content/common/sandbox_init_mac.cc - Issue 8589001: Load mac sandbox definitions from resources instead of the bundle.

Side by Side Diff: content/common/sandbox_init_mac.cc

Issue 8589001: Load mac sandbox definitions from resources instead of the bundle. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: also remove old bundle gyp code Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/public/common/sandbox_init.h"	5 #include "content/public/common/sandbox_init.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/file_path.h"	8 #include "base/file_path.h"

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "content/common/sandbox_mac.h"	10 #include "content/common/sandbox_mac.h"

11 #include "content/public/common/content_switches.h"	11 #include "content/public/common/content_switches.h"

	12 #include "grit/content_resources.h"

12	13

13 namespace content {	14 namespace content {

14	15

15 bool InitializeSandbox() {	16 bool InitializeSandbox(int sandbox_definition_resource_id) {
	jeremy 2011/11/17 13:36:11 I would refactor this into 3 functions: Initialize I would refactor this into 3 functions: InitializeSandbox(sandbox_type, filepath) ReadSandboxDefsFromCommandLine(sandbox_type,fiepath) <- not happy with this name, feel free to pick a better one. InitializeSandboxFromCommandLine() which calls the above 2 functions.
	17 using sandbox::Sandbox;

	18

	19 // Warm up APIs before turning on the sandbox.

	20 Sandbox::SandboxWarmup(sandbox_definition_resource_id);

	21

	22 // Actually sandbox the process.

	23 return Sandbox::EnableSandbox(sandbox_definition_resource_id, FilePath());

	24 }

	25

	26 bool InitializeSandboxFromProcessType() {

16 using sandbox::Sandbox;	27 using sandbox::Sandbox;

17	28

18 const CommandLine& command_line = *CommandLine::ForCurrentProcess();	29 const CommandLine& command_line = *CommandLine::ForCurrentProcess();

19 if (command_line.HasSwitch(switches::kNoSandbox))	30 if (command_line.HasSwitch(switches::kNoSandbox))

20 return true;	31 return true;

21	32

22 Sandbox::SandboxProcessType sandbox_process_type;	33 int sandbox_definition_resource_id;

23 FilePath allowed_dir; // Empty by default.	34 FilePath allowed_dir; // Empty by default.

24	35

25 std::string process_type =	36 std::string process_type =

26 command_line.GetSwitchValueASCII(switches::kProcessType);	37 command_line.GetSwitchValueASCII(switches::kProcessType);

27 if (process_type.empty()) {	38 if (process_type.empty()) {

28 // Browser process isn't sandboxed.	39 // Browser process isn't sandboxed.

29 return true;	40 return true;

30 } else if (process_type == switches::kRendererProcess) {	41 } else if (process_type == switches::kRendererProcess) {

31 if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&	42 if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&

32 !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&	43 !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&

33 command_line.HasSwitch(switches::kInProcessWebGL)) {	44 command_line.HasSwitch(switches::kInProcessWebGL)) {

34 // TODO(kbr): this check seems to be necessary only on this	45 // TODO(kbr): this check seems to be necessary only on this

35 // platform because the sandbox is initialized later. Remove	46 // platform because the sandbox is initialized later. Remove

36 // this once this flag is removed.	47 // this once this flag is removed.

37 return true;	48 return true;

38 } else {	49 } else {

39 sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;	50 sandbox_definition_resource_id = IDR_RENDERER_SANDBOX_DEFINITION;

40 }	51 }

41 } else if (process_type == switches::kUtilityProcess) {	52 } else if (process_type == switches::kUtilityProcess) {

42 // Utility process sandbox.	53 // Utility process sandbox.

43 sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;	54 sandbox_definition_resource_id = IDR_UTILITY_SANDBOX_DEFINITION;

44 allowed_dir =	55 allowed_dir =

45 command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);	56 command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);

46 } else if (process_type == switches::kWorkerProcess) {	57 } else if (process_type == switches::kWorkerProcess) {

47 // Worker process sandbox.	58 // Worker process sandbox.

48 sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;	59 sandbox_definition_resource_id = IDR_WORKER_SANDBOX_DEFINITION;

49 } else if (process_type == switches::kNaClLoaderProcess) {

50 // Native Client sel_ldr (user untrusted code) sandbox.

51 sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;

52 } else if (process_type == switches::kGpuProcess) {	60 } else if (process_type == switches::kGpuProcess) {

53 sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;	61 sandbox_definition_resource_id = IDR_GPU_SANDBOX_DEFINITION;

54 } else if ((process_type == switches::kPluginProcess) \|\|	62 } else if ((process_type == switches::kPluginProcess) \|\|

55 (process_type == switches::kServiceProcess) \|\|	63 (process_type == switches::kServiceProcess) \|\|

56 (process_type == switches::kPpapiBrokerProcess)) {	64 (process_type == switches::kPpapiBrokerProcess)) {

57 return true;	65 return true;

58 } else if (process_type == switches::kPpapiPluginProcess) {	66 } else if (process_type == switches::kPpapiPluginProcess) {

59 sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;	67 sandbox_definition_resource_id = IDR_PPAPI_SANDBOX_DEFINITION;

60 } else {	68 } else {

61 // Failsafe: If you hit an unreached here, is your new process type in need	69 // Failsafe: If you hit an unreached here, is your new process type in need

62 // of sandboxing?	70 // of sandboxing?

63 NOTREACHED() << "Unknown process type " << process_type;	71 NOTREACHED() << "Unknown process type " << process_type;

64 return true;	72 return true;

65 }	73 }

66	74

67 // Warm up APIs before turning on the sandbox.	75 // Warm up APIs before turning on the sandbox.

68 Sandbox::SandboxWarmup(sandbox_process_type);	76 Sandbox::SandboxWarmup(sandbox_definition_resource_id);

69	77

70 // Actually sandbox the process.	78 // Actually sandbox the process.

71 return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);	79 return Sandbox::EnableSandbox(sandbox_definition_resource_id, allowed_dir);

72 }	80 }

73	81

74 } // namespace content	82 } // namespace content

OLD	NEW

« no previous file with comments | « content/app/content_main.cc ('k') | content/common/sandbox_mac.h » ('j') | content/common/sandbox_mac.h » ('J')