Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(290)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_init_wrapper_mac.cc

Issue 8414020: Expose the sandbox related code through the content API. I did a bit of cleanup while I was doing... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« base/message_pump_default.cc ('K') | « content/common/sandbox_init_wrapper_linux.cc ('k') | content/common/sandbox_init_wrapper_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/sandbox_init_wrapper.h"
6
7 #include "base/command_line.h"
8 #include "base/file_path.h"
9 #include "base/logging.h"
10 #include "content/common/sandbox_mac.h"
11 #include "content/public/common/content_switches.h"
12
13 bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line,
14 const std::string& process_type) {
15 using sandbox::Sandbox;
16
17 if (command_line.HasSwitch(switches::kNoSandbox))
18 return true;
19
20 Sandbox::SandboxProcessType sandbox_process_type;
21 FilePath allowed_dir; // Empty by default.
22
23 if (process_type.empty()) {
24 // Browser process isn't sandboxed.
25 return true;
26 } else if (process_type == switches::kRendererProcess) {
27 if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&
28 !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
29 command_line.HasSwitch(switches::kInProcessWebGL)) {
30 // TODO(kbr): this check seems to be necessary only on this
31 // platform because the sandbox is initialized later. Remove
32 // this once this flag is removed.
33 return true;
34 } else {
35 sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;
36 }
37 } else if (process_type == switches::kUtilityProcess) {
38 // Utility process sandbox.
39 sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;
40 allowed_dir =
41 command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);
42 } else if (process_type == switches::kWorkerProcess) {
43 // Worker process sandbox.
44 sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;
45 } else if (process_type == switches::kNaClLoaderProcess) {
46 // Native Client sel_ldr (user untrusted code) sandbox.
47 sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;
48 } else if (process_type == switches::kGpuProcess) {
49 sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;
50 } else if ((process_type == switches::kPluginProcess) ||
51 (process_type == switches::kServiceProcess)) {
52 return true;
53 } else if (process_type == switches::kPpapiPluginProcess) {
54 sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;
55 } else {
56 // Failsafe: If you hit an unreached here, is your new process type in need
57 // of sandboxing?
58 NOTREACHED() << "Unknown process type " << process_type;
59 return true;
60 }
61
62 // Warm up APIs before turning on the sandbox.
63 Sandbox::SandboxWarmup(sandbox_process_type);
64
65 // Actually sandbox the process.
66 return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);
67 }
OLDNEW
« base/message_pump_default.cc ('K') | « content/common/sandbox_init_wrapper_linux.cc ('k') | content/common/sandbox_init_wrapper_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698