Chromium Code Reviews Chromium Code Reviews
Issue 7060002:
Mac: Fix WebGL in OS X 10.7 + misc. Sandbox cleanup (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #import <OpenGL/OpenGL.h> | 8 #import <OpenGL/OpenGL.h> |
| 9 | 9 |
| 10 extern "C" { | 10 extern "C" { |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 378 LOG(FATAL) << "Failed to find the sandbox profile on disk " | 378 LOG(FATAL) << "Failed to find the sandbox profile on disk " |
| 379 << [sandbox_profile_path fileSystemRepresentation]; | 379 << [sandbox_profile_path fileSystemRepresentation]; |
| 380 return nil; | 380 return nil; |
| 381 } | 381 } |
| 382 | 382 |
| 383 // Prefix sandbox_data with common_sandbox_prefix_data. | 383 // Prefix sandbox_data with common_sandbox_prefix_data. |
| 384 return [common_sandbox_prefix_data stringByAppendingString:sandbox_data]; | 384 return [common_sandbox_prefix_data stringByAppendingString:sandbox_data]; |
| 385 } | 385 } |
| 386 | 386 |
| 387 // Retrieve OS X version, output parameters are self explanatory. | 387 // Retrieve OS X version, output parameters are self explanatory. |
| 388 void GetOSVersion(bool* snow_leopard_or_higher) { | 388 void GetOSVersion(bool* snow_leopard_or_higher, bool* lion_or_higher) { |
| 389 int32 major_version, minor_version, bugfix_version; | 389 int32 major_version, minor_version, bugfix_version; |
| 390 base::SysInfo::OperatingSystemVersionNumbers(&major_version, | 390 base::SysInfo::OperatingSystemVersionNumbers(&major_version, |
| 391 &minor_version, | 391 &minor_version, |
| 392 &bugfix_version); | 392 &bugfix_version); |
| 393 *snow_leopard_or_higher = | 393 *snow_leopard_or_higher = |
| 394 (major_version > 10 || (major_version == 10 && minor_version >= 6)); | 394 (major_version > 10 || (major_version == 10 && minor_version >= 6)); |
| 395 *lion_or_higher = | |
| 396 (major_version > 10 || (major_version == 10 && minor_version >= 7)); | |
| 395 } | 397 } |
| 396 | 398 |
| 397 // static | 399 // static |
| 398 bool Sandbox::PostProcessSandboxProfile( | 400 bool Sandbox::PostProcessSandboxProfile( |
| 399 NSString* sandbox_template, | 401 NSString* sandbox_template, |
| 400 NSArray* comments_to_remove, | 402 NSArray* comments_to_remove, |
| 401 SandboxVariableSubstitions& substitutions, | 403 SandboxVariableSubstitions& substitutions, |
| 402 std::string *final_sandbox_profile_str) { | 404 std::string *final_sandbox_profile_str) { |
| 403 NSString* sandbox_data = [[sandbox_template copy] autorelease]; | 405 NSString* sandbox_data = [[sandbox_template copy] autorelease]; |
| 404 | 406 |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 498 // Enable verbose logging if enabled on the command line. (See common.sb | 500 // Enable verbose logging if enabled on the command line. (See common.sb |
| 499 // for details). | 501 // for details). |
| 500 const CommandLine* command_line = CommandLine::ForCurrentProcess(); | 502 const CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| 501 bool enable_logging = | 503 bool enable_logging = |
| 502 command_line->HasSwitch(switches::kEnableSandboxLogging);; | 504 command_line->HasSwitch(switches::kEnableSandboxLogging);; |
| 503 if (enable_logging) { | 505 if (enable_logging) { |
| 504 [tokens_to_remove addObject:@";ENABLE_LOGGING"]; | 506 [tokens_to_remove addObject:@";ENABLE_LOGGING"]; |
| 505 } | 507 } |
| 506 | 508 |
| 507 bool snow_leopard_or_higher; | 509 bool snow_leopard_or_higher; |
| 508 GetOSVersion(&snow_leopard_or_higher); | 510 bool lion_or_higher; |
| 511 GetOSVersion(&snow_leopard_or_higher, &lion_or_higher); | |
| 509 | 512 |
| 510 // Without this, the sandbox will print a message to the system log every | 513 // Without this, the sandbox will print a message to the system log every |
