Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(370)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_mac.h

Issue 12163003: Add FilePath to base namespace. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/common/fileapi/file_system_dispatcher.h ('k') | content/ppapi_plugin/ppapi_thread.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_
6 #define CONTENT_COMMON_SANDBOX_MAC_H_ 6 #define CONTENT_COMMON_SANDBOX_MAC_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
11 #include "base/hash_tables.h" 11 #include "base/hash_tables.h"
12 #include "base/gtest_prod_util.h" 12 #include "base/gtest_prod_util.h"
13 #include "content/common/content_export.h" 13 #include "content/common/content_export.h"
14 #include "content/public/common/sandbox_type_mac.h" 14 #include "content/public/common/sandbox_type_mac.h"
15 15
16 namespace base {
16 class FilePath; 17 class FilePath;
18 }
17 19
18 #if __OBJC__ 20 #if __OBJC__
19 @class NSArray; 21 @class NSArray;
20 @class NSString; 22 @class NSString;
21 #else 23 #else
22 class NSArray; 24 class NSArray;
23 class NSString; 25 class NSString;
24 #endif 26 #endif
25 27
26 namespace content { 28 namespace content {
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
66 static void SandboxWarmup(int sandbox_type); 68 static void SandboxWarmup(int sandbox_type);
67 69
68 // Turns on the OS X sandbox for this process. 70 // Turns on the OS X sandbox for this process.
69 // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal 71 // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal
70 // values. 72 // values.
71 // |allowed_dir| - directory to allow access to, currently the only sandbox 73 // |allowed_dir| - directory to allow access to, currently the only sandbox
72 // profile that supports this is SANDBOX_TYPE_UTILITY . 74 // profile that supports this is SANDBOX_TYPE_UTILITY .
73 // 75 //
74 // Returns true on success, false if an error occurred enabling the sandbox. 76 // Returns true on success, false if an error occurred enabling the sandbox.
75 static bool EnableSandbox(int sandbox_type, 77 static bool EnableSandbox(int sandbox_type,
76 const FilePath& allowed_dir); 78 const base::FilePath& allowed_dir);
77 79
78 80
79 // Exposed for testing purposes, used by an accessory function of our tests 81 // Exposed for testing purposes, used by an accessory function of our tests
80 // so we can't use FRIEND_TEST. 82 // so we can't use FRIEND_TEST.
81 83
82 // Build the Sandbox command necessary to allow access to a named directory 84 // Build the Sandbox command necessary to allow access to a named directory
83 // indicated by |allowed_dir|. 85 // indicated by |allowed_dir|.
84 // Returns a string containing the sandbox profile commands necessary to allow 86 // Returns a string containing the sandbox profile commands necessary to allow
85 // access to that directory or nil if an error occured. 87 // access to that directory or nil if an error occured.
86 88
87 // The header comment for PostProcessSandboxProfile() explains how variable 89 // The header comment for PostProcessSandboxProfile() explains how variable
88 // substition works in sandbox templates. 90 // substition works in sandbox templates.
89 // The returned string contains embedded variables. The function fills in 91 // The returned string contains embedded variables. The function fills in
90 // |substitutions| to contain the values for these variables. 92 // |substitutions| to contain the values for these variables.
91 static NSString* BuildAllowDirectoryAccessSandboxString( 93 static NSString* BuildAllowDirectoryAccessSandboxString(
92 const FilePath& allowed_dir, 94 const base::FilePath& allowed_dir,
93 SandboxVariableSubstitions* substitutions); 95 SandboxVariableSubstitions* substitutions);
94 96
95 // Assemble the final sandbox profile from a template by removing comments 97 // Assemble the final sandbox profile from a template by removing comments
96 // and substituting variables. 98 // and substituting variables.
97 // 99 //
98 // |sandbox_template| is a string which contains 2 entitites to operate on: 100 // |sandbox_template| is a string which contains 2 entitites to operate on:
99 // 101 //
100 // - Comments - The sandbox comment syntax is used to make the OS sandbox 102 // - Comments - The sandbox comment syntax is used to make the OS sandbox
101 // optionally ignore commands it doesn't support. e.g. 103 // optionally ignore commands it doesn't support. e.g.
102 // ;10.6_ONLY (foo) 104 // ;10.6_ONLY (foo)
(...skipping 16 matching lines...) Expand all
119 // Returns true on success, false otherwise. 121 // Returns true on success, false otherwise.
120 static bool PostProcessSandboxProfile( 122 static bool PostProcessSandboxProfile(
121 NSString* in_sandbox_data, 123 NSString* in_sandbox_data,
122 NSArray* comments_to_remove, 124 NSArray* comments_to_remove,
123 SandboxVariableSubstitions& substitutions, 125 SandboxVariableSubstitions& substitutions,
124 std::string *final_sandbox_profile_str); 126 std::string *final_sandbox_profile_str);
125 127
126 private: 128 private:
127 // Returns an (allow file-read-metadata) rule for |allowed_path| and all its 129 // Returns an (allow file-read-metadata) rule for |allowed_path| and all its
128 // parent directories. 130 // parent directories.
129 static NSString* AllowMetadataForPath(const FilePath& allowed_path); 131 static NSString* AllowMetadataForPath(const base::FilePath& allowed_path);
130 132
131 // Escape |src_utf8| for use in a plain string variable in a sandbox 133 // Escape |src_utf8| for use in a plain string variable in a sandbox
132 // configuraton file. On return |dst| is set to the quoted output. 134 // configuraton file. On return |dst| is set to the quoted output.
133 // Returns: true on success, false otherwise. 135 // Returns: true on success, false otherwise.
134 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); 136 static bool QuotePlainString(const std::string& src_utf8, std::string* dst);
135 137
136 // Escape |str_utf8| for use in a regex literal in a sandbox 138 // Escape |str_utf8| for use in a regex literal in a sandbox
137 // configuraton file. On return |dst| is set to the utf-8 encoded quoted 139 // configuraton file. On return |dst| is set to the utf-8 encoded quoted
138 // output. 140 // output.
139 // 141 //
140 // The implementation of this function is based on empirical testing of the 142 // The implementation of this function is based on empirical testing of the
141 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to 143 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to
142 // change. 144 // change.
143 // 145 //
144 // Note: If str_utf8 contains any characters < 32 || >125 then the function 146 // Note: If str_utf8 contains any characters < 32 || >125 then the function
145 // fails and false is returned. 147 // fails and false is returned.
146 // 148 //
147 // Returns: true on success, false otherwise. 149 // Returns: true on success, false otherwise.
148 static bool QuoteStringForRegex(const std::string& str_utf8, 150 static bool QuoteStringForRegex(const std::string& str_utf8,
149 std::string* dst); 151 std::string* dst);
150 152
151 // Convert provided path into a "canonical" path matching what the Sandbox 153 // Convert provided path into a "canonical" path matching what the Sandbox
152 // expects i.e. one without symlinks. 154 // expects i.e. one without symlinks.
153 // This path is not necessarily unique e.g. in the face of hardlinks. 155 // This path is not necessarily unique e.g. in the face of hardlinks.
154 static FilePath GetCanonicalSandboxPath(const FilePath& path); 156 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path);
155 157
156 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); 158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);
157 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); 159 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);
158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); 160 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);
159 161
160 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); 162 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
161 }; 163 };
162 164
163 } // namespace content 165 } // namespace content
164 166
165 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ 167 #endif // CONTENT_COMMON_SANDBOX_MAC_H_
OLDNEW
« no previous file with comments | « content/common/fileapi/file_system_dispatcher.h ('k') | content/ppapi_plugin/ppapi_thread.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698