Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(319)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: services/shell/service_manager.cc

Issue 2338793003: services/shell: Turn on sandboxing for mojo apps.
Patch Set: . Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « services/shell/public/interfaces/resolver.mojom ('k') | services/ui/manifest.json » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "services/shell/service_manager.h" 5 #include "services/shell/service_manager.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <utility> 9 #include <utility>
10 10
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after
211 void StartWithClientProcessConnection( 211 void StartWithClientProcessConnection(
212 mojom::ClientProcessConnectionPtr client_process_connection) { 212 mojom::ClientProcessConnectionPtr client_process_connection) {
213 mojom::ServicePtr service; 213 mojom::ServicePtr service;
214 service.Bind(mojom::ServicePtrInfo( 214 service.Bind(mojom::ServicePtrInfo(
215 std::move(client_process_connection->service), 0)); 215 std::move(client_process_connection->service), 0));
216 pid_receiver_binding_.Bind( 216 pid_receiver_binding_.Bind(
217 std::move(client_process_connection->pid_receiver_request)); 217 std::move(client_process_connection->pid_receiver_request));
218 StartWithService(std::move(service)); 218 StartWithService(std::move(service));
219 } 219 }
220 220
221 void StartWithFilePath(const base::FilePath& path) { 221 void StartWithFilePath(const base::FilePath& path, bool privileged) {
222 CHECK(!service_); 222 CHECK(!service_);
223 runner_ = service_manager_->native_runner_factory_->Create(path); 223 runner_ = service_manager_->native_runner_factory_->Create(path);
224 bool start_sandboxed = false; 224 bool start_sandboxed = !privileged;
225 mojom::ServicePtr service = runner_->Start( 225 mojom::ServicePtr service = runner_->Start(
226 path, identity_, start_sandboxed, 226 path, identity_, start_sandboxed,
227 base::Bind(&Instance::PIDAvailable, weak_factory_.GetWeakPtr()), 227 base::Bind(&Instance::PIDAvailable, weak_factory_.GetWeakPtr()),
228 base::Bind(&Instance::OnRunnerCompleted, weak_factory_.GetWeakPtr())); 228 base::Bind(&Instance::OnRunnerCompleted, weak_factory_.GetWeakPtr()));
229 StartWithService(std::move(service)); 229 StartWithService(std::move(service));
230 } 230 }
231 231
232 mojom::ServiceInfoPtr CreateServiceInfo() const { 232 mojom::ServiceInfoPtr CreateServiceInfo() const {
233 mojom::ServiceInfoPtr info(mojom::ServiceInfo::New()); 233 mojom::ServiceInfoPtr info(mojom::ServiceInfo::New());
234 info->id = id_; 234 info->id = id_;
(...skipping 576 matching lines...) Expand 10 before | Expand all | Expand 10 after
811 // Otherwise we create a new Service pipe. 811 // Otherwise we create a new Service pipe.
812 mojom::ServiceRequest request = GetProxy(&service); 812 mojom::ServiceRequest request = GetProxy(&service);
813 CHECK(!result->package_path.empty() && result->capabilities.has_value()); 813 CHECK(!result->package_path.empty() && result->capabilities.has_value());
814 814
815 if (target.name() != result->resolved_name) { 815 if (target.name() != result->resolved_name) {
816 instance->StartWithService(std::move(service)); 816 instance->StartWithService(std::move(service));
817 Identity factory(result->resolved_name, target.user_id(), 817 Identity factory(result->resolved_name, target.user_id(),
818 instance_name); 818 instance_name);
819 CreateServiceWithFactory(factory, target.name(), std::move(request)); 819 CreateServiceWithFactory(factory, target.name(), std::move(request));
820 } else { 820 } else {
821 instance->StartWithFilePath(result->package_path); 821 instance->StartWithFilePath(result->package_path, result->privileged);
822 } 822 }
823 } 823 }
824 824
825 // Now that the instance has a Service, we can connect to it. 825 // Now that the instance has a Service, we can connect to it.
826 bool connected = instance->ConnectToService(&params); 826 bool connected = instance->ConnectToService(&params);
827 DCHECK(connected); 827 DCHECK(connected);
828 } 828 }
829 829
830 base::WeakPtr<ServiceManager> ServiceManager::GetWeakPtr() { 830 base::WeakPtr<ServiceManager> ServiceManager::GetWeakPtr() {
831 return weak_ptr_factory_.GetWeakPtr(); 831 return weak_ptr_factory_.GetWeakPtr();
832 } 832 }
833 833
834 } // namespace shell 834 } // namespace shell
OLDNEW
« no previous file with comments | « services/shell/public/interfaces/resolver.mojom ('k') | services/ui/manifest.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698