Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(368)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/bootstrap_sandbox.cc

Issue 303293002: Initialize the bootstrap sandbox in the browser process. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: NPAPI workaround Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/common/sandbox_init_mac.cc ('K') | « content/public/common/sandboxed_process_launcher_delegate.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/mac/bootstrap_sandbox.h" 5 #include "sandbox/mac/bootstrap_sandbox.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/mac/mach_logging.h" 8 #include "base/mac/mach_logging.h"
9 9
10 #include "sandbox/mac/launchd_interception_server.h" 10 #include "sandbox/mac/launchd_interception_server.h"
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
53 BootstrapSandbox::~BootstrapSandbox() { 53 BootstrapSandbox::~BootstrapSandbox() {
54 kern_return_t kr = task_set_special_port(mach_task_self(), 54 kern_return_t kr = task_set_special_port(mach_task_self(),
55 TASK_BOOTSTRAP_PORT, real_bootstrap_port_); 55 TASK_BOOTSTRAP_PORT, real_bootstrap_port_);
56 MACH_CHECK(kr == KERN_SUCCESS, kr); 56 MACH_CHECK(kr == KERN_SUCCESS, kr);
57 } 57 }
58 58
59 void BootstrapSandbox::RegisterSandboxPolicy( 59 void BootstrapSandbox::RegisterSandboxPolicy(
60 int sandbox_policy_id, 60 int sandbox_policy_id,
61 const BootstrapSandboxPolicy& policy) { 61 const BootstrapSandboxPolicy& policy) {
62 CHECK(IsPolicyValid(policy)); 62 CHECK(IsPolicyValid(policy));
63 CHECK_GT(sandbox_policy_id, 0); 63 CHECK_GT(sandbox_policy_id, kNotAPolicy);
64 base::AutoLock lock(lock_); 64 base::AutoLock lock(lock_);
65 DCHECK(policies_.find(sandbox_policy_id) == policies_.end()); 65 DCHECK(policies_.find(sandbox_policy_id) == policies_.end());
66 policies_.insert(std::make_pair(sandbox_policy_id, policy)); 66 policies_.insert(std::make_pair(sandbox_policy_id, policy));
67 } 67 }
68 68
69 void BootstrapSandbox::PrepareToForkWithPolicy(int sandbox_policy_id) { 69 void BootstrapSandbox::PrepareToForkWithPolicy(int sandbox_policy_id) {
70 base::AutoLock lock(lock_); 70 base::AutoLock lock(lock_);
71 71
72 CHECK(policies_.find(sandbox_policy_id) != policies_.end()); 72 CHECK(policies_.find(sandbox_policy_id) != policies_.end());
73 CHECK_EQ(kNotAPolicy, effective_policy_id_) 73 CHECK_EQ(kNotAPolicy, effective_policy_id_)
(...skipping 21 matching lines...) Expand all
95 sandboxed_processes_.insert(std::make_pair(handle, effective_policy_id_)); 95 sandboxed_processes_.insert(std::make_pair(handle, effective_policy_id_));
96 VLOG(3) << "Bootstrap sandbox enforced for pid " << handle; 96 VLOG(3) << "Bootstrap sandbox enforced for pid " << handle;
97 } 97 }
98 98
99 effective_policy_id_ = kNotAPolicy; 99 effective_policy_id_ = kNotAPolicy;
100 } 100 }
101 101
102 void BootstrapSandbox::ChildDied(base::ProcessHandle handle) { 102 void BootstrapSandbox::ChildDied(base::ProcessHandle handle) {
103 base::AutoLock lock(lock_); 103 base::AutoLock lock(lock_);
104 const auto& it = sandboxed_processes_.find(handle); 104 const auto& it = sandboxed_processes_.find(handle);
105 CHECK(it != sandboxed_processes_.end()); 105 if (it != sandboxed_processes_.end())
106 sandboxed_processes_.erase(it); 106 sandboxed_processes_.erase(it);
107 } 107 }
108 108
109 const BootstrapSandboxPolicy* BootstrapSandbox::PolicyForProcess( 109 const BootstrapSandboxPolicy* BootstrapSandbox::PolicyForProcess(
110 pid_t pid) const { 110 pid_t pid) const {
111 base::AutoLock lock(lock_); 111 base::AutoLock lock(lock_);
112 const auto& process = sandboxed_processes_.find(pid); 112 const auto& process = sandboxed_processes_.find(pid);
113 113
114 // The new child could send bootstrap requests before the parent calls 114 // The new child could send bootstrap requests before the parent calls
115 // FinishedFork(). 115 // FinishedFork().
116 int policy_id = effective_policy_id_; 116 int policy_id = effective_policy_id_;
(...skipping 11 matching lines...) Expand all
128 : real_bootstrap_port_(MACH_PORT_NULL), 128 : real_bootstrap_port_(MACH_PORT_NULL),
129 effective_policy_id_(kNotAPolicy) { 129 effective_policy_id_(kNotAPolicy) {
130 mach_port_t port = MACH_PORT_NULL; 130 mach_port_t port = MACH_PORT_NULL;
131 kern_return_t kr = task_get_special_port( 131 kern_return_t kr = task_get_special_port(
132 mach_task_self(), TASK_BOOTSTRAP_PORT, &port); 132 mach_task_self(), TASK_BOOTSTRAP_PORT, &port);
133 MACH_CHECK(kr == KERN_SUCCESS, kr); 133 MACH_CHECK(kr == KERN_SUCCESS, kr);
134 real_bootstrap_port_.reset(port); 134 real_bootstrap_port_.reset(port);
135 } 135 }
136 136
137 } // namespace sandbox 137 } // namespace sandbox
OLDNEW
« content/common/sandbox_init_mac.cc ('K') | « content/public/common/sandboxed_process_launcher_delegate.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698