| 511 // time it denies a request. This floods the console with useless spew. The | 514 // time it denies a request. This floods the console with useless spew. The |
| 512 // (with no-log) syntax is only supported on 10.6+ | 515 // (with no-log) syntax is only supported on 10.6+ |
| 513 if (snow_leopard_or_higher && !enable_logging) { | 516 if (snow_leopard_or_higher && !enable_logging) { |
| 514 substitutions["DISABLE_SANDBOX_DENIAL_LOGGING"] = | 517 substitutions["DISABLE_SANDBOX_DENIAL_LOGGING"] = |
| 515 SandboxSubstring("(with no-log)"); | 518 SandboxSubstring("(with no-log)"); |
| 516 } else { | 519 } else { |
| 517 substitutions["DISABLE_SANDBOX_DENIAL_LOGGING"] = SandboxSubstring(""); | 520 substitutions["DISABLE_SANDBOX_DENIAL_LOGGING"] = SandboxSubstring(""); |
| 518 } | 521 } |
| 519 | 522 |
| 520 // Splice the path of the user's home directory into the sandbox profile | 523 // Splice the path of the user's home directory into the sandbox profile |
| 521 // (see renderer.sb for details). | 524 // (see renderer.sb for details). |
| 522 std::string home_dir = base::SysNSStringToUTF8(NSHomeDirectory()); | 525 std::string home_dir = base::SysNSStringToUTF8(NSHomeDirectory()); |
| 523 | 526 |
| 524 FilePath home_dir_canonical(home_dir); | 527 FilePath home_dir_canonical(home_dir); |
| 525 GetCanonicalSandboxPath(&home_dir_canonical); | 528 GetCanonicalSandboxPath(&home_dir_canonical); |
| 526 | 529 |
| 527 substitutions["USER_HOMEDIR_AS_LITERAL"] = | 530 substitutions["USER_HOMEDIR_AS_LITERAL"] = |
| 528 SandboxSubstring(home_dir_canonical.value(), | 531 SandboxSubstring(home_dir_canonical.value(), |
| 529 SandboxSubstring::LITERAL); | 532 SandboxSubstring::LITERAL); |
| 530 | 533 |
| 534 if (lion_or_higher) { | |
| 535 // >=10.7 Sandbox rules. | |
| 536 [tokens_to_remove addObject:@";10.7_OR_ABOVE"]; | |
| 537 } | |
|
Nico
2011/05/22 16:01:06
|else [tokens_to_remove addObject:@";BEFORE_10.7"]
| |
| 538 | |
| 531 if (snow_leopard_or_higher) { | 539 if (snow_leopard_or_higher) { |
| 532 // 10.6-only Sandbox rules. | 540 // >=10.6 Sandbox rules. |
| 533 [tokens_to_remove addObject:@";10.6_ONLY"]; | 541 [tokens_to_remove addObject:@";10.6_OR_ABOVE"]; |
| 534 } else { | 542 } else { |
| 535 // Sandbox rules only for versions before 10.6. | 543 // Sandbox rules only for versions before 10.6. |
| 536 [tokens_to_remove addObject:@";BEFORE_10.6"]; | 544 [tokens_to_remove addObject:@";BEFORE_10.6"]; |
| 537 } | 545 } |
| 538 | 546 |
| 539 // All information needed to assemble the final profile has been collected. | 547 // All information needed to assemble the final profile has been collected. |
| 540 // Merge it all together. | 548 // Merge it all together. |
| 541 std::string final_sandbox_profile_str; | 549 std::string final_sandbox_profile_str; |
| 542 if (!PostProcessSandboxProfile(sandbox_data, tokens_to_remove, substitutions, | 550 if (!PostProcessSandboxProfile(sandbox_data, tokens_to_remove, substitutions, |
| 543 &final_sandbox_profile_str)) { | 551 &final_sandbox_profile_str)) { |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 570 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { | 578 if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { |
| 571 PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 579 PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 572 << path->value(); | 580 << path->value(); |
| 573 return; | 581 return; |
| 574 } | 582 } |
| 575 | 583 |
| 576 *path = FilePath(canonical_path); | 584 *path = FilePath(canonical_path); |
| 577 } | 585 } |
| 578 | 586 |
| 579 } // namespace sandbox | 587 } // namespace sandbox |
| OLD | NEW |
