chrome/common/sandbox_mac.h - Issue 5580002: Mac: Tell the GPU sandbox to deny a few things.

Side by Side Diff: chrome/common/sandbox_mac.h

Issue 5580002: Mac: Tell the GPU sandbox to deny a few things. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: works in release Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_	5 #ifndef CHROME_COMMON_SANDBOX_MAC_H_

6 #define CHROME_COMMON_SANDBOX_MAC_H_	6 #define CHROME_COMMON_SANDBOX_MAC_H_

7 #pragma once	7 #pragma once

8	8

9 #include <string>	9 #include <string>

10	10

(...skipping 64 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
75 // Native Client sandbox for the user's untrusted code.	75 // Native Client sandbox for the user's untrusted code.

76 SANDBOX_TYPE_NACL_LOADER,	76 SANDBOX_TYPE_NACL_LOADER,

77	77

78 // GPU process.	78 // GPU process.

79 SANDBOX_TYPE_GPU,	79 SANDBOX_TYPE_GPU,

80	80

81 SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration.	81 SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration.

82 };	82 };

83	83

84 // Warm up System APIs that empirically need to be accessed before the Sandbox	84 // Warm up System APIs that empirically need to be accessed before the Sandbox

85 // is turned on.	85 // is turned on.
	jeremy 2010/12/03 14:22:09 Can you update the comment with details on the par Can you update the comment with details on the parameter. Nico 2010/12/04 00:26:10 Done. Show quoted text On 2010/12/03 14:22:09, jeremy wrote: > Can you update the comment with details on the parameter. Done.
86 static void SandboxWarmup();	86 static void SandboxWarmup(SandboxProcessType sandbox_type);

87	87

88 // Turns on the OS X sandbox for this process.	88 // Turns on the OS X sandbox for this process.

89 // \|sandbox_type\| - type of Sandbox to use.	89 // \|sandbox_type\| - type of Sandbox to use.

90 // \|allowed_dir\| - directory to allow access to, currently the only sandbox	90 // \|allowed_dir\| - directory to allow access to, currently the only sandbox

91 // profile that supports this is SANDBOX_TYPE_UTILITY .	91 // profile that supports this is SANDBOX_TYPE_UTILITY .

92 //	92 //

93 // Returns true on success, false if an error occurred enabling the sandbox.	93 // Returns true on success, false if an error occurred enabling the sandbox.

94 static bool EnableSandbox(SandboxProcessType sandbox_type,	94 static bool EnableSandbox(SandboxProcessType sandbox_type,

95 const FilePath& allowed_dir);	95 const FilePath& allowed_dir);

96	96

(...skipping 74 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
171 FRIEND_TEST(MacDirAccessSandboxTest, StringEscape);	171 FRIEND_TEST(MacDirAccessSandboxTest, StringEscape);

172 FRIEND_TEST(MacDirAccessSandboxTest, RegexEscape);	172 FRIEND_TEST(MacDirAccessSandboxTest, RegexEscape);

173 FRIEND_TEST(MacDirAccessSandboxTest, SandboxAccess);	173 FRIEND_TEST(MacDirAccessSandboxTest, SandboxAccess);

174	174

175 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);	175 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);

176 };	176 };

177	177

178 } // namespace sandbox	178 } // namespace sandbox

179	179

180 #endif // CHROME_COMMON_SANDBOX_MAC_H_	180 #endif // CHROME_COMMON_SANDBOX_MAC_H_

OLD	NEW

« chrome/browser/gpu.sb ('K') | « chrome/common/sandbox_init_wrapper_mac.cc ('k') | chrome/common/sandbox_mac.mm » ('j') | chrome/common/sandbox_mac.mm » ('J')