OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/common/sandbox_init_wrapper.h" |
| 6 |
| 7 #include "base/command_line.h" |
| 8 #include "chrome/common/chrome_switches.h" |
| 9 #include "chrome/common/sandbox_mac.h" |
| 10 |
| 11 bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line, |
| 12 const std::string& process_type) { |
| 13 if (command_line.HasSwitch(switches::kNoSandbox)) |
| 14 return true; |
| 15 |
| 16 sandbox::SandboxProcessType sandbox_process_type; |
| 17 FilePath allowed_dir; // Empty by default. |
| 18 |
| 19 // Browser process isn't sandboxed. |
| 20 if (process_type.empty()) { |
| 21 return true; |
| 22 } else if (process_type == switches::kRendererProcess) { |
| 23 // Renderer process sandbox. |
| 24 sandbox_process_type = sandbox::SANDBOX_TYPE_RENDERER; |
| 25 } else if (process_type == switches::kUtilityProcess) { |
| 26 // Utility process sandbox. |
| 27 sandbox_process_type = sandbox::SANDBOX_TYPE_UTILITY; |
| 28 allowed_dir = FilePath::FromWStringHack( |
| 29 command_line.GetSwitchValue(switches::kUtilityProcessAllowedDir)); |
| 30 } else if (process_type == switches::kWorkerProcess) { |
| 31 // Worker process sandbox. |
| 32 sandbox_process_type = sandbox::SANDBOX_TYPE_WORKER; |
| 33 } else if ((process_type == switches::kNaClProcess) || |
| 34 (process_type == switches::kPluginProcess) || |
| 35 (process_type == switches::kProfileImportProcess)) { |
| 36 return true; |
| 37 } else { |
| 38 // Failsafe: If you hit an unreached here, is your new process type in need |
| 39 // of sandboxing? |
| 40 NOTREACHED(); |
| 41 return true; |
| 42 } |
| 43 |
| 44 // Warm up APIs before turning on the sandbox. |
| 45 sandbox::SandboxWarmup(); |
| 46 |
| 47 // Actually sandbox the process. |
| 48 return sandbox::EnableSandbox(sandbox_process_type, allowed_dir); |
| 49 } |
OLD | NEW |