chrome/common/sandbox_mac.mm - Issue 5580002: Mac: Tell the GPU sandbox to deny a few things.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/common/sandbox_mac.mm

Issue 5580002: Mac: Tell the GPU sandbox to deny a few things. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: works in release Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/common/sandbox_mac.mm

diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm

index 03170c44d71220fcd7772d7258006d43a3cd1567..c7fedde706adc937a361e88b0dff2842fd1661a5 100644

--- a/chrome/common/sandbox_mac.mm

+++ b/chrome/common/sandbox_mac.mm

@@ -7,12 +7,16 @@

#include "base/debug_util.h"

#import <Cocoa/Cocoa.h>

+#import <OpenGL/OpenGL.h>

extern "C" {

#include <sandbox.h>

}

+#include <signal.h>

#include <sys/param.h>

#include "base/basictypes.h"

+#include "base/chrome_application_mac.h"

#include "base/command_line.h"

#include "base/file_util.h"

#include "base/mac_util.h"

@@ -177,7 +181,7 @@ bool Sandbox::QuoteStringForRegex(const std::string& str_utf8,

// 10.5.6, 10.6.0

// static

-void Sandbox::SandboxWarmup() {

+void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) {

base::mac::ScopedNSAutoreleasePool scoped_pool;

{ // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6

@@ -231,6 +235,23 @@ void Sandbox::SandboxWarmup() {

{ // Native Client access to /dev/random.

jeremy 2010/12/03 14:22:09 Could you special case this for NaCL while you're

Nico 2010/12/04 00:26:10 Done.

GetUrandomFD();

}

+ if (sandbox_type == SANDBOX_TYPE_GPU) {

+ { // GPU-related stuff is very slow without this, probably because

+ // the sandbox prevents loading graphics drivers or some such.

+ CGLPixelFormatAttribute attribs[] = { (CGLPixelFormatAttribute)0 };

+ CGLPixelFormatObj format;

+ GLint n;

+ CGLChoosePixelFormat(attribs, &format, &n);

+ if (format)

+ CGLReleasePixelFormat(format);

+ }

+ { // Without this, the GPU process dies during [CrApplication init].

+ [CrApplication sharedApplication];

jeremy 2010/12/03 14:22:09 Could you make sure you don't have access to the c

Nico 2010/12/04 00:26:10 The unit test used to fail and passes now. I think

+ }

}

// static

« chrome/common/sandbox_mac.h ('K') | « chrome/common/sandbox_mac.h ('k') | chrome/common/sandbox_mac_unittest_helper.mm » ('j') | no next file with comments »