content/common/sandbox_mac.h - Issue 2931173003: Implement the V2 sandbox in the process launcher.

Side by Side Diff: content/common/sandbox_mac.h

Issue 2931173003: Implement the V2 sandbox in the process launcher. (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_	5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_

6 #define CONTENT_COMMON_SANDBOX_MAC_H_	6 #define CONTENT_COMMON_SANDBOX_MAC_H_

7	7

8 #include <map>	8 #include <map>

9 #include <string>	9 #include <string>

10	10

(...skipping 25 matching lines...) Expand all Loading...
36 // \|allowed_dir\| - directory to allow access to, currently the only sandbox	36 // \|allowed_dir\| - directory to allow access to, currently the only sandbox

37 // profile that supports this is SANDBOX_TYPE_UTILITY .	37 // profile that supports this is SANDBOX_TYPE_UTILITY .

38 //	38 //

39 // Returns true on success, false if an error occurred enabling the sandbox.	39 // Returns true on success, false if an error occurred enabling the sandbox.

40 static bool EnableSandbox(int sandbox_type,	40 static bool EnableSandbox(int sandbox_type,

41 const base::FilePath& allowed_dir);	41 const base::FilePath& allowed_dir);

42	42

43 // Returns true if the sandbox has been enabled for the current process.	43 // Returns true if the sandbox has been enabled for the current process.

44 static bool SandboxIsCurrentlyActive();	44 static bool SandboxIsCurrentlyActive();

45	45

46 private:

47 // Convert provided path into a "canonical" path matching what the Sandbox	46 // Convert provided path into a "canonical" path matching what the Sandbox

48 // expects i.e. one without symlinks.	47 // expects i.e. one without symlinks.

49 // This path is not necessarily unique e.g. in the face of hardlinks.	48 // This path is not necessarily unique e.g. in the face of hardlinks.

50 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path);	49 static base::FilePath GetCanonicalSandboxPath(const base::FilePath& path);

51	50

	51 static const char* kSandboxEnableLogging;

	52 static const char* kSandboxDisableDenialLogging;

	53 static const char* kSandboxHomedirAsLiteral;

	54 static const char* kSandboxElCapOrLater;

	55 static const char* kSandboxPermittedDir;

	56 static const char* kSandboxBundlePath;

	57 static const char* kSandboxLoggingPathAsLiteral;

	58 static const char* kSandboxChromeBundleId;

	59 static const char* kSandboxComponentPath;

	60 static const char* kSandboxChromePID;

	61

	62 private:

52 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);	63 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);

53 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);	64 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);

54 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);	65 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);

55	66

56 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);	67 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);

57 };	68 };

58	69

59 } // namespace content	70 } // namespace content

60	71

61 #endif // CONTENT_COMMON_SANDBOX_MAC_H_	72 #endif // CONTENT_COMMON_SANDBOX_MAC_H_

OLD	NEW

« content/browser/child_process_launcher_helper_mac.cc ('K') | « content/common/sandbox_init_mac.cc ('k') | content/common/sandbox_mac.mm » ('j') | no next file with comments »