OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <errno.h> | 5 #include <errno.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <limits.h> | 7 #include <limits.h> |
8 #include <sandbox.h> | 8 #include <sandbox.h> |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 #include <stdint.h> | 10 #include <stdint.h> |
11 #include <stdio.h> | 11 #include <stdio.h> |
12 #include <stdlib.h> | 12 #include <stdlib.h> |
13 #include <string.h> | 13 #include <string.h> |
14 #include <sys/stat.h> | 14 #include <sys/stat.h> |
15 | 15 |
16 #include <string> | 16 #include <string> |
17 | 17 |
18 #include "base/files/file.h" | 18 #include "base/files/file.h" |
19 #include "base/logging.h" | 19 #include "base/logging.h" |
20 #include "base/macros.h" | 20 #include "base/macros.h" |
21 #include "base/posix/eintr_wrapper.h" | 21 #include "base/posix/eintr_wrapper.h" |
22 #include "base/strings/stringprintf.h" | 22 #include "base/strings/stringprintf.h" |
23 #include "base/strings/utf_string_conversions.h" | 23 #include "base/strings/utf_string_conversions.h" |
24 #include "chrome/utility/safe_browsing/mac/hfs.h" | 24 #include "chrome/utility/safe_browsing/mac/hfs.h" |
25 #include "chrome/utility/safe_browsing/mac/read_stream.h" | 25 #include "chrome/utility/safe_browsing/mac/read_stream.h" |
26 #include "chrome/utility/safe_browsing/mac/udif.h" | 26 #include "chrome/utility/safe_browsing/mac/udif.h" |
| 27 #include "sandbox/mac/seatbelt.h" |
27 | 28 |
28 // This executable only works on 10.10+, so unconditionally use these functions | 29 // This executable only works on 10.10+, so unconditionally use these functions |
29 // to make sandboxing easier. | 30 // to make sandboxing easier. |
30 extern "C" { | 31 extern "C" { |
31 int mkdirat(int, const char *, mode_t); | 32 int mkdirat(int, const char *, mode_t); |
32 int openat(int, const char *, int, ...); | 33 int openat(int, const char *, int, ...); |
33 int unlinkat(int, const char *, int); | 34 int unlinkat(int, const char *, int); |
34 } | 35 } |
35 | 36 |
36 namespace { | 37 namespace { |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
149 if (strchr(unpack_path, '"') != 0 || strchr(unpack_path, '\\') != 0) { | 150 if (strchr(unpack_path, '"') != 0 || strchr(unpack_path, '\\') != 0) { |
150 LOG(ERROR) << "Unpack directory path can't contain quotes or backslashes"; | 151 LOG(ERROR) << "Unpack directory path can't contain quotes or backslashes"; |
151 return false; | 152 return false; |
152 } | 153 } |
153 | 154 |
154 sbox_profile += base::StringPrintf( | 155 sbox_profile += base::StringPrintf( |
155 " (allow file-write* (subpath \"%s\"))", unpack_path); | 156 " (allow file-write* (subpath \"%s\"))", unpack_path); |
156 } | 157 } |
157 | 158 |
158 char* sbox_error; | 159 char* sbox_error; |
159 #pragma clang diagnostic push | 160 if (sandbox::Seatbelt::Init(sbox_profile.c_str(), 0, &sbox_error) != 0) { |
160 #pragma clang diagnostic ignored "-Wdeprecated-declarations" | |
161 if (sandbox_init(sbox_profile.c_str(), 0, &sbox_error) != 0) { | |
162 LOG(ERROR) << "Failed to initialize sandbox: " << sbox_error; | 161 LOG(ERROR) << "Failed to initialize sandbox: " << sbox_error; |
163 sandbox_free_error(sbox_error); | 162 sandbox::Seatbelt::FreeError(sbox_error); |
164 return false; | 163 return false; |
165 } | 164 } |
166 #pragma clang diagnostic pop | |
167 | 165 |
168 return true; | 166 return true; |
169 } | 167 } |
170 | 168 |
171 bool SafeDMG::ParseDMG() { | 169 bool SafeDMG::ParseDMG() { |
172 // This does not use safe_browsing::dmg::DMGIterator since that skips over | 170 // This does not use safe_browsing::dmg::DMGIterator since that skips over |
173 // directory nodes. These nodes are needed for mkdir() when unpacking. | 171 // directory nodes. These nodes are needed for mkdir() when unpacking. |
174 safe_browsing::dmg::FileReadStream read_stream(dmg_file_.GetPlatformFile()); | 172 safe_browsing::dmg::FileReadStream read_stream(dmg_file_.GetPlatformFile()); |
175 safe_browsing::dmg::UDIFParser udif_parser(&read_stream); | 173 safe_browsing::dmg::UDIFParser udif_parser(&read_stream); |
176 | 174 |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
256 | 254 |
257 return true; | 255 return true; |
258 } | 256 } |
259 | 257 |
260 } // namespace | 258 } // namespace |
261 | 259 |
262 int main(int argc, const char* argv[]) { | 260 int main(int argc, const char* argv[]) { |
263 SafeDMG safe_dmg; | 261 SafeDMG safe_dmg; |
264 return safe_dmg.Main(argc, argv); | 262 return safe_dmg.Main(argc, argv); |
265 } | 263 } |
OLD | NEW |