| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 #include "base/strings/string_split.h" | 29 #include "base/strings/string_split.h" |
| 30 #include "base/strings/string_util.h" | 30 #include "base/strings/string_util.h" |
| 31 #include "base/strings/stringprintf.h" | 31 #include "base/strings/stringprintf.h" |
| 32 #include "base/strings/sys_string_conversions.h" | 32 #include "base/strings/sys_string_conversions.h" |
| 33 #include "base/strings/utf_string_conversions.h" | 33 #include "base/strings/utf_string_conversions.h" |
| 34 #include "base/sys_info.h" | 34 #include "base/sys_info.h" |
| 35 #include "content/grit/content_resources.h" | 35 #include "content/grit/content_resources.h" |
| 36 #include "content/public/common/content_client.h" | 36 #include "content/public/common/content_client.h" |
| 37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
| 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" | 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" |
| 39 #include "sandbox/mac/seatbelt.h" | 39 #include "sandbox/mac/sandbox_compiler.h" |
| 40 #include "third_party/icu/source/common/unicode/uchar.h" | 40 #include "third_party/icu/source/common/unicode/uchar.h" |
| 41 #include "ui/base/layout.h" | 41 #include "ui/base/layout.h" |
| 42 #include "ui/gl/init/gl_factory.h" | 42 #include "ui/gl/init/gl_factory.h" |
| 43 | 43 |
| 44 extern "C" { | 44 extern "C" { |
| 45 void CGSSetDenyWindowServerConnections(bool); | 45 void CGSSetDenyWindowServerConnections(bool); |
| 46 void CGSShutdownServerConnections(); | 46 void CGSShutdownServerConnections(); |
| 47 OSStatus SetApplicationIsDaemon(Boolean isDaemon); | 47 OSStatus SetApplicationIsDaemon(Boolean isDaemon); |
| 48 }; | 48 }; |
| 49 | 49 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 // in a central place. | 111 // in a central place. |
| 112 NOINLINE void FatalStringQuoteException(const std::string& str) { | 112 NOINLINE void FatalStringQuoteException(const std::string& str) { |
| 113 // Copy bad string to the stack so it's recorded in the crash dump. | 113 // Copy bad string to the stack so it's recorded in the crash dump. |
| 114 char bad_string[256] = {0}; | 114 char bad_string[256] = {0}; |
| 115 base::strlcpy(bad_string, str.c_str(), arraysize(bad_string)); | 115 base::strlcpy(bad_string, str.c_str(), arraysize(bad_string)); |
| 116 DLOG(FATAL) << "String quoting failed " << bad_string; | 116 DLOG(FATAL) << "String quoting failed " << bad_string; |
| 117 } | 117 } |
| 118 | 118 |
| 119 } // namespace | 119 } // namespace |
| 120 | 120 |
| 121 SandboxCompiler::SandboxCompiler(const std::string& profile_str) | |
| 122 : params_map_(), profile_str_(profile_str) { | |
| 123 } | |
| 124 | |
| 125 SandboxCompiler::~SandboxCompiler() { | |
| 126 } | |
| 127 | |
| 128 bool SandboxCompiler::InsertBooleanParam(const std::string& key, bool value) { | |
| 129 return params_map_.insert(std::make_pair(key, value ? "TRUE" : "FALSE")) | |
| 130 .second; | |
| 131 } | |
| 132 | |
| 133 bool SandboxCompiler::InsertStringParam(const std::string& key, | |
| 134 const std::string& value) { | |
| 135 return params_map_.insert(std::make_pair(key, value)).second; | |
| 136 } | |
| 137 | |
| 138 bool SandboxCompiler::CompileAndApplyProfile(std::string* error) { | |
| 139 char* error_internal = nullptr; | |
| 140 std::vector<const char*> params; | |
| 141 | |
| 142 for (const auto& kv : params_map_) { | |
| 143 params.push_back(kv.first.c_str()); | |
| 144 params.push_back(kv.second.c_str()); | |
| 145 } | |
