Chromium Code Reviews Chromium Code Reviews
Issue 10389047:
mac: Don't require DYLD_LIBRARY_PATH to be set when using the shared build. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 | 8 |
| 9 extern "C" { | 9 extern "C" { |
| 10 #include <sandbox.h> | 10 #include <sandbox.h> |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 264 CGImageSourceGetStatus(img); | 264 CGImageSourceGetStatus(img); |
| 265 } | 265 } |
| 266 | 266 |
| 267 { | 267 { |
| 268 // Allow access to /dev/urandom. | 268 // Allow access to /dev/urandom. |
| 269 GetUrandomFD(); | 269 GetUrandomFD(); |
| 270 } | 270 } |
| 271 | 271 |
| 272 // Process-type dependent warm-up. | 272 // Process-type dependent warm-up. |
| 273 if (sandbox_type == content::SANDBOX_TYPE_GPU) { | 273 if (sandbox_type == content::SANDBOX_TYPE_GPU) { |
| 274 // Preload either the desktop GL or the osmesa so, depending on the | 274 // Preload either the desktop GL or the osmesa so, depending on the |
| 275 // --use-gl flag. | 275 // --use-gl flag. |
| 276 gfx::GLSurface::InitializeOneOff(); | 276 gfx::GLSurface::InitializeOneOff(); |
| 277 } | 277 } |
| 278 } | 278 } |
| 279 | 279 |
| 280 // static | 280 // static |
| 281 NSString* Sandbox::BuildAllowDirectoryAccessSandboxString( | 281 NSString* Sandbox::BuildAllowDirectoryAccessSandboxString( |
| 282 const FilePath& allowed_dir, | 282 const FilePath& allowed_dir, |
| 283 SandboxVariableSubstitions* substitutions) { | 283 SandboxVariableSubstitions* substitutions) { |
| 284 // A whitelist is used to determine which directories can be statted | 284 // A whitelist is used to determine which directories can be statted |
| 285 // This means that in the case of an /a/b/c/d/ directory, we may be able to | 285 // This means that in the case of an /a/b/c/d/ directory, we may be able to |
| 286 // stat the leaf directory, but not its parent. | 286 // stat the leaf directory, but not its parent. |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 373 } | 373 } |
| 374 | 374 |
| 375 base::StringPiece common_sandbox_definition = | 375 base::StringPiece common_sandbox_definition = |
| 376 content::GetContentClient()->GetDataResource( | 376 content::GetContentClient()->GetDataResource( |
| 377 IDR_COMMON_SANDBOX_PROFILE, ui::SCALE_FACTOR_NONE); | 377 IDR_COMMON_SANDBOX_PROFILE, ui::SCALE_FACTOR_NONE); |
| 378 if (common_sandbox_definition.empty()) { | 378 if (common_sandbox_definition.empty()) { |
| 379 LOG(FATAL) << "Failed to load the common sandbox profile"; | 379 LOG(FATAL) << "Failed to load the common sandbox profile"; |
| 380 return nil; | 380 return nil; |
| 381 } | 381 } |
| 382 | 382 |
| 383 scoped_nsobject<NSString> common_sandbox_prefix_data( | 383 NSString* common_sandbox_prefix_data = |
|
Mark Mentovai
2012/05/30 13:38:22
I’m leery of taking this out of the scoped_nsobjec
Nico
2012/05/30 15:03:29
Done.
| |
| 384 [[NSString alloc] initWithBytes:common_sandbox_definition.data() | 384 [[[NSString alloc] initWithBytes:common_sandbox_definition.data() |
| 385 length:common_sandbox_definition.length() | 385 length:common_sandbox_definition.length() |
| 386 encoding:NSUTF8StringEncoding]); | 386 encoding:NSUTF8StringEncoding] autorelease]; |
| 387 | |
| 388 #if defined(COMPONENT_BUILD) | |
| 389 // dlopen() fails without file-read-metadata access if the executable image | |
| 390 // contains LC_RPATH load commands. The components build uses those. | |
| 391 // See http://crbug.com/127465 | |
| 392 if (base::mac::IsOSSnowLeopardOrEarlier()) { | |
| 393 common_sandbox_prefix_data = [common_sandbox_prefix_data | |
| 394 stringByAppendingString:@"\n(allow file-read-metadata)\n"]; | |
| 395 } | |
| 396 #endif | |
| 387 | 397 |
| 388 scoped_nsobject<NSString> sandbox_data( | 398 scoped_nsobject<NSString> sandbox_data( |
| 389 [[NSString alloc] initWithBytes:sandbox_definition.data() | 399 [[NSString alloc] initWithBytes:sandbox_definition.data() |
| 390 length:sandbox_definition.length() | 400 length:sandbox_definition.length() |
| 391 encoding:NSUTF8StringEncoding]); | 401 encoding:NSUTF8StringEncoding]); |
| 392 | 402 |
| 393 // Prefix sandbox_data with common_sandbox_prefix_data. | 403 // Prefix sandbox_data with common_sandbox_prefix_data. |
| 394 return [common_sandbox_prefix_data stringByAppendingString:sandbox_data]; | 404 return [common_sandbox_prefix_data stringByAppendingString:sandbox_data]; |
| 395 } | 405 } |
| 396 | 406 |
| (...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 578 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { | 588 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { |
| 579 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 589 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 580 << path->value(); | 590 << path->value(); |
| 581 return; | 591 return; |
| 582 } | 592 } |
| 583 | 593 |
| 584 *path = FilePath(canonical_path); | 594 *path = FilePath(canonical_path); |
| 585 } | 595 } |
| 586 | 596 |
| 587 } // namespace sandbox | 597 } // namespace sandbox |
| OLD | NEW |
