Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(530)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_mac.mm

Issue 2919963003: Update sandbox profiles and remove regular expressions. (Closed)
Patch Set: Cleanup regex stuff Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/common/sandbox_mac.h ('K') | « content/common/sandbox_mac.h ('k') | content/ppapi_plugin/ppapi.sb » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_mac.mm
diff --git a/content/common/sandbox_mac.mm b/content/common/sandbox_mac.mm
index 2c219956f05a4259140ae8447a2ac359e9a9e2ee..afa16889aff49b9732cfd6b22f11f80d28d0e2d8 100644
--- a/content/common/sandbox_mac.mm
+++ b/content/common/sandbox_mac.mm
@@ -154,68 +154,6 @@ bool Sandbox::QuotePlainString(const std::string& src_utf8, std::string* dst) {
return true;
}
-// static
-bool Sandbox::QuoteStringForRegex(const std::string& str_utf8,
- std::string* dst) {
- // Characters with special meanings in sandbox profile syntax.
- const char regex_special_chars[] = {
- '\\',
-
- // Metacharacters
- '^',
- '.',
- '[',
- ']',
- '$',
- '(',
- ')',
- '|',
-
- // Quantifiers
- '*',
- '+',
- '?',
- '{',
- '}',
- };
-
- // Anchor regex at start of path.
- dst->assign("^");
-
- const char* src = str_utf8.c_str();
- int32_t length = str_utf8.length();
- int32_t position = 0;
- while (position < length) {
- UChar32 c;
- U8_NEXT(src, position, length, c); // Macro increments |position|.
- DCHECK_GE(c, 0);
- if (c < 0)
- return false;
-
- // The Mac sandbox regex parser only handles printable ASCII characters.
- // 33 >= c <= 126
- if (c < 32 || c > 125) {
- return false;
- }
-
- for (size_t i = 0; i < arraysize(regex_special_chars); ++i) {
- if (c == regex_special_chars[i]) {
- dst->push_back('\\');
- break;
- }
- }
-
- dst->push_back(static_cast<char>(c));
- }
-
- // Make sure last element of path is interpreted as a directory. Leaving this
- // off would allow access to files if they start with the same name as the
- // directory.
- dst->append("(/|$)");
-
- return true;
-}
-
// Warm up System APIs that empirically need to be accessed before the Sandbox
// is turned on.
// This method is layed out in blocks, each one containing a separate function
@@ -393,12 +331,12 @@ bool Sandbox::EnableSandbox(int sandbox_type,
if (!allowed_dir.empty()) {
// Add the sandbox parameters necessary to access the given directory.
base::FilePath allowed_dir_canonical = GetCanonicalSandboxPath(allowed_dir);
- std::string regex;
- if (!QuoteStringForRegex(allowed_dir_canonical.value(), &regex)) {
+ std::string quoted_dir;
+ if (!QuotePlainString(allowed_dir_canonical.value(), &quoted_dir)) {
FatalStringQuoteException(allowed_dir_canonical.value());
return false;
}
- if (!compiler.InsertStringParam("PERMITTED_DIR", regex))
+ if (!compiler.InsertStringParam("PERMITTED_DIR", quoted_dir))
return false;
}
« content/common/sandbox_mac.h ('K') | « content/common/sandbox_mac.h ('k') | content/ppapi_plugin/ppapi.sb » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698