Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/seatbelt_exec.h

Issue 2891933005: Plumb sandbox rules through the helper executable. (Closed)
Patch Set: Rebase patch Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc ('k') | sandbox/mac/seatbelt_exec.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_MAC_SEATBELT_EXEC_H_ 5 #ifndef SANDBOX_MAC_SEATBELT_EXEC_H_
6 #define SANDBOX_MAC_SEATBELT_EXEC_H_ 6 #define SANDBOX_MAC_SEATBELT_EXEC_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 ~SeatbeltExecServer(); 67 ~SeatbeltExecServer();
68 68
69 // Reads the policy from the client, applies the profile, and returns whether 69 // Reads the policy from the client, applies the profile, and returns whether
70 // or not the operation succeeds. 70 // or not the operation succeeds.
71 bool InitializeSandbox(); 71 bool InitializeSandbox();
72 72
73 // Applies the given sandbox policy, and returns whether or not the operation 73 // Applies the given sandbox policy, and returns whether or not the operation
74 // succeeds. 74 // succeeds.
75 bool ApplySandboxProfile(const mac::SandboxPolicy& sandbox_policy); 75 bool ApplySandboxProfile(const mac::SandboxPolicy& sandbox_policy);
76 76
77 // Set a string parameter in the sandbox profile. This is present in the
78 // server because the process about to initialize a sandbox may need to add
79 // some extra parameters, such as the path to the executable or the current
80 // PID. This must be called before InitializeSandbox().
81 bool SetParameter(const base::StringPiece key,
82 const base::StringPiece value) WARN_UNUSED_RESULT;
83
77 private: 84 private:
78 // Reads from the |fd_| and stores the data into a string. This does 85 // Reads from the |fd_| and stores the data into a string. This does
79 // not append a NUL terminator as protobuf does not expect one. 86 // not append a NUL terminator as protobuf does not expect one.
80 bool ReadString(std::string* string); 87 bool ReadString(std::string* string);
81 88
82 // The file descriptor used to communicate with the launcher process. 89 // The file descriptor used to communicate with the launcher process.
83 base::ScopedFD fd_; 90 base::ScopedFD fd_;
91
92 // Extra parameters added by the server process.
93 std::map<std::string, std::string> extra_params_;
84 }; 94 };
85 95
86 } // namespace sandbox 96 } // namespace sandbox
87 97
88 #endif // SANDBOX_MAC_SEATBELT_EXEC_H_ 98 #endif // SANDBOX_MAC_SEATBELT_EXEC_H_
OLDNEW
« no previous file with comments | « sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc ('k') | sandbox/mac/seatbelt_exec.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698