chrome/common/sandbox_mac.mm - Issue 5580002: Mac: Tell the GPU sandbox to deny a few things.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/common/sandbox_mac.mm

Issue 5580002: Mac: Tell the GPU sandbox to deny a few things. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: browser tests pass Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/common/sandbox_mac.mm

diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm

index 03170c44d71220fcd7772d7258006d43a3cd1567..58044cc49d5e0d9a21e3ea2b3c636fdeaa0bb819 100644

--- a/chrome/common/sandbox_mac.mm

+++ b/chrome/common/sandbox_mac.mm

@@ -7,12 +7,17 @@

#include "base/debug_util.h"

#import <Cocoa/Cocoa.h>

+#import <OpenGL/OpenGL.h>

extern "C" {

#include <sandbox.h>

}

+#include <signal.h>

#include <sys/param.h>

+#include "app/gfx/gl/gl_context.h"

#include "base/basictypes.h"

+#include "base/chrome_application_mac.h"

#include "base/command_line.h"

#include "base/file_util.h"

#include "base/mac_util.h"

@@ -177,7 +182,7 @@ bool Sandbox::QuoteStringForRegex(const std::string& str_utf8,

// 10.5.6, 10.6.0

// static

-void Sandbox::SandboxWarmup() {

+void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) {

base::mac::ScopedNSAutoreleasePool scoped_pool;

{ // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6

@@ -228,8 +233,45 @@ void Sandbox::SandboxWarmup() {

CGImageSourceGetStatus(img);

}

- { // Native Client access to /dev/random.

- GetUrandomFD();

+ // Process-type dependent warm-up.

+ switch (sandbox_type) {

+ case SANDBOX_TYPE_NACL_LOADER:

+ {

+ // Native Client access to /dev/random.

+ GetUrandomFD();

+ }

+ break;

+ case SANDBOX_TYPE_GPU:

+ { // GPU-related stuff is very slow without this, probably because

+ // the sandbox prevents loading graphics drivers or some such.

+ CGLPixelFormatAttribute attribs[] = { (CGLPixelFormatAttribute)0 };

+ CGLPixelFormatObj format;

+ GLint n;

+ CGLChoosePixelFormat(attribs, &format, &n);

+ if (format)

+ CGLReleasePixelFormat(format);

+ }

+ {

+ // Preload either the desktop GL or the osmesa so, depending on the

+ // --use-gl flag.

+ gfx::GLContext::InitializeOneOff();

+ }

+ {

+ // Access to /dev/random is required for the field trial code.

+ GetUrandomFD();

+ }

+ { // Without this, the GPU process dies during [CrApplication init].

+ [CrApplication sharedApplication];

+ }

+ break;

+ default:

+ // To shut up a gcc warning.

+ break;

}

« chrome/browser/gpu.sb ('K') | « chrome/common/sandbox_mac.h ('k') | chrome/common/sandbox_mac_unittest_helper.mm » ('j') | no next file with comments »