Sandbox Worker process on the Mac.

chrome/common/sandbox_mac.mm

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/sandbox_mac.h"
 
 #include "base/debug_util.h"
 
 #import <Cocoa/Cocoa.h>
 extern "C" {
@@ skipping 66 matching lines @@
     NSData* data = [NSData dataWithBytes:png_header
                                   length:arraysize(png_header)];
     scoped_cftyperef<CGImageSourceRef> img(
         CGImageSourceCreateWithData((CFDataRef)data,
         NULL));
     CGImageSourceGetStatus(img);
   }
 }
 
 // Turns on the OS X sandbox for this process.
-bool EnableSandbox() {
-  // For the renderer, we give it a custom sandbox to lock things down as
-  // tightly as possible, while still enabling drawing.
+bool EnableSandbox(SandboxProcessType sandbox_type,
+                   const FilePath& allowed_dir) {
+  // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being
+  // passed in.
+  if (sandbox_type != SANDBOX_TYPE_UTILITY) {
+    DCHECK(allowed_dir.empty())
+        << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter.";
+  } else {
+    DCHECK(!allowed_dir.empty())
+        << "SANDBOX_TYPE_UTILITY "
+        << "needs a custom directory parameter, but an empty one was provided.";
+  }
+
+  // We use a custom sandbox definition file to lock things down as
+  // tightly as possible.
+  // TODO(jeremy): Look at using include syntax to unify common parts of sandbox
+  // definition files.
+  NSString* sandbox_config_filename = nil;
+  switch (sandbox_type) {
+    case SANDBOX_TYPE_RENDERER:
+      sandbox_config_filename = @"renderer";
+      break;
+    case SANDBOX_TYPE_WORKER:
+      sandbox_config_filename = @"worker";
+      break;
+    case SANDBOX_TYPE_UTILITY:
+      sandbox_config_filename = @"utility";
+      break;
+    default:
+      NOTREACHED();
+      return false;
+  }
+
   NSString* sandbox_profile_path =
-      [mac_util::MainAppBundle() pathForResource:@"renderer" ofType:@"sb"];
+      [mac_util::MainAppBundle() pathForResource:sandbox_config_filename
+                                          ofType:@"sb"];
   NSString* sandbox_data = [NSString
       stringWithContentsOfFile:sandbox_profile_path
       encoding:NSUTF8StringEncoding
       error:nil];
 
   if (!sandbox_data) {
     LOG(ERROR) << "Failed to find the sandbox profile on disk";
     return false;
   }
 
   // Enable verbose logging if enabled on the command line.
   // (see renderer.sb for details).
   const CommandLine *command_line = CommandLine::ForCurrentProcess();
   if (command_line->HasSwitch(switches::kEnableSandboxLogging)) {
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";ENABLE_LOGGING"
                                   withString:@""];
   }
 
+  if (!allowed_dir.empty()) {
+    NSString* allowed_dir_ns = base::SysUTF8ToNSString(allowed_dir.value());
+    sandbox_data = [sandbox_data
+        stringByReplacingOccurrencesOfString:@"DIR_TO_ALLOW_ACCESS"
+                                  withString:allowed_dir_ns];
+  }
+
   int32 major_version, minor_version, bugfix_version;
   base::SysInfo::OperatingSystemVersionNumbers(&major_version,
       &minor_version, &bugfix_version);
 
   if (major_version > 10 || (major_version == 10 && minor_version >= 6)) {
     // 10.6-only Sandbox rules.
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@";10.6_ONLY"
                                   withString:@""];
     // Splice the path of the user's home directory into the sandbox profile
@@ skipping 15 matching lines @@
   int error = sandbox_init([sandbox_data UTF8String], 0, &error_buff);
   bool success = (error == 0 && error_buff == NULL);
   if (error == -1) {
     LOG(ERROR) << "Failed to Initialize Sandbox: " << error_buff;
   }
   sandbox_free_error(error_buff);
   return success;
 }
 
 }  // namespace sandbox