Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(45)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/sandbox_policy.cc

Issue 207025: NaCl-Chrome integration (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/renderer_host/resource_message_filter.cc ('k') | chrome/chrome.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/sandbox_policy.h" 5 #include "chrome/browser/sandbox_policy.h"
6 6
7 #include "app/win_util.h" 7 #include "app/win_util.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/debug_util.h" 9 #include "base/debug_util.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
(...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 base::ProcessHandle process = 0; 352 base::ProcessHandle process = 0;
353 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess(); 353 const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
354 ChildProcessInfo::ProcessType type; 354 ChildProcessInfo::ProcessType type;
355 std::wstring type_str = cmd_line->GetSwitchValue(switches::kProcessType); 355 std::wstring type_str = cmd_line->GetSwitchValue(switches::kProcessType);
356 if (type_str == switches::kRendererProcess) { 356 if (type_str == switches::kRendererProcess) {
357 type = ChildProcessInfo::RENDER_PROCESS; 357 type = ChildProcessInfo::RENDER_PROCESS;
358 } else if (type_str == switches::kPluginProcess) { 358 } else if (type_str == switches::kPluginProcess) {
359 type = ChildProcessInfo::PLUGIN_PROCESS; 359 type = ChildProcessInfo::PLUGIN_PROCESS;
360 } else if (type_str == switches::kWorkerProcess) { 360 } else if (type_str == switches::kWorkerProcess) {
361 type = ChildProcessInfo::WORKER_PROCESS; 361 type = ChildProcessInfo::WORKER_PROCESS;
362 } else if (type_str == switches::kNaClProcess) {
363 type = ChildProcessInfo::NACL_PROCESS;
362 } else if (type_str == switches::kUtilityProcess) { 364 } else if (type_str == switches::kUtilityProcess) {
363 type = ChildProcessInfo::UTILITY_PROCESS; 365 type = ChildProcessInfo::UTILITY_PROCESS;
364 } else { 366 } else {
365 NOTREACHED(); 367 NOTREACHED();
366 return 0; 368 return 0;
367 } 369 }
368 370
369 bool in_sandbox = 371 bool in_sandbox =
370 !browser_command_line.HasSwitch(switches::kNoSandbox) && 372 !browser_command_line.HasSwitch(switches::kNoSandbox) &&
371 (type != ChildProcessInfo::PLUGIN_PROCESS || 373 (type != ChildProcessInfo::PLUGIN_PROCESS ||
(...skipping 15 matching lines...) Expand all
387 389
388 // spawn the child process in the sandbox 390 // spawn the child process in the sandbox
389 sandbox::BrokerServices* broker_service = 391 sandbox::BrokerServices* broker_service =
390 g_browser_process->broker_services(); 392 g_browser_process->broker_services();
391 393
392 sandbox::ResultCode result; 394 sandbox::ResultCode result;
393 PROCESS_INFORMATION target = {0}; 395 PROCESS_INFORMATION target = {0};
394 sandbox::TargetPolicy* policy = broker_service->CreatePolicy(); 396 sandbox::TargetPolicy* policy = broker_service->CreatePolicy();
395 397
396 bool on_sandbox_desktop = false; 398 bool on_sandbox_desktop = false;
399 // TODO(gregoryd): try locked-down policy for sel_ldr after we fix IMC.
400 // TODO(gregoryd): do we need a new desktop for sel_ldr?
397 if (type == ChildProcessInfo::PLUGIN_PROCESS) { 401 if (type == ChildProcessInfo::PLUGIN_PROCESS) {
398 if (!AddPolicyForPlugin(cmd_line, policy)) 402 if (!AddPolicyForPlugin(cmd_line, policy))
399 return 0; 403 return 0;
400 } else { 404 } else {
401 AddPolicyForRenderer(policy, &on_sandbox_desktop); 405 AddPolicyForRenderer(policy, &on_sandbox_desktop);
402 } 406 }
403 407
404 if (!exposed_dir.empty()) { 408 if (!exposed_dir.empty()) {
405 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, 409 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
406 sandbox::TargetPolicy::FILES_ALLOW_ANY, 410 sandbox::TargetPolicy::FILES_ALLOW_ANY,
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
443 447
444 // Help the process a little. It can't start the debugger by itself if 448 // Help the process a little. It can't start the debugger by itself if
445 // the process is in a sandbox. 449 // the process is in a sandbox.
446 if (child_needs_help) 450 if (child_needs_help)
447 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId); 451 DebugUtil::SpawnDebuggerOnProcess(target.dwProcessId);
448 452
449 return process; 453 return process;
450 } 454 }
451 455
452 } // namespace sandbox 456 } // namespace sandbox
OLDNEW
« no previous file with comments | « chrome/browser/renderer_host/resource_message_filter.cc ('k') | chrome/chrome.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698