Chromium Code Reviews Chromium Code Reviews
Issue 8589001:
Load mac sandbox definitions from resources instead of the bundle. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/common/sandbox_mac.mm |
| diff --git a/content/common/sandbox_mac.mm b/content/common/sandbox_mac.mm |
| index d1ab290e5080afcf74412547069eddee074ac14e..ae885ea3700849f78f3197c5a42691b8a7ee727f 100644 |
| --- a/content/common/sandbox_mac.mm |
| +++ b/content/common/sandbox_mac.mm |
| @@ -21,18 +21,40 @@ extern "C" { |
| #include "base/mac/scoped_cftyperef.h" |
| #include "base/mac/scoped_nsautorelease_pool.h" |
| #include "base/string16.h" |
| +#include "base/string_piece.h" |
| #include "base/string_util.h" |
| #include "base/stringprintf.h" |
| #include "base/sys_info.h" |
| #include "base/sys_string_conversions.h" |
| #include "base/utf_string_conversions.h" |
| #include "content/common/chrome_application_mac.h" |
| +#include "content/public/common/content_client.h" |
| #include "content/public/common/content_switches.h" |
| +#include "grit/content_resources.h" |
| #include "unicode/uchar.h" |
| #include "ui/gfx/gl/gl_surface.h" |
| namespace { |
| +struct SandboxProcessTypePolicyMapping { |
|
jeremy
2011/11/24 12:20:19
IMHO SandboxTypeToResourceIDMapping would be a bet
jochen (gone - plz use gerrit)
2011/11/24 16:23:22
Done.
|
| + content::SandboxProcessType sandbox_process_type; |
| + int sandbox_policy_resource_id; |
| +}; |
| + |
| +// Mapping from sandbox process types to resource IDs defining the sandbox |
| +// policy for all process types known to content. |
| +SandboxProcessTypePolicyMapping kDefaultSandboxProcessTypePolicyMapping[] = { |
| + { content::SANDBOX_PROCESS_TYPE_RENDERER, IDR_RENDERER_SANDBOX_POLICY }, |
| + { content::SANDBOX_PROCESS_TYPE_WORKER, IDR_WORKER_SANDBOX_POLICY }, |
| + { content::SANDBOX_PROCESS_TYPE_UTILITY, IDR_UTILITY_SANDBOX_POLICY }, |
| + { content::SANDBOX_PROCESS_TYPE_GPU, IDR_GPU_SANDBOX_POLICY }, |
| + { content::SANDBOX_PROCESS_TYPE_PPAPI, IDR_PPAPI_SANDBOX_POLICY }, |
| +}; |
| + |
| +COMPILE_ASSERT(arraysize(kDefaultSandboxProcessTypePolicyMapping) == \ |
| + size_t(content::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE), \ |
| + sandbox_process_type_policy_map_incorrect); |
| + |
| // Try to escape |c| as a "SingleEscapeCharacter" (\n, etc). If successful, |
| // returns true and appends the escape sequence to |dst|. |
| bool EscapeSingleChar(char c, std::string* dst) { |
| @@ -190,7 +212,7 @@ bool Sandbox::QuoteStringForRegex(const std::string& str_utf8, |
| // 10.5.6, 10.6.0 |
| // static |
| -void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) { |
| +void Sandbox::SandboxWarmup(int sandbox_type) { |
| base::mac::ScopedNSAutoreleasePool scoped_pool; |
| { // CGColorSpaceCreateWithName(), CGBitmapContextCreate() - 10.5.6 |
| @@ -247,18 +269,10 @@ void Sandbox::SandboxWarmup(SandboxProcessType sandbox_type) { |
| } |
| // Process-type dependent warm-up. |
| - switch (sandbox_type) { |
| - case SANDBOX_TYPE_GPU: |
| - { |
| - // Preload either the desktop GL or the osmesa so, depending on the |
| - // --use-gl flag. |
| - gfx::GLSurface::InitializeOneOff(); |
| - } |
| - break; |
| - |
| - default: |
| - // To shut up a gcc warning. |
| - break; |
| + if (sandbox_type == content::SANDBOX_PROCESS_TYPE_GPU) { |
| + // Preload either the desktop GL or the osmesa so, depending on the |
| + // --use-gl flag. |
| + gfx::GLSurface::InitializeOneOff(); |
| } |
| } |
| @@ -324,65 +338,55 @@ NSString* Sandbox::BuildAllowDirectoryAccessSandboxString( |
| // Load the appropriate template for the given sandbox type. |
| // Returns the template as an NSString or nil on error. |
| -NSString* LoadSandboxTemplate(Sandbox::SandboxProcessType sandbox_type) { |
| - // We use a custom sandbox definition file to lock things down as |
| - // tightly as possible. |
| - NSString* sandbox_config_filename = nil; |
| - switch (sandbox_type) { |
| - case Sandbox::SANDBOX_TYPE_RENDERER: |
| - sandbox_config_filename = @"renderer"; |
| - break; |
| - case Sandbox::SANDBOX_TYPE_WORKER: |
| - sandbox_config_filename = @"worker"; |
| - break; |
| - case Sandbox::SANDBOX_TYPE_UTILITY: |
| - sandbox_config_filename = @"utility"; |
| - break; |
| - case Sandbox::SANDBOX_TYPE_NACL_LOADER: |
| - // The Native Client loader is used for safeguarding the user's |
| - // untrusted code within Native Client. |
| - sandbox_config_filename = @"nacl_loader"; |
| - break; |
| - case Sandbox::SANDBOX_TYPE_GPU: |
| - sandbox_config_filename = @"gpu"; |
| - break; |
| - case Sandbox::SANDBOX_TYPE_PPAPI: |
| - sandbox_config_filename = @"ppapi"; |
| +NSString* LoadSandboxTemplate(int sandbox_type) { |
| + // We use a custom sandbox definition to lock things down as tightly as |
| + // possible. |
| + int sandbox_policy_resource_id = -1; |
|
jeremy
2011/11/24 12:20:19
*policy->profile also in the rest of the function.
