Recommit - r52326 - Mac: Use canonicalization rather than absolute paths for sandbox.

chrome/common/sandbox_mac.mm

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/sandbox_mac.h"
 
 #include "base/debug_util.h"
 
 #import <Cocoa/Cocoa.h>
 extern "C" {
 #include <sandbox.h>
 }
+#include <sys/param.h>
 
 #include "base/basictypes.h"
 #include "base/command_line.h"
 #include "base/file_util.h"
 #include "base/mac_util.h"
 #include "base/rand_util_c.h"
 #include "base/scoped_cftyperef.h"
 #include "base/scoped_nsautorelease_pool.h"
 #include "base/string16.h"
 #include "base/sys_info.h"
@@ skipping 88 matching lines @@
 // output.
 //
 // The implementation of this function is based on empirical testing of the
 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to change.
 //
 // Note: If str_utf8 contains any characters < 32 || >125 then the function
 // fails and false is returned.
 //
 // Returns: true on success, false otherwise.
 bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst) {
-  // List of chars with special meaning to regex.
-  // This list is derived from http://perldoc.perl.org/perlre.html .
+  // Characters with special meanings in sandbox profile syntax.
   const char regex_special_chars[] = {
     '\\',
 
     // Metacharacters
     '^',
     '.',
+    '[',
+    ']',
     '$',
-    '|',
     '(',
     ')',
-    '[',
-    ']',
+    '|',
 
     // Quantifiers
     '*',
     '+',
     '?',
     '{',
     '}',
   };
 
   // Anchor regex at start of path.
@@ skipping 193 matching lines @@
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";NACL"
                                   withString:@""];
   }
 
   if (!allowed_dir.empty()) {
     // The sandbox only understands "real" paths.  This resolving step is
     // needed so the caller doesn't need to worry about things like /var
     // being a link to /private/var (like in the paths CreateNewTempDirectory()
     // returns).
-    FilePath allowed_dir_absolute(allowed_dir);
-    if (!file_util::AbsolutePath(&allowed_dir_absolute)) {
-      PLOG(FATAL) << "Failed to resolve absolute path";
-      return false;
-    }
+    FilePath allowed_dir_canonical(allowed_dir);
+    GetCanonicalSandboxPath(&allowed_dir_canonical);
 
     std::string allowed_dir_escaped;
-    if (!QuoteStringForRegex(allowed_dir_absolute.value(),
+    if (!QuoteStringForRegex(allowed_dir_canonical.value(),
                              &allowed_dir_escaped)) {
       LOG(FATAL) << "Regex string quoting failed " << allowed_dir.value();
       return false;
     }
     NSString* allowed_dir_escaped_ns = base::SysUTF8ToNSString(
         allowed_dir_escaped.c_str());
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";ENABLE_DIRECTORY_ACCESS"
                                   withString:@""];
     sandbox_data = [sandbox_data
@@ skipping 11 matching lines @@
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";10.6_ONLY"
                                   withString:@""];
     // Splice the path of the user's home directory into the sandbox profile
     // (see renderer.sb for details).
     // This code is in the 10.6-only block because the sandbox syntax we use
     // for this "subdir" is only supported on 10.6.
     // If we ever need this on pre-10.6 OSs then we'll have to rethink the
     // surrounding sandbox syntax.
     std::string home_dir = base::SysNSStringToUTF8(NSHomeDirectory());
+
+    FilePath home_dir_canonical(home_dir);
+    GetCanonicalSandboxPath(&home_dir_canonical);
+
     std::string home_dir_escaped;
-    if (!QuotePlainString(home_dir, &home_dir_escaped)) {
+    if (!QuotePlainString(home_dir_canonical.value(), &home_dir_escaped)) {
       LOG(FATAL) << "Sandbox string quoting failed";
       return false;
     }
     NSString* home_dir_escaped_ns = base::SysUTF8ToNSString(home_dir_escaped);
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@"USER_HOMEDIR"
                                   withString:home_dir_escaped_ns];
   } else if (major_version == 10 && minor_version < 6) {
     // Sandbox rules only for versions before 10.6.
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";BEFORE_10.6"
                                   withString:@""];
   }
 
   char* error_buff = NULL;
   int error = sandbox_init([sandbox_data UTF8String], 0, &error_buff);
   bool success = (error == 0 && error_buff == NULL);
   LOG_IF(FATAL, !success) << "Failed to initialize sandbox: "
                           << error
                           << " "
                           << error_buff;
   sandbox_free_error(error_buff);
   return success;
 }
 
+void GetCanonicalSandboxPath(FilePath* path) {
+  int fd = HANDLE_EINTR(open(path->value().c_str(), O_RDONLY));
+  if (fd < 0) {
+    PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: "
+                << path->value();
+    return;
+  }
+  file_util::ScopedFD file_closer(&fd);
+
+  FilePath::CharType canonical_path[MAXPATHLEN];
+  if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) {
+    PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: "
+                << path->value();
+    return;
+  }
+
+  *path = FilePath(canonical_path);
+}
+
 }  // namespace sandbox