Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(518)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/bootstrap_sandbox_manager_mac.cc

Issue 1532813002: Replace IOSurfaceManager by directly passing IOSurface Mach ports over Chrome IPC. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/app/content_main_runner.cc ('k') | content/browser/browser_io_surface_manager_mac.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/bootstrap_sandbox_manager_mac.h" 5 #include "content/browser/bootstrap_sandbox_manager_mac.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/mac/mac_util.h" 8 #include "base/mac/mac_util.h"
9 #include "content/browser/browser_io_surface_manager_mac.h"
10 #include "content/browser/mach_broker_mac.h" 9 #include "content/browser/mach_broker_mac.h"
11 #include "content/common/sandbox_init_mac.h" 10 #include "content/common/sandbox_init_mac.h"
12 #include "content/public/browser/browser_thread.h" 11 #include "content/public/browser/browser_thread.h"
13 #include "content/public/browser/child_process_data.h" 12 #include "content/public/browser/child_process_data.h"
14 #include "content/public/browser/render_process_host.h" 13 #include "content/public/browser/render_process_host.h"
15 #include "sandbox/mac/bootstrap_sandbox.h" 14 #include "sandbox/mac/bootstrap_sandbox.h"
16 15
17 namespace content { 16 namespace content {
18 17
19 // static 18 // static
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
72 policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW); 71 policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW);
73 policy.rules["com.apple.FontObjectsServer"] = 72 policy.rules["com.apple.FontObjectsServer"] =
74 sandbox::Rule(sandbox::POLICY_ALLOW); 73 sandbox::Rule(sandbox::POLICY_ALLOW);
75 74
76 // Allow access to the windowserver. This is needed to get the colorspace 75 // Allow access to the windowserver. This is needed to get the colorspace
77 // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this 76 // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this
78 // should be plumbed over IPC instead <http://crbug.com/265709>. 77 // should be plumbed over IPC instead <http://crbug.com/265709>.
79 policy.rules["com.apple.windowserver.active"] = 78 policy.rules["com.apple.windowserver.active"] =
80 sandbox::Rule(sandbox::POLICY_ALLOW); 79 sandbox::Rule(sandbox::POLICY_ALLOW);
81 80
82 // Allow renderers to contact the IOSurfaceManager in the browser to share
83 // accelerated surfaces.
84 policy.rules[BrowserIOSurfaceManager::GetMachPortName()] =
85 sandbox::Rule(sandbox::POLICY_ALLOW);
86
87 // Allow access to launchservicesd on 10.10+ otherwise the renderer will crash 81 // Allow access to launchservicesd on 10.10+ otherwise the renderer will crash
88 // attempting to get its ASN. http://crbug.com/533537 82 // attempting to get its ASN. http://crbug.com/533537
89 if (base::mac::IsOSYosemiteOrLater()) { 83 if (base::mac::IsOSYosemiteOrLater()) {
90 policy.rules["com.apple.coreservices.launchservicesd"] = 84 policy.rules["com.apple.coreservices.launchservicesd"] =
91 sandbox::Rule(sandbox::POLICY_ALLOW); 85 sandbox::Rule(sandbox::POLICY_ALLOW);
92 } 86 }
93 87
94 sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy); 88 sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy);
95 } 89 }
96 90
97 void BootstrapSandboxManager::AddBaselinePolicy( 91 void BootstrapSandboxManager::AddBaselinePolicy(
98 sandbox::BootstrapSandboxPolicy* policy) { 92 sandbox::BootstrapSandboxPolicy* policy) {
99 auto& rules = policy->rules; 93 auto& rules = policy->rules;
100 94
101 // Allow the child to send its task port to the MachBroker. 95 // Allow the child to send its task port to the MachBroker.
102 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW); 96 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW);
103 97
104 // Allow logging to the syslog. 98 // Allow logging to the syslog.
105 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW); 99 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW);
106 } 100 }
107 101
108 } // namespace content 102 } // namespace content
OLDNEW
« no previous file with comments | « content/app/content_main_runner.cc ('k') | content/browser/browser_io_surface_manager_mac.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698