OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/renderer_main_platform_delegate.h" | 5 #include "chrome/renderer/renderer_main_platform_delegate.h" |
6 | 6 |
7 #include "base/debug_util.h" | 7 #include "base/debug_util.h" |
8 #include "base/message_loop.h" | 8 #include "base/message_loop.h" |
9 | 9 |
10 #import <Foundation/Foundation.h> | 10 #import <Foundation/Foundation.h> |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
141 bool RendererMainPlatformDelegate::EnableSandbox() { | 141 bool RendererMainPlatformDelegate::EnableSandbox() { |
142 | 142 |
143 // TODO(jeremy): Remove BeingDebugged() and CacheSysInfo() calls. They are | 143 // TODO(jeremy): Remove BeingDebugged() and CacheSysInfo() calls. They are |
144 // no longer required since the sandbox now allows sysctl() reads. | 144 // no longer required since the sandbox now allows sysctl() reads. |
145 | 145 |
146 // This call doesn't work when the sandbox is enabled, the implementation | 146 // This call doesn't work when the sandbox is enabled, the implementation |
147 // caches it's return value so we call it here and then future calls will | 147 // caches it's return value so we call it here and then future calls will |
148 // succeed. | 148 // succeed. |
149 DebugUtil::BeingDebugged(); | 149 DebugUtil::BeingDebugged(); |
150 | 150 |
151 // Cache the System info information, since we can't query certain attributes | |
152 // with the Sandbox enabled. | |
153 base::SysInfo::CacheSysInfo(); | |
154 | |
155 // For the renderer, we give it a custom sandbox to lock down as tight as | 151 // For the renderer, we give it a custom sandbox to lock down as tight as |
156 // possible, but still be able to draw. | 152 // possible, but still be able to draw. |
157 | 153 |
158 NSString* sandbox_profile_path = | 154 NSString* sandbox_profile_path = |
159 [mac_util::MainAppBundle() pathForResource:@"renderer" ofType:@"sb"]; | 155 [mac_util::MainAppBundle() pathForResource:@"renderer" ofType:@"sb"]; |
160 BOOL is_dir = NO; | 156 BOOL is_dir = NO; |
161 if (![[NSFileManager defaultManager] fileExistsAtPath:sandbox_profile_path | 157 if (![[NSFileManager defaultManager] fileExistsAtPath:sandbox_profile_path |
162 isDirectory:&is_dir] || is_dir) { | 158 isDirectory:&is_dir] || is_dir) { |
163 LOG(ERROR) << "Failed to find the sandbox profile on disk"; | 159 LOG(ERROR) << "Failed to find the sandbox profile on disk"; |
164 return false; | 160 return false; |
165 } | 161 } |
166 | 162 |
167 const char *sandbox_profile = [sandbox_profile_path fileSystemRepresentation]; | 163 const char *sandbox_profile = [sandbox_profile_path fileSystemRepresentation]; |
168 char* error_buff = NULL; | 164 char* error_buff = NULL; |
169 int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, | 165 int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, |
170 &error_buff); | 166 &error_buff); |
171 bool success = (error == 0 && error_buff == NULL); | 167 bool success = (error == 0 && error_buff == NULL); |
172 if (error == -1) { | 168 if (error == -1) { |
173 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_buff; | 169 LOG(ERROR) << "Failed to Initialize Sandbox: " << error_buff; |
174 } | 170 } |
175 sandbox_free_error(error_buff); | 171 sandbox_free_error(error_buff); |
176 return success; | 172 return success; |
177 } | 173 } |
178 | 174 |
179 void RendererMainPlatformDelegate::RunSandboxTests() { | 175 void RendererMainPlatformDelegate::RunSandboxTests() { |
180 // TODO(port): Run sandbox unit test here. | 176 // TODO(port): Run sandbox unit test here. |
181 } | 177 } |
OLD | NEW |