Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(381)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/renderer_main_platform_delegate_mac.mm

Issue 174254: Some tweaks to the OS X Sandbox: (Closed)
Patch Set: Created 11 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/renderer/renderer.sb ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/renderer_main_platform_delegate_mac.mm
diff --git a/chrome/renderer/renderer_main_platform_delegate_mac.mm b/chrome/renderer/renderer_main_platform_delegate_mac.mm
index c194d7d0b533ad18fce5e3490dc680da03e787ca..acac05dc691882952bbfc075c8d253bd61c16e9c 100644
--- a/chrome/renderer/renderer_main_platform_delegate_mac.mm
+++ b/chrome/renderer/renderer_main_platform_delegate_mac.mm
@@ -63,6 +63,12 @@ void SandboxWarmup() {
localtime(&tv);
}
+ { // Gestalt() tries to read /System/Library/CoreServices/SystemVersion.plist
+ // on 10.5.6
+ int32 tmp;
+ base::SysInfo::OperatingSystemVersionNumbers(&tmp, &tmp, &tmp);
+ }
+
{ // CGImageSourceGetStatus() - 10.6 seed release.
// Create a png with just enough data to get everything warmed up...
char png_header[] = {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A};
@@ -105,31 +111,28 @@ bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
}
bool RendererMainPlatformDelegate::EnableSandbox() {
-
- // TODO(jeremy): Remove BeingDebugged() and CacheSysInfo() calls. They are
- // no longer required since the sandbox now allows sysctl() reads.
-
- // This call doesn't work when the sandbox is enabled, the implementation
- // caches it's return value so we call it here and then future calls will
- // succeed.
- DebugUtil::BeingDebugged();
-
- // For the renderer, we give it a custom sandbox to lock down as tight as
- // possible, but still be able to draw.
-
+ // For the renderer, we give it a custom sandbox to lock things down as
+ // tightly as possible, while still enabling drawing.
NSString* sandbox_profile_path =
[mac_util::MainAppBundle() pathForResource:@"renderer" ofType:@"sb"];
- BOOL is_dir = NO;
- if (![[NSFileManager defaultManager] fileExistsAtPath:sandbox_profile_path
- isDirectory:&is_dir] || is_dir) {
+ NSString *sandbox_data = [NSString
Paul Godavari 2009/08/21 21:26:12 nit: * should be placed consistently.
+ stringWithContentsOfFile:sandbox_profile_path
+ encoding:NSUTF8StringEncoding
+ error:nil];
+
+ if (!sandbox_data) {
LOG(ERROR) << "Failed to find the sandbox profile on disk";
return false;
}
- const char *sandbox_profile = [sandbox_profile_path fileSystemRepresentation];
+ // Splice the path of the user's home directory into the sandbox profile
+ // (see renderer.sb for details).
+ sandbox_data = [sandbox_data
+ stringByReplacingOccurrencesOfString:@"USER_HOMEDIR"
+ withString:NSHomeDirectory()];
+
char* error_buff = NULL;
- int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL,
- &error_buff);
+ int error = sandbox_init([sandbox_data UTF8String], 0, &error_buff);
bool success = (error == 0 && error_buff == NULL);
if (error == -1) {
LOG(ERROR) << "Failed to Initialize Sandbox: " << error_buff;
« no previous file with comments | « chrome/renderer/renderer.sb ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698