blob: f6b7af36cbc1ca3e6704209725353c6b0fcfc2ae [file] [log] [blame]
#!/bin/bash
# Copyright (c) 2010 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This utility finds the different processes in a running instance of Chrome.
# It then attempts to identify their types (e.g. browser, extension, plugin,
# zygote, renderer). It also prints out information on whether a sandbox is
# active and what type of sandbox has been identified.
# This script is likely to only work on Linux or systems that closely mimick
# Linux's /proc filesystem.
[ -x /proc/self/exe ] || {
echo "This script cannot be run on your system" >&2
exit 1
}
# Find the browser's process id. If there are multiple active instances of
# Chrome, the caller can provide a pid on the command line. The provided pid
# must match a process in the browser's process hierarchy. When using the
# zygote inside of the setuid sandbox, renderers are in a process tree separate
# from the browser process. You cannot use any of their pids.
# If no pid is provided on the command line, the script will randomly pick
# one of the running instances.
if [ $# -eq 0 ]; then
pid=$(ls -l /proc/*/exe 2>/dev/null |
sed '/\/chrome\( .deleted.\)\?$/s,.*/proc/\([^/]*\)/exe.*,\1,;t;d' |
while read p; do
xargs -0 </proc/$p/cmdline 2>/dev/null|grep -q -- --type= && continue
echo "$p"
break
done)
else
pid="$1"
fi
ls -l "/proc/$pid/exe" 2>/dev/null|egrep -q '/chrome( .deleted.)?$' || {
echo "Cannot find any running instance of Chrome" >&2; exit 1; }
while :; do
ppid="$(ps h --format ppid --pid "$pid" 2>/dev/null)"
[ -n "$ppid" ] || {
echo "Cannot find any running instance of Chrome" >&2; exit 1; }
ls -l "/proc/$ppid/exe" 2>/dev/null|egrep -q '/chrome( .deleted.)?$' &&
pid="$ppid" || break
done
xargs -0 </proc/$p/cmdline 2>/dev/null|grep -q -- --type= && {
echo "Cannot find any running instance of Chrome" >&2; exit 1; }
# Iterate over child processes and try to identify them
identify() {
local child cmd foundzygote plugin seccomp type
foundzygote=0
for child in $(ps h --format pid --ppid $1); do
cmd="$(xargs -0 </proc/$child/cmdline|sed 's/ -/\n-/g')" 2>/dev/null
type="$(echo "$cmd" | sed 's/--type=//;t1;d;:1;q')"
case $type in
'')
echo "Process $child is part of the browser"
identify "$child"
;;
extension)
echo "Process $child is an extension"
;;
plugin)
plugin="$(echo "$cmd" |
sed 's/--plugin-path=//;t1;d;:1
s,.*/lib,,;s,.*/npwrapper[.]lib,,;s,^np,,;s,[.]so$,,;q')"
echo "Process $child is a \"$plugin\" plugin"
identify "$child"
;;
renderer|worker|gpu-process)
# The seccomp sandbox has exactly one child process that has no other
# threads. This is the trusted helper process.
seccomp="$(ps h --format pid --ppid $child|xargs)"
if [ -d /proc/$child/cwd/. ]; then
if [ $(echo "$seccomp" | wc -w) -eq 1 ] &&
[ $(ls /proc/$seccomp/task 2>/dev/null | wc -w) -eq 1 ] &&
ls -l /proc/$seccomp/exe 2>/dev/null |
egrep -q '/chrome( .deleted.)?$'; then
echo "Process $child is a sandboxed $type (seccomp helper:" \
"$seccomp)"
else
echo "Process $child is a $type"
identify "$child"
fi
else
if [ $(echo "$seccomp" | wc -w) -eq 1 ]; then
echo "Process $child is a setuid sandboxed $type (seccomp" \
"helper: $seccomp)"
else
echo "Process $child is a $type; setuid sandbox is active"
identify "$child"
fi
fi
;;
zygote)
foundzygote=1
echo "Process $child is the zygote"
identify "$child"
;;
*)
echo "Process $child is of unknown type \"$type\""
identify "$child"
;;
esac
done
return $foundzygote
}
cmpcmdline() {
# Checks that the command line arguments for pid $1 are a superset of the
# commandline arguments for pid $2.
# Any additional function arguments $3, $4, ... list options that should
# be ignored for the purpose of this comparison.
local pida="$1"
local pidb="$2"
shift; shift
local super=("$@" $(xargs -0 </proc/"$pida"/cmdline)) 2>/dev/null
local sub=($(xargs -0 </proc/"$pidb"/cmdline)) 2>/dev/null
local i j
[ ${#sub[*]} -eq 0 -o ${#super[*]} -eq 0 ] && return 1
for i in $(seq 0 $((${#sub[*]}-1))); do
for j in $(seq 0 $((${#super[*]}-1))); do
[ "x${sub[$i]}" = "x${super[$j]}" ] && continue 2
done
return 1
done
return 0
}
echo "The browser's main pid is: $pid"
if identify "$pid"; then
# The zygote can make it difficult to locate renderers, as the setuid
# sandbox causes it to be reparented to "init". When this happens, we can
# no longer associate it with the browser with 100% certainty. We make a
# best effort by comparing command line strings.
for i in $(ps h --format pid --ppid 1); do
if cmpcmdline "$pid" "$i" "--type=zygote"; then
echo -n "Process $i is the zygote"
[ -d /proc/$i/cwd/. ] || echo -n "; setuid sandbox is active"
echo
identify "$i"
fi
done
fi