OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_init_mac.h" | 5 #include "content/common/sandbox_init_mac.h" |
6 | 6 |
| 7 #include "base/callback.h" |
7 #include "base/command_line.h" | 8 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
9 #include "base/logging.h" | 10 #include "base/logging.h" |
10 #include "content/common/sandbox_mac.h" | 11 #include "content/common/sandbox_mac.h" |
11 #include "content/public/common/content_switches.h" | 12 #include "content/public/common/content_switches.h" |
12 #include "content/public/common/sandbox_init.h" | 13 #include "content/public/common/sandbox_init.h" |
13 #include "sandbox/mac/seatbelt.h" | 14 #include "sandbox/mac/seatbelt.h" |
14 | 15 |
15 namespace content { | 16 namespace content { |
16 | 17 |
17 bool InitializeSandbox(int sandbox_type, const base::FilePath& allowed_dir) { | 18 namespace { |
| 19 |
| 20 bool InitializeSandbox(int sandbox_type, |
| 21 const base::FilePath& allowed_dir, |
| 22 base::OnceClosure hook) { |
18 // Warm up APIs before turning on the sandbox. | 23 // Warm up APIs before turning on the sandbox. |
19 Sandbox::SandboxWarmup(sandbox_type); | 24 Sandbox::SandboxWarmup(sandbox_type); |
20 | 25 |
| 26 // Execute the post warmup callback. |
| 27 if (!hook.is_null()) |
| 28 std::move(hook).Run(); |
| 29 |
21 // Actually sandbox the process. | 30 // Actually sandbox the process. |
22 return Sandbox::EnableSandbox(sandbox_type, allowed_dir); | 31 return Sandbox::EnableSandbox(sandbox_type, allowed_dir); |
23 } | 32 } |
24 | 33 |
| 34 } // namespace |
| 35 |
| 36 bool InitializeSandbox(int sandbox_type, const base::FilePath& allowed_dir) { |
| 37 return InitializeSandbox(sandbox_type, allowed_dir, base::OnceClosure()); |
| 38 } |
| 39 |
25 // Fill in |sandbox_type| and |allowed_dir| based on the command line, returns | 40 // Fill in |sandbox_type| and |allowed_dir| based on the command line, returns |
26 // false if the current process type doesn't need to be sandboxed or if the | 41 // false if the current process type doesn't need to be sandboxed or if the |
27 // sandbox was disabled from the command line. | 42 // sandbox was disabled from the command line. |
28 bool GetSandboxTypeFromCommandLine(int* sandbox_type, | 43 bool GetSandboxTypeFromCommandLine(int* sandbox_type, |
29 base::FilePath* allowed_dir) { | 44 base::FilePath* allowed_dir) { |
30 DCHECK(sandbox_type); | 45 DCHECK(sandbox_type); |
31 DCHECK(allowed_dir); | 46 DCHECK(allowed_dir); |
32 | 47 |
33 *sandbox_type = -1; | 48 *sandbox_type = -1; |
34 *allowed_dir = base::FilePath(); // Empty by default. | 49 *allowed_dir = base::FilePath(); // Empty by default. |
(...skipping 30 matching lines...) Expand all Loading... |
65 *sandbox_type = SANDBOX_TYPE_PPAPI; | 80 *sandbox_type = SANDBOX_TYPE_PPAPI; |
66 } else { | 81 } else { |
67 // This is a process which we don't know about, i.e. an embedder-defined | 82 // This is a process which we don't know about, i.e. an embedder-defined |
68 // process. If the embedder wants it sandboxed, they have a chance to return | 83 // process. If the embedder wants it sandboxed, they have a chance to return |
69 // the sandbox profile in ContentClient::GetSandboxProfileForSandboxType. | 84 // the sandbox profile in ContentClient::GetSandboxProfileForSandboxType. |
70 return false; | 85 return false; |
71 } | 86 } |
72 return true; | 87 return true; |
73 } | 88 } |
74 | 89 |
75 bool InitializeSandbox() { | 90 bool InitializeSandboxWithPostWarmupHook(base::OnceClosure hook) { |
76 int sandbox_type = 0; | 91 int sandbox_type = 0; |
77 base::FilePath allowed_dir; | 92 base::FilePath allowed_dir; |
78 if (!GetSandboxTypeFromCommandLine(&sandbox_type, &allowed_dir)) | 93 if (!GetSandboxTypeFromCommandLine(&sandbox_type, &allowed_dir)) |
79 return true; | 94 return true; |
80 return InitializeSandbox(sandbox_type, allowed_dir); | 95 return InitializeSandbox(sandbox_type, allowed_dir, std::move(hook)); |
| 96 } |
| 97 |
| 98 bool InitializeSandbox() { |
| 99 return InitializeSandboxWithPostWarmupHook(base::OnceClosure()); |
81 } | 100 } |
82 | 101 |
83 } // namespace content | 102 } // namespace content |
OLD | NEW |