| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
| 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" | 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" |
| 39 #include "sandbox/mac/seatbelt.h" | 39 #include "sandbox/mac/seatbelt.h" |
| 40 #include "third_party/icu/source/common/unicode/uchar.h" | 40 #include "third_party/icu/source/common/unicode/uchar.h" |
| 41 #include "ui/base/layout.h" | 41 #include "ui/base/layout.h" |
| 42 #include "ui/gl/init/gl_factory.h" | 42 #include "ui/gl/init/gl_factory.h" |
| 43 | 43 |
| 44 extern "C" { | 44 extern "C" { |
| 45 void CGSSetDenyWindowServerConnections(bool); | 45 void CGSSetDenyWindowServerConnections(bool); |
| 46 void CGSShutdownServerConnections(); | 46 void CGSShutdownServerConnections(); |
| 47 OSStatus SetApplicationIsDaemon(Boolean isDaemon); |
| 47 }; | 48 }; |
| 48 | 49 |
| 49 namespace content { | 50 namespace content { |
| 50 namespace { | 51 namespace { |
| 51 | 52 |
| 52 // Is the sandbox currently active. | 53 // Is the sandbox currently active. |
| 53 bool gSandboxIsActive = false; | 54 bool gSandboxIsActive = false; |
| 54 | 55 |
| 55 struct SandboxTypeToResourceIDMapping { | 56 struct SandboxTypeToResourceIDMapping { |
| 56 SandboxType sandbox_type; | 57 SandboxType sandbox_type; |
| (...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; | 342 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; |
| 342 } | 343 } |
| 343 | 344 |
| 344 if (sandbox_type == SANDBOX_TYPE_RENDERER) { | 345 if (sandbox_type == SANDBOX_TYPE_RENDERER) { |
| 345 // Now disconnect from WindowServer, after all objects have been warmed up. | 346 // Now disconnect from WindowServer, after all objects have been warmed up. |
| 346 // Shutting down the connection requires connecting to WindowServer, | 347 // Shutting down the connection requires connecting to WindowServer, |
| 347 // so do this before actually engaging the sandbox. This may cause two log | 348 // so do this before actually engaging the sandbox. This may cause two log |
| 348 // messages to be printed to the system logger on certain OS versions. | 349 // messages to be printed to the system logger on certain OS versions. |
| 349 CGSSetDenyWindowServerConnections(true); | 350 CGSSetDenyWindowServerConnections(true); |
| 350 CGSShutdownServerConnections(); | 351 CGSShutdownServerConnections(); |
| 352 |
| 353 // Allow the process to continue without a LaunchServices ASN. The |
| 354 // INIT_Process function in HIServices will abort if it cannot connect to |
| 355 // launchservicesd to get an ASN. By setting this flag, HIServices skips |
| 356 // that. |
| 357 SetApplicationIsDaemon(true); |
| 351 } | 358 } |
| 352 } | 359 } |
| 353 | 360 |
| 354 // Load the appropriate template for the given sandbox type. | 361 // Load the appropriate template for the given sandbox type. |
| 355 // Returns the template as an NSString or nil on error. | 362 // Returns the template as an NSString or nil on error. |
| 356 NSString* LoadSandboxTemplate(int sandbox_type) { | 363 NSString* LoadSandboxTemplate(int sandbox_type) { |
| 357 // We use a custom sandbox definition to lock things down as tightly as | 364 // We use a custom sandbox definition to lock things down as tightly as |
| 358 // possible. | 365 // possible. |
| 359 int sandbox_profile_resource_id = -1; | 366 int sandbox_profile_resource_id = -1; |
| 360 | 367 |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 501 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { | 508 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { |
| 502 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 509 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 503 << path.value(); | 510 << path.value(); |
| 504 return path; | 511 return path; |
| 505 } | 512 } |
| 506 | 513 |
| 507 return base::FilePath(canonical_path); | 514 return base::FilePath(canonical_path); |
| 508 } | 515 } |
| 509 | 516 |
| 510 } // namespace content | 517 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2509273005:
[Mac] Remove NSScreen renderer sandbox warmup. (Closed)
