Load mac sandbox definitions from resources instead of the bundle.

content/common/sandbox_mac.mm

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_mac.h"
 
 #import <Cocoa/Cocoa.h>
 
 extern "C" {
 #include <sandbox.h>
 }
 #include <signal.h>
 #include <sys/param.h>
 
 #include "base/basictypes.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
 #include "base/mac/mac_util.h"
 #include "base/rand_util_c.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/mac/scoped_nsautorelease_pool.h"
 #include "base/string16.h"
+#include "base/string_piece.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/sys_info.h"
 #include "base/sys_string_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "content/common/chrome_application_mac.h"
+#include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
+#include "grit/content_resources.h"

[jam, 2011/11/17 01:50:46]

initially when separating content from chrome, we couldn't include files from
grit/ because of circular dependencies with chrome. i guess this now solved
because of your earlier patch to create content_resources?

i'm a little worried that people will start including chrome resources now
though. can we make content/DEPS only allow content_resources.h and
webkit_strings.h?

 #include "unicode/uchar.h"
 #include "ui/gfx/gl/gl_surface.h"
 
 namespace {
 
 // Try to escape |c| as a "SingleEscapeCharacter" (\n, etc).  If successful,
 // returns true and appends the escape sequence to |dst|.
 bool EscapeSingleChar(char c, std::string* dst) {
   const char *append = NULL;
   switch (c) {
@@ skipping 142 matching lines @@
 
 // Warm up System APIs that empirically need to be accessed before the Sandbox
 // is turned on.
 // This method is layed out in blocks, each one containing a separate function
 // that needs to be warmed up. The OS version on which we found the need to
 // enable the function is also noted.
 // This function is tested on the following OS versions:
 //     10.5.6, 10.6.0
 
 // static
-void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) {
+void Sandbox::SandboxWarmup(int sandbox_definition_resource_id) {
   base::mac::ScopedNSAutoreleasePool scoped_pool;
 
   { // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6
     base::mac::ScopedCFTypeRef<CGColorSpaceRef> rgb_colorspace(
         CGColorSpaceCreateWithName(kCGColorSpaceGenericRGB));
 
     // Allocate a 1x1 image.
     char data[4];
     base::mac::ScopedCFTypeRef<CGContextRef> context(
         CGBitmapContextCreate(data, 1, 1, 8, 1 * 4,
@@ skipping 36 matching lines @@
         NULL));
     CGImageSourceGetStatus(img);
   }
 
   {
     // Allow access to /dev/urandom.
     GetUrandomFD();
   }
 
   // Process-type dependent warm-up.
-  switch (sandbox_type) {
-    case SANDBOX_TYPE_GPU:
-      {
-         // Preload either the desktop GL or the osmesa so, depending on the
-         // --use-gl flag.
-         gfx::GLSurface::InitializeOneOff();
-      }
-      break;
-
-    default:
-      // To shut up a gcc warning.
-      break;
+  if (sandbox_definition_resource_id == IDR_GPU_SANDBOX_DEFINITION) {
+    // Preload either the desktop GL or the osmesa so, depending on the
+    // --use-gl flag.
+    gfx::GLSurface::InitializeOneOff();
   }
 }
 
 // static
 NSString* Sandbox::BuildAllowDirectoryAccessSandboxString(
     const FilePath& allowed_dir,
     SandboxVariableSubstitions* substitutions) {
   // A whitelist is used to determine which directories can be statted
   // This means that in the case of an /a/b/c/d/ directory, we may be able to
   // stat the leaf directory, but not it's parent.
@@ skipping 45 matching lines @@
                        SandboxSubstring::REGEX);
   sandbox_command =
       [sandbox_command
           stringByAppendingString:@") (allow file-read* file-write*"
                                    " (regex #\"@ALLOWED_DIR@\") )"];
   return sandbox_command;
 }
 
