content/renderer/renderer_main_platform_delegate_mac.mm - Issue 2944623003: Call SetApplicationIsDaemon() in V2 sandbox.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/renderer/renderer_main_platform_delegate_mac.mm

Issue 2944623003: Call SetApplicationIsDaemon() in V2 sandbox. (Closed)

Patch Set: Only execute callback if not-null Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/renderer/renderer_main_platform_delegate_mac.mm

diff --git a/content/renderer/renderer_main_platform_delegate_mac.mm b/content/renderer/renderer_main_platform_delegate_mac.mm

index c890040b81f38e1064b0cdb89a7396f96a08bed9..c4d1da8d4bfbe72f5d8b8727696590ea2a49e54c 100644

--- a/content/renderer/renderer_main_platform_delegate_mac.mm

+++ b/content/renderer/renderer_main_platform_delegate_mac.mm

@@ -9,6 +9,7 @@

#include <objc/runtime.h>

#include <stdint.h>

+#include "base/bind.h"

#include "base/command_line.h"

#include "base/logging.h"

#include "base/mac/mac_util.h"

@@ -18,11 +19,34 @@

#include "content/common/sandbox_init_mac.h"

#include "content/common/sandbox_mac.h"

#include "content/public/common/content_switches.h"

+#include "sandbox/mac/seatbelt.h"

+extern "C" {

+void CGSSetDenyWindowServerConnections(bool);

+void CGSShutdownServerConnections();

+OSStatus SetApplicationIsDaemon(Boolean isDaemon);

+};

namespace content {

namespace {

+// This disconnects from the window server, and then indicates that Chrome

+// should continue execution without access to launchservicesd.

+void DisconnectWindowServer() {

+ // Now disconnect from WindowServer, after all objects have been warmed up.

+ // Shutting down the connection requires connecting to WindowServer,

+ // so do this before actually engaging the sandbox. This may cause two log

+ // messages to be printed to the system logger on certain OS versions.

+ CGSSetDenyWindowServerConnections(true);

+ CGSShutdownServerConnections();

+ // Allow the process to continue without a LaunchServices ASN. The

+ // INIT_Process function in HIServices will abort if it cannot connect to

+ // launchservicesd to get an ASN. By setting this flag, HIServices skips

+ // that.

+ SetApplicationIsDaemon(true);

// You are about to read a pretty disgusting hack. In a static initializer,

// CoreFoundation decides to connect with cfprefsd(8) using Mach IPC. There is

// no public way to close this Mach port after-the-fact, nor a way to stop it

@@ -128,8 +152,15 @@ void RendererMainPlatformDelegate::PlatformUninitialize() {

}

bool RendererMainPlatformDelegate::EnableSandbox() {

- // Enable the sandbox.

- bool sandbox_initialized = InitializeSandbox();

+ bool sandbox_initialized = sandbox::Seatbelt::IsSandboxed();

+ // If the sandbox is already engaged, just disconnect from the window server.

+ if (sandbox_initialized) {

+ DisconnectWindowServer();

+ } else {

+ sandbox_initialized = InitializeSandboxWithPostWarmupHook(

+ base::BindOnce(&DisconnectWindowServer));

+ }

// The sandbox is now engaged. Make sure that the renderer has not connected

// itself to Cocoa.

« no previous file with comments | « content/common/sandbox_mac.mm ('k') | content/renderer/renderer_v2.sb » ('j') | no next file with comments »