| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/sandbox_mac.h" | 5 #include "content/common/sandbox_mac.h" |
| 6 | 6 |
| 7 #import <Cocoa/Cocoa.h> | 7 #import <Cocoa/Cocoa.h> |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 37 #include "content/public/common/content_switches.h" | 37 #include "content/public/common/content_switches.h" |
| 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" | 38 #include "media/gpu/vt_video_decode_accelerator_mac.h" |
| 39 #include "sandbox/mac/sandbox_compiler.h" | 39 #include "sandbox/mac/sandbox_compiler.h" |
| 40 #include "third_party/icu/source/common/unicode/uchar.h" | 40 #include "third_party/icu/source/common/unicode/uchar.h" |
| 41 #include "ui/base/layout.h" | 41 #include "ui/base/layout.h" |
| 42 #include "ui/gl/init/gl_factory.h" | 42 #include "ui/gl/init/gl_factory.h" |
| 43 | 43 |
| 44 extern "C" { | 44 extern "C" { |
| 45 void CGSSetDenyWindowServerConnections(bool); | 45 void CGSSetDenyWindowServerConnections(bool); |
| 46 void CGSShutdownServerConnections(); | 46 void CGSShutdownServerConnections(); |
| 47 OSStatus SetApplicationIsDaemon(Boolean isDaemon); | |
| 48 }; | 47 }; |
| 49 | 48 |
| 50 namespace content { | 49 namespace content { |
| 51 namespace { | 50 namespace { |
| 52 | 51 |
| 53 // Is the sandbox currently active. | 52 // Is the sandbox currently active. |
| 54 bool gSandboxIsActive = false; | 53 bool gSandboxIsActive = false; |
| 55 | 54 |
| 56 struct SandboxTypeToResourceIDMapping { | 55 struct SandboxTypeToResourceIDMapping { |
| 57 SandboxType sandbox_type; | 56 SandboxType sandbox_type; |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; | 174 [color colorUsingColorSpaceName:NSCalibratedRGBColorSpace]; |
| 176 } | 175 } |
| 177 | 176 |
| 178 if (sandbox_type == SANDBOX_TYPE_RENDERER) { | 177 if (sandbox_type == SANDBOX_TYPE_RENDERER) { |
| 179 // Now disconnect from WindowServer, after all objects have been warmed up. | 178 // Now disconnect from WindowServer, after all objects have been warmed up. |
| 180 // Shutting down the connection requires connecting to WindowServer, | 179 // Shutting down the connection requires connecting to WindowServer, |
| 181 // so do this before actually engaging the sandbox. This may cause two log | 180 // so do this before actually engaging the sandbox. This may cause two log |
| 182 // messages to be printed to the system logger on certain OS versions. | 181 // messages to be printed to the system logger on certain OS versions. |
| 183 CGSSetDenyWindowServerConnections(true); | 182 CGSSetDenyWindowServerConnections(true); |
| 184 CGSShutdownServerConnections(); | 183 CGSShutdownServerConnections(); |
| 185 | |
| 186 // Allow the process to continue without a LaunchServices ASN. The | |
| 187 // INIT_Process function in HIServices will abort if it cannot connect to | |
| 188 // launchservicesd to get an ASN. By setting this flag, HIServices skips | |
| 189 // that. | |
| 190 SetApplicationIsDaemon(true); | |
| 191 } | 184 } |
| 192 } | 185 } |
| 193 | 186 |
| 194 // Load the appropriate template for the given sandbox type. | 187 // Load the appropriate template for the given sandbox type. |
| 195 // Returns the template as a string or an empty string on error. | 188 // Returns the template as a string or an empty string on error. |
| 196 std::string LoadSandboxTemplate(int sandbox_type) { | 189 std::string LoadSandboxTemplate(int sandbox_type) { |
| 197 // We use a custom sandbox definition to lock things down as tightly as | 190 // We use a custom sandbox definition to lock things down as tightly as |
| 198 // possible. | 191 // possible. |
| 199 int sandbox_profile_resource_id = -1; | 192 int sandbox_profile_resource_id = -1; |
| 200 | 193 |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { | 317 if (HANDLE_EINTR(fcntl(fd.get(), F_GETPATH, canonical_path)) != 0) { |
| 325 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " | 318 DPLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " |
| 326 << path.value(); | 319 << path.value(); |
| 327 return path; | 320 return path; |
| 328 } | 321 } |
| 329 | 322 |
| 330 return base::FilePath(canonical_path); | 323 return base::FilePath(canonical_path); |
| 331 } | 324 } |
| 332 | 325 |
| 333 } // namespace content | 326 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2944623003:
Call SetApplicationIsDaemon() in V2 sandbox. (Closed)
