Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(238)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/sandbox_init_wrapper_mac.cc

Issue 3077003: Fully remove the hole in the Mac Sandbox that was used to support... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/nacl_loader.sb ('k') | chrome/common/sandbox_mac.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/sandbox_init_wrapper.h" 5 #include "chrome/common/sandbox_init_wrapper.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "chrome/common/chrome_switches.h" 8 #include "chrome/common/chrome_switches.h"
9 #include "chrome/common/sandbox_mac.h" 9 #include "chrome/common/sandbox_mac.h"
10 10
11 bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line, 11 bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line,
12 const std::string& process_type) { 12 const std::string& process_type) {
13 if (command_line.HasSwitch(switches::kNoSandbox)) 13 if (command_line.HasSwitch(switches::kNoSandbox))
14 return true; 14 return true;
15 15
16 sandbox::SandboxProcessType sandbox_process_type; 16 sandbox::SandboxProcessType sandbox_process_type;
17 FilePath allowed_dir; // Empty by default. 17 FilePath allowed_dir; // Empty by default.
18 18
19 if (process_type.empty()) { 19 if (process_type.empty()) {
20 // Browser process isn't sandboxed. 20 // Browser process isn't sandboxed.
21 return true; 21 return true;
22 } else if (process_type == switches::kRendererProcess) { 22 } else if (process_type == switches::kRendererProcess) {
23 if (command_line.HasSwitch(switches::kEnableExperimentalWebGL) && 23 if (command_line.HasSwitch(switches::kEnableExperimentalWebGL) &&
24 command_line.HasSwitch(switches::kInProcessWebGL)) { 24 command_line.HasSwitch(switches::kInProcessWebGL)) {
25 // TODO(kbr): this check seems to be necessary only on this 25 // TODO(kbr): this check seems to be necessary only on this
26 // platform because the sandbox is initialized later. Remove 26 // platform because the sandbox is initialized later. Remove
27 // this once this flag is removed. 27 // this once this flag is removed.
28 return true; 28 return true;
29 } else if (command_line.HasSwitch(switches::kInternalNaCl)) {
30 // Renderer process sandbox. If --internal_nacl is present then use the
31 // version of the renderer sandbox which allows Native Client to use Unix
32 // sockets.
33 // TODO(msneck): Remove the use of Unix sockets from Native Client and
34 // then get rid of the SANDBOX_TYPE_NACL_PLUGIN enum.
35 // See http://code.google.com/p/nativeclient/issues/detail?id=344
36 sandbox_process_type = sandbox::SANDBOX_TYPE_NACL_PLUGIN;
37 } else { 29 } else {
38 sandbox_process_type = sandbox::SANDBOX_TYPE_RENDERER; 30 sandbox_process_type = sandbox::SANDBOX_TYPE_RENDERER;
39 } 31 }
40 } else if (process_type == switches::kExtensionProcess) { 32 } else if (process_type == switches::kExtensionProcess) {
41 // Extension processes are just renderers [they use RenderMain()] with a 33 // Extension processes are just renderers [they use RenderMain()] with a
42 // different set of command line flags. 34 // different set of command line flags.
43 // If we ever get here it means something has changed in regards 35 // If we ever get here it means something has changed in regards
44 // to the extension process mechanics and we should probably reexamine 36 // to the extension process mechanics and we should probably reexamine
45 // how we sandbox extension processes since they are no longer identical 37 // how we sandbox extension processes since they are no longer identical
46 // to renderers. 38 // to renderers.
(...skipping 21 matching lines...) Expand all
68 NOTREACHED(); 60 NOTREACHED();
69 return true; 61 return true;
70 } 62 }
71 63
72 // Warm up APIs before turning on the sandbox. 64 // Warm up APIs before turning on the sandbox.
73 sandbox::SandboxWarmup(); 65 sandbox::SandboxWarmup();
74 66
75 // Actually sandbox the process. 67 // Actually sandbox the process.
76 return sandbox::EnableSandbox(sandbox_process_type, allowed_dir); 68 return sandbox::EnableSandbox(sandbox_process_type, allowed_dir);
77 } 69 }
OLDNEW
« no previous file with comments | « chrome/browser/nacl_loader.sb ('k') | chrome/common/sandbox_mac.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698