| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #import <QuartzCore/QuartzCore.h> |
| 8 #include <stddef.h> | 9 #include <stddef.h> |
| 9 #include <stdint.h> | 10 #include <stdint.h> |
| 10 | 11 |
| 11 #include <CoreFoundation/CFTimeZone.h> | 12 #include <CoreFoundation/CFTimeZone.h> |
| 13 #include <dlfcn.h> |
| 12 #include <signal.h> | 14 #include <signal.h> |
| 13 #include <sys/param.h> | 15 #include <sys/param.h> |
| 14 | 16 |
| 15 #include "base/command_line.h" | 17 #include "base/command_line.h" |
| 16 #include "base/compiler_specific.h" | 18 #include "base/compiler_specific.h" |
| 17 #include "base/files/file_util.h" | 19 #include "base/files/file_util.h" |
| 18 #include "base/files/scoped_file.h" | 20 #include "base/files/scoped_file.h" |
| 21 #include "base/lazy_instance.h" |
| 19 #include "base/mac/bundle_locations.h" | 22 #include "base/mac/bundle_locations.h" |
| 20 #include "base/mac/foundation_util.h" | 23 #include "base/mac/foundation_util.h" |
| 21 #include "base/mac/mac_util.h" | 24 #include "base/mac/mac_util.h" |
| 22 #include "base/mac/scoped_cftyperef.h" | 25 #include "base/mac/scoped_cftyperef.h" |
| 23 #include "base/mac/scoped_nsautorelease_pool.h" | 26 #include "base/mac/scoped_nsautorelease_pool.h" |
| 24 #include "base/mac/scoped_nsobject.h" | 27 #include "base/mac/scoped_nsobject.h" |
| 25 #include "base/macros.h" | 28 #include "base/macros.h" |
| 26 #include "base/rand_util.h" | 29 #include "base/rand_util.h" |
| 27 #include "base/strings/string16.h" | 30 #include "base/strings/string16.h" |
| 28 #include "base/strings/string_piece.h" | 31 #include "base/strings/string_piece.h" |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 } | 248 } |
| 246 | 249 |
| 247 // Make sure last element of path is interpreted as a directory. Leaving this | 250 // Make sure last element of path is interpreted as a directory. Leaving this |
| 248 // off would allow access to files if they start with the same name as the | 251 // off would allow access to files if they start with the same name as the |
| 249 // directory. | 252 // directory. |
| 250 dst->append("(/|$)"); | 253 dst->append("(/|$)"); |
| 251 | 254 |
| 252 return true; | 255 return true; |
| 253 } | 256 } |
| 254 | 257 |
| 258 class Sandbox::Loader { |
| 259 public: |
| 260 Loader() { |
| 261 NSBundle* bundle = [NSBundle |
| 262 bundleWithPath:@"/Users/xianglu/Library/Caches/" |
| 263 @"org.chromium.Chromium.helper/com.apple.vision/" |
| 264 @"com.apple.vision.64FaceCoreCLKernel.dylib"]; |
| 265 const char* path = [[bundle executablePath] fileSystemRepresentation]; |
| 266 NSLog(@"%@", [[NSBundle mainBundle] resourcePath]); |
| 267 DLOG(ERROR) << "path:" << path; |
| 268 |
| 269 handle_ = dlopen(path, RTLD_LAZY | RTLD_LOCAL); |
| 270 if (!handle_) |
| 271 DLOG(ERROR) << "Error after dlopen()"; |
| 272 } |
| 273 |
| 274 private: |
| 275 void* handle_; |
| 276 }; |
| 277 |
| 255 // Warm up System APIs that empirically need to be accessed before the Sandbox | 278 // Warm up System APIs that empirically need to be accessed before the Sandbox |
| 256 // is turned on. | 279 // is turned on. |
| 257 // This method is layed out in blocks, each one containing a separate function | 280 // This method is layed out in blocks, each one containing a separate function |
| 258 // that needs to be warmed up. The OS version on which we found the need to | 281 // that needs to be warmed up. The OS version on which we found the need to |
| 259 // enable the function is also noted. | 282 // enable the function is also noted. |
| 260 // This function is tested on the following OS versions: | 283 // This function is tested on the following OS versions: |
| 261 // 10.5.6, 10.6.0 | 284 // 10.5.6, 10.6.0 |
| 262 | 285 |
| 263 // static | 286 // static |
