Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/mac/launchd_interception_server.h

Issue 347783002: Alter the design of the bootstrap sandbox to only take over the bootstrap port of children when nec… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address comments Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/mac/bootstrap_sandbox_unittest.mm ('k') | sandbox/mac/launchd_interception_server.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_ 5 #ifndef SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_
6 #define SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_ 6 #define SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_
7 7
8 #include <dispatch/dispatch.h> 8 #include <dispatch/dispatch.h>
9 #include <mach/mach.h> 9 #include <mach/mach.h>
10 10
(...skipping 10 matching lines...) Expand all
21 // This class is used to run a Mach IPC message server. This server can 21 // This class is used to run a Mach IPC message server. This server can
22 // hold the receive right for a bootstrap_port of a process, and it filters 22 // hold the receive right for a bootstrap_port of a process, and it filters
23 // a subset of the launchd/bootstrap IPC call set for sandboxing. It permits 23 // a subset of the launchd/bootstrap IPC call set for sandboxing. It permits
24 // or rejects requests based on the per-process policy specified in the 24 // or rejects requests based on the per-process policy specified in the
25 // BootstrapSandbox. 25 // BootstrapSandbox.
26 class LaunchdInterceptionServer : public MessageDemuxer { 26 class LaunchdInterceptionServer : public MessageDemuxer {
27 public: 27 public:
28 explicit LaunchdInterceptionServer(const BootstrapSandbox* sandbox); 28 explicit LaunchdInterceptionServer(const BootstrapSandbox* sandbox);
29 virtual ~LaunchdInterceptionServer(); 29 virtual ~LaunchdInterceptionServer();
30 30
31 // Initializes the class and starts running the message server. 31 // Initializes the class and starts running the message server. If the
32 bool Initialize(); 32 // |server_receive_right| is non-NULL, this class will take ownership of
33 // the receive right and intercept messages sent to that port.
34 bool Initialize(mach_port_t server_receive_right);
33 35
34 // MessageDemuxer: 36 // MessageDemuxer:
35 virtual void DemuxMessage(mach_msg_header_t* request, 37 virtual void DemuxMessage(mach_msg_header_t* request,
36 mach_msg_header_t* reply) OVERRIDE; 38 mach_msg_header_t* reply) OVERRIDE;
37 39
38 mach_port_t server_port() const { return message_server_->server_port(); } 40 mach_port_t server_port() const { return message_server_->server_port(); }
39 41
40 private: 42 private:
41 // Given a look_up2 request message, this looks up the appropriate sandbox 43 // Given a look_up2 request message, this looks up the appropriate sandbox
42 // policy for the service name then formulates and sends the reply message. 44 // policy for the service name then formulates and sends the reply message.
(...skipping 24 matching lines...) Expand all
67 base::mac::ScopedMachSendRight sandbox_send_port_; 69 base::mac::ScopedMachSendRight sandbox_send_port_;
68 70
69 // The compatibility shim that handles differences in message header IDs and 71 // The compatibility shim that handles differences in message header IDs and
70 // request/reply structures between different OS X versions. 72 // request/reply structures between different OS X versions.
71 const LaunchdCompatibilityShim compat_shim_; 73 const LaunchdCompatibilityShim compat_shim_;
72 }; 74 };
73 75
74 } // namespace sandbox 76 } // namespace sandbox
75 77
76 #endif // SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_ 78 #endif // SANDBOX_MAC_LAUNCHD_INTERCEPTION_SERVER_H_
OLDNEW
« no previous file with comments | « sandbox/mac/bootstrap_sandbox_unittest.mm ('k') | sandbox/mac/launchd_interception_server.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698