jochen (gone - plz use gerrit)
2011/11/24 16:23:22
Done.
|
| + |
| + // Find resource id for sandbox profile to use for the specific sandbox type. |
| + for (size_t i = 0; |
| + i < arraysize(kDefaultSandboxProcessTypePolicyMapping); |
| + ++i) { |
| + if (kDefaultSandboxProcessTypePolicyMapping[i].sandbox_process_type == |
| + sandbox_type) { |
| + sandbox_policy_resource_id = |
| + kDefaultSandboxProcessTypePolicyMapping[i].sandbox_policy_resource_id; |
| break; |
| - default: |
| - NOTREACHED(); |
| - return nil; |
| + } |
| } |
| - |
| - // Read in the sandbox profile and the common prefix file. |
| - NSString* common_sandbox_prefix_path = |
| - [base::mac::MainAppBundle() pathForResource:@"common" |
| - ofType:@"sb"]; |
| - NSString* common_sandbox_prefix_data = |
| - [NSString stringWithContentsOfFile:common_sandbox_prefix_path |
| - encoding:NSUTF8StringEncoding |
| - error:NULL]; |
| - |
| - if (!common_sandbox_prefix_data) { |
| - DLOG(FATAL) << "Failed to find the sandbox profile on disk " |
| - << [common_sandbox_prefix_path fileSystemRepresentation]; |
| + if (sandbox_policy_resource_id == -1) { |
| + // Check if the embedder knows about this sandbox process type. |
| + sandbox_policy_resource_id = content::GetContentClient()-> |
|
jeremy
2011/11/24 12:20:19
No chance that GetContentClient() can be null, rig
jochen (gone - plz use gerrit)
2011/11/24 16:23:22
Right
|
| + GetSandboxPolicyForSandboxType(sandbox_type); |
| + } |
| + CHECK(sandbox_policy_resource_id != -1) |
| + << "Unknown sandbox type " << sandbox_type; |
| + |
| + base::StringPiece sandbox_definition = |
| + content::GetContentClient()->GetDataResource(sandbox_policy_resource_id); |
| + if (sandbox_definition.empty()) { |
| + LOG(FATAL) << "Failed to load the sandbox profile (resource id " |
| + << sandbox_policy_resource_id << ")"; |
| return nil; |
| } |
| - NSString* sandbox_profile_path = |
| - [base::mac::MainAppBundle() pathForResource:sandbox_config_filename |
| - ofType:@"sb"]; |
| - NSString* sandbox_data = |
| - [NSString stringWithContentsOfFile:sandbox_profile_path |
| - encoding:NSUTF8StringEncoding |
| - error:NULL]; |
| - |
| - if (!sandbox_data) { |
| - DLOG(FATAL) << "Failed to find the sandbox profile on disk " |
| - << [sandbox_profile_path fileSystemRepresentation]; |
| + base::StringPiece common_sandbox_definition = |
| + content::GetContentClient()->GetDataResource(IDR_COMMON_SANDBOX_POLICY); |
| + if (common_sandbox_definition.empty()) { |
| + LOG(FATAL) << "Failed to load the common sandbox profile"; |
| return nil; |
| } |
| + NSString* common_sandbox_prefix_data = |
| + [[NSString alloc] initWithBytes:common_sandbox_definition.data() |
| + length:common_sandbox_definition.length() |
| + encoding:NSUTF8StringEncoding]; |
| + |
| + NSString* sandbox_data = |
| + [[NSString alloc] initWithBytes:sandbox_definition.data() |
| + length:sandbox_definition.length() |
| + encoding:NSUTF8StringEncoding]; |
| + |
| // Prefix sandbox_data with common_sandbox_prefix_data. |
| return [common_sandbox_prefix_data stringByAppendingString:sandbox_data]; |
| } |
| @@ -459,13 +463,14 @@ bool Sandbox::PostProcessSandboxProfile( |
| // Turns on the OS X sandbox for this process. |
| // static |
| -bool Sandbox::EnableSandbox(SandboxProcessType sandbox_type, |
| +bool Sandbox::EnableSandbox(int sandbox_type, |
| const FilePath& allowed_dir) { |
| - // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being |
| - // passed in. |
| - if (sandbox_type != SANDBOX_TYPE_UTILITY) { |
| - DCHECK(allowed_dir.empty()) |
| - << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter."; |
| + // Sanity - currently only SANDBOX_PROCESS_TYPE_UTILITY supports a directory |
| + // being passed in. |
| + if (sandbox_type < content::SANDBOX_PROCESS_TYPE_AFTER_LAST_TYPE && |
| + sandbox_type != content::SANDBOX_PROCESS_TYPE_UTILITY) { |
| + DCHECK(allowed_dir.empty()) << "Only SANDBOX_PROCESS_TYPE_UTILITY allows" |
| + << " a custom directory parameter."; |
| } |
| NSString* sandbox_data = LoadSandboxTemplate(sandbox_type); |
