| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/sandbox_mac.h" | 5 #include "chrome/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #include "base/debug_util.h" | 7 #include "base/debug_util.h" |
| 8 | 8 |
| 9 #import <Cocoa/Cocoa.h> | 9 #import <Cocoa/Cocoa.h> |
| 10 extern "C" { | 10 extern "C" { |
| (...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 237 } | 237 } |
| 238 | 238 |
| 239 { // Native Client access to /dev/random. | 239 { // Native Client access to /dev/random. |
| 240 GetUrandomFD(); | 240 GetUrandomFD(); |
| 241 } | 241 } |
| 242 } | 242 } |
| 243 | 243 |
| 244 // Turns on the OS X sandbox for this process. | 244 // Turns on the OS X sandbox for this process. |
| 245 bool EnableSandbox(SandboxProcessType sandbox_type, | 245 bool EnableSandbox(SandboxProcessType sandbox_type, |
| 246 const FilePath& allowed_dir) { | 246 const FilePath& allowed_dir) { |
| 247 // Name of the file containing a common prefix included at the start of | |
| 248 // all the other sandbox profiles. | |
| 249 const NSString* kCommonSandboxPrefixFileName = @"common"; | |
| 250 | |
| 251 // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being | 247 // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being |
| 252 // passed in. | 248 // passed in. |
| 253 if (sandbox_type != SANDBOX_TYPE_UTILITY) { | 249 if (sandbox_type != SANDBOX_TYPE_UTILITY) { |
| 254 DCHECK(allowed_dir.empty()) | 250 DCHECK(allowed_dir.empty()) |
| 255 << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter."; | 251 << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter."; |
| 256 } | 252 } |
| 257 // We use a custom sandbox definition file to lock things down as | 253 // We use a custom sandbox definition file to lock things down as |
| 258 // tightly as possible. | 254 // tightly as possible. |
| 259 // TODO(jeremy): Look at using include syntax to unify common parts of sandbox | 255 // TODO(jeremy): Look at using include syntax to unify common parts of sandbox |
| 260 // definition files. | 256 // definition files. |
| (...skipping 29 matching lines...) Expand all Loading... |
| 290 // See http://code.google.com/p/nativeclient/issues/detail?id=344 | 286 // See http://code.google.com/p/nativeclient/issues/detail?id=344 |
| 291 sandbox_config_filename = @"nacl_loader"; | 287 sandbox_config_filename = @"nacl_loader"; |
| 292 break; | 288 break; |
| 293 default: | 289 default: |
| 294 NOTREACHED(); | 290 NOTREACHED(); |
| 295 return false; | 291 return false; |
| 296 } | 292 } |
| 297 | 293 |
| 298 // Read in the sandbox profile and the common prefix file. | 294 // Read in the sandbox profile and the common prefix file. |
| 299 NSString* common_sandbox_prefix_path = | 295 NSString* common_sandbox_prefix_path = |
| 300 [mac_util::MainAppBundle() pathForResource:kCommonSandboxPrefixFileName | 296 [mac_util::MainAppBundle() pathForResource:@"common" |
| 301 ofType:@"sb"]; | 297 ofType:@"sb"]; |
| 302 NSString* common_sandbox_prefix_data = | 298 NSString* common_sandbox_prefix_data = |
| 303 [NSString stringWithContentsOfFile:common_sandbox_prefix_path | 299 [NSString stringWithContentsOfFile:common_sandbox_prefix_path |
| 304 encoding:NSUTF8StringEncoding | 300 encoding:NSUTF8StringEncoding |
| 305 error:NULL]; | 301 error:NULL]; |
| 306 | 302 |
| 307 if (!common_sandbox_prefix_data) { | 303 if (!common_sandbox_prefix_data) { |
| 308 LOG(ERROR) << "Failed to find the sandbox profile on disk " | 304 LOG(ERROR) << "Failed to find the sandbox profile on disk " |
| 309 << [common_sandbox_prefix_path fileSystemRepresentation]; | 305 << [common_sandbox_prefix_path fileSystemRepresentation]; |
| 310 return false; | 306 return false; |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 409 bool success = (error == 0 && error_buff == NULL); | 405 bool success = (error == 0 && error_buff == NULL); |
| 410 LOG_IF(ERROR, !success) << "Failed to initialize sandbox: " | 406 LOG_IF(ERROR, !success) << "Failed to initialize sandbox: " |
| 411 << error | 407 << error |
| 412 << " " | 408 << " " |
| 413 << error_buff; | 409 << error_buff; |
| 414 sandbox_free_error(error_buff); | 410 sandbox_free_error(error_buff); |
| 415 return success; | 411 return success; |
| 416 } | 412 } |
| 417 | 413 |
| 418 } // namespace sandbox | 414 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2769014:
Mac/clang: Possibly contentious changes. (Closed)
