OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ |
6 #define CONTENT_COMMON_SANDBOX_MAC_H_ | 6 #define CONTENT_COMMON_SANDBOX_MAC_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/hash_tables.h" | 12 #include "base/hash_tables.h" |
13 #include "base/gtest_prod_util.h" | 13 #include "base/gtest_prod_util.h" |
| 14 #include "content/public/common/sandbox_type_mac.h" |
14 | 15 |
15 class FilePath; | 16 class FilePath; |
16 | 17 |
17 #if __OBJC__ | 18 #if __OBJC__ |
18 @class NSArray; | 19 @class NSArray; |
19 @class NSString; | 20 @class NSString; |
20 #else | 21 #else |
21 class NSArray; | 22 class NSArray; |
22 class NSString; | 23 class NSString; |
23 #endif | 24 #endif |
(...skipping 26 matching lines...) Expand all Loading... |
50 std::string value_; | 51 std::string value_; |
51 SandboxSubstringType type_; | 52 SandboxSubstringType type_; |
52 }; | 53 }; |
53 | 54 |
54 class Sandbox { | 55 class Sandbox { |
55 public: | 56 public: |
56 // A map of variable name -> string to substitute in its place. | 57 // A map of variable name -> string to substitute in its place. |
57 typedef base::hash_map<std::string, SandboxSubstring> | 58 typedef base::hash_map<std::string, SandboxSubstring> |
58 SandboxVariableSubstitions; | 59 SandboxVariableSubstitions; |
59 | 60 |
60 enum SandboxProcessType { | 61 // Warm up System APIs that empirically need to be accessed before the |
61 SANDBOX_TYPE_FIRST_TYPE, // Placeholder to ease iteration. | 62 // sandbox is turned on. |sandbox_type| is the type of sandbox to warm up. |
62 | 63 // Valid |sandbox_type| values are defined by the enum SandboxType, or can be |
63 SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE, | 64 // defined by the embedder via |
64 | 65 // ContentClient::GetSandboxProfileForProcessType(). |
65 // The worker process uses the most restrictive sandbox which has almost | 66 static void SandboxWarmup(int sandbox_type); |
66 // *everything* locked down. Only a couple of /System/Library/ paths and | |
67 // some other very basic operations (e.g., reading metadata to allow | |
68 // following symlinks) are permitted. | |
69 SANDBOX_TYPE_WORKER, | |
70 | |
71 // Utility process is as restrictive as the worker process except full | |
72 // access is allowed to one configurable directory. | |
73 SANDBOX_TYPE_UTILITY, | |
74 | |
75 // Native Client sandbox for the user's untrusted code. | |
76 SANDBOX_TYPE_NACL_LOADER, | |
77 | |
78 // GPU process. | |
79 SANDBOX_TYPE_GPU, | |
80 | |
81 // The PPAPI plugin process. | |
82 SANDBOX_TYPE_PPAPI, | |
83 | |
84 SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration. | |
85 }; | |
86 | |
87 // Warm up System APIs that empirically need to be accessed before the Sandbox | |
88 // is turned on. |sandbox_type| is the type of sandbox to warm up. | |
89 static void SandboxWarmup(SandboxProcessType sandbox_type); | |
90 | 67 |
91 // Turns on the OS X sandbox for this process. | 68 // Turns on the OS X sandbox for this process. |
92 // |sandbox_type| - type of Sandbox to use. | 69 // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal |
| 70 // values. |
93 // |allowed_dir| - directory to allow access to, currently the only sandbox | 71 // |allowed_dir| - directory to allow access to, currently the only sandbox |
94 // profile that supports this is SANDBOX_TYPE_UTILITY . | 72 // profile that supports this is SANDBOX_TYPE_UTILITY . |
95 // | 73 // |
96 // Returns true on success, false if an error occurred enabling the sandbox. | 74 // Returns true on success, false if an error occurred enabling the sandbox. |
97 static bool EnableSandbox(SandboxProcessType sandbox_type, | 75 static bool EnableSandbox(int sandbox_type, |
98 const FilePath& allowed_dir); | 76 const FilePath& allowed_dir); |
99 | 77 |
100 | 78 |
101 // Exposed for testing purposes, used by an accessory function of our tests | 79 // Exposed for testing purposes, used by an accessory function of our tests |
102 // so we can't use FRIEND_TEST. | 80 // so we can't use FRIEND_TEST. |
103 | 81 |
104 // Build the Sandbox command necessary to allow access to a named directory | 82 // Build the Sandbox command necessary to allow access to a named directory |
105 // indicated by |allowed_dir|. | 83 // indicated by |allowed_dir|. |
106 // Returns a string containing the sandbox profile commands necessary to allow | 84 // Returns a string containing the sandbox profile commands necessary to allow |
107 // access to that directory or nil if an error occured. | 85 // access to that directory or nil if an error occured. |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 FRIEND_TEST(MacDirAccessSandboxTest, StringEscape); | 152 FRIEND_TEST(MacDirAccessSandboxTest, StringEscape); |
175 FRIEND_TEST(MacDirAccessSandboxTest, RegexEscape); | 153 FRIEND_TEST(MacDirAccessSandboxTest, RegexEscape); |
176 FRIEND_TEST(MacDirAccessSandboxTest, DISABLED_SandboxAccess); | 154 FRIEND_TEST(MacDirAccessSandboxTest, DISABLED_SandboxAccess); |
177 | 155 |
178 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); | 156 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
179 }; | 157 }; |
180 | 158 |
181 } // namespace sandbox | 159 } // namespace sandbox |
182 | 160 |
183 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ | 161 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ |
OLD | NEW |