Index: content/common/sandbox_init_mac.cc |
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc |
index 86cf9e6737c12e68df3426431e1d6249aa1590b4..aefc3c92ed4a1b3f0279a01a50b46befcb59c52f 100644 |
--- a/content/common/sandbox_init_mac.cc |
+++ b/content/common/sandbox_init_mac.cc |
@@ -12,21 +12,31 @@ |
namespace content { |
-bool InitializeSandbox() { |
- using sandbox::Sandbox; |
+bool InitializeSandbox(int sandbox_type, const FilePath& allowed_dir) { |
+ // Warm up APIs before turning on the sandbox. |
+ sandbox::Sandbox::SandboxWarmup(sandbox_type); |
+ |
+ // Actually sandbox the process. |
+ return sandbox::Sandbox::EnableSandbox(sandbox_type, allowed_dir); |
+} |
+ |
+void GetSandboxTypeFromCommandLine(int* sandbox_process_type, |
+ FilePath* allowed_dir) { |
jeremy
2011/11/24 12:20:19
IMHO this should return a bool rather than using t
jochen (gone - plz use gerrit)
2011/11/24 16:23:22
Done.
|
+ DCHECK(sandbox_process_type); |
+ DCHECK(allowed_dir); |
+ |
+ *sandbox_process_type = -1; |
+ *allowed_dir = FilePath(); // Empty by default. |
const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
if (command_line.HasSwitch(switches::kNoSandbox)) |
- return true; |
- |
- Sandbox::SandboxProcessType sandbox_process_type; |
- FilePath allowed_dir; // Empty by default. |
+ return; |
std::string process_type = |
command_line.GetSwitchValueASCII(switches::kProcessType); |
if (process_type.empty()) { |
// Browser process isn't sandboxed. |
- return true; |
+ return; |
} else if (process_type == switches::kRendererProcess) { |
if (!command_line.HasSwitch(switches::kDisable3DAPIs) && |
!command_line.HasSwitch(switches::kDisableExperimentalWebGL) && |
@@ -34,41 +44,41 @@ bool InitializeSandbox() { |
// TODO(kbr): this check seems to be necessary only on this |
// platform because the sandbox is initialized later. Remove |
// this once this flag is removed. |
- return true; |
+ return; |
} else { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER; |
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_RENDERER; |
} |
} else if (process_type == switches::kUtilityProcess) { |
// Utility process sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY; |
- allowed_dir = |
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_UTILITY; |
+ *allowed_dir = |
command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir); |
} else if (process_type == switches::kWorkerProcess) { |
// Worker process sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER; |
- } else if (process_type == switches::kNaClLoaderProcess) { |
- // Native Client sel_ldr (user untrusted code) sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER; |
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_WORKER; |
} else if (process_type == switches::kGpuProcess) { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU; |
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_GPU; |
} else if ((process_type == switches::kPluginProcess) || |
(process_type == switches::kServiceProcess) || |
(process_type == switches::kPpapiBrokerProcess)) { |
- return true; |
+ return; |
} else if (process_type == switches::kPpapiPluginProcess) { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI; |
+ *sandbox_process_type = SANDBOX_PROCESS_TYPE_PPAPI; |
} else { |
// Failsafe: If you hit an unreached here, is your new process type in need |
// of sandboxing? |
NOTREACHED() << "Unknown process type " << process_type; |
- return true; |
+ return; |
} |
+} |
- // Warm up APIs before turning on the sandbox. |
- Sandbox::SandboxWarmup(sandbox_process_type); |
- |
- // Actually sandbox the process. |
- return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir); |
+bool InitializeSandbox() { |
+ int sandbox_process_type = -1; |
+ FilePath allowed_dir; |
+ GetSandboxTypeFromCommandLine(&sandbox_process_type, &allowed_dir); |
+ if (sandbox_process_type == -1) |
+ return true; |
+ return InitializeSandbox(sandbox_process_type, allowed_dir); |
} |
} // namespace content |