content/common/sandbox_init_mac.cc - Issue 8589001: Load mac sandbox definitions from resources instead of the bundle.

Side by Side Diff: content/common/sandbox_init_mac.cc

Issue 8589001: Load mac sandbox definitions from resources instead of the bundle. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: updates Created 9 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/public/common/sandbox_init.h"	5 #include "content/public/common/sandbox_init.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/file_path.h"	8 #include "base/file_path.h"

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "content/common/sandbox_mac.h"	10 #include "content/common/sandbox_mac.h"

11 #include "content/public/common/content_switches.h"	11 #include "content/public/common/content_switches.h"

12	12

13 namespace content {	13 namespace content {

14	14

15 bool InitializeSandbox() {	15 bool InitializeSandbox(int sandbox_type, const FilePath& allowed_dir) {

16 using sandbox::Sandbox;	16 // Warm up APIs before turning on the sandbox.

	17 sandbox::Sandbox::SandboxWarmup(sandbox_type);

	18

	19 // Actually sandbox the process.

	20 return sandbox::Sandbox::EnableSandbox(sandbox_type, allowed_dir);

	21 }

	22

	23 void GetSandboxTypeFromCommandLine(int* sandbox_process_type,

	24 FilePath* allowed_dir) {
	jeremy 2011/11/24 12:20:19 IMHO this should return a bool rather than using t IMHO this should return a bool rather than using the magic value of -1 for sandbox_process_type . Also, could you add a comment for the function? jochen (gone - plz use gerrit) 2011/11/24 16:23:22 Done. Show quoted text On 2011/11/24 12:20:19, jeremy wrote: > IMHO this should return a bool rather than using the magic value of -1 for > sandbox_process_type . > > Also, could you add a comment for the function? Done.
	25 DCHECK(sandbox_process_type);

	26 DCHECK(allowed_dir);

	27

	28 *sandbox_process_type = -1;

	29 *allowed_dir = FilePath(); // Empty by default.

17	30

18 const CommandLine& command_line = *CommandLine::ForCurrentProcess();	31 const CommandLine& command_line = *CommandLine::ForCurrentProcess();

19 if (command_line.HasSwitch(switches::kNoSandbox))	32 if (command_line.HasSwitch(switches::kNoSandbox))

20 return true;	33 return;

21

22 Sandbox::SandboxProcessType sandbox_process_type;

23 FilePath allowed_dir; // Empty by default.

24	34

25 std::string process_type =	35 std::string process_type =

26 command_line.GetSwitchValueASCII(switches::kProcessType);	36 command_line.GetSwitchValueASCII(switches::kProcessType);

27 if (process_type.empty()) {	37 if (process_type.empty()) {

28 // Browser process isn't sandboxed.	38 // Browser process isn't sandboxed.

29 return true;	39 return;

30 } else if (process_type == switches::kRendererProcess) {	40 } else if (process_type == switches::kRendererProcess) {

31 if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&	41 if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&

32 !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&	42 !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&

33 command_line.HasSwitch(switches::kInProcessWebGL)) {	43 command_line.HasSwitch(switches::kInProcessWebGL)) {

34 // TODO(kbr): this check seems to be necessary only on this	44 // TODO(kbr): this check seems to be necessary only on this

35 // platform because the sandbox is initialized later. Remove	45 // platform because the sandbox is initialized later. Remove

36 // this once this flag is removed.	46 // this once this flag is removed.

37 return true;	47 return;

38 } else {	48 } else {

39 sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;	49 *sandbox_process_type = SANDBOX_PROCESS_TYPE_RENDERER;

40 }	50 }

41 } else if (process_type == switches::kUtilityProcess) {	51 } else if (process_type == switches::kUtilityProcess) {

42 // Utility process sandbox.	52 // Utility process sandbox.

43 sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;	53 *sandbox_process_type = SANDBOX_PROCESS_TYPE_UTILITY;

44 allowed_dir =	54 *allowed_dir =

45 command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);	55 command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);

46 } else if (process_type == switches::kWorkerProcess) {	56 } else if (process_type == switches::kWorkerProcess) {

47 // Worker process sandbox.	57 // Worker process sandbox.

48 sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;	58 *sandbox_process_type = SANDBOX_PROCESS_TYPE_WORKER;

49 } else if (process_type == switches::kNaClLoaderProcess) {

50 // Native Client sel_ldr (user untrusted code) sandbox.

51 sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;

52 } else if (process_type == switches::kGpuProcess) {	59 } else if (process_type == switches::kGpuProcess) {

53 sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;	60 *sandbox_process_type = SANDBOX_PROCESS_TYPE_GPU;

54 } else if ((process_type == switches::kPluginProcess) \|\|	61 } else if ((process_type == switches::kPluginProcess) \|\|

55 (process_type == switches::kServiceProcess) \|\|	62 (process_type == switches::kServiceProcess) \|\|

56 (process_type == switches::kPpapiBrokerProcess)) {	63 (process_type == switches::kPpapiBrokerProcess)) {

57 return true;	64 return;

58 } else if (process_type == switches::kPpapiPluginProcess) {	65 } else if (process_type == switches::kPpapiPluginProcess) {

59 sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;	66 *sandbox_process_type = SANDBOX_PROCESS_TYPE_PPAPI;

60 } else {	67 } else {

61 // Failsafe: If you hit an unreached here, is your new process type in need	68 // Failsafe: If you hit an unreached here, is your new process type in need

62 // of sandboxing?	69 // of sandboxing?

63 NOTREACHED() << "Unknown process type " << process_type;	70 NOTREACHED() << "Unknown process type " << process_type;

	71 return;

	72 }

	73 }

	74

	75 bool InitializeSandbox() {

	76 int sandbox_process_type = -1;

	77 FilePath allowed_dir;

	78 GetSandboxTypeFromCommandLine(&sandbox_process_type, &allowed_dir);

	79 if (sandbox_process_type == -1)

64 return true;	80 return true;

65 }	81 return InitializeSandbox(sandbox_process_type, allowed_dir);

66

67 // Warm up APIs before turning on the sandbox.

68 Sandbox::SandboxWarmup(sandbox_process_type);

69

70 // Actually sandbox the process.

71 return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);

72 }	82 }

73	83

74 } // namespace content	84 } // namespace content

OLD	NEW

« chrome/nacl/nacl_main_platform_delegate_mac.mm ('K') | « content/common/sandbox_init_mac.h ('k') | content/common/sandbox_mac.h » ('j') | content/common/sandbox_mac.h » ('J')