content/common/sandbox_mac.h - Issue 8589001: Load mac sandbox definitions from resources instead of the bundle.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_mac.h

Issue 8589001: Load mac sandbox definitions from resources instead of the bundle. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: updates Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_mac.h

diff --git a/content/common/sandbox_mac.h b/content/common/sandbox_mac.h

index 358c098a996e86d171bfd38d8fe5dccfd40e1e5b..c9710c399623a803fcd0fe4cf3b9e16eaba8a67b 100644

--- a/content/common/sandbox_mac.h

+++ b/content/common/sandbox_mac.h

@@ -11,6 +11,7 @@

#include "base/basictypes.h"

#include "base/hash_tables.h"

#include "base/gtest_prod_util.h"

+#include "content/public/common/sandbox_type_mac.h"

class FilePath;

@@ -57,44 +58,21 @@ class Sandbox {

typedef base::hash_map<std::string, SandboxSubstring>

SandboxVariableSubstitions;

- enum SandboxProcessType {

- SANDBOX_TYPE_FIRST_TYPE, // Placeholder to ease iteration.

- SANDBOX_TYPE_RENDERER = SANDBOX_TYPE_FIRST_TYPE,

- // The worker process uses the most restrictive sandbox which has almost

- // *everything* locked down. Only a couple of /System/Library/ paths and

- // some other very basic operations (e.g., reading metadata to allow

- // following symlinks) are permitted.

- SANDBOX_TYPE_WORKER,

- // Utility process is as restrictive as the worker process except full

- // access is allowed to one configurable directory.

- SANDBOX_TYPE_UTILITY,

- // Native Client sandbox for the user's untrusted code.

- SANDBOX_TYPE_NACL_LOADER,

- // GPU process.

- SANDBOX_TYPE_GPU,

- // The PPAPI plugin process.

- SANDBOX_TYPE_PPAPI,

- SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration.

- };

- // Warm up System APIs that empirically need to be accessed before the Sandbox

- // is turned on. |sandbox_type| is the type of sandbox to warm up.

- static void SandboxWarmup(SandboxProcessType sandbox_type);

+ // Warm up System APIs that empirically need to be accessed before the

+ // sandbox is turned on. |sandbox_type| is the type of sandbox to warm up.

+ // Valid |sandbox_type| values are defined by the enum SandboxType, or can be

+ // defined by the embedder via

+ // ContentClient::GetSandboxProfileForProcessType().

+ static void SandboxWarmup(int sandbox_type);

// Turns on the OS X sandbox for this process.

- // |sandbox_type| - type of Sandbox to use.

+ // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal

+ // values.

// |allowed_dir| - directory to allow access to, currently the only sandbox

// profile that supports this is SANDBOX_TYPE_UTILITY .

// Returns true on success, false if an error occurred enabling the sandbox.

- static bool EnableSandbox(SandboxProcessType sandbox_type,

+ static bool EnableSandbox(int sandbox_type,

const FilePath& allowed_dir);

« no previous file with comments | « content/common/sandbox_init_mac.cc ('k') | content/common/sandbox_mac.mm » ('j') | no next file with comments »