Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(360)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_mac.h

Issue 10539009: mac: Make the (10.6-only) sandbox hole for the components build smaller (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: test Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/common.sb ('k') | content/common/sandbox_mac.mm » ('j') | content/common/sandbox_mac.mm » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_
6 #define CONTENT_COMMON_SANDBOX_MAC_H_ 6 #define CONTENT_COMMON_SANDBOX_MAC_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string> 9 #include <string>
10 10
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 // 118 //
119 // On output |final_sandbox_profile_str| contains the final sandbox profile. 119 // On output |final_sandbox_profile_str| contains the final sandbox profile.
120 // Returns true on success, false otherwise. 120 // Returns true on success, false otherwise.
121 static bool PostProcessSandboxProfile( 121 static bool PostProcessSandboxProfile(
122 NSString* in_sandbox_data, 122 NSString* in_sandbox_data,
123 NSArray* comments_to_remove, 123 NSArray* comments_to_remove,
124 SandboxVariableSubstitions& substitutions, 124 SandboxVariableSubstitions& substitutions,
125 std::string *final_sandbox_profile_str); 125 std::string *final_sandbox_profile_str);
126 126
127 private: 127 private:
128 // Returns an (allow file-read-metadata) rule for |allowed_path| and all its
129 // parent directories.
130 static NSString* AllowMetadataForPath(const FilePath& allowed_path);
131
128 // Escape |src_utf8| for use in a plain string variable in a sandbox 132 // Escape |src_utf8| for use in a plain string variable in a sandbox
129 // configuraton file. On return |dst| is set to the quoted output. 133 // configuraton file. On return |dst| is set to the quoted output.
130 // Returns: true on success, false otherwise. 134 // Returns: true on success, false otherwise.
131 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); 135 static bool QuotePlainString(const std::string& src_utf8, std::string* dst);
132 136
133 // Escape |str_utf8| for use in a regex literal in a sandbox 137 // Escape |str_utf8| for use in a regex literal in a sandbox
134 // configuraton file. On return |dst| is set to the utf-8 encoded quoted 138 // configuraton file. On return |dst| is set to the utf-8 encoded quoted
135 // output. 139 // output.
136 // 140 //
137 // The implementation of this function is based on empirical testing of the 141 // The implementation of this function is based on empirical testing of the
138 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to 142 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to
139 // change. 143 // change.
140 // 144 //
141 // Note: If str_utf8 contains any characters < 32 || >125 then the function 145 // Note: If str_utf8 contains any characters < 32 || >125 then the function
142 // fails and false is returned. 146 // fails and false is returned.
143 // 147 //
144 // Returns: true on success, false otherwise. 148 // Returns: true on success, false otherwise.
145 static bool QuoteStringForRegex(const std::string& str_utf8, 149 static bool QuoteStringForRegex(const std::string& str_utf8,
146 std::string* dst); 150 std::string* dst);
147 151
148 // Convert provided path into a "canonical" path matching what the Sandbox 152 // Convert provided path into a "canonical" path matching what the Sandbox
149 // expects i.e. one without symlinks. 153 // expects i.e. one without symlinks.
150 // This path is not necessarily unique e.g. in the face of hardlinks. 154 // This path is not necessarily unique e.g. in the face of hardlinks.
151 static void GetCanonicalSandboxPath(FilePath* path); 155 static FilePath GetCanonicalSandboxPath(const FilePath& path);
152 156
153 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); 157 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);
154 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); 158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);
155 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); 159 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);
156 160
157 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); 161 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
158 }; 162 };
159 163
160 } // namespace sandbox 164 } // namespace sandbox
161 165
162 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ 166 #endif // CONTENT_COMMON_SANDBOX_MAC_H_
OLDNEW
« no previous file with comments | « content/common/common.sb ('k') | content/common/sandbox_mac.mm » ('j') | content/common/sandbox_mac.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698