content/common/sandbox_mac_diraccess_unittest.mm - Issue 1213113006: Revert of Refactor OS X sandbox processing and audit sandbox files

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_mac_diraccess_unittest.mm

Issue 1213113006: Revert of Refactor OS X sandbox processing and audit sandbox files (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_mac_diraccess_unittest.mm

diff --git a/content/common/sandbox_mac_diraccess_unittest.mm b/content/common/sandbox_mac_diraccess_unittest.mm

index 8d1256744f2b995536348a9d5c5f40c119baac1c..a403ecd25634fa6847423c04df67b1c5ce830335 100644

--- a/content/common/sandbox_mac_diraccess_unittest.mm

+++ b/content/common/sandbox_mac_diraccess_unittest.mm

@@ -183,33 +183,41 @@

if (!sandbox_allowed_dir)

return -1;

- std::string final_allowed_dir;

- EXPECT_TRUE(

- Sandbox::QuoteStringForRegex(sandbox_allowed_dir, &final_allowed_dir));

// Build up a sandbox profile that only allows access to a single directory.

- std::string sandbox_profile =

- "(version 1)"

- "(define perm_dir (param \"PERMITTED_DIR\"))"

- "(deny default)"

- "(allow signal (target self))"

- "(allow sysctl-read)"

- "(if (string? perm_dir)"

- " (begin"

- " (allow file-read-metadata )"

- " (allow file-read* file-write* (regex (string-append #\"\" "

- "perm_dir)))))";

- // Setup the parameters to pass to the sandbox.

- SandboxCompiler compiler(sandbox_profile);

- CHECK(compiler.InsertStringParam("PERMITTED_DIR", final_allowed_dir));

+ NSString *sandbox_profile =

+ @"(version 1)" \

+ "(deny default)" \

+ "(allow signal (target self))" \

+ "(allow sysctl-read)" \

+ ";ENABLE_DIRECTORY_ACCESS";

+ std::string allowed_dir(sandbox_allowed_dir);

+ Sandbox::SandboxVariableSubstitions substitutions;

+ NSString* allow_dir_sandbox_code =

+ Sandbox::BuildAllowDirectoryAccessSandboxString(

+ base::FilePath(sandbox_allowed_dir),

+ &substitutions);

+ sandbox_profile = [sandbox_profile

+ stringByReplacingOccurrencesOfString:@";ENABLE_DIRECTORY_ACCESS"

+ withString:allow_dir_sandbox_code];

+ std::string final_sandbox_profile_str;

+ if (!Sandbox::PostProcessSandboxProfile(sandbox_profile,

+ [NSArray array],

+ substitutions,

+ &final_sandbox_profile_str)) {

+ LOG(ERROR) << "Call to PostProcessSandboxProfile() failed";

+ return -1;

+ }

// Enable Sandbox.

- std::string error_str;

- if (!compiler.CompileAndApplyProfile(&error_str)) {

- LOG(ERROR) << "Failed to Initialize Sandbox: " << error_str;

- return -1;

- }

+ char* error_buff = NULL;

+ int error = sandbox_init(final_sandbox_profile_str.c_str(), 0, &error_buff);

+ if (error == -1) {

+ LOG(ERROR) << "Failed to Initialize Sandbox: " << error_buff;

+ return -1;

+ }

+ sandbox_free_error(error_buff);

// Test Sandbox.

« no previous file with comments | « content/common/sandbox_mac_compiler_unittest.mm ('k') | content/content_common.gypi » ('j') | no next file with comments »