| Index: content/browser/bootstrap_sandbox_mac.cc
|
| diff --git a/content/browser/bootstrap_sandbox_mac.cc b/content/browser/bootstrap_sandbox_mac.cc
|
| index 347114a4b7d1e32b2a829bdd7354304e673bc1a8..c6bf383b978cd17433767ba313b555430b94bfb3 100644
|
| --- a/content/browser/bootstrap_sandbox_mac.cc
|
| +++ b/content/browser/bootstrap_sandbox_mac.cc
|
| @@ -8,9 +8,16 @@
|
| #include "base/mac/mac_util.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/memory/singleton.h"
|
| +#include "content/browser/mach_broker_mac.h"
|
| #include "content/common/sandbox_init_mac.h"
|
| #include "content/public/browser/browser_child_process_observer.h"
|
| #include "content/public/browser/child_process_data.h"
|
| +#include "content/public/browser/notification_details.h"
|
| +#include "content/public/browser/notification_observer.h"
|
| +#include "content/public/browser/notification_registrar.h"
|
| +#include "content/public/browser/notification_service.h"
|
| +#include "content/public/browser/notification_types.h"
|
| +#include "content/public/browser/render_process_host.h"
|
| #include "content/public/common/sandbox_type_mac.h"
|
| #include "sandbox/mac/bootstrap_sandbox.h"
|
|
|
| @@ -20,7 +27,8 @@ namespace {
|
|
|
| // This class is responsible for creating the BootstrapSandbox global
|
| // singleton, as well as registering all associated policies with it.
|
| -class BootstrapSandboxPolicy : public BrowserChildProcessObserver {
|
| +class BootstrapSandboxPolicy : public BrowserChildProcessObserver,
|
| + public NotificationObserver {
|
| public:
|
| static BootstrapSandboxPolicy* GetInstance();
|
|
|
| @@ -34,12 +42,22 @@ class BootstrapSandboxPolicy : public BrowserChildProcessObserver {
|
| virtual void BrowserChildProcessCrashed(
|
| const ChildProcessData& data) OVERRIDE;
|
|
|
| + // NotificationObserver:
|
| + virtual void Observe(int type,
|
| + const NotificationSource& source,
|
| + const NotificationDetails& details) OVERRIDE;
|
| +
|
| private:
|
| friend struct DefaultSingletonTraits<BootstrapSandboxPolicy>;
|
| BootstrapSandboxPolicy();
|
| virtual ~BootstrapSandboxPolicy();
|
|
|
| void RegisterSandboxPolicies();
|
| + void RegisterRendererPolicy();
|
| +
|
| + void AddBaselinePolicy(sandbox::BootstrapSandboxPolicy* policy);
|
| +
|
| + NotificationRegistrar notification_registrar_;
|
|
|
| scoped_ptr<sandbox::BootstrapSandbox> sandbox_;
|
| };
|
| @@ -58,10 +76,26 @@ void BootstrapSandboxPolicy::BrowserChildProcessCrashed(
|
| sandbox()->ChildDied(data.handle);
|
| }
|
|
|
| +void BootstrapSandboxPolicy::Observe(int type,
|
| + const NotificationSource& source,
|
| + const NotificationDetails& details) {
|
| + switch (type) {
|
| + case NOTIFICATION_RENDERER_PROCESS_CLOSED:
|
| + sandbox()->ChildDied(
|
| + Details<RenderProcessHost::RendererClosedDetails>(details)->handle);
|
| + break;
|
| + default:
|
| + NOTREACHED() << "Unexpected notification " << type;
|
| + break;
|
| + }
|
| +}
|
| +
|
| BootstrapSandboxPolicy::BootstrapSandboxPolicy()
|
| : sandbox_(sandbox::BootstrapSandbox::Create()) {
|
| CHECK(sandbox_.get());
|
| BrowserChildProcessObserver::Add(this);
|
| + notification_registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED,
|
| + NotificationService::AllBrowserContextsAndSources());
|
| RegisterSandboxPolicies();
|
| }
|
|
|
| @@ -70,13 +104,42 @@ BootstrapSandboxPolicy::~BootstrapSandboxPolicy() {
|
| }
|
|
|
| void BootstrapSandboxPolicy::RegisterSandboxPolicies() {
|
| + RegisterRendererPolicy();
|
| +}
|
| +
|
| +void BootstrapSandboxPolicy::RegisterRendererPolicy() {
|
| + sandbox::BootstrapSandboxPolicy policy;
|
| + AddBaselinePolicy(&policy);
|
| +
|
| + // Permit font queries.
|
| + policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW);
|
| + policy.rules["com.apple.FontObjectsServer"] =
|
| + sandbox::Rule(sandbox::POLICY_ALLOW);
|
| +
|
| + // Allow access to the windowserver. This is needed to get the colorspace
|
| + // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this
|
| + // should be plumbed over IPC instead <http://crbug.com/265709>.
|
| + policy.rules["com.apple.windowserver.active"] =
|
| + sandbox::Rule(sandbox::POLICY_ALLOW);
|
| +
|
| + sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy);
|
| +}
|
| +
|
| +void BootstrapSandboxPolicy::AddBaselinePolicy(
|
| + sandbox::BootstrapSandboxPolicy* policy) {
|
| + auto& rules = policy->rules;
|
| +
|
| + // Allow the child to send its task port to the MachBroker.
|
| + rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW);
|
| +
|
| + // Allow logging to the syslog.
|
| + rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW);
|
| }
|
|
|
| } // namespace
|
|
|
| bool ShouldEnableBootstrapSandbox() {
|
| - return base::mac::IsOSMountainLionOrEarlier() ||
|
| - base::mac::IsOSMavericks();
|
| + return base::mac::IsOSMavericksOrEarlier();
|
| }
|
|
|
| sandbox::BootstrapSandbox* GetBootstrapSandbox() {
|
|
|
Chromium Code Reviews
Issue 341073005:
Define a bootstrap sandbox policy for renderer processes and enable it. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src