Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_init_mac.cc

Issue 8589001: Load mac sandbox definitions from resources instead of the bundle. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: updates Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/nacl/nacl_main_platform_delegate_mac.mm ('K') | « content/common/sandbox_init_mac.h ('k') | content/common/sandbox_mac.h » ('j') | content/common/sandbox_mac.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_init_mac.cc
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc
index 86cf9e6737c12e68df3426431e1d6249aa1590b4..aefc3c92ed4a1b3f0279a01a50b46befcb59c52f 100644
--- a/content/common/sandbox_init_mac.cc
+++ b/content/common/sandbox_init_mac.cc
@@ -12,21 +12,31 @@
namespace content {
-bool InitializeSandbox() {
- using sandbox::Sandbox;
+bool InitializeSandbox(int sandbox_type, const FilePath& allowed_dir) {
+ // Warm up APIs before turning on the sandbox.
+ sandbox::Sandbox::SandboxWarmup(sandbox_type);
+
+ // Actually sandbox the process.
+ return sandbox::Sandbox::EnableSandbox(sandbox_type, allowed_dir);
+}
+
+void GetSandboxTypeFromCommandLine(int* sandbox_process_type,
+ FilePath* allowed_dir) {
jeremy 2011/11/24 12:20:19 IMHO this should return a bool rather than using t
jochen (gone - plz use gerrit) 2011/11/24 16:23:22 Done.
+ DCHECK(sandbox_process_type);
+ DCHECK(allowed_dir);
+
+ *sandbox_process_type = -1;
+ *allowed_dir = FilePath(); // Empty by default.
const CommandLine& command_line = *CommandLine::ForCurrentProcess();
if (command_line.HasSwitch(switches::kNoSandbox))
- return true;
-
- Sandbox::SandboxProcessType sandbox_process_type;
- FilePath allowed_dir; // Empty by default.
+ return;
std::string process_type =
command_line.GetSwitchValueASCII(switches::kProcessType);
if (process_type.empty()) {
// Browser process isn't sandboxed.
- return true;
+ return;
} else if (process_type == switches::kRendererProcess) {
if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&
!command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
@@ -34,41 +44,41 @@ bool InitializeSandbox() {
// TODO(kbr): this check seems to be necessary only on this
// platform because the sandbox is initialized later. Remove
// this once this flag is removed.
- return true;
+ return;
} else {
- sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER;
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_RENDERER;
}
} else if (process_type == switches::kUtilityProcess) {
// Utility process sandbox.
- sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY;
- allowed_dir =
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_UTILITY;
+ *allowed_dir =
command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);
} else if (process_type == switches::kWorkerProcess) {
// Worker process sandbox.
- sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER;
- } else if (process_type == switches::kNaClLoaderProcess) {
- // Native Client sel_ldr (user untrusted code) sandbox.
- sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER;
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_WORKER;
} else if (process_type == switches::kGpuProcess) {
- sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU;
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_GPU;
} else if ((process_type == switches::kPluginProcess) ||
(process_type == switches::kServiceProcess) ||
(process_type == switches::kPpapiBrokerProcess)) {
- return true;
+ return;
} else if (process_type == switches::kPpapiPluginProcess) {
- sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI;
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_PPAPI;
} else {
// Failsafe: If you hit an unreached here, is your new process type in need
// of sandboxing?
NOTREACHED() << "Unknown process type " << process_type;
- return true;
+ return;
}
+}
- // Warm up APIs before turning on the sandbox.
- Sandbox::SandboxWarmup(sandbox_process_type);
-
- // Actually sandbox the process.
- return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir);
+bool InitializeSandbox() {
+ int sandbox_process_type = -1;
+ FilePath allowed_dir;
+ GetSandboxTypeFromCommandLine(&sandbox_process_type, &allowed_dir);
+ if (sandbox_process_type == -1)
+ return true;
+ return InitializeSandbox(sandbox_process_type, allowed_dir);
}
} // namespace content
« chrome/nacl/nacl_main_platform_delegate_mac.mm ('K') | « content/common/sandbox_init_mac.h ('k') | content/common/sandbox_mac.h » ('j') | content/common/sandbox_mac.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698