Update sandbox profiles and remove regular expressions.

content/common/sandbox_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_mac.h"
 
 #import <Cocoa/Cocoa.h>
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 136 matching lines @@
     }
 
     // If we got here we know that the character in question is strictly
     // in the ASCII range so there's no need to do any kind of encoding
     // conversion.
     dst->push_back(static_cast<char>(c));
   }
   return true;
 }
 
-// static
-bool Sandbox::QuoteStringForRegex(const std::string& str_utf8,
-                                  std::string* dst) {
-  // Characters with special meanings in sandbox profile syntax.
-  const char regex_special_chars[] = {
-    '\\',
-
-    // Metacharacters
-    '^',
-    '.',
-    '[',
-    ']',
-    '$',
-    '(',
-    ')',
-    '|',
-
-    // Quantifiers
-    '*',
-    '+',
-    '?',
-    '{',
-    '}',
-  };
-
-  // Anchor regex at start of path.
-  dst->assign("^");
-
-  const char* src = str_utf8.c_str();
-  int32_t length = str_utf8.length();
-  int32_t position = 0;
-  while (position < length) {
-    UChar32 c;
-    U8_NEXT(src, position, length, c);  // Macro increments |position|.
-    DCHECK_GE(c, 0);
-    if (c < 0)
-      return false;
-
-    // The Mac sandbox regex parser only handles printable ASCII characters.
-    // 33 >= c <= 126
-    if (c < 32 || c > 125) {
-      return false;
-    }
-
-    for (size_t i = 0; i < arraysize(regex_special_chars); ++i) {
-      if (c == regex_special_chars[i]) {
-        dst->push_back('\\');
-        break;
-      }
-    }
-
-    dst->push_back(static_cast<char>(c));
-  }
-
-  // Make sure last element of path is interpreted as a directory. Leaving this
-  // off would allow access to files if they start with the same name as the
-  // directory.
-  dst->append("(/|$)");
-
-  return true;
-}
-
 // Warm up System APIs that empirically need to be accessed before the Sandbox
 // is turned on.
 // This method is layed out in blocks, each one containing a separate function
 // that needs to be warmed up. The OS version on which we found the need to
 // enable the function is also noted.
 // This function is tested on the following OS versions:
 //     10.5.6, 10.6.0
 
 // static
 void Sandbox::SandboxWarmup(int sandbox_type) {
@@ skipping 157 matching lines @@
   std::string sandbox_data = LoadSandboxTemplate(sandbox_type);
   if (sandbox_data.empty()) {
     return false;
   }
 
   sandbox::SandboxCompiler compiler(sandbox_data);
 
   if (!allowed_dir.empty()) {
     // Add the sandbox parameters necessary to access the given directory.
     base::FilePath allowed_dir_canonical = GetCanonicalSandboxPath(allowed_dir);
-    std::string regex;
-    if (!QuoteStringForRegex(allowed_dir_canonical.value(), &regex)) {
+    std::string quoted_dir;
+    if (!QuotePlainString(allowed_dir_canonical.value(), &quoted_dir)) {
       FatalStringQuoteException(allowed_dir_canonical.value());
       return false;
     }
-    if (!compiler.InsertStringParam("PERMITTED_DIR", regex))
+    if (!compiler.InsertStringParam("PERMITTED_DIR", quoted_dir))
       return false;
   }
 
   // Enable verbose logging if enabled on the command line. (See common.sb
   // for details).
   const base::CommandLine* command_line =
       base::CommandLine::ForCurrentProcess();
   bool enable_logging =
       command_line->HasSwitch(switches::kEnableSandboxLogging);;
   if (!compiler.InsertBooleanParam("ENABLE_LOGGING", enable_logging))
@@ skipping 51 matching lines @@
   if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) {
     DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: "
                  << path.value();
     return path;
   }
 
   return base::FilePath(canonical_path);
 }
 
 }  // namespace content