Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(343)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/sandbox_parameters_mac.mm

Issue 2931173003: Implement the V2 sandbox in the process launcher. (Closed)
Patch Set: Fix deps Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/sandbox_parameters_mac.h ('K') | « content/browser/sandbox_parameters_mac.h ('k') | content/common/sandbox_init_mac.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/sandbox_parameters_mac.h"
6
7 #include <unistd.h>
8
9 #include "base/command_line.h"
10 #include "base/files/file_util.h"
11 #include "base/logging.h"
12 #include "base/mac/bundle_locations.h"
13 #include "base/mac/mac_util.h"
14 #include "base/strings/sys_string_conversions.h"
15 #include "content/common/sandbox_mac.h"
16 #include "content/public/browser/content_browser_client.h"
17 #include "content/public/common/content_client.h"
18 #include "content/public/common/content_switches.h"
19 #include "sandbox/mac/seatbelt_exec.h"
20
21 namespace content {
22
23 void SetupRendererSandboxParameters(sandbox::SeatbeltExecClient* client) {
24 const base::CommandLine* command_line =
25 base::CommandLine::ForCurrentProcess();
26 bool enable_logging =
27 command_line->HasSwitch(switches::kEnableSandboxLogging);
28
29 CHECK(client->SetBooleanParameter(Sandbox::kSandboxEnableLogging,
30 enable_logging));
31 CHECK(client->SetBooleanParameter(Sandbox::kSandboxDisableDenialLogging,
32 !enable_logging));
33
34 std::string homedir =
35 Sandbox::GetCanonicalSandboxPath(base::GetHomeDir()).value();
36 CHECK(client->SetParameter(Sandbox::kSandboxHomedirAsLiteral, homedir));
37
38 bool elcap_or_later = base::mac::IsAtLeastOS10_11();
39 CHECK(client->SetBooleanParameter(Sandbox::kSandboxElCapOrLater,
40 elcap_or_later));
41
42 std::string bundle_path =
43 Sandbox::GetCanonicalSandboxPath(base::mac::MainBundlePath()).value();
44 CHECK(client->SetParameter(Sandbox::kSandboxBundlePath, bundle_path));
45
46 NSBundle* bundle = base::mac::OuterBundle();
47 std::string bundle_id = base::SysNSStringToUTF8([bundle bundleIdentifier]);
48 CHECK(client->SetParameter(Sandbox::kSandboxChromeBundleId, bundle_id));
49
50 CHECK(client->SetParameter(Sandbox::kSandboxChromePID,
51 std::to_string(getpid())));
52
53 std::string logging_path =
54 GetContentClient()->browser()->GetLoggingFileName().value();
55 CHECK(client->SetParameter(Sandbox::kSandboxLoggingPathAsLiteral,
56 logging_path));
57
58 #if defined(COMPONENT_BUILD)
59 // For component builds, allow access to one directory level higher, where
60 // the dylibs live.
61 base::FilePath bundle_path = base::mac::MainBundlePath();
62 base::FilePath component_path = bundle_path.Append("..");
63 std::string component_path_canonical =
64 Sandbox::GetCanonicalSandboxPath(component_path).value();
65 CHECK(client->SetParameter(Sandbox::kSandboxComponentPath,
66 component_path_canonical));
67 #endif
68 }
69
70 } // namespace content
OLDNEW
« content/browser/sandbox_parameters_mac.h ('K') | « content/browser/sandbox_parameters_mac.h ('k') | content/common/sandbox_init_mac.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698