.h" +#include "content/common/content_export.h" class NaClListener; -namespace service_manager { +namespace content { #if !defined(OS_NACL_NONSFI) // TODO(crbug.com/982879): Remove this when NaCl is unshipped. -class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) SharedMemoryIPCSupport { +class CONTENT_EXPORT SharedMemoryIPCSupport { private: friend class ::NaClListener; @@ -35,8 +35,8 @@ class COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) SharedMemoryIPCSupport { // Gets the well-known file descriptor on which we expect to find the // sandbox IPC channel. -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) int GetSandboxFD(); +CONTENT_EXPORT int GetSandboxFD(); -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_COMMON_SANDBOX_SUPPORT_LINUX_H_ +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_SANDBOX_SUPPORT_LINUX_H_ diff --git a/content/public/common/zygote/send_zygote_child_ping_linux.h b/content/public/common/zygote/send_zygote_child_ping_linux.h new file mode 100644 index 00000000000000..cc08f264e07530 --- /dev/null +++ b/content/public/common/zygote/send_zygote_child_ping_linux.h @@ -0,0 +1,18 @@ +// Copyright 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ + +#include "content/common/content_export.h" + +namespace content { + +// Sends a zygote child "ping" message to browser process via socket |fd|. +// Returns true on success. +CONTENT_EXPORT bool SendZygoteChildPing(int fd); + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_SEND_ZYGOTE_CHILD_PING_LINUX_H_ diff --git a/services/service_manager/zygote/common/zygote_fork_delegate_linux.h b/content/public/common/zygote/zygote_fork_delegate_linux.h similarity index 92% rename from services/service_manager/zygote/common/zygote_fork_delegate_linux.h rename to content/public/common/zygote/zygote_fork_delegate_linux.h index aec457b8750b86..12f784b0f851f3 100644 --- a/services/service_manager/zygote/common/zygote_fork_delegate_linux.h +++ b/content/public/common/zygote/zygote_fork_delegate_linux.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_FORK_DELEGATE_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_FORK_DELEGATE_LINUX_H_ +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ #include @@ -14,7 +14,7 @@ // to C++11. #include "base/process/kill.h" -namespace service_manager { +namespace content { // The ZygoteForkDelegate allows the Chrome Linux zygote to delegate // fork operations to another class that knows how to do some @@ -85,6 +85,6 @@ class ZygoteForkDelegate { int* exit_code) = 0; }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_FORK_DELEGATE_LINUX_H_ +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_FORK_DELEGATE_LINUX_H_ diff --git a/content/public/common/zygote/zygote_handle.h b/content/public/common/zygote/zygote_handle.h new file mode 100644 index 00000000000000..95a6e6113ec834 --- /dev/null +++ b/content/public/common/zygote/zygote_handle.h @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ +#define CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ + +#include "base/callback.h" +#include "base/command_line.h" +#include "base/files/scoped_file.h" +#include "build/build_config.h" +#include "content/common/content_export.h" +#include "content/public/common/zygote/zygote_buildflags.h" + +#if !BUILDFLAG(USE_ZYGOTE_HANDLE) +#error "Can not use zygote handles without USE_ZYGOTE_HANDLE" +#endif + +namespace content { + +#if defined(OS_POSIX) +class ZygoteCommunication; +using ZygoteHandle = ZygoteCommunication*; +#else +// Perhaps other ports may USE_ZYGOTE_HANDLE here somdeday. +#error "Can not use zygote handles on this platform" +#endif // defined(OS_POSIX) + +// Gets the generic global zygote used to launch sandboxed children. +CONTENT_EXPORT ZygoteHandle GetGenericZygote(); + +} // namespace content + +#endif // CONTENT_PUBLIC_COMMON_ZYGOTE_ZYGOTE_HANDLE_H_ diff --git a/content/renderer/BUILD.gn b/content/renderer/BUILD.gn index 415c249e42ceee..4f85483915e927 100644 --- a/content/renderer/BUILD.gn +++ b/content/renderer/BUILD.gn @@ -453,10 +453,7 @@ target(link_target_type, "renderer") { } if (is_linux) { - deps += [ - "//components/services/font/public/cpp", - "//services/service_manager/zygote", - ] + deps += [ "//components/services/font/public/cpp" ] } if (is_mac) { diff --git a/content/test/BUILD.gn b/content/test/BUILD.gn index 0a6505e641a5e9..4c832808ad1673 100644 --- a/content/test/BUILD.gn +++ b/content/test/BUILD.gn @@ -1388,11 +1388,10 @@ test("content_browsertests") { if (is_linux) { sources += [ "../browser/utility_process_sandbox_browsertest.cc", - "../zygote/zygote_browsertest.cc", + "../browser/zygote_host/zygote_browsertest.cc", ] deps += [ "//services/service_manager/tests:interfaces", - "//services/service_manager/zygote", "//ui/gfx:test_support", ] diff --git a/content/zygote/BUILD.gn b/content/zygote/BUILD.gn new file mode 100644 index 00000000000000..1673fc1378e1fd --- /dev/null +++ b/content/zygote/BUILD.gn @@ -0,0 +1,33 @@ +# Copyright 2018 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +import("//build/config/nacl/config.gni") +import("//content/public/common/zygote/features.gni") + +if (is_linux) { + source_set("zygote") { + sources = [ + "zygote_linux.cc", + "zygote_linux.h", + "zygote_main.h", + "zygote_main_linux.cc", + ] + + deps = [ + "//base", + "//base:i18n", + "//content/public/common:common_sources", + "//ipc", + "//sandbox", + "//services/service_manager/embedder", + "//services/service_manager/sandbox", + "//third_party/icu", + ] + + configs += [ "//content:content_implementation" ] + } +} else { + group("zygote") { + } +} diff --git a/content/zygote/DEPS b/content/zygote/DEPS index 9af3bd99586a9f..cbd32378dbadc5 100644 --- a/content/zygote/DEPS +++ b/content/zygote/DEPS @@ -1,3 +1,4 @@ include_rules = [ - "+services/service_manager/sandbox", -] \ No newline at end of file + "+content/public/common/zygote", + "+services/service_manager/sandbox", +] diff --git a/content/zygote/OWNERS b/content/zygote/OWNERS index 696f688510e75d..aad33ebfd009ed 100644 --- a/content/zygote/OWNERS +++ b/content/zygote/OWNERS @@ -1,3 +1,4 @@ -file://services/service_manager/zygote/OWNERS -# COMPONENT: Internals>Sandbox +file://sandbox/linux/OWNERS + # TEAM: security-dev@chromium.org +# COMPONENT: Internals>Sandbox diff --git a/services/service_manager/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc similarity index 98% rename from services/service_manager/zygote/zygote_linux.cc rename to content/zygote/zygote_linux.cc index aa601ab28d787e..48ab8fce3e7ec9 100644 --- a/services/service_manager/zygote/zygote_linux.cc +++ b/content/zygote/zygote_linux.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/zygote_linux.h" +#include "content/zygote/zygote_linux.h" #include #include @@ -32,6 +32,9 @@ #include "base/time/time.h" #include "base/trace_event/trace_event.h" #include "build/build_config.h" +#include "content/common/zygote/zygote_commands_linux.h" +#include "content/public/common/zygote/send_zygote_child_ping_linux.h" +#include "content/public/common/zygote/zygote_fork_delegate_linux.h" #include "ipc/ipc_channel.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/namespace_sandbox.h" @@ -41,15 +44,12 @@ #include "services/service_manager/embedder/switches.h" #include "services/service_manager/sandbox/linux/sandbox_linux.h" #include "services/service_manager/sandbox/sandbox.h" -#include "services/service_manager/zygote/common/send_zygote_child_ping_linux.h" -#include "services/service_manager/zygote/common/zygote_commands_linux.h" -#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h" #include "third_party/icu/source/i18n/unicode/timezone.h" // See // https://chromium.googlesource.com/chromium/src/+/master/docs/linux/zygote.md -namespace service_manager { +namespace content { namespace { @@ -407,7 +407,8 @@ int Zygote::ForkWithRealPid(const std::string& process_type, base::ScopedFD read_pipe, write_pipe; base::ProcessId pid = 0; if (helper) { - int mojo_channel_fd = LookUpFd(fd_mapping, kMojoIPCChannel); + int mojo_channel_fd = + LookUpFd(fd_mapping, service_manager::kMojoIPCChannel); if (mojo_channel_fd < 0) { DLOG(ERROR) << "Failed to find kMojoIPCChannel in FD mapping"; return -1; @@ -656,4 +657,4 @@ bool