sandbox/mac/bootstrap_sandbox.h - Issue 347783002: Alter the design of the bootstrap sandbox to only take over the bootstrap port of children when nec…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/mac/bootstrap_sandbox.h

Issue 347783002: Alter the design of the bootstrap sandbox to only take over the bootstrap port of children when nec… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address comments Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/mac/bootstrap_sandbox.h

diff --git a/sandbox/mac/bootstrap_sandbox.h b/sandbox/mac/bootstrap_sandbox.h

index 53fc54fa0e9e1ed61e47934a0e6d82bf0e72ef6e..dff7814d545eebac2c09e73581cebead7b36c622 100644

--- a/sandbox/mac/bootstrap_sandbox.h

+++ b/sandbox/mac/bootstrap_sandbox.h

@@ -26,9 +26,10 @@ class LaunchdInterceptionServer;

// process creates an instance of this class and registers policies that it

// can enforce on its children.

-// With this sandbox, the bootstrap port of the parent process is replaced, so

-// that child processes is taken over by the sandbox. Bootstrap messages from

-// the parent are forwarded to launchd. Requests from the child that would

+// With this sandbox, the parent process must replace the bootstrap port prior

+// to the sandboxed target's execution. This should be done by setting the

+// base::LaunchOptions.replacement_bootstrap_name to the

+// server_bootstrap_name() of this class. Requests from the child that would

// normally go to launchd are filtered based on the specified per-process

// policies. If a request is permitted by the policy, it is forwarded on to

// launchd for servicing. If it is not, then the sandbox will reply with a

@@ -77,6 +78,7 @@ class SANDBOX_EXPORT BootstrapSandbox {

// with the |pid|, this returns NULL.

const BootstrapSandboxPolicy* PolicyForProcess(pid_t pid) const;

+ std::string server_bootstrap_name() const { return server_bootstrap_name_; }

mach_port_t real_bootstrap_port() const { return real_bootstrap_port_; }

private:

@@ -86,6 +88,10 @@ class SANDBOX_EXPORT BootstrapSandbox {

// requests.

scoped_ptr<LaunchdInterceptionServer> server_;

+ // The name in the system bootstrap server by which the |server_|'s port

+ // is known.

+ const std::string server_bootstrap_name_;

// The original bootstrap port of the process, which is connected to the

// real launchd server.

base::mac::ScopedMachSendRight real_bootstrap_port_;

« no previous file with comments | « content/public/common/sandbox_type_mac.h ('k') | sandbox/mac/bootstrap_sandbox.cc » ('j') | no next file with comments »