chrome/common/sandbox_mac.mm - Issue 3155031: [Mac] Disable all sandboxd logging unless running with --enable-sandbox-logging.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/common/sandbox_mac.mm

Issue 3155031: [Mac] Disable all sandboxd logging unless running with --enable-sandbox-logging. (Closed) Base URL: http://src.chromium.org/git/chromium.git

Patch Set: nits Created 10 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/common/sandbox_mac.mm

diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm

index c514a10cf04754b1f9b781a6f0e8d9be2df378b5..303a538eb3f7f5f40ffad751f048236208b8eeec 100644

--- a/chrome/common/sandbox_mac.mm

+++ b/chrome/common/sandbox_mac.mm

@@ -309,15 +309,37 @@ bool EnableSandbox(SandboxProcessType sandbox_type,

sandbox_data =

[common_sandbox_prefix_data stringByAppendingString:sandbox_data];

- // Enable verbose logging if enabled on the command line.

- // (see renderer.sb for details).

+ // Enable verbose logging if enabled on the command line. (See common.sb

+ // for details).

const CommandLine *command_line = CommandLine::ForCurrentProcess();

- if (command_line->HasSwitch(switches::kEnableSandboxLogging)) {

+ bool enable_logging =

+ command_line->HasSwitch(switches::kEnableSandboxLogging);

+ if (enable_logging) {

sandbox_data = [sandbox_data

stringByReplacingOccurrencesOfString:@";ENABLE_LOGGING"

withString:@""];

}

+ // Get the OS version.

+ int32 major_version, minor_version, bugfix_version;

+ base::SysInfo::OperatingSystemVersionNumbers(&major_version,

+ &minor_version, &bugfix_version);

+ bool snow_leopard_or_higher =

+ (major_version > 10 || (major_version == 10 && minor_version >= 6));

+ // Without this, the sandbox will print a message to the system log every

+ // time it denies a request. This floods the console with useless spew. The

+ // (with no-log) syntax is only supported on 10.6+

+ if (snow_leopard_or_higher && !enable_logging) {

+ sandbox_data = [sandbox_data

+ stringByReplacingOccurrencesOfString:@"DISABLE_SANDBOX_DENIAL_LOGGING"

+ withString:@"(with no-log)"];

+ } else {

+ sandbox_data = [sandbox_data

+ stringByReplacingOccurrencesOfString:@"DISABLE_SANDBOX_DENIAL_LOGGING"

+ withString:@""];

+ }

if (!allowed_dir.empty()) {

// The sandbox only understands "real" paths. This resolving step is

// needed so the caller doesn't need to worry about things like /var

@@ -343,11 +365,7 @@ bool EnableSandbox(SandboxProcessType sandbox_type,

}

- int32 major_version, minor_version, bugfix_version;

- base::SysInfo::OperatingSystemVersionNumbers(&major_version,

- &minor_version, &bugfix_version);

- if (major_version > 10 || (major_version == 10 && minor_version >= 6)) {

+ if (snow_leopard_or_higher) {

// 10.6-only Sandbox rules.

sandbox_data = [sandbox_data

stringByReplacingOccurrencesOfString:@";10.6_ONLY"

« no previous file with comments | « chrome/common/common.sb ('k') | no next file » | no next file with comments »