| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ |
| 6 #define CONTENT_COMMON_SANDBOX_MAC_H_ | 6 #define CONTENT_COMMON_SANDBOX_MAC_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 // |allowed_dir| - directory to allow access to, currently the only sandbox | 36 // |allowed_dir| - directory to allow access to, currently the only sandbox |
| 37 // profile that supports this is SANDBOX_TYPE_UTILITY . | 37 // profile that supports this is SANDBOX_TYPE_UTILITY . |
| 38 // | 38 // |
| 39 // Returns true on success, false if an error occurred enabling the sandbox. | 39 // Returns true on success, false if an error occurred enabling the sandbox. |
| 40 static bool EnableSandbox(int sandbox_type, | 40 static bool EnableSandbox(int sandbox_type, |
| 41 const base::FilePath& allowed_dir); | 41 const base::FilePath& allowed_dir); |
| 42 | 42 |
| 43 // Returns true if the sandbox has been enabled for the current process. | 43 // Returns true if the sandbox has been enabled for the current process. |
| 44 static bool SandboxIsCurrentlyActive(); | 44 static bool SandboxIsCurrentlyActive(); |
| 45 | 45 |
| 46 // Escape |src_utf8| for use in a plain string variable in a sandbox | |
| 47 // configuraton file. On return |dst| is set to the quoted output. | |
| 48 // Returns: true on success, false otherwise. | |
| 49 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); | |
| 50 | |
| 51 // Escape |str_utf8| for use in a regex literal in a sandbox | |
| 52 // configuraton file. On return |dst| is set to the utf-8 encoded quoted | |
| 53 // output. | |
| 54 // | |
| 55 // The implementation of this function is based on empirical testing of the | |
| 56 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to | |
| 57 // change. | |
| 58 // | |
| 59 // Note: If str_utf8 contains any characters < 32 || >125 then the function | |
| 60 // fails and false is returned. | |
| 61 // | |
| 62 // Returns: true on success, false otherwise. | |
| 63 static bool QuoteStringForRegex(const std::string& str_utf8, | |
| 64 std::string* dst); | |
| 65 | |
| 66 private: | 46 private: |
| 67 // Convert provided path into a "canonical" path matching what the Sandbox | 47 // Convert provided path into a "canonical" path matching what the Sandbox |
| 68 // expects i.e. one without symlinks. | 48 // expects i.e. one without symlinks. |
| 69 // This path is not necessarily unique e.g. in the face of hardlinks. | 49 // This path is not necessarily unique e.g. in the face of hardlinks. |
| 70 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path); | 50 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path); |
| 71 | 51 |
| 72 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); | 52 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); |
| 73 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); | 53 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); |
| 74 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); | 54 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); |
| 75 | 55 |
| 76 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); | 56 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
| 77 }; | 57 }; |
| 78 | 58 |
| 79 } // namespace content | 59 } // namespace content |
| 80 | 60 |
| 81 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ | 61 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2919963003:
Update sandbox profiles and remove regular expressions. (Closed)
