| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/bootstrap_sandbox_manager_mac.h" | 5 #include "content/browser/bootstrap_sandbox_manager_mac.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/mac/mac_util.h" | 8 #include "base/mac/mac_util.h" |
| 9 #include "content/browser/mach_broker_mac.h" | 9 #include "content/browser/mach_broker_mac.h" |
| 10 #include "content/common/sandbox_init_mac.h" | 10 #include "content/common/sandbox_init_mac.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 sandbox::Rule(sandbox::POLICY_ALLOW); | 73 sandbox::Rule(sandbox::POLICY_ALLOW); |
| 74 | 74 |
| 75 // Allow access to the windowserver. This is needed to get the colorspace | 75 // Allow access to the windowserver. This is needed to get the colorspace |
| 76 // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this | 76 // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this |
| 77 // should be plumbed over IPC instead <http://crbug.com/265709>. | 77 // should be plumbed over IPC instead <http://crbug.com/265709>. |
| 78 policy.rules["com.apple.windowserver.active"] = | 78 policy.rules["com.apple.windowserver.active"] = |
| 79 sandbox::Rule(sandbox::POLICY_ALLOW); | 79 sandbox::Rule(sandbox::POLICY_ALLOW); |
| 80 | 80 |
| 81 // Allow access to launchservicesd on 10.10+ otherwise the renderer will crash | 81 // Allow access to launchservicesd on 10.10+ otherwise the renderer will crash |
| 82 // attempting to get its ASN. http://crbug.com/533537 | 82 // attempting to get its ASN. http://crbug.com/533537 |
| 83 if (base::mac::IsOSYosemiteOrLater()) { | 83 if (base::mac::IsAtLeastOS10_10()) { |
| 84 policy.rules["com.apple.coreservices.launchservicesd"] = | 84 policy.rules["com.apple.coreservices.launchservicesd"] = |
| 85 sandbox::Rule(sandbox::POLICY_ALLOW); | 85 sandbox::Rule(sandbox::POLICY_ALLOW); |
| 86 } | 86 } |
| 87 | 87 |
| 88 sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy); | 88 sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy); |
| 89 } | 89 } |
| 90 | 90 |
| 91 void BootstrapSandboxManager::AddBaselinePolicy( | 91 void BootstrapSandboxManager::AddBaselinePolicy( |
| 92 sandbox::BootstrapSandboxPolicy* policy) { | 92 sandbox::BootstrapSandboxPolicy* policy) { |
| 93 auto& rules = policy->rules; | 93 auto& rules = policy->rules; |
| 94 | 94 |
| 95 // Allow the child to send its task port to the MachBroker. | 95 // Allow the child to send its task port to the MachBroker. |
| 96 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW); | 96 rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW); |
| 97 | 97 |
| 98 // Allow logging to the syslog. | 98 // Allow logging to the syslog. |
| 99 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW); | 99 rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW); |
| 100 } | 100 } |
| 101 | 101 |
| 102 } // namespace content | 102 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2271653006:
base::mac::IsOSSierra() -> base::mac::IsOS10_12(), etc. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master