Chromium Code Reviews Chromium Code Reviews
Issue 5580002:
Mac: Tell the GPU sandbox to deny a few things. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/sandbox_mac.h" | 5 #include "chrome/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #include "base/debug_util.h" | 7 #include "base/debug_util.h" |
| 8 | 8 |
| 9 #import <Cocoa/Cocoa.h> | 9 #import <Cocoa/Cocoa.h> |
| 10 #import <OpenGL/OpenGL.h> | |
| 11 | |
| 10 extern "C" { | 12 extern "C" { |
| 11 #include <sandbox.h> | 13 #include <sandbox.h> |
| 12 } | 14 } |
| 15 #include <signal.h> | |
| 13 #include <sys/param.h> | 16 #include <sys/param.h> |
| 14 | 17 |
| 15 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
| 19 #include "base/chrome_application_mac.h" | |
| 16 #include "base/command_line.h" | 20 #include "base/command_line.h" |
| 17 #include "base/file_util.h" | 21 #include "base/file_util.h" |
| 18 #include "base/mac_util.h" | 22 #include "base/mac_util.h" |
| 19 #include "base/rand_util_c.h" | 23 #include "base/rand_util_c.h" |
| 20 #include "base/mac/scoped_cftyperef.h" | 24 #include "base/mac/scoped_cftyperef.h" |
| 21 #include "base/mac/scoped_nsautorelease_pool.h" | 25 #include "base/mac/scoped_nsautorelease_pool.h" |
| 22 #include "base/string16.h" | 26 #include "base/string16.h" |
| 23 #include "base/string_util.h" | 27 #include "base/string_util.h" |
| 24 #include "base/sys_info.h" | 28 #include "base/sys_info.h" |
| 25 #include "base/sys_string_conversions.h" | 29 #include "base/sys_string_conversions.h" |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 170 | 174 |
| 171 // Warm up System APIs that empirically need to be accessed before the Sandbox | 175 // Warm up System APIs that empirically need to be accessed before the Sandbox |
| 172 // is turned on. | 176 // is turned on. |
| 173 // This method is layed out in blocks, each one containing a separate function | 177 // This method is layed out in blocks, each one containing a separate function |
| 174 // that needs to be warmed up. The OS version on which we found the need to | 178 // that needs to be warmed up. The OS version on which we found the need to |
| 175 // enable the function is also noted. | 179 // enable the function is also noted. |
| 176 // This function is tested on the following OS versions: | 180 // This function is tested on the following OS versions: |
| 177 // 10.5.6, 10.6.0 | 181 // 10.5.6, 10.6.0 |
| 178 | 182 |
| 179 // static | 183 // static |
| 180 void Sandbox::SandboxWarmup() { | 184 void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) { |
| 181 base::mac::ScopedNSAutoreleasePool scoped_pool; | 185 base::mac::ScopedNSAutoreleasePool scoped_pool; |
| 182 | 186 |
| 183 { // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6 | 187 { // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6 |
| 184 base::mac::ScopedCFTypeRef<CGColorSpaceRef> rgb_colorspace( | 188 base::mac::ScopedCFTypeRef<CGColorSpaceRef> rgb_colorspace( |
| 185 CGColorSpaceCreateWithName(kCGColorSpaceGenericRGB)); | 189 CGColorSpaceCreateWithName(kCGColorSpaceGenericRGB)); |
| 186 | 190 |
| 187 // Allocate a 1x1 image. | 191 // Allocate a 1x1 image. |
| 188 char data[4]; | 192 char data[4]; |
| 189 base::mac::ScopedCFTypeRef<CGContextRef> context( | 193 base::mac::ScopedCFTypeRef<CGContextRef> context( |
| 190 CGBitmapContextCreate(data, 1, 1, 8, 1 * 4, | 194 CGBitmapContextCreate(data, 1, 1, 8, 1 * 4, |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 221 // Create a png with just enough data to get everything warmed up... | 225 // Create a png with just enough data to get everything warmed up... |
| 222 char png_header[] = {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A}; | 226 char png_header[] = {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A}; |
| 223 NSData* data = [NSData dataWithBytes:png_header | 227 NSData* data = [NSData dataWithBytes:png_header |
| 224 length:arraysize(png_header)]; | 228 length:arraysize(png_header)]; |
| 225 base::mac::ScopedCFTypeRef<CGImageSourceRef> img( | 229 base::mac::ScopedCFTypeRef<CGImageSourceRef> img( |
| 226 CGImageSourceCreateWithData((CFDataRef)data, | 230 CGImageSourceCreateWithData((CFDataRef)data, |
| 227 NULL)); | 231 NULL)); |
| 228 CGImageSourceGetStatus(img); | 232 CGImageSourceGetStatus(img); |
| 229 } | 233 } |
| 230 | 234 |
| 231 { // Native Client access to /dev/random. | 235 { // Native Client access to /dev/random. |
|
jeremy
2010/12/03 14:22:09
Could you special case this for NaCL while you're
Nico
2010/12/04 00:26:10
Done.
| |
| 232 GetUrandomFD(); | 236 GetUrandomFD(); |
| 233 } | 237 } |
| 238 | |
| 239 if (sandbox_type == SANDBOX_TYPE_GPU) { | |
| 240 { // GPU-related stuff is very slow without this, probably because | |
| 241 // the sandbox prevents loading graphics drivers or some such. | |
| 242 CGLPixelFormatAttribute attribs[] = { (CGLPixelFormatAttribute)0 }; | |
| 243 CGLPixelFormatObj format; | |
| 244 GLint n; | |
| 245 CGLChoosePixelFormat(attribs, &format, &n); | |
| 246 if (format) | |
| 247 CGLReleasePixelFormat(format); | |
| 248 } | |
| 249 | |
| 250 | |
| 251 { // Without this, the GPU process dies during [CrApplication init]. | |
| 252 [CrApplication sharedApplication]; | |
|
jeremy
2010/12/03 14:22:09
Could you make sure you don't have access to the c
Nico
2010/12/04 00:26:10
The unit test used to fail and passes now. I think
| |
| 253 } | |
| 254 } | |
| 234 } | 255 } |
| 235 | 256 |
| 236 // static | 257 // static |
| 237 NSString* Sandbox::BuildAllowDirectoryAccessSandboxString( | 258 NSString* Sandbox::BuildAllowDirectoryAccessSandboxString( |
| 238 const FilePath& allowed_dir, | 259 const FilePath& allowed_dir, |
| 239 SandboxVariableSubstitions* substitutions) { | 260 SandboxVariableSubstitions* substitutions) { |
| 240 // A whitelist is used to determine which directories can be statted | 261 // A whitelist is used to determine which directories can be statted |
| 241 // This means that in the case of an /a/b/c/d/ directory, we may be able to | 262 // This means that in the case of an /a/b/c/d/ directory, we may be able to |
| 242 // stat the leaf directory, but not it's parent. | 263 // stat the leaf directory, but not it's parent. |
| 243 // The extension code in Chrome calls realpath() which fails if it can't call | 264 // The extension code in Chrome calls realpath() which fails if it can't call |
| (...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 541 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { | 562 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { |
| 542 PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 563 PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 543 << path->value(); | 564 << path->value(); |
| 544 return; | 565 return; |
| 545 } | 566 } |
| 546 | 567 |
| 547 *path = FilePath(canonical_path); | 568 *path = FilePath(canonical_path); |
| 548 } | 569 } |
| 549 | 570 |
| 550 } // namespace sandbox | 571 } // namespace sandbox |
| OLD | NEW |
