Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/launchd_interception_server.cc

Issue 310833003: Make BootstrapSandboxPolicy a struct, containing the existing rule map and a new default rule. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: const auto& Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/mac/bootstrap_sandbox_unittest.mm ('k') | sandbox/mac/policy.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/mac/launchd_interception_server.h" 5 #include "sandbox/mac/launchd_interception_server.h"
6 6
7 #include <bsm/libbsm.h> 7 #include <bsm/libbsm.h>
8 #include <servers/bootstrap.h> 8 #include <servers/bootstrap.h>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after
184 void LaunchdInterceptionServer::HandleLookUp(mach_msg_header_t* request, 184 void LaunchdInterceptionServer::HandleLookUp(mach_msg_header_t* request,
185 mach_msg_header_t* reply, 185 mach_msg_header_t* reply,
186 pid_t sender_pid) { 186 pid_t sender_pid) {
187 const std::string request_service_name( 187 const std::string request_service_name(
188 compat_shim_.look_up2_get_request_name(request)); 188 compat_shim_.look_up2_get_request_name(request));
189 VLOG(2) << "Incoming look_up2 request for " << request_service_name; 189 VLOG(2) << "Incoming look_up2 request for " << request_service_name;
190 190
191 // Find the Rule for this service. If one is not found, use 191 // Find the Rule for this service. If one is not found, use
192 // a safe default, POLICY_DENY_ERROR. 192 // a safe default, POLICY_DENY_ERROR.
193 const BootstrapSandboxPolicy* policy = sandbox_->PolicyForProcess(sender_pid); 193 const BootstrapSandboxPolicy* policy = sandbox_->PolicyForProcess(sender_pid);
194 const BootstrapSandboxPolicy::const_iterator it = 194 const BootstrapSandboxPolicy::NamedRules::const_iterator it =
195 policy->find(request_service_name); 195 policy->rules.find(request_service_name);
196 Rule rule(POLICY_DENY_ERROR); 196 Rule rule(policy->default_rule);
197 if (it != policy->end()) 197 if (it != policy->rules.end())
198 rule = it->second; 198 rule = it->second;
199 199
200 if (rule.result == POLICY_ALLOW) { 200 if (rule.result == POLICY_ALLOW) {
201 // This service is explicitly allowed, so this message will not be 201 // This service is explicitly allowed, so this message will not be
202 // intercepted by the sandbox. 202 // intercepted by the sandbox.
203 VLOG(1) << "Permitting and forwarding look_up2: " << request_service_name; 203 VLOG(1) << "Permitting and forwarding look_up2: " << request_service_name;
204 ForwardMessage(request, reply); 204 ForwardMessage(request, reply);
205 } else if (rule.result == POLICY_DENY_ERROR) { 205 } else if (rule.result == POLICY_DENY_ERROR) {
206 // The child is not permitted to look up this service. Send a MIG error 206 // The child is not permitted to look up this service. Send a MIG error
207 // reply to the client. Returning a NULL or unserviced port for a look up 207 // reply to the client. Returning a NULL or unserviced port for a look up
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
278 mig_reply_error_t* error_reply = reinterpret_cast<mig_reply_error_t*>(reply); 278 mig_reply_error_t* error_reply = reinterpret_cast<mig_reply_error_t*>(reply);
279 error_reply->Head.msgh_size = sizeof(mig_reply_error_t); 279 error_reply->Head.msgh_size = sizeof(mig_reply_error_t);
280 error_reply->Head.msgh_bits = 280 error_reply->Head.msgh_bits =
281 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE); 281 MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_MOVE_SEND_ONCE);
282 error_reply->NDR = NDR_record; 282 error_reply->NDR = NDR_record;
283 error_reply->RetCode = error_code; 283 error_reply->RetCode = error_code;
284 SendReply(&error_reply->Head); 284 SendReply(&error_reply->Head);
285 } 285 }
286 286
287 } // namespace sandbox 287 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/mac/bootstrap_sandbox_unittest.mm ('k') | sandbox/mac/policy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698