Zygote::HandleGetSandboxStatus(int fd, base::PickleIterator iter) { return false; } -} // namespace service_manager +} // namespace content diff --git a/services/service_manager/zygote/zygote_linux.h b/content/zygote/zygote_linux.h similarity index 96% rename from services/service_manager/zygote/zygote_linux.h rename to content/zygote/zygote_linux.h index 840aa17a093cfb..8e451fa6afe51a 100644 --- a/services/service_manager/zygote/zygote_linux.h +++ b/content/zygote/zygote_linux.h @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_LINUX_H_ +#ifndef CONTENT_ZYGOTE_ZYGOTE_LINUX_H_ +#define CONTENT_ZYGOTE_ZYGOTE_LINUX_H_ #include @@ -23,7 +23,7 @@ namespace base { class PickleIterator; } -namespace service_manager { +namespace content { class ZygoteForkDelegate; @@ -147,6 +147,6 @@ class Zygote { base::GlobalDescriptors::Descriptor ipc_backchannel_; }; -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_LINUX_H_ +#endif // CONTENT_ZYGOTE_ZYGOTE_LINUX_H_ diff --git a/services/service_manager/zygote/zygote_main.h b/content/zygote/zygote_main.h similarity index 54% rename from services/service_manager/zygote/zygote_main.h rename to content/zygote/zygote_main.h index 8de1e6abc322e0..1959950a6c000a 100644 --- a/services/service_manager/zygote/zygote_main.h +++ b/content/zygote/zygote_main.h @@ -2,24 +2,23 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_MAIN_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_MAIN_H_ +#ifndef CONTENT_ZYGOTE_ZYGOTE_MAIN_H_ +#define CONTENT_ZYGOTE_ZYGOTE_MAIN_H_ #include #include -#include "base/component_export.h" #include "build/build_config.h" +#include "content/common/content_export.h" -namespace service_manager { +namespace content { class ZygoteForkDelegate; // |delegate| must outlive this call. -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) -bool ZygoteMain( +CONTENT_EXPORT bool ZygoteMain( std::vector> fork_delegates); -} // namespace service_manager +} // namespace content -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_ZYGOTE_MAIN_H_ +#endif // CONTENT_ZYGOTE_ZYGOTE_MAIN_H_ diff --git a/services/service_manager/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc similarity index 94% rename from services/service_manager/zygote/zygote_main_linux.cc rename to content/zygote/zygote_main_linux.cc index b27182b2296df5..b7dc390c499f3f 100644 --- a/services/service_manager/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "services/service_manager/zygote/zygote_main.h" +#include "content/zygote/zygote_main.h" #include #include @@ -28,6 +28,10 @@ #include "base/strings/string_number_conversions.h" #include "base/system/sys_info.h" #include "build/build_config.h" +#include "content/common/zygote/zygote_commands_linux.h" +#include "content/public/common/zygote/sandbox_support_linux.h" +#include "content/public/common/zygote/zygote_fork_delegate_linux.h" +#include "content/zygote/zygote_linux.h" #include "sandbox/linux/services/credentials.h" #include "sandbox/linux/services/init_process_reaper.h" #include "sandbox/linux/services/libc_interceptor.h" @@ -40,13 +44,9 @@ #include "services/service_manager/sandbox/linux/sandbox_linux.h" #include "services/service_manager/sandbox/sandbox.h" #include "services/service_manager/sandbox/switches.h" -#include "services/service_manager/zygote/common/common_sandbox_support_linux.h" -#include "services/service_manager/zygote/common/zygote_commands_linux.h" -#include "services/service_manager/zygote/common/zygote_fork_delegate_linux.h" -#include "services/service_manager/zygote/zygote_linux.h" #include "third_party/icu/source/i18n/unicode/timezone.h" -namespace service_manager { +namespace content { namespace { @@ -237,10 +237,11 @@ bool ZygoteMain( Zygote zygote(sandbox_flags, std::move(fork_delegates), base::GlobalDescriptors::Descriptor( - static_cast(kSandboxIPCChannel), GetSandboxFD())); + static_cast(service_manager::kSandboxIPCChannel), + GetSandboxFD())); // This function call can return multiple times, once per fork(). return zygote.ProcessRequests(); } -} // namespace service_manager +} // namespace content diff --git a/extensions/shell/app/shell_main_delegate.cc