michael@0: // Copyright (c) 2008 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: // derived from process_util_linux.cc and process_util_mac.cc michael@0: michael@0: #include "base/process_util.h" michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: #if defined(OS_DRAGONFLY) || defined(OS_FREEBSD) michael@0: #include michael@0: #endif michael@0: michael@0: #include michael@0: #include michael@0: #include michael@0: #include michael@0: michael@0: #include michael@0: michael@0: #include "base/debug_util.h" michael@0: #include "base/eintr_wrapper.h" michael@0: #include "base/file_util.h" michael@0: #include "base/logging.h" michael@0: #include "base/string_tokenizer.h" michael@0: #include "base/string_util.h" michael@0: michael@0: #if defined(_POSIX_SPAWN) && _POSIX_SPAWN > 0 michael@0: #define HAVE_POSIX_SPAWN 1 michael@0: #endif michael@0: michael@0: /* michael@0: * On platforms that are not gonk based, we fall back to an arbitrary michael@0: * UID. This is generally the UID for user `nobody', albeit it is not michael@0: * always the case. michael@0: */ michael@0: michael@0: #if defined(OS_NETBSD) || defined(OS_OPENBSD) michael@0: # define CHILD_UNPRIVILEGED_UID 32767 michael@0: # define CHILD_UNPRIVILEGED_GID 32767 michael@0: #else michael@0: # define CHILD_UNPRIVILEGED_UID 65534 michael@0: # define CHILD_UNPRIVILEGED_GID 65534 michael@0: #endif michael@0: michael@0: #ifndef __dso_public michael@0: # ifdef __exported michael@0: # define __dso_public __exported michael@0: # else michael@0: # define __dso_public __attribute__((__visibility__("default"))) michael@0: # endif michael@0: #endif michael@0: michael@0: #ifdef HAVE_POSIX_SPAWN michael@0: #include michael@0: extern "C" char **environ __dso_public; michael@0: #endif michael@0: michael@0: namespace { michael@0: michael@0: enum ParsingState { michael@0: KEY_NAME, michael@0: KEY_VALUE michael@0: }; michael@0: michael@0: static mozilla::EnvironmentLog gProcessLog("MOZ_PROCESS_LOG"); michael@0: michael@0: } // namespace michael@0: michael@0: namespace base { michael@0: michael@0: #ifdef HAVE_POSIX_SPAWN michael@0: michael@0: void FreeEnvVarsArray(char* array[], int length) michael@0: { michael@0: for (int i = 0; i < length; i++) { michael@0: free(array[i]); michael@0: } michael@0: delete[] array; michael@0: } michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: bool wait, ProcessHandle* process_handle) { michael@0: return LaunchApp(argv, fds_to_remap, environment_map(), michael@0: wait, process_handle); michael@0: } michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: const environment_map& env_vars_to_set, michael@0: bool wait, ProcessHandle* process_handle, michael@0: ProcessArchitecture arch) { michael@0: return LaunchApp(argv, fds_to_remap, env_vars_to_set, michael@0: PRIVILEGES_INHERIT, michael@0: wait, process_handle); michael@0: } michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: const environment_map& env_vars_to_set, michael@0: ChildPrivileges privs, michael@0: bool wait, ProcessHandle* process_handle, michael@0: ProcessArchitecture arch) { michael@0: bool retval = true; michael@0: michael@0: char* argv_copy[argv.size() + 1]; michael@0: for (size_t i = 0; i < argv.size(); i++) { michael@0: argv_copy[i] = const_cast(argv[i].c_str()); michael@0: } michael@0: argv_copy[argv.size()] = NULL; michael@0: michael@0: // Make sure we don't leak any FDs to the child process by marking all FDs michael@0: // as close-on-exec. michael@0: SetAllFDsToCloseOnExec(); michael@0: michael@0: // Copy environment to a new char array and add the variables michael@0: // in env_vars_to_set. michael@0: // Existing variables are overwritten by env_vars_to_set. michael@0: int pos = 0; michael@0: environment_map combined_env_vars = env_vars_to_set; michael@0: while(environ[pos] != NULL) { michael@0: std::string varString = environ[pos]; michael@0: std::string varName = varString.substr(0, varString.find_first_of('=')); michael@0: std::string varValue = varString.substr(varString.find_first_of('=') + 1); michael@0: if (combined_env_vars.find(varName) == combined_env_vars.end()) { michael@0: combined_env_vars[varName] = varValue; michael@0: } michael@0: pos++; michael@0: } michael@0: int varsLen = combined_env_vars.size() + 1; michael@0: michael@0: char** vars = new char*[varsLen]; michael@0: int i = 0; michael@0: for (environment_map::const_iterator it = combined_env_vars.begin(); michael@0: it != combined_env_vars.end(); ++it) { michael@0: std::string entry(it->first); michael@0: entry += "="; michael@0: entry += it->second; michael@0: vars[i] = strdup(entry.c_str()); michael@0: i++; michael@0: } michael@0: vars[i] = NULL; michael@0: michael@0: posix_spawn_file_actions_t file_actions; michael@0: if (posix_spawn_file_actions_init(&file_actions) != 0) { michael@0: FreeEnvVarsArray(vars, varsLen); michael@0: return false; michael@0: } michael@0: michael@0: // Turn fds_to_remap array into a set of dup2 calls. michael@0: for (file_handle_mapping_vector::const_iterator it = fds_to_remap.begin(); michael@0: it != fds_to_remap.end(); michael@0: ++it) { michael@0: int src_fd = it->first; michael@0: int dest_fd = it->second; michael@0: michael@0: if (src_fd == dest_fd) { michael@0: int flags = fcntl(src_fd, F_GETFD); michael@0: if (flags != -1) { michael@0: fcntl(src_fd, F_SETFD, flags & ~FD_CLOEXEC); michael@0: } michael@0: } else { michael@0: if (posix_spawn_file_actions_adddup2(&file_actions, src_fd, dest_fd) != 0) { michael@0: posix_spawn_file_actions_destroy(&file_actions); michael@0: FreeEnvVarsArray(vars, varsLen); michael@0: return false; michael@0: } michael@0: } michael@0: } michael@0: michael@0: pid_t pid = 0; michael@0: int spawn_succeeded = (posix_spawnp(&pid, michael@0: argv_copy[0], michael@0: &file_actions, michael@0: NULL, michael@0: argv_copy, michael@0: vars) == 0); michael@0: michael@0: FreeEnvVarsArray(vars, varsLen); michael@0: michael@0: posix_spawn_file_actions_destroy(&file_actions); michael@0: michael@0: bool process_handle_valid = pid > 0; michael@0: if (!spawn_succeeded || !process_handle_valid) { michael@0: retval = false; michael@0: } else { michael@0: if (wait) michael@0: HANDLE_EINTR(waitpid(pid, 0, 0)); michael@0: michael@0: if (process_handle) michael@0: *process_handle = pid; michael@0: } michael@0: michael@0: return retval; michael@0: } michael@0: michael@0: bool LaunchApp(const CommandLine& cl, michael@0: bool wait, bool start_hidden, ProcessHandle* process_handle) { michael@0: // TODO(playmobil): Do we need to respect the start_hidden flag? michael@0: file_handle_mapping_vector no_files; michael@0: return LaunchApp(cl.argv(), no_files, wait, process_handle); michael@0: } michael@0: michael@0: void SetCurrentProcessPrivileges(ChildPrivileges privs) { michael@0: michael@0: } michael@0: michael@0: #else // no posix_spawn, use fork/exec michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: bool wait, ProcessHandle* process_handle) { michael@0: return LaunchApp(argv, fds_to_remap, environment_map(), michael@0: wait, process_handle); michael@0: } michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: const environment_map& env_vars_to_set, michael@0: bool wait, ProcessHandle* process_handle, michael@0: ProcessArchitecture arch) { michael@0: return LaunchApp(argv, fds_to_remap, env_vars_to_set, michael@0: PRIVILEGES_INHERIT, michael@0: wait, process_handle); michael@0: } michael@0: michael@0: bool LaunchApp(const std::vector& argv, michael@0: const file_handle_mapping_vector& fds_to_remap, michael@0: const environment_map& env_vars_to_set, michael@0: ChildPrivileges privs, michael@0: bool wait, ProcessHandle* process_handle, michael@0: ProcessArchitecture arch) { michael@0: scoped_array argv_cstr(new char*[argv.size() + 1]); michael@0: // Illegal to allocate memory after fork and before execvp michael@0: InjectiveMultimap fd_shuffle1, fd_shuffle2; michael@0: fd_shuffle1.reserve(fds_to_remap.size()); michael@0: fd_shuffle2.reserve(fds_to_remap.size()); michael@0: michael@0: pid_t pid = fork(); michael@0: if (pid < 0) michael@0: return false; michael@0: michael@0: if (pid == 0) { michael@0: for (file_handle_mapping_vector::const_iterator michael@0: it = fds_to_remap.begin(); it != fds_to_remap.end(); ++it) { michael@0: fd_shuffle1.push_back(InjectionArc(it->first, it->second, false)); michael@0: fd_shuffle2.push_back(InjectionArc(it->first, it->second, false)); michael@0: } michael@0: michael@0: if (!ShuffleFileDescriptors(&fd_shuffle1)) michael@0: _exit(127); michael@0: michael@0: CloseSuperfluousFds(fd_shuffle2); michael@0: michael@0: for (size_t i = 0; i < argv.size(); i++) michael@0: argv_cstr[i] = const_cast(argv[i].c_str()); michael@0: argv_cstr[argv.size()] = NULL; michael@0: michael@0: SetCurrentProcessPrivileges(privs); michael@0: michael@0: