OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ |
6 #define CONTENT_COMMON_SANDBOX_MAC_H_ | 6 #define CONTENT_COMMON_SANDBOX_MAC_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/hash_tables.h" | 11 #include "base/hash_tables.h" |
12 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
13 #include "content/common/content_export.h" | 13 #include "content/common/content_export.h" |
14 #include "content/public/common/sandbox_type_mac.h" | 14 #include "content/public/common/sandbox_type_mac.h" |
15 | 15 |
| 16 namespace base { |
16 class FilePath; | 17 class FilePath; |
| 18 } |
17 | 19 |
18 #if __OBJC__ | 20 #if __OBJC__ |
19 @class NSArray; | 21 @class NSArray; |
20 @class NSString; | 22 @class NSString; |
21 #else | 23 #else |
22 class NSArray; | 24 class NSArray; |
23 class NSString; | 25 class NSString; |
24 #endif | 26 #endif |
25 | 27 |
26 namespace content { | 28 namespace content { |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
66 static void SandboxWarmup(int sandbox_type); | 68 static void SandboxWarmup(int sandbox_type); |
67 | 69 |
68 // Turns on the OS X sandbox for this process. | 70 // Turns on the OS X sandbox for this process. |
69 // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal | 71 // |sandbox_type| - type of Sandbox to use. See SandboxWarmup() for legal |
70 // values. | 72 // values. |
71 // |allowed_dir| - directory to allow access to, currently the only sandbox | 73 // |allowed_dir| - directory to allow access to, currently the only sandbox |
72 // profile that supports this is SANDBOX_TYPE_UTILITY . | 74 // profile that supports this is SANDBOX_TYPE_UTILITY . |
73 // | 75 // |
74 // Returns true on success, false if an error occurred enabling the sandbox. | 76 // Returns true on success, false if an error occurred enabling the sandbox. |
75 static bool EnableSandbox(int sandbox_type, | 77 static bool EnableSandbox(int sandbox_type, |
76 const FilePath& allowed_dir); | 78 const base::FilePath& allowed_dir); |
77 | 79 |
78 | 80 |
79 // Exposed for testing purposes, used by an accessory function of our tests | 81 // Exposed for testing purposes, used by an accessory function of our tests |
80 // so we can't use FRIEND_TEST. | 82 // so we can't use FRIEND_TEST. |
81 | 83 |
82 // Build the Sandbox command necessary to allow access to a named directory | 84 // Build the Sandbox command necessary to allow access to a named directory |
83 // indicated by |allowed_dir|. | 85 // indicated by |allowed_dir|. |
84 // Returns a string containing the sandbox profile commands necessary to allow | 86 // Returns a string containing the sandbox profile commands necessary to allow |
85 // access to that directory or nil if an error occured. | 87 // access to that directory or nil if an error occured. |
86 | 88 |
87 // The header comment for PostProcessSandboxProfile() explains how variable | 89 // The header comment for PostProcessSandboxProfile() explains how variable |
88 // substition works in sandbox templates. | 90 // substition works in sandbox templates. |
89 // The returned string contains embedded variables. The function fills in | 91 // The returned string contains embedded variables. The function fills in |
90 // |substitutions| to contain the values for these variables. | 92 // |substitutions| to contain the values for these variables. |
91 static NSString* BuildAllowDirectoryAccessSandboxString( | 93 static NSString* BuildAllowDirectoryAccessSandboxString( |
92 const FilePath& allowed_dir, | 94 const base::FilePath& allowed_dir, |
93 SandboxVariableSubstitions* substitutions); | 95 SandboxVariableSubstitions* substitutions); |
94 | 96 |
95 // Assemble the final sandbox profile from a template by removing comments | 97 // Assemble the final sandbox profile from a template by removing comments |
96 // and substituting variables. | 98 // and substituting variables. |
97 // | 99 // |
98 // |sandbox_template| is a string which contains 2 entitites to operate on: | 100 // |sandbox_template| is a string which contains 2 entitites to operate on: |
99 // | 101 // |
100 // - Comments - The sandbox comment syntax is used to make the OS sandbox | 102 // - Comments - The sandbox comment syntax is used to make the OS sandbox |