b/extensions/shell/app/shell_main_delegate.cc index 27b627e3c05b60..a5e0f6c2c6b7fd 100644 --- a/extensions/shell/app/shell_main_delegate.cc +++ b/extensions/shell/app/shell_main_delegate.cc @@ -184,8 +184,7 @@ void ShellMainDelegate::ProcessExiting(const std::string& process_type) { #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) void ShellMainDelegate::ZygoteStarting( - std::vector>* - delegates) { + std::vector>* delegates) { #if BUILDFLAG(ENABLE_NACL) nacl::AddNaClZygoteForkDelegates(delegates); #endif // BUILDFLAG(ENABLE_NACL) diff --git a/extensions/shell/app/shell_main_delegate.h b/extensions/shell/app/shell_main_delegate.h index d31688b9e6918b..5d6842e79b5ebe 100644 --- a/extensions/shell/app/shell_main_delegate.h +++ b/extensions/shell/app/shell_main_delegate.h @@ -34,9 +34,8 @@ class ShellMainDelegate : public content::ContentMainDelegate { content::ContentRendererClient* CreateContentRendererClient() override; void ProcessExiting(const std::string& process_type) override; #if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) - void ZygoteStarting( - std::vector>* - delegates) override; + void ZygoteStarting(std::vector>* + delegates) override; #endif #if defined(OS_LINUX) && !defined(OS_CHROMEOS) void ZygoteForked() override; diff --git a/services/service_manager/embedder/switches.cc b/services/service_manager/embedder/switches.cc index 8337a14af77e88..7bc83d1a551919 100644 --- a/services/service_manager/embedder/switches.cc +++ b/services/service_manager/embedder/switches.cc @@ -58,9 +58,6 @@ const char kServiceRequestChannelToken[] = "service-request-channel-token"; // global descriptor table. const char kSharedFiles[] = "shared-files"; -// The prefix used when starting the zygote process. (i.e. 'gdb --args') -const char kZygoteCmdPrefix[] = "zygote-cmd-prefix"; - // Causes the process to run as a zygote. const char kZygoteProcess[] = "zygote"; diff --git a/services/service_manager/embedder/switches.h b/services/service_manager/embedder/switches.h index 548165e5d123dc..3b6690aa501ee6 100644 --- a/services/service_manager/embedder/switches.h +++ b/services/service_manager/embedder/switches.h @@ -37,9 +37,6 @@ extern const char kServiceRequestChannelToken[]; COMPONENT_EXPORT(SERVICE_MANAGER_EMBEDDER_SWITCHES) extern const char kSharedFiles[]; -COMPONENT_EXPORT(SERVICE_MANAGER_EMBEDDER_SWITCHES) -extern const char kZygoteCmdPrefix[]; - COMPONENT_EXPORT(SERVICE_MANAGER_EMBEDDER_SWITCHES) extern const char kZygoteProcess[]; diff --git a/services/service_manager/zygote/BUILD.gn b/services/service_manager/zygote/BUILD.gn deleted file mode 100644 index da276ffcc78045..00000000000000 --- a/services/service_manager/zygote/BUILD.gn +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2018 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -import("//build/buildflag_header.gni") -import("//build/config/nacl/config.gni") -import("//services/service_manager/zygote/common/zygote_features.gni") - -if (is_linux) { - component("zygote") { - if (is_nacl_nonsfi) { - # When running the nacl toolchain is_linux is false so *_linux.cc files are - # excluded. Reset the filter so they are included. - set_sources_assignment_filter([]) - } - - sources = [ - "common/common_sandbox_support_linux.cc", - "common/common_sandbox_support_linux.h", - "common/zygote_fork_delegate_linux.h", - "common/zygote_handle.h", - "host/zygote_communication_linux.cc", - "host/zygote_communication_linux.h", - "host/zygote_host_impl_linux.cc", - "host/zygote_host_impl_linux.h", - "zygote_linux.cc", - "zygote_linux.h", - "zygote_main.h", - "zygote_main_linux.cc", - ] - - if (use_zygote_handle) { - sources += [ - "common/zygote_handle.h", - "host/zygote_handle_linux.cc", - ] - } - - public_deps = [ - ":zygote_buildflags", - ":zygote_util", - ] - - deps = [ - "//base", - "//base:i18n", - "//ipc", - "//sandbox", - "//services/service_manager/embedder", - "//services/service_manager/sandbox", - "//third_party/icu", - ] - - defines = [ "IS_SERVICE_MANAGER_ZYGOTE_IMPL" ] - } -} - -source_set("zygote_util") { - if (is_nacl_nonsfi) { - # When running the nacl toolchain