for (environment_map::const_iterator it = env_vars_to_set.begin(); michael@0: it != env_vars_to_set.end(); ++it) { michael@0: if (setenv(it->first.c_str(), it->second.c_str(), 1/*overwrite*/)) michael@0: _exit(127); michael@0: } michael@0: execv(argv_cstr[0], argv_cstr.get()); michael@0: // if we get here, we're in serious trouble and should complain loudly michael@0: DLOG(ERROR) << "FAILED TO exec() CHILD PROCESS, path: " << argv_cstr[0]; michael@0: _exit(127); michael@0: } else { michael@0: gProcessLog.print("==> process %d launched child process %d\n", michael@0: GetCurrentProcId(), pid); michael@0: if (wait) michael@0: HANDLE_EINTR(waitpid(pid, 0, 0)); michael@0: michael@0: if (process_handle) michael@0: *process_handle = pid; michael@0: } michael@0: michael@0: return true; michael@0: } michael@0: michael@0: bool LaunchApp(const CommandLine& cl, michael@0: bool wait, bool start_hidden, michael@0: ProcessHandle* process_handle) { michael@0: file_handle_mapping_vector no_files; michael@0: return LaunchApp(cl.argv(), no_files, wait, process_handle); michael@0: } michael@0: michael@0: void SetCurrentProcessPrivileges(ChildPrivileges privs) { michael@0: if (privs == PRIVILEGES_INHERIT) { michael@0: return; michael@0: } michael@0: michael@0: gid_t gid = CHILD_UNPRIVILEGED_GID; michael@0: uid_t uid = CHILD_UNPRIVILEGED_UID; michael@0: if (setgid(gid) != 0) { michael@0: DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS"; michael@0: _exit(127); michael@0: } michael@0: if (setuid(uid) != 0) { michael@0: DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS"; michael@0: _exit(127); michael@0: } michael@0: if (chdir("/") != 0) michael@0: gProcessLog.print("==> could not chdir()\n"); michael@0: } michael@0: michael@0: #endif michael@0: michael@0: NamedProcessIterator::NamedProcessIterator(const std::wstring& executable_name, michael@0: const ProcessFilter* filter) michael@0: { michael@0: int numEntries; michael@0: kvm_t *kvm; michael@0: std::string exe(WideToASCII(executable_name)); michael@0: michael@0: #if defined(OS_DRAGONFLY) || defined(OS_FREEBSD) michael@0: kvm = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); michael@0: struct kinfo_proc* procs = kvm_getprocs(kvm, KERN_PROC_UID, getuid(), &numEntries); michael@0: if (procs != NULL && numEntries > 0) { michael@0: for (int i = 0; i < numEntries; i++) { michael@0: # if defined(OS_DRAGONFLY) michael@0: if (exe != procs[i].kp_comm) continue; michael@0: if (filter && !filter->Includes(procs[i].kp_pid, procs[i].kp_ppid)) continue; michael@0: ProcessEntry e; michael@0: e.pid = procs[i].kp_pid; michael@0: e.ppid = procs[i].kp_ppid; michael@0: strlcpy(e.szExeFile, procs[i].kp_comm, sizeof e.szExeFile); michael@0: content.push_back(e); michael@0: # elif defined(OS_FREEBSD) michael@0: if (exe != procs[i].ki_comm) continue; michael@0: if (filter && !filter->Includes(procs[i].ki_pid, procs[i].ki_ppid)) continue; michael@0: ProcessEntry e; michael@0: e.pid = procs[i].ki_pid; michael@0: e.ppid = procs[i].ki_ppid; michael@0: strlcpy(e.szExeFile, procs[i].ki_comm, sizeof e.szExeFile); michael@0: content.push_back(e); michael@0: # endif michael@0: #else michael@0: kvm = kvm_open(NULL, NULL, NULL, KVM_NO_FILES, NULL); michael@0: #if defined(OS_OPENBSD) michael@0: struct kinfo_proc* procs = kvm_getprocs(kvm, KERN_PROC_UID, getuid(), sizeof(struct kinfo_proc), &numEntries); michael@0: #else michael@0: struct kinfo_proc2* procs = kvm_getproc2(kvm, KERN_PROC_UID, getuid(), sizeof(struct kinfo_proc2), &numEntries); michael@0: #endif michael@0: if (procs != NULL && numEntries > 0) { michael@0: for (int i = 0; i < numEntries; i++) { michael@0: if (exe != procs[i].p_comm) continue; michael@0: if (filter && !filter->Includes(procs[i].p_pid, procs[i].p_ppid)) continue; michael@0: ProcessEntry e; michael@0: e.pid = procs[i].p_pid; michael@0: e.ppid = procs[i].p_ppid; michael@0: strlcpy(e.szExeFile, procs[i].p_comm, sizeof e.szExeFile); michael@0: content.push_back(e); michael@0: #endif michael@0: } michael@0: } michael@0: nextEntry = 0; michael@0: kvm_close(kvm); michael@0: } michael@0: michael@0: NamedProcessIterator::~NamedProcessIterator() { michael@0: } michael@0: michael@0: const ProcessEntry* NamedProcessIterator::NextProcessEntry() { michael@0: if (nextEntry >= content.size()) return NULL; michael@0: return &content[nextEntry++]; michael@0: } michael@0: michael@0: } // namespace base