Linux sandbox: Run PreSandboxInit() in all sandboxed processes

ContentMainRunnerImpl's PreSandboxInit() didn't run in sandboxed processes that weren't launched from a zygote. Now it does. Similarly, ZygotePreSandboxInit() also needs to run in these processes. There's nothing zygote-specific about this code, and it runs at the same time as PreSandboxInit(), so just inline it into PreSandboxInit(). Bug: 1079808 Change-Id: I02d43b5f1e6f822b7db9e429546ca93b95d79ebe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4328451 Reviewed-by: Ken Rockot <rockot@google.com> Commit-Queue: Matthew Denton <mpdenton@chromium.org> Cr-Commit-Position: refs/heads/main@{#1115893}
qweri0p · Mar 10, 2023 · b1ebf57 · b1ebf57
1 parent 7b32e82
commit b1ebf57
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 24 deletions.
diff --git a/content/app/content_main_runner_impl.cc b/content/app/content_main_runner_impl.cc
@@ -412,7 +412,7 @@ void PreloadPepperPlugins() {
     }
   }
 }
-#endif
+#endif  // BUILDFLAG(ENABLE_PPAPI)
 
 #if BUILDFLAG(ENABLE_LIBRARY_CDMS)
 // Loads registered library CDMs but does not initialize them. This is needed by
@@ -429,8 +429,15 @@ void PreloadLibraryCdms() {
 }
 #endif  // BUILDFLAG(ENABLE_LIBRARY_CDMS)
 
-#if BUILDFLAG(USE_ZYGOTE)
 void PreSandboxInit() {
+  // Ensure the /dev/urandom is opened.
+  base::GetUrandomFD();
+
+  // May use sysinfo(), sched_getaffinity(), and open various /sys/ and /proc/
+  // files.
+  base::SysInfo::AmountOfPhysicalMemory();
+  base::SysInfo::NumberOfProcessors();
+
   // Pre-acquire resources needed by BoringSSL. See
   // https://boringssl.googlesource.com/boringssl/+/HEAD/SANDBOXING.md
   CRYPTO_pre_sandbox_init();
@@ -495,7 +502,6 @@ void PreSandboxInit() {
   base::internal::CanUseBackgroundThreadTypeForWorkerThread();
   base::internal::CanUseUtilityThreadTypeForWorkerThread();
 }
-#endif  // BUILDFLAG(USE_ZYGOTE)
 
 #endif  // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
 
@@ -643,10 +649,6 @@ int NO_STACK_PROTECTOR RunZygote(ContentMainDelegate* delegate) {
   delegate->ZygoteStarting(&zygote_fork_delegates);
   media::InitializeMediaLibrary();
 
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
-  PreSandboxInit();
-#endif
-
   // This function call can return multiple times, once per fork().
   if (!ZygoteMain(std::move(zygote_fork_delegates))) {
     return 1;
@@ -1043,6 +1045,17 @@ int ContentMainRunnerImpl::Initialize(ContentMainParams params) {
     // SeatbeltExecServer.
     CHECK(sandbox::Seatbelt::IsSandboxed());
   }
+#elif BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+  // In sandboxed processes and zygotes, certain resource should be pre-warmed
+  // as they cannot be initialized under a sandbox. In addition, loading these
+  // resources in zygotes (including the unsandboxed zygote) allows them to be
+  // initialized just once in the zygote, rather than in every forked child
+  // process.
+  if (!sandbox::policy::IsUnsandboxedSandboxType(
+          sandbox::policy::SandboxTypeFromCommandLine(command_line)) ||
+      process_type == switches::kZygoteProcess) {
+    PreSandboxInit();
+  }
 #endif
 
   delegate_->SandboxInitialized(process_type);

diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
@@ -70,21 +70,6 @@ base::OnceClosure ClosureFromTwoClosures(base::OnceClosure one,
 
 }  // namespace
 
-// This function triggers the static and lazy construction of objects that need
-// to be created before imposing the sandbox.
-static void ZygotePreSandboxInit() {
-  base::GetUrandomFD();
-
-  base::SysInfo::AmountOfPhysicalMemory();
-  base::SysInfo::NumberOfProcessors();
-
-  // ICU DateFormat class (used in base/time_format.cc) needs to get the
-  // Olson timezone ID by accessing the zoneinfo files on disk. After
-  // TimeZone::createDefault is called once here, the timezone ID is
-  // cached and there's no more need to access the file system.
-  std::unique_ptr<icu::TimeZone> zone(icu::TimeZone::createDefault());
-}
-
 static bool CreateInitProcessReaper(
     base::OnceClosure post_fork_parent_callback) {
   // The current process becomes init(1), this function returns from a
@@ -153,8 +138,6 @@ static void EnterLayerOneSandbox(sandbox::policy::SandboxLinux* linux_sandbox,
                                  base::OnceClosure post_fork_parent_callback) {
   DCHECK(linux_sandbox);
 
-  ZygotePreSandboxInit();
-
 // Check that the pre-sandbox initialization didn't spawn threads.
 // It's not just our code which may do so - some system-installed libraries
 // are known to be culprits, e.g. lttng.