| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 #include "base/sys_info.h" | 34 #include "base/sys_info.h" |
| 35 #include "content/grit/content_resources.h" | 35 #include "content/grit/content_resources.h" |
| 36 #include "content/public/common/content_client.h" | 36 #include "content/public/common/content_client.h" |
| 37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
| 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" | 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" |
| 39 #include "sandbox/mac/sandbox_compiler.h" | 39 #include "sandbox/mac/sandbox_compiler.h" |
| 40 #include "third_party/icu/source/common/unicode/uchar.h" | 40 #include "third_party/icu/source/common/unicode/uchar.h" |
| 41 #include "ui/base/layout.h" | 41 #include "ui/base/layout.h" |
| 42 #include "ui/gl/init/gl_factory.h" | 42 #include "ui/gl/init/gl_factory.h" |
| 43 | 43 |
| 44 extern "C" { | |
| 45 void CGSSetDenyWindowServerConnections(bool); | |
| 46 void CGSShutdownServerConnections(); | |
| 47 OSStatus SetApplicationIsDaemon(Boolean isDaemon); | |
| 48 }; | |
| 49 | |
| 50 namespace content { | 44 namespace content { |
| 51 namespace { | 45 namespace { |
| 52 | 46 |
| 53 // Is the sandbox currently active. | 47 // Is the sandbox currently active. |
| 54 bool gSandboxIsActive = false; | 48 bool gSandboxIsActive = false; |
| 55 | 49 |
| 56 struct SandboxTypeToResourceIDMapping { | 50 struct SandboxTypeToResourceIDMapping { |
| 57 SandboxType sandbox_type; | 51 SandboxType sandbox_type; |
| 58 int sandbox_profile_resource_id; | 52 int sandbox_profile_resource_id; |
| 59 }; | 53 }; |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 | 161 |
| 168 // Preload VideoToolbox. | 162 // Preload VideoToolbox. |
| 169 media::InitializeVideoToolbox(); | 163 media::InitializeVideoToolbox(); |
| 170 } | 164 } |
| 171 | 165 |
| 172 if (sandbox_type == SANDBOX_TYPE_PPAPI) { | 166 if (sandbox_type == SANDBOX_TYPE_PPAPI) { |
| 173 // Preload AppKit color spaces used for Flash/ppapi. http://crbug.com/348304 | 167 // Preload AppKit color spaces used for Flash/ppapi. http://crbug.com/348304 |
| 174 NSColor* color = [NSColor controlTextColor]; | 168 NSColor* color = [NSColor controlTextColor]; |
| 175 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; | 169 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; |
| 176 } | 170 } |
| 177 | |
| 178 if (sandbox_type == SANDBOX_TYPE_RENDERER) { | |
| 179 // Now disconnect from WindowServer, after all objects have been warmed up. | |
| 180 // Shutting down the connection requires connecting to WindowServer, | |
| 181 // so do this before actually engaging the sandbox. This may cause two log | |
| 182 // messages to be printed to the system logger on certain OS versions. | |
| 183 CGSSetDenyWindowServerConnections(true); | |
| 184 CGSShutdownServerConnections(); | |
| 185 | |
| 186 // Allow the process to continue without a LaunchServices ASN. The | |
| 187 // INIT_Process function in HIServices will abort if it cannot connect to | |
| 188 // launchservicesd to get an ASN. By setting this flag, HIServices skips | |
| 189 // that. | |
| 190 SetApplicationIsDaemon(true); | |
| 191 } | |
| 192 } | 171 } |
| 193 | 172 |
| 194 // Load the appropriate template for the given sandbox type. | 173 // Load the appropriate template for the given sandbox type. |
| 195 // Returns the template as a string or an empty string on error. | 174 // Returns the template as a string or an empty string on error. |
| 196 std::string LoadSandboxTemplate(int sandbox_type) { | 175 std::string LoadSandboxTemplate(int sandbox_type) { |
| 197 // We use a custom sandbox definition to lock things down as tightly as | 176 // We use a custom sandbox definition to lock things down as tightly as |
| 198 // possible. | 177 // possible. |
| 199 int sandbox_profile_resource_id = -1; | 178 int sandbox_profile_resource_id = -1; |
| 200 | 179 |
| 201 // Find resource id for sandbox profile to use for the specific sandbox type. | 180 // Find resource id for sandbox profile to use for the specific sandbox type. |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { | 303 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { |
| 325 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 304 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 326 << path.value(); | 305 << path.value(); |
| 327 return path; | 306 return path; |
| 328 } | 307 } |
| 329 | 308 |
| 330 return base::FilePath(canonical_path); | 309 return base::FilePath(canonical_path); |
| 331 } | 310 } |
| 332 | 311 |
| 333 } // namespace content | 312 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2944623003:
Call SetApplicationIsDaemon() in V2 sandbox. (Closed)
