chrome/common/sandbox_mac.mm - Issue 3077003: Fully remove the hole in the Mac Sandbox that was used to support...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/common/sandbox_mac.mm

Issue 3077003: Fully remove the hole in the Mac Sandbox that was used to support... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 10 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/common/sandbox_mac.mm

===================================================================

--- chrome/common/sandbox_mac.mm (revision 53778)

+++ chrome/common/sandbox_mac.mm (working copy)

@@ -255,7 +255,6 @@

// TODO(jeremy): Look at using include syntax to unify common parts of sandbox

// definition files.

NSString* sandbox_config_filename = nil;

- bool allow_nacl_lines = false;

switch (sandbox_type) {

case SANDBOX_TYPE_RENDERER:

sandbox_config_filename = @"renderer";

@@ -266,24 +265,9 @@

case SANDBOX_TYPE_UTILITY:

sandbox_config_filename = @"utility";

break;

- case SANDBOX_TYPE_NACL_PLUGIN:

- // The Native Client plugin is a standard renderer sandbox with some

- // additional lines to support use of Unix sockets.

- // TODO(msneck): Remove the use of Unix sockets from Native Client and

- // then remove the associated rules from chrome/renderer/renderer.sb.

- // See http://code.google.com/p/nativeclient/issues/detail?id=344

- sandbox_config_filename = @"renderer";

- allow_nacl_lines = true;

- break;

case SANDBOX_TYPE_NACL_LOADER:

// The Native Client loader is used for safeguarding the user's

// untrusted code within Native Client.

- // TODO(msneck): Remove the use of Unix sockets from Native Client and

- // then decide on an appropriate sandbox type for the untrusted code.

- // This might simply mean removing the Unix socket rules from

- // chrome/browser/nacl_loader.sb or it might mean sharing the

- // sandbox configuration with SANDBOX_TYPE_WORKER.

- // See http://code.google.com/p/nativeclient/issues/detail?id=344

sandbox_config_filename = @"nacl_loader";

break;

default:

@@ -333,13 +317,6 @@

withString:@""];

}

- // Enable Native Client lines if they are allowed.

- if (allow_nacl_lines) {

- sandbox_data = [sandbox_data

- stringByReplacingOccurrencesOfString:@";NACL"

- withString:@""];

- }

if (!allowed_dir.empty()) {

// The sandbox only understands "real" paths. This resolving step is

// needed so the caller doesn't need to worry about things like /var

« no previous file with comments | « chrome/common/sandbox_mac.h ('k') | chrome/renderer/renderer.sb » ('j') | no next file with comments »