Index: content/common/sandbox_init_mac.cc |
diff --git a/content/common/sandbox_init_mac.cc b/content/common/sandbox_init_mac.cc |
index 86cf9e6737c12e68df3426431e1d6249aa1590b4..59dc055096c3fd8bd26ea3778228cae8ab4f4cb1 100644 |
--- a/content/common/sandbox_init_mac.cc |
+++ b/content/common/sandbox_init_mac.cc |
@@ -9,17 +9,28 @@ |
#include "base/logging.h" |
#include "content/common/sandbox_mac.h" |
#include "content/public/common/content_switches.h" |
+#include "grit/content_resources.h" |
namespace content { |
-bool InitializeSandbox() { |
+bool InitializeSandbox(int sandbox_definition_resource_id) { |
jeremy
2011/11/17 13:36:11
I would refactor this into 3 functions:
Initialize
|
+ using sandbox::Sandbox; |
+ |
+ // Warm up APIs before turning on the sandbox. |
+ Sandbox::SandboxWarmup(sandbox_definition_resource_id); |
+ |
+ // Actually sandbox the process. |
+ return Sandbox::EnableSandbox(sandbox_definition_resource_id, FilePath()); |
+} |
+ |
+bool InitializeSandboxFromProcessType() { |
using sandbox::Sandbox; |
const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
if (command_line.HasSwitch(switches::kNoSandbox)) |
return true; |
- Sandbox::SandboxProcessType sandbox_process_type; |
+ int sandbox_definition_resource_id; |
FilePath allowed_dir; // Empty by default. |
std::string process_type = |
@@ -36,27 +47,24 @@ bool InitializeSandbox() { |
// this once this flag is removed. |
return true; |
} else { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_RENDERER; |
+ sandbox_definition_resource_id = IDR_RENDERER_SANDBOX_DEFINITION; |
} |
} else if (process_type == switches::kUtilityProcess) { |
// Utility process sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_UTILITY; |
+ sandbox_definition_resource_id = IDR_UTILITY_SANDBOX_DEFINITION; |
allowed_dir = |
command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir); |
} else if (process_type == switches::kWorkerProcess) { |
// Worker process sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_WORKER; |
- } else if (process_type == switches::kNaClLoaderProcess) { |
- // Native Client sel_ldr (user untrusted code) sandbox. |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_NACL_LOADER; |
+ sandbox_definition_resource_id = IDR_WORKER_SANDBOX_DEFINITION; |
} else if (process_type == switches::kGpuProcess) { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_GPU; |
+ sandbox_definition_resource_id = IDR_GPU_SANDBOX_DEFINITION; |
} else if ((process_type == switches::kPluginProcess) || |
(process_type == switches::kServiceProcess) || |
(process_type == switches::kPpapiBrokerProcess)) { |
return true; |
} else if (process_type == switches::kPpapiPluginProcess) { |
- sandbox_process_type = Sandbox::SANDBOX_TYPE_PPAPI; |
+ sandbox_definition_resource_id = IDR_PPAPI_SANDBOX_DEFINITION; |
} else { |
// Failsafe: If you hit an unreached here, is your new process type in need |
// of sandboxing? |
@@ -65,10 +73,10 @@ bool InitializeSandbox() { |
} |
// Warm up APIs before turning on the sandbox. |
- Sandbox::SandboxWarmup(sandbox_process_type); |
+ Sandbox::SandboxWarmup(sandbox_definition_resource_id); |
// Actually sandbox the process. |
- return Sandbox::EnableSandbox(sandbox_process_type, allowed_dir); |
+ return Sandbox::EnableSandbox(sandbox_definition_resource_id, allowed_dir); |
} |
} // namespace content |