| 146 // The parameters array must be null terminated. | |
| 147 params.push_back(static_cast<const char*>(0)); | |
| 148 | |
| 149 if (sandbox::Seatbelt::InitWithParams(profile_str_.c_str(), 0, params.data(), | |
| 150 &error_internal)) { | |
| 151 error->assign(error_internal); | |
| 152 sandbox::Seatbelt::FreeError(error_internal); | |
| 153 return false; | |
| 154 } | |
| 155 return true; | |
| 156 } | |
| 157 | |
| 158 // static | 121 // static |
| 159 bool Sandbox::QuotePlainString(const std::string& src_utf8, std::string* dst) { | 122 bool Sandbox::QuotePlainString(const std::string& src_utf8, std::string* dst) { |
| 160 dst->clear(); | 123 dst->clear(); |
| 161 | 124 |
| 162 const char* src = src_utf8.c_str(); | 125 const char* src = src_utf8.c_str(); |
| 163 int32_t length = src_utf8.length(); | 126 int32_t length = src_utf8.length(); |
| 164 int32_t position = 0; | 127 int32_t position = 0; |
| 165 while (position < length) { | 128 while (position < length) { |
| 166 UChar32 c; | 129 UChar32 c; |
| 167 U8_NEXT(src, position, length, c); // Macro increments |position|. | 130 U8_NEXT(src, position, length, c); // Macro increments |position|. |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 sandbox_type != SANDBOX_TYPE_UTILITY) { | 381 sandbox_type != SANDBOX_TYPE_UTILITY) { |
| 419 DCHECK(allowed_dir.empty()) | 382 DCHECK(allowed_dir.empty()) |
| 420 << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter."; | 383 << "Only SANDBOX_TYPE_UTILITY allows a custom directory parameter."; |
| 421 } | 384 } |
| 422 | 385 |
| 423 std::string sandbox_data = LoadSandboxTemplate(sandbox_type); | 386 std::string sandbox_data = LoadSandboxTemplate(sandbox_type); |
| 424 if (sandbox_data.empty()) { | 387 if (sandbox_data.empty()) { |
| 425 return false; | 388 return false; |
| 426 } | 389 } |
| 427 | 390 |
| 428 SandboxCompiler compiler(sandbox_data); | 391 sandbox::SandboxCompiler compiler(sandbox_data); |
| 429 | 392 |
| 430 if (!allowed_dir.empty()) { | 393 if (!allowed_dir.empty()) { |
| 431 // Add the sandbox parameters necessary to access the given directory. | 394 // Add the sandbox parameters necessary to access the given directory. |
| 432 base::FilePath allowed_dir_canonical = GetCanonicalSandboxPath(allowed_dir); | 395 base::FilePath allowed_dir_canonical = GetCanonicalSandboxPath(allowed_dir); |
| 433 std::string regex; | 396 std::string regex; |
| 434 if (!QuoteStringForRegex(allowed_dir_canonical.value(), ®ex)) { | 397 if (!QuoteStringForRegex(allowed_dir_canonical.value(), ®ex)) { |
| 435 FatalStringQuoteException(allowed_dir_canonical.value()); | 398 FatalStringQuoteException(allowed_dir_canonical.value()); |
| 436 return false; | 399 return false; |
| 437 } | 400 } |
| 438 if (!compiler.InsertStringParam("PERMITTED_DIR", regex)) | 401 if (!compiler.InsertStringParam("PERMITTED_DIR", regex)) |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 500 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { | 463 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { |
| 501 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 464 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 502 << path.value(); | 465 << path.value(); |
| 503 return path; | 466 return path; |
| 504 } | 467 } |
| 505 | 468 |
| 506 return base::FilePath(canonical_path); | 469 return base::FilePath(canonical_path); |
| 507 } | 470 } |
| 508 | 471 |
| 509 } // namespace content | 472 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2686433002:
Move SandboxCompiler class into the sandbox library. (Closed)
