Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Side by Side Diff: mojo/runner/linux_sandbox.cc

Issue 1274743004: Sandbox html_viewer on Linux. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Style stuff. Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « mojo/runner/child_process.cc ('k') | mojo/shell/application_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "mojo/runner/linux_sandbox.h" 5 #include "mojo/runner/linux_sandbox.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/syscall.h> 8 #include <sys/syscall.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 private: 85 private:
86 // Not owned. 86 // Not owned.
87 const sandbox::syscall_broker::BrokerProcess* broker_process_; 87 const sandbox::syscall_broker::BrokerProcess* broker_process_;
88 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy); 88 DISALLOW_COPY_AND_ASSIGN(SandboxPolicy);
89 }; 89 };
90 90
91 } // namespace 91 } // namespace
92 92
93 LinuxSandbox::LinuxSandbox(const std::vector<BrokerFilePermission>& permissions) 93 LinuxSandbox::LinuxSandbox(const std::vector<BrokerFilePermission>& permissions)
94 : broker_(new sandbox::syscall_broker::BrokerProcess(EPERM, permissions)) { 94 : broker_(new sandbox::syscall_broker::BrokerProcess(EPERM, permissions)) {
95 broker_->Init( 95 CHECK(broker_->Init(
96 base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities)); 96 base::Bind<bool (*)()>(&sandbox::Credentials::DropAllCapabilities)));
97 policy_.reset(new SandboxPolicy(broker_.get())); 97 policy_.reset(new SandboxPolicy(broker_.get()));
98 } 98 }
99 99
100 LinuxSandbox::~LinuxSandbox() {} 100 LinuxSandbox::~LinuxSandbox() {}
101 101
102 void LinuxSandbox::Warmup() { 102 void LinuxSandbox::Warmup() {
103 proc_fd_ = sandbox::ProcUtil::OpenProc(); 103 proc_fd_ = sandbox::ProcUtil::OpenProc();
104 warmed_up_ = true; 104 warmed_up_ = true;
105 105
106 // Verify that we haven't started threads or grabbed directory file 106 // Verify that we haven't started threads or grabbed directory file
(...skipping 25 matching lines...) Expand all
132 // The Broker is now bound to this process and should only be destroyed when 132 // The Broker is now bound to this process and should only be destroyed when
133 // the process exits or is killed. 133 // the process exits or is killed.
134 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release()); 134 ANNOTATE_LEAKING_OBJECT_PTR(broker_.release());
135 } 135 }
136 136
137 void LinuxSandbox::Seal() { 137 void LinuxSandbox::Seal() {
138 proc_fd_.reset(); 138 proc_fd_.reset();
139 } 139 }
140 140
141 } // namespace mandoline 141 } // namespace mandoline
OLDNEW
« no previous file with comments | « mojo/runner/child_process.cc ('k') | mojo/shell/application_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698