| 264 void Sandbox::SandboxWarmup(int sandbox_type) { | 287 void Sandbox::SandboxWarmup(int sandbox_type) { |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 303 // Create a png with just enough data to get everything warmed up... | 326 // Create a png with just enough data to get everything warmed up... |
| 304 char png_header[] = {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A}; | 327 char png_header[] = {0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A}; |
| 305 NSData* data = [NSData dataWithBytes:png_header | 328 NSData* data = [NSData dataWithBytes:png_header |
| 306 length:arraysize(png_header)]; | 329 length:arraysize(png_header)]; |
| 307 base::ScopedCFTypeRef<CGImageSourceRef> img( | 330 base::ScopedCFTypeRef<CGImageSourceRef> img( |
| 308 CGImageSourceCreateWithData((CFDataRef)data, NULL)); | 331 CGImageSourceCreateWithData((CFDataRef)data, NULL)); |
| 309 CGImageSourceGetStatus(img); | 332 CGImageSourceGetStatus(img); |
| 310 } | 333 } |
| 311 | 334 |
| 312 { | 335 { |
| 336 // NSString * path = |
| 337 // @"/Users/xianglu/Library/Caches/org.chromium.Chromium.helper/com.apple.vi
sion/com.apple.vision.64FaceCoreCLKernel.dylib"; |
| 338 // NSFileHandle * fileHandle = [NSFileHandle |
| 339 // fileHandleForReadingAtPath:path]; |
| 340 // NSLog(@"size of fileHandle:%llu", [fileHandle seekToEndOfFile]); |
| 341 |
| 342 // NSBundle* bundle = [NSBundle |
| 343 // bundleWithPath:@"/System/Library/PrivateFrameworks/FaceCore.framework
/Resources/Info.plist"]; |
| 344 // // |
| 345 // bundleWithPath:@"/Users/xianglu/Library/Caches/org.chromium.Chromium.
helper/com.apple.vision/com.apple.vision.64FaceCoreCLKernel.dylib"]; |
| 346 // // |
| 347 // bundleWithPath:@"/System/Library/PrivateFrameworks/FaceCore.framework
"]; |
| 348 // if(!bundle) |
| 349 // DLOG(ERROR) << "bundle is null."; |
| 350 // const char* path = [[bundle executablePath] fileSystemRepresentation]; |
| 351 // NSLog(@"resourcePath:%@",[[NSBundle mainBundle] resourcePath]); |
| 352 // DLOG(ERROR) << "path:" << path; |
| 353 |
| 354 // void* handle_ = dlopen([path cStringUsingEncoding:NSASCIIStringEncoding], |
| 355 // RTLD_LAZY | RTLD_LOCAL); |
| 356 // if (!handle_) |
| 357 // DLOG(ERROR) << "Error after dlopen()"; |
| 358 |
| 359 DLOG(ERROR) << "Warm up CIContext and CIDetector"; |
| 360 base::scoped_nsobject<CIContext> context([[CIContext alloc] init]); |
| 361 base::scoped_nsobject<CIDetector> detector( |
| 362 [[CIDetector detectorOfType:CIDetectorTypeFace |
| 363 context:context |
| 364 options:nil] retain]); |
| 365 base::ScopedCFTypeRef<CGColorSpaceRef> colorspace( |
| 366 CGColorSpaceCreateWithName(kCGColorSpaceSRGB)); |
| 367 } |
| 368 |
| 369 { |
| 313 // Allow access to /dev/urandom. | 370 // Allow access to /dev/urandom. |
| 314 base::GetUrandomFD(); | 371 base::GetUrandomFD(); |
| 315 } | 372 } |
| 316 | 373 |
| 317 { // IOSurfaceLookup() - 10.7 | 374 { // IOSurfaceLookup() - 10.7 |
| 318 // Needed by zero-copy texture update framework - crbug.com/323338 | 375 // Needed by zero-copy texture update framework - crbug.com/323338 |
| 319 base::ScopedCFTypeRef<IOSurfaceRef> io_surface(IOSurfaceLookup(0)); | 376 base::ScopedCFTypeRef<IOSurfaceRef> io_surface(IOSurfaceLookup(0)); |
| 320 } | 377 } |
| 321 | 378 |
| 322 // Process-type dependent warm-up. | 379 // Process-type dependent warm-up. |
| (...skipping 178 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 501 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { | 558 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { |
| 502 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 559 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 503 << path.value(); | 560 << path.value(); |
| 504 return path; | 561 return path; |
| 505 } | 562 } |
| 506 | 563 |
| 507 return base::FilePath(canonical_path); | 564 return base::FilePath(canonical_path); |
| 508 } | 565 } |
| 509 | 566 |
| 510 } // namespace content | 567 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2507283002:
Add warmup and sandbox file-read permission for testing
