mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Backed out changeset 201612a0b133
This commit is contained in:
parent
bd26065506
commit
47abd59f8e
@ -160,22 +160,11 @@ bool LaunchApp(const std::vector<std::string>& argv,
|
||||
bool wait, ProcessHandle* process_handle);
|
||||
|
||||
typedef std::map<std::string, std::string> environment_map;
|
||||
enum ChildPrivileges {
|
||||
UNPRIVILEGED,
|
||||
SAME_PRIVILEGES_AS_PARENT
|
||||
};
|
||||
bool LaunchApp(const std::vector<std::string>& argv,
|
||||
const file_handle_mapping_vector& fds_to_remap,
|
||||
const environment_map& env_vars_to_set,
|
||||
ChildPrivileges privs,
|
||||
bool wait, ProcessHandle* process_handle,
|
||||
ProcessArchitecture arch=GetCurrentProcessArchitecture());
|
||||
bool LaunchApp(const std::vector<std::string>& argv,
|
||||
const file_handle_mapping_vector& fds_to_remap,
|
||||
const environment_map& env_vars_to_set,
|
||||
bool wait, ProcessHandle* process_handle,
|
||||
ProcessArchitecture arch=GetCurrentProcessArchitecture());
|
||||
|
||||
#endif
|
||||
|
||||
// Executes the application specified by cl. This function delegates to one
|
||||
|
@ -23,16 +23,7 @@
|
||||
#ifdef ANDROID
|
||||
#include <pthread.h>
|
||||
/*
|
||||
* AID_APP is the first application UID used by Android. We're using
|
||||
* it as our unprivilegied UID. This ensure the UID used is not
|
||||
* shared with any other processes than our own childs.
|
||||
*/
|
||||
#include <private/android_filesystem_config.h>
|
||||
#define CHILD_UNPRIVILEGED_UID AID_APP
|
||||
#define CHILD_UNPRIVILEGED_GID AID_APP
|
||||
/*
|
||||
* Currently, PR_DuplicateEnvironment is implemented in
|
||||
* mozglue/build/BionicGlue.cpp
|
||||
* Currently, PR_DuplicateEnvironment is implemented in mozglue/build/BionicGlue.cpp
|
||||
*/
|
||||
#define HAVE_PR_DUPLICATE_ENVIRONMENT
|
||||
|
||||
@ -41,14 +32,6 @@
|
||||
#include "prmem.h"
|
||||
/* Temporary until we have PR_DuplicateEnvironment in prenv.h */
|
||||
extern "C" { NSPR_API(pthread_mutex_t *)PR_GetEnvLock(void); }
|
||||
#else
|
||||
/*
|
||||
* On platforms that are not Android based, we fall back to an
|
||||
* arbitrary UID. This is generally the UID for user `nobody', albeit
|
||||
* it is not always the case.
|
||||
*/
|
||||
#define CHILD_UNPRIVILEGED_UID 65534
|
||||
#define CHILD_UNPRIVILEGED_GID 65534
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
@ -181,17 +164,6 @@ bool LaunchApp(const std::vector<std::string>& argv,
|
||||
const environment_map& env_vars_to_set,
|
||||
bool wait, ProcessHandle* process_handle,
|
||||
ProcessArchitecture arch) {
|
||||
return LaunchApp(argv, fds_to_remap, env_vars_to_set,
|
||||
SAME_PRIVILEGES_AS_PARENT,
|
||||
wait, process_handle);
|
||||
}
|
||||
|
||||
bool LaunchApp(const std::vector<std::string>& argv,
|
||||
const file_handle_mapping_vector& fds_to_remap,
|
||||
const environment_map& env_vars_to_set,
|
||||
ChildPrivileges privs,
|
||||
bool wait, ProcessHandle* process_handle,
|
||||
ProcessArchitecture arch) {
|
||||
scoped_array<char*> argv_cstr(new char*[argv.size() + 1]);
|
||||
// Illegal to allocate memory after fork and before execvp
|
||||
InjectiveMultimap fd_shuffle1, fd_shuffle2;
|
||||
@ -228,19 +200,6 @@ bool LaunchApp(const std::vector<std::string>& argv,
|
||||
argv_cstr[i] = const_cast<char*>(argv[i].c_str());
|
||||
argv_cstr[argv.size()] = NULL;
|
||||
|
||||
if (privs == UNPRIVILEGED) {
|
||||
if (setgid(CHILD_UNPRIVILEGED_GID) != 0) {
|
||||
DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0];
|
||||
_exit(127);
|
||||
}
|
||||
if (setuid(CHILD_UNPRIVILEGED_UID) != 0) {
|
||||
DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0];
|
||||
_exit(127);
|
||||
}
|
||||
if (chdir("/") != 0)
|
||||
gProcessLog.print("==> could not chdir()\n");
|
||||
}
|
||||
|
||||
#ifdef HAVE_PR_DUPLICATE_ENVIRONMENT
|
||||
execve(argv_cstr[0], argv_cstr.get(), envp);
|
||||
#else
|
||||
|
@ -51,16 +51,6 @@ using mozilla::ipc::GeckoChildProcessHost;
|
||||
static const int kMagicAndroidSystemPropFd = 5;
|
||||
#endif
|
||||
|
||||
static const bool kLowRightsSubprocesses =
|
||||
// We currently only attempt to drop privileges on gonk, because we
|
||||
// have no plugins or extensions to worry about breaking.
|
||||
#ifdef MOZ_WIDGET_GONK
|
||||
true
|
||||
#else
|
||||
false
|
||||
#endif
|
||||
;
|
||||
|
||||
static bool
|
||||
ShouldHaveDirectoryService()
|
||||
{
|
||||
@ -424,9 +414,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
||||
|
||||
#if defined(OS_LINUX) || defined(OS_MACOSX)
|
||||
base::environment_map newEnvVars;
|
||||
base::ChildPrivileges privs = kLowRightsSubprocesses ?
|
||||
base::UNPRIVILEGED :
|
||||
base::SAME_PRIVILEGES_AS_PARENT;
|
||||
// XPCOM may not be initialized in some subprocesses. We don't want
|
||||
// to initialize XPCOM just for the directory service, especially
|
||||
// since LD_LIBRARY_PATH is already set correctly in subprocesses
|
||||
@ -592,7 +579,7 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
||||
|
||||
base::LaunchApp(childArgv, mFileMap,
|
||||
#if defined(OS_LINUX) || defined(OS_MACOSX)
|
||||
newEnvVars, privs,
|
||||
newEnvVars,
|
||||
#endif
|
||||
false, &process, arch);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user