| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/mac/bootstrap_sandbox.h" | 5 #include "sandbox/mac/bootstrap_sandbox.h" |
| 6 | 6 |
| 7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
| 8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
| 9 #include <mach/mach.h> | 9 #include <mach/mach.h> |
| 10 #include <servers/bootstrap.h> | 10 #include <servers/bootstrap.h> |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 BootstrapSandboxPolicy policy; | 93 BootstrapSandboxPolicy policy; |
| 94 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); | 94 policy.rules["com.apple.cfprefsd.daemon"] = Rule(POLICY_ALLOW); |
| 95 if (base::mac::IsOSSnowLeopard()) | 95 if (base::mac::IsOSSnowLeopard()) |
| 96 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); | 96 policy.rules["com.apple.SecurityServer"] = Rule(POLICY_ALLOW); |
| 97 return policy; | 97 return policy; |
| 98 } | 98 } |
| 99 | 99 |
| 100 void RunChildWithPolicy(int policy_id, | 100 void RunChildWithPolicy(int policy_id, |
| 101 const char* child_name, | 101 const char* child_name, |
| 102 base::ProcessHandle* out_pid) { | 102 base::ProcessHandle* out_pid) { |
| 103 scoped_ptr<PreExecDelegate> pre_exec_delegate( | 103 std::unique_ptr<PreExecDelegate> pre_exec_delegate( |
| 104 sandbox_->NewClient(policy_id)); | 104 sandbox_->NewClient(policy_id)); |
| 105 | 105 |
| 106 base::LaunchOptions options; | 106 base::LaunchOptions options; |
| 107 options.pre_exec_delegate = pre_exec_delegate.get(); | 107 options.pre_exec_delegate = pre_exec_delegate.get(); |
| 108 | 108 |
| 109 base::Process process = SpawnChildWithOptions(child_name, options); | 109 base::Process process = SpawnChildWithOptions(child_name, options); |
| 110 ASSERT_TRUE(process.IsValid()); | 110 ASSERT_TRUE(process.IsValid()); |
| 111 int code = 0; | 111 int code = 0; |
| 112 EXPECT_TRUE(process.WaitForExit(&code)); | 112 EXPECT_TRUE(process.WaitForExit(&code)); |
| 113 EXPECT_EQ(0, code); | 113 EXPECT_EQ(0, code); |
| 114 if (out_pid) | 114 if (out_pid) |
| 115 *out_pid = process.Pid(); | 115 *out_pid = process.Pid(); |
| 116 } | 116 } |
| 117 | 117 |
| 118 protected: | 118 protected: |
| 119 scoped_ptr<BootstrapSandbox> sandbox_; | 119 std::unique_ptr<BootstrapSandbox> sandbox_; |
| 120 }; | 120 }; |
| 121 | 121 |
| 122 const char kNotificationTestMain[] = "PostNotification"; | 122 const char kNotificationTestMain[] = "PostNotification"; |
| 123 | 123 |
| 124 // Run the test without the sandbox. | 124 // Run the test without the sandbox. |
| 125 TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { | 125 TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { |
| 126 base::scoped_nsobject<DistributedNotificationObserver> observer( | 126 base::scoped_nsobject<DistributedNotificationObserver> observer( |
| 127 [[DistributedNotificationObserver alloc] init]); | 127 [[DistributedNotificationObserver alloc] init]); |
| 128 | 128 |
| 129 base::Process process = SpawnChild(kNotificationTestMain); | 129 base::Process process = SpawnChild(kNotificationTestMain); |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 434 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, | 434 ASSERT_EQ(KERN_SUCCESS, mach_port_insert_right(task, port, port, |
| 435 MACH_MSG_TYPE_MAKE_SEND)); | 435 MACH_MSG_TYPE_MAKE_SEND)); |
| 436 base::mac::ScopedMachSendRight scoped_port_send(port); | 436 base::mac::ScopedMachSendRight scoped_port_send(port); |
| 437 | 437 |
| 438 // Set up the policy and register the port. | 438 // Set up the policy and register the port. |
| 439 BootstrapSandboxPolicy policy(BaselinePolicy()); | 439 BootstrapSandboxPolicy policy(BaselinePolicy()); |
| 440 policy.rules["sync"] = Rule(port); | 440 policy.rules["sync"] = Rule(port); |
| 441 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); | 441 sandbox_->RegisterSandboxPolicy(kTestPolicyId, policy); |
| 442 | 442 |
| 443 // Launch the child. | 443 // Launch the child. |
| 444 scoped_ptr<PreExecDelegate> pre_exec_delegate( | 444 std::unique_ptr<PreExecDelegate> pre_exec_delegate( |
| 445 sandbox_->NewClient(kTestPolicyId)); | 445 sandbox_->NewClient(kTestPolicyId)); |
| 446 base::LaunchOptions options; | 446 base::LaunchOptions options; |
| 447 options.pre_exec_delegate = pre_exec_delegate.get(); | 447 options.pre_exec_delegate = pre_exec_delegate.get(); |
| 448 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); | 448 base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); |
| 449 ASSERT_TRUE(process.IsValid()); | 449 ASSERT_TRUE(process.IsValid()); |
| 450 | 450 |
| 451 // Synchronize with the child. | 451 // Synchronize with the child. |
| 452 mach_msg_empty_rcv_t rcv_msg; | 452 mach_msg_empty_rcv_t rcv_msg; |
| 453 bzero(&rcv_msg, sizeof(rcv_msg)); | 453 bzero(&rcv_msg, sizeof(rcv_msg)); |
| 454 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, | 454 kern_return_t kr = mach_msg(&rcv_msg.header, MACH_RCV_MSG, 0, |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 514 kr = mach_msg_receive(&rcv_msg.header); | 514 kr = mach_msg_receive(&rcv_msg.header); |
| 515 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; | 515 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_msg_receive"; |
| 516 | 516 |
| 517 // Try to message the sandbox. | 517 // Try to message the sandbox. |
| 518 bootstrap_look_up(bootstrap_port, "test", &port); | 518 bootstrap_look_up(bootstrap_port, "test", &port); |
| 519 | 519 |
| 520 return 0; | 520 return 0; |
| 521 } | 521 } |
| 522 | 522 |
| 523 } // namespace sandbox | 523 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1849323003:
Convert //sandbox to use std::unique_ptr (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master