101 // optionally ignore commands it doesn't support. e.g. | 103 // optionally ignore commands it doesn't support. e.g. |
102 // ;10.6_ONLY (foo) | 104 // ;10.6_ONLY (foo) |
(...skipping 16 matching lines...) Expand all Loading... |
119 // Returns true on success, false otherwise. | 121 // Returns true on success, false otherwise. |
120 static bool PostProcessSandboxProfile( | 122 static bool PostProcessSandboxProfile( |
121 NSString* in_sandbox_data, | 123 NSString* in_sandbox_data, |
122 NSArray* comments_to_remove, | 124 NSArray* comments_to_remove, |
123 SandboxVariableSubstitions& substitutions, | 125 SandboxVariableSubstitions& substitutions, |
124 std::string *final_sandbox_profile_str); | 126 std::string *final_sandbox_profile_str); |
125 | 127 |
126 private: | 128 private: |
127 // Returns an (allow file-read-metadata) rule for |allowed_path| and all its | 129 // Returns an (allow file-read-metadata) rule for |allowed_path| and all its |
128 // parent directories. | 130 // parent directories. |
129 static NSString* AllowMetadataForPath(const FilePath& allowed_path); | 131 static NSString* AllowMetadataForPath(const base::FilePath& allowed_path); |
130 | 132 |
131 // Escape |src_utf8| for use in a plain string variable in a sandbox | 133 // Escape |src_utf8| for use in a plain string variable in a sandbox |
132 // configuraton file. On return |dst| is set to the quoted output. | 134 // configuraton file. On return |dst| is set to the quoted output. |
133 // Returns: true on success, false otherwise. | 135 // Returns: true on success, false otherwise. |
134 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); | 136 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); |
135 | 137 |
136 // Escape |str_utf8| for use in a regex literal in a sandbox | 138 // Escape |str_utf8| for use in a regex literal in a sandbox |
137 // configuraton file. On return |dst| is set to the utf-8 encoded quoted | 139 // configuraton file. On return |dst| is set to the utf-8 encoded quoted |
138 // output. | 140 // output. |
139 // | 141 // |
140 // The implementation of this function is based on empirical testing of the | 142 // The implementation of this function is based on empirical testing of the |
141 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to | 143 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to |
142 // change. | 144 // change. |
143 // | 145 // |
144 // Note: If str_utf8 contains any characters < 32 || >125 then the function | 146 // Note: If str_utf8 contains any characters < 32 || >125 then the function |
145 // fails and false is returned. | 147 // fails and false is returned. |
146 // | 148 // |
147 // Returns: true on success, false otherwise. | 149 // Returns: true on success, false otherwise. |
148 static bool QuoteStringForRegex(const std::string& str_utf8, | 150 static bool QuoteStringForRegex(const std::string& str_utf8, |
149 std::string* dst); | 151 std::string* dst); |
150 | 152 |
151 // Convert provided path into a "canonical" path matching what the Sandbox | 153 // Convert provided path into a "canonical" path matching what the Sandbox |
152 // expects i.e. one without symlinks. | 154 // expects i.e. one without symlinks. |
153 // This path is not necessarily unique e.g. in the face of hardlinks. | 155 // This path is not necessarily unique e.g. in the face of hardlinks. |
154 static FilePath GetCanonicalSandboxPath(const FilePath& path); | 156 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path); |
155 | 157 |
156 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); | 158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); |
157 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); | 159 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); |
158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); | 160 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); |
159 | 161 |
160 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); | 162 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
161 }; | 163 }; |
162 | 164 |
163 } // namespace content | 165 } // namespace content |
164 | 166 |
165 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ | 167 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ |
OLD | NEW |