Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(940)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/seatbelt_exec.cc

Issue 2891933005: Plumb sandbox rules through the helper executable. (Closed)
Patch Set: Rebase patch Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/mac/seatbelt_exec.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/mac/seatbelt_exec.h" 5 #include "sandbox/mac/seatbelt_exec.h"
6 6
7 #include <sys/socket.h> 7 #include <sys/socket.h>
8 #include <sys/uio.h> 8 #include <sys/uio.h>
9 #include <unistd.h> 9 #include <unistd.h>
10 10
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 iov[0].iov_len = str->size(); 68 iov[0].iov_len = str->size();
69 69
70 ssize_t written = HANDLE_EINTR(writev(pipe_[1], iov, arraysize(iov))); 70 ssize_t written = HANDLE_EINTR(writev(pipe_[1], iov, arraysize(iov)));
71 if (written < 0) { 71 if (written < 0) {
72 PLOG(ERROR) << "writev"; 72 PLOG(ERROR) << "writev";
73 return false; 73 return false;
74 } 74 }
75 return static_cast<uint64_t>(written) == str->size(); 75 return static_cast<uint64_t>(written) == str->size();
76 } 76 }
77 77
78 SeatbeltExecServer::SeatbeltExecServer(int fd) : fd_(fd) {} 78 SeatbeltExecServer::SeatbeltExecServer(int fd) : fd_(fd), extra_params_() {}
79 79
80 SeatbeltExecServer::~SeatbeltExecServer() {} 80 SeatbeltExecServer::~SeatbeltExecServer() {}
81 81
82 bool SeatbeltExecServer::InitializeSandbox() { 82 bool SeatbeltExecServer::InitializeSandbox() {
83 std::string policy_string; 83 std::string policy_string;
84 if (!ReadString(&policy_string)) 84 if (!ReadString(&policy_string))
85 return false; 85 return false;
86 86
87 mac::SandboxPolicy policy; 87 mac::SandboxPolicy policy;
88 if (!policy.ParseFromString(policy_string)) { 88 if (!policy.ParseFromString(policy_string)) {
89 LOG(ERROR) << "ParseFromString failed"; 89 LOG(ERROR) << "ParseFromString failed";
90 return false; 90 return false;
91 } 91 }
92 92
93 return ApplySandboxProfile(policy); 93 return ApplySandboxProfile(policy);
94 } 94 }
95 95
96 bool SeatbeltExecServer::ApplySandboxProfile(const mac::SandboxPolicy& policy) { 96 bool SeatbeltExecServer::ApplySandboxProfile(const mac::SandboxPolicy& policy) {
97 std::vector<const char*> weak_params; 97 std::vector<const char*> weak_params;
98 for (const auto& pair : policy.params()) { 98 for (const auto& pair : policy.params()) {
99 weak_params.push_back(pair.first.c_str()); 99 weak_params.push_back(pair.first.c_str());
100 weak_params.push_back(pair.second.c_str()); 100 weak_params.push_back(pair.second.c_str());
101 } 101 }
102 for (const auto& pair : extra_params_) {
103 weak_params.push_back(pair.first.c_str());
104 weak_params.push_back(pair.second.c_str());
105 }
102 weak_params.push_back(nullptr); 106 weak_params.push_back(nullptr);
103 107
104 char* error = nullptr; 108 char* error = nullptr;
105 int rv = Seatbelt::InitWithParams(policy.profile().c_str(), 0, 109 int rv = Seatbelt::InitWithParams(policy.profile().c_str(), 0,
106 weak_params.data(), &error); 110 weak_params.data(), &error);
107 if (error) { 111 if (error) {
108 LOG(ERROR) << "Failed to initialize sandbox: " << rv << " " << error; 112 LOG(ERROR) << "Failed to initialize sandbox: " << rv << " " << error;
109 Seatbelt::FreeError(error); 113 Seatbelt::FreeError(error);
110 return false; 114 return false;
111 } 115 }
(...skipping 11 matching lines...) Expand all
123 127
124 ssize_t read_length = HANDLE_EINTR(readv(fd_.get(), iov, arraysize(iov))); 128 ssize_t read_length = HANDLE_EINTR(readv(fd_.get(), iov, arraysize(iov)));
125 if (read_length < 0) { 129 if (read_length < 0) {
126 PLOG(ERROR) << "readv"; 130 PLOG(ERROR) << "readv";
127 return false; 131 return false;
128 } 132 }
129 str->assign(buffer.data()); 133 str->assign(buffer.data());
130 return true; 134 return true;
131 } 135 }
132 136
137 bool SeatbeltExecServer::SetParameter(const base::StringPiece key,
138 const base::StringPiece value) {
139 return extra_params_
140 .insert(std::make_pair(key.as_string(), value.as_string()))
141 .second;
142 }
143
133 } // namespace sandbox 144 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/mac/seatbelt_exec.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698