| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/bootstrap_sandbox_manager_mac.h" | 5 #include "content/browser/bootstrap_sandbox_manager_mac.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" |
| 7 #include "base/logging.h" | 8 #include "base/logging.h" |
| 8 #include "base/mac/mac_util.h" | 9 #include "base/mac/mac_util.h" |
| 9 #include "content/browser/browser_io_surface_manager_mac.h" | 10 #include "content/browser/browser_io_surface_manager_mac.h" |
| 10 #include "content/browser/mach_broker_mac.h" | 11 #include "content/browser/mach_broker_mac.h" |
| 11 #include "content/common/sandbox_init_mac.h" | 12 #include "content/common/sandbox_init_mac.h" |
| 12 #include "content/public/browser/browser_thread.h" | 13 #include "content/public/browser/browser_thread.h" |
| 13 #include "content/public/browser/child_process_data.h" | 14 #include "content/public/browser/child_process_data.h" |
| 14 #include "content/public/browser/render_process_host.h" | 15 #include "content/public/browser/render_process_host.h" |
| 16 #include "content/public/common/content_switches.h" |
| 15 #include "sandbox/mac/bootstrap_sandbox.h" | 17 #include "sandbox/mac/bootstrap_sandbox.h" |
| 16 | 18 |
| 17 namespace content { | 19 namespace content { |
| 18 | 20 |
| 19 // static | 21 // static |
| 20 bool BootstrapSandboxManager::ShouldEnable() { | 22 bool BootstrapSandboxManager::ShouldEnable() { |
| 21 return false; | 23 return !base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 24 switches::kDisableBootstrapSandbox); |
| 22 } | 25 } |
| 23 | 26 |
| 24 // static | 27 // static |
| 25 BootstrapSandboxManager* BootstrapSandboxManager::GetInstance() { | 28 BootstrapSandboxManager* BootstrapSandboxManager::GetInstance() { |
| 26 return base::Singleton<BootstrapSandboxManager>::get(); | 29 return base::Singleton<BootstrapSandboxManager>::get(); |
| 27 } | 30 } |
| 28 | 31 |
| 29 bool BootstrapSandboxManager::EnabledForSandbox(SandboxType sandbox_type) { | 32 bool BootstrapSandboxManager::EnabledForSandbox(SandboxType sandbox_type) { |
| 30 return sandbox_type == SANDBOX_TYPE_RENDERER; | 33 return sandbox_type == SANDBOX_TYPE_RENDERER; |
| 31 } | 34 } |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 99 auto& rules = policy->rules; | 102 auto& rules = policy->rules; |
| 100 | 103 |
| 101 // Allow the child to send its task port to the MachBroker. | 104 // Allow the child to send its task port to the MachBroker. |
| 102 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW); | 105 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW); |
| 103 | 106 |
| 104 // Allow logging to the syslog. | 107 // Allow logging to the syslog. |
| 105 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW); | 108 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW); |
| 106 } | 109 } |
| 107 | 110 |
| 108 } // namespace content | 111 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1352623003:
Enable the bootstrap sandbox by default. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master