 // Load the appropriate template for the given sandbox type.
 // Returns the template as an NSString or nil on error.
-NSString* LoadSandboxTemplate(Sandbox::SandboxProcessType sandbox_type) {
-  // We use a custom sandbox definition file to lock things down as
-  // tightly as possible.
-  NSString* sandbox_config_filename = nil;
-  switch (sandbox_type) {
-    case Sandbox::SANDBOX_TYPE_RENDERER:
-      sandbox_config_filename = @"renderer";
-      break;
-    case Sandbox::SANDBOX_TYPE_WORKER:
-      sandbox_config_filename = @"worker";
-      break;
-    case Sandbox::SANDBOX_TYPE_UTILITY:
-      sandbox_config_filename = @"utility";
-      break;
-    case Sandbox::SANDBOX_TYPE_NACL_LOADER:
-      // The Native Client loader is used for safeguarding the user's
-      // untrusted code within Native Client.
-      sandbox_config_filename = @"nacl_loader";
-      break;
-    case Sandbox::SANDBOX_TYPE_GPU:
-      sandbox_config_filename = @"gpu";
-      break;
-    case Sandbox::SANDBOX_TYPE_PPAPI:
-      sandbox_config_filename = @"ppapi";
-      break;
-    default:
-      NOTREACHED();
-      return nil;
-  }
-
-  // Read in the sandbox profile and the common prefix file.
-  NSString* common_sandbox_prefix_path =
-      [base::mac::MainAppBundle() pathForResource:@"common"
-                                          ofType:@"sb"];
-  NSString* common_sandbox_prefix_data =
-      [NSString stringWithContentsOfFile:common_sandbox_prefix_path
-                                encoding:NSUTF8StringEncoding
-                                   error:NULL];
-
-  if (!common_sandbox_prefix_data) {
-    DLOG(FATAL) << "Failed to find the sandbox profile on disk "
-                << [common_sandbox_prefix_path fileSystemRepresentation];
+NSString* LoadSandboxTemplate(int sandbox_definition_resource_id) {
+  // We use a custom sandbox definition to lock things down as tightly as
+  // possible.
+  base::StringPiece sandbox_definition =
+      content::GetContentClient()->GetDataResource(
+          sandbox_definition_resource_id);
+  if (sandbox_definition.empty()) {
+    DLOG(FATAL) << "Failed to load the sandbox profile (resource id "
+                << sandbox_definition_resource_id << ")";
     return nil;
   }
 
-  NSString* sandbox_profile_path =
-      [base::mac::MainAppBundle() pathForResource:sandbox_config_filename
-                                          ofType:@"sb"];
-  NSString* sandbox_data =
-      [NSString stringWithContentsOfFile:sandbox_profile_path
-                                 encoding:NSUTF8StringEncoding
-                                    error:NULL];
-
-  if (!sandbox_data) {
-    DLOG(FATAL) << "Failed to find the sandbox profile on disk "
-                << [sandbox_profile_path fileSystemRepresentation];
+  base::StringPiece common_sandbox_definition =
+      content::GetContentClient()->GetDataResource(
+          IDR_COMMON_SANDBOX_DEFINITION);
+  if (common_sandbox_definition.empty()) {
+    DLOG(FATAL) << "Failed to load the common sandbox profile";
     return nil;
   }
 
+  NSString* common_sandbox_prefix_data =
+      [[NSString alloc] initWithBytes:common_sandbox_definition.data()
+                               length:common_sandbox_definition.length()
+                             encoding:NSUTF8StringEncoding];
+
+  NSString* sandbox_data =
+      [[NSString alloc] initWithBytes:sandbox_definition.data()
+                               length:sandbox_definition.length()
+                             encoding:NSUTF8StringEncoding];
+
+
   // Prefix sandbox_data with common_sandbox_prefix_data.
   return [common_sandbox_prefix_data stringByAppendingString:sandbox_data];
 }
 
 // static
 bool Sandbox::PostProcessSandboxProfile(
         NSString* sandbox_template,
         NSArray* comments_to_remove,
         SandboxVariableSubstitions& substitutions,
         std::string *final_sandbox_profile_str) {
@@ skipping 56 matching lines @@
        ++it) {
     final_sandbox_profile_str->append(*it);
   }
   return true;
 }
 
 
 // Turns on the OS X sandbox for this process.
 
 // static
-bool Sandbox::EnableSandbox(SandboxProcessType sandbox_type,
+bool Sandbox::EnableSandbox(int sandbox_definition_resource_id,
                             const FilePath& allowed_dir) {
-  // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being
-  // passed in.
-  if (sandbox_type != SANDBOX_TYPE_UTILITY) {
-    DCHECK(allowed_dir.empty())
-        << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter.";
+  // Sanity - currently only IDR_UTILITY_SANDBOX_DEFINITION supports a
+  // directory being passed in.
+  if (sandbox_definition_resource_id != IDR_UTILITY_SANDBOX_DEFINITION) {
+    DCHECK(allowed_dir.empty()) << "Only IDR_UTILITY_SANDBOX_DEFINITION allows"
+        << " a custom directory parameter.";
   }
 
-  NSString* sandbox_data = LoadSandboxTemplate(sandbox_type);
+  NSString* sandbox_data = LoadSandboxTemplate(sandbox_definition_resource_id);
   if (!sandbox_data) {
     return false;
   }
 
   SandboxVariableSubstitions substitutions;
   if (!allowed_dir.empty()) {
     // Add the sandbox commands necessary to access the given directory.
     // Note: this function must be called before PostProcessSandboxProfile()
     // since the string it inserts contains variables that need substitution.
     NSString* allowed_dir_sandbox_command =
@@ skipping 88 matching lines @@
   if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) {
     DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: "
                  << path->value();
     return;
   }
 
   *path = FilePath(canonical_path);
 }
 
 }  // namespace sandbox