sandbox/mac/policy.h - Issue 264923003: Initial implementation of the Mac Bootstrap Sandbox.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: sandbox/mac/policy.h

Issue 264923003: Initial implementation of the Mac Bootstrap Sandbox. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase for new Mach utilities Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef SANDBOX_MAC_POLICY_H_

	6 #define SANDBOX_MAC_POLICY_H_

	7

	8 #include <mach/mach.h>

	9

	10 #include <map>

	11 #include <string>

	12

	13 namespace sandbox {

	14

	15 enum PolicyDecision {

	16 POLICY_DECISION_INVALID,

	17 // Explicitly allows the real service to be looked up from launchd.

	18 POLICY_ALLOW,

	19 // Deny the look up request by replying with a MIG error. This is the

	20 // default behavior for servers not given an explicit rule.

	21 POLICY_DENY_ERROR,

	22 // Deny the look up request with a well-formed reply containing a

	23 // Mach port with a send right, messages to which will be ignored.

	24 POLICY_DENY_DUMMY_PORT,

	25 // Reply to the look up request with a send right to the substitute_port

	26 // specified in the Rule.

	27 POLICY_SUBSTITUE_PORT,
	Avi (use Gerrit) 2014/05/09 21:02:06 typo: SUBSTITUTE typo: SUBSTITUTE Robert Sesek 2014/05/09 22:04:03 Ooof. Done. Show quoted text On 2014/05/09 21:02:06, Avi wrote: > typo: SUBSTITUTE Ooof. Done.
	28 POLICY_DECISION_LAST,

	29 };

	30

	31 // A Rule expresses the action to take when a service port is requested via

	32 // bootstrap_look_up. If \|result\| is not POLICY_SUBSTITUE_PORT, then

	33 // \|substitute_port\| must be NULL. If result is POLICY_SUBSTITUE_PORT, then
	Avi (use Gerrit) 2014/05/09 21:02:06 Fix the constant names on this line and the line a Fix the constant names on this line and the line above once you remove the typos in the constant name. Robert Sesek 2014/05/09 22:04:03 Done. Show quoted text On 2014/05/09 21:02:06, Avi wrote: > Fix the constant names on this line and the line above once you remove the typos > in the constant name. Done.
	34 // \|substitute_port\| must not be NULL.

	35 struct Rule {

	36 Rule();

	37 explicit Rule(PolicyDecision result);

	38 explicit Rule(mach_port_t override_port);

	39

	40 PolicyDecision result;

	41

	42 // The Rule does not take ownership of this port, but additional send rights

	43 // will be allocated to it before it is sent to a client.

	44 mach_port_t substitute_port;

	45 };

	46

	47 // A SandboxPolicy maps bootstrap server names to policy Rules.

	48 typedef std::map<std::string, Rule> BootstrapSandboxPolicy;

	49

	50 // Checks that a policy is well-formed.

	51 bool IsPolicyValid(const BootstrapSandboxPolicy& policy);

	52

	53 } // namespace sandbox

	54

	55 #endif // SANDBOX_MAC_POLICY_H_

OLD	NEW

« sandbox/mac/os_compatibility.cc ('K') | « sandbox/mac/os_compatibility.cc ('k') | sandbox/mac/policy.cc » ('j') | no next file with comments »