| Index: sandbox/mac/policy.cc
|
| diff --git a/sandbox/mac/policy.cc b/sandbox/mac/policy.cc
|
| index 5493c28e4f292543cbd9df8786d05bf86e1c13ee..293255adefced7ec9d4cf37e081a51251ff4a0a1 100644
|
| --- a/sandbox/mac/policy.cc
|
| +++ b/sandbox/mac/policy.cc
|
| @@ -21,22 +21,34 @@ Rule::Rule(mach_port_t override_port)
|
| substitute_port(override_port) {
|
| }
|
|
|
| +BootstrapSandboxPolicy::BootstrapSandboxPolicy()
|
| + : default_rule(POLICY_DENY_ERROR) {
|
| +}
|
| +
|
| +BootstrapSandboxPolicy::~BootstrapSandboxPolicy() {}
|
| +
|
| +static bool IsRuleValid(const Rule& rule) {
|
| + if (!(rule.result > POLICY_DECISION_INVALID &&
|
| + rule.result < POLICY_DECISION_LAST)) {
|
| + return false;
|
| + }
|
| + if (rule.result == POLICY_SUBSTITUTE_PORT) {
|
| + if (rule.substitute_port == MACH_PORT_NULL)
|
| + return false;
|
| + } else {
|
| + if (rule.substitute_port != MACH_PORT_NULL)
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| bool IsPolicyValid(const BootstrapSandboxPolicy& policy) {
|
| - for (BootstrapSandboxPolicy::const_iterator it = policy.begin();
|
| - it != policy.end();
|
| - ++it) {
|
| - const Rule& rule = it->second;
|
| - if (!(rule.result > POLICY_DECISION_INVALID &&
|
| - rule.result < POLICY_DECISION_LAST)) {
|
| + if (!IsRuleValid(policy.default_rule))
|
| + return false;
|
| +
|
| + for (const auto& pair : policy.rules) {
|
| + if (!IsRuleValid(pair.second))
|
| return false;
|
| - }
|
| - if (rule.result == POLICY_SUBSTITUTE_PORT) {
|
| - if (rule.substitute_port == MACH_PORT_NULL)
|
| - return false;
|
| - } else {
|
| - if (rule.substitute_port != MACH_PORT_NULL)
|
| - return false;
|
| - }
|
| }
|
| return true;
|
| }
|
|
|
Chromium Code Reviews
Issue 310833003:
Make BootstrapSandboxPolicy a struct, containing the existing rule map and a new default rule. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src