Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(323)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/renderer_main_platform_delegate_mac.mm

Issue 2944623003: Call SetApplicationIsDaemon() in V2 sandbox. (Closed)
Patch Set: Split warmup and initialization into separate phases Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/common/sandbox_init_mac.h ('K') | « content/common/sandbox_mac.mm ('k') | content/renderer/renderer_v2.sb » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/renderer_main_platform_delegate_mac.mm
diff --git a/content/renderer/renderer_main_platform_delegate_mac.mm b/content/renderer/renderer_main_platform_delegate_mac.mm
index c890040b81f38e1064b0cdb89a7396f96a08bed9..f4d65b0e77b3bfd7cc19b9918f7811b4b95d6fc6 100644
--- a/content/renderer/renderer_main_platform_delegate_mac.mm
+++ b/content/renderer/renderer_main_platform_delegate_mac.mm
@@ -19,6 +19,12 @@
#include "content/common/sandbox_mac.h"
#include "content/public/common/content_switches.h"
+extern "C" {
+void CGSSetDenyWindowServerConnections(bool);
+void CGSShutdownServerConnections();
+OSStatus SetApplicationIsDaemon(Boolean isDaemon);
+};
+
namespace content {
namespace {
@@ -128,8 +134,28 @@ void RendererMainPlatformDelegate::PlatformUninitialize() {
}
bool RendererMainPlatformDelegate::EnableSandbox() {
Robert Sesek 2017/07/06 21:28:09 (… continuing comment from sandbox_init_mac.h): T
Greg K 2017/07/07 18:10:21 Done.
+ // Acquire resources before the sandbox is enabled.
+ ExplicitlyWarmupSandbox();
+
+ // `ExplicitlyWarmupSandbox` and `ExplicitlyEnableSandbox` are no-ops
Greg K 2017/07/03 21:26:08 I know there are a lot of comments here but I kept
Robert Sesek 2017/07/06 21:28:09 I think the comments are very helpful as well.
Greg K 2017/07/07 18:10:21 Acknowledged.
+ // at this stage of execution when the V2 sandbox is enabled. Thus the
+ // calls to shut down window server connections and continue with an ASN
+ // must be made here, as they must still be executed in the V2 sandbox.
+
+ // Now disconnect from WindowServer, after all objects have been warmed up.
+ // Shutting down the connection requires connecting to WindowServer,
+ // so do this before actually engaging the sandbox. This may cause two log
+ // messages to be printed to the system logger on certain OS versions.
+ CGSSetDenyWindowServerConnections(true);
+ CGSShutdownServerConnections();
+ // Allow the process to continue without a LaunchServices ASN. The
+ // INIT_Process function in HIServices will abort if it cannot connect to
+ // launchservicesd to get an ASN. By setting this flag, HIServices skips
+ // that.
+ SetApplicationIsDaemon(true);
+
// Enable the sandbox.
- bool sandbox_initialized = InitializeSandbox();
+ bool sandbox_initialized = ExplicitlyEnableSandbox();
// The sandbox is now engaged. Make sure that the renderer has not connected
// itself to Cocoa.
« content/common/sandbox_init_mac.h ('K') | « content/common/sandbox_mac.mm ('k') | content/renderer/renderer_v2.sb » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698