is_linux is false so *_linux.cc files are - # excluded. Reset the filter so they are included. - set_sources_assignment_filter([]) - } - - sources = [ - "common/send_zygote_child_ping_linux.cc", - "common/send_zygote_child_ping_linux.h", - "common/zygote_commands_linux.h", - ] - - deps = [ - "//base", - "//services/service_manager/sandbox:sanitizer_buildflags", - ] - - defines = [ "IS_SERVICE_MANAGER_ZYGOTE_IMPL" ] -} - -buildflag_header("zygote_buildflags") { - header = "common/zygote_buildflags.h" - flags = [ "USE_ZYGOTE_HANDLE=$use_zygote_handle" ] -} diff --git a/services/service_manager/zygote/DEPS b/services/service_manager/zygote/DEPS deleted file mode 100644 index ec69c8f59a84fc..00000000000000 --- a/services/service_manager/zygote/DEPS +++ /dev/null @@ -1,3 +0,0 @@ -include_rules = [ - "+sandbox", -] diff --git a/services/service_manager/zygote/OWNERS b/services/service_manager/zygote/OWNERS deleted file mode 100644 index d38314f3fddb6c..00000000000000 --- a/services/service_manager/zygote/OWNERS +++ /dev/null @@ -1,7 +0,0 @@ -jln@chromium.org -palmer@chromium.org -rsesek@chromium.org -tsepez@chromium.org - -# TEAM: security-dev@chromium.org -# COMPONENT: Internals>Sandbox diff --git a/services/service_manager/zygote/common/send_zygote_child_ping_linux.h b/services/service_manager/zygote/common/send_zygote_child_ping_linux.h deleted file mode 100644 index 66aff241a9508e..00000000000000 --- a/services/service_manager/zygote/common/send_zygote_child_ping_linux.h +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_SEND_ZYGOTE_CHILD_PING_LINUX_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_SEND_ZYGOTE_CHILD_PING_LINUX_H_ - -#include "base/component_export.h" - -namespace service_manager { - -// Sends a zygote child "ping" message to browser process via socket |fd|. -// Returns true on success. -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) bool SendZygoteChildPing(int fd); - -} // namespace service_manager - -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_SEND_ZYGOTE_CHILD_PING_LINUX_H_ diff --git a/services/service_manager/zygote/common/zygote_handle.h b/services/service_manager/zygote/common/zygote_handle.h deleted file mode 100644 index 07efadf6807d01..00000000000000 --- a/services/service_manager/zygote/common/zygote_handle.h +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_HANDLE_H_ -#define SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_HANDLE_H_ - -#include "base/callback.h" -#include "base/command_line.h" -#include "base/component_export.h" -#include "base/files/scoped_file.h" -#include "build/build_config.h" -#include "services/service_manager/zygote/common/zygote_buildflags.h" - -#if !BUILDFLAG(USE_ZYGOTE_HANDLE) -#error "Can not use zygote handles without USE_ZYGOTE_HANDLE" -#endif - -namespace service_manager { - -#if defined(OS_POSIX) -class ZygoteCommunication; -using ZygoteHandle = ZygoteCommunication*; -#else -// Perhaps other ports may USE_ZYGOTE_HANDLE here somdeday. -#error "Can not use zygote handles on this platform" -#endif // defined(OS_POSIX) - -using ZygoteLaunchCallback = - base::OnceCallback; - -// Allocates and initializes the global generic zygote process, and returns the -// ZygoteHandle used to communicate with it. |launch_cb| is a callback that -// should actually launch the process, after adding additional command line -// switches to the ones composed by this function. It returns the pid created, -// and provides a control fd for it. -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) -ZygoteHandle CreateGenericZygote(ZygoteLaunchCallback launch_cb); -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHandle GetGenericZygote(); - -// Similar to the above but for creating an unsandboxed zygote from which -// processes which need non-generic sandboxes can be derived. -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) -ZygoteHandle CreateUnsandboxedZygote(ZygoteLaunchCallback launch_cb); -COMPONENT_EXPORT(SERVICE_MANAGER_ZYGOTE) ZygoteHandle GetUnsandboxedZygote(); - -} // namespace service_manager - -#endif // SERVICES_SERVICE_MANAGER_ZYGOTE_COMMON_ZYGOTE_HANDLE_H_