Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/sandbox_policy.cc

Issue 42158: Get rid of the gears in renderer process code. This allows me to do some cle... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/chrome_plugin_host.cc ('K') | « chrome/browser/sandbox_policy.h ('k') | chrome/chrome.gyp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/sandbox_policy.h" 5 #include "chrome/browser/sandbox_policy.h"
6 6
7 #include "base/file_util.h" 7 #include "base/file_util.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/path_service.h" 9 #include "base/path_service.h"
10 #include "base/registry.h" 10 #include "base/registry.h"
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 if (::GetModuleHandleW(kTroublesomeDlls[ix])) { 154 if (::GetModuleHandleW(kTroublesomeDlls[ix])) {
155 LOG(WARNING) << "dll to unload found: " << kTroublesomeDlls[ix]; 155 LOG(WARNING) << "dll to unload found: " << kTroublesomeDlls[ix];
156 if (sandbox::SBOX_ALL_OK != policy->AddDllToUnload(kTroublesomeDlls[ix])) 156 if (sandbox::SBOX_ALL_OK != policy->AddDllToUnload(kTroublesomeDlls[ix]))
157 return false; 157 return false;
158 } 158 }
159 } 159 }
160 160
161 return true; 161 return true;
162 } 162 }
163 163
164 bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy) {
165 sandbox::ResultCode result;
166
167 // TODO(mpcomplete): need to restrict access to database files only. This
168 // is just temporary for debugging purposes.
169 std::wstring plugin_data;
170 if (!PathService::Get(chrome::DIR_USER_DATA, &plugin_data))
171 return false;
172 if (!win_util::ConvertToLongPath(plugin_data, &plugin_data))
173 return false;
174
175 file_util::AppendToPath(&plugin_data, L"*");
176 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
177 sandbox::TargetPolicy::FILES_ALLOW_ANY,
178 plugin_data.c_str());
179 if (result != sandbox::SBOX_ALL_OK)
180 return false;
181
182 std::wstring temppath;
183 if (!file_util::GetTempDir(&temppath))
184 return false;
185 file_util::AppendToPath(&temppath, L"*");
186 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
187 sandbox::TargetPolicy::FILES_ALLOW_ANY,
188 temppath.c_str());
189 if (result != sandbox::SBOX_ALL_OK)
190 return false;
191
192 return true;
193 }
194
195 bool AddGenericPolicy(sandbox::TargetPolicy* policy) { 164 bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
196 sandbox::ResultCode result; 165 sandbox::ResultCode result;
197 166
198 // Add the policy for the pipes 167 // Add the policy for the pipes
199 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, 168 result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
200 sandbox::TargetPolicy::FILES_ALLOW_ANY, 169 sandbox::TargetPolicy::FILES_ALLOW_ANY,
201 L"\\??\\pipe\\chrome.*"); 170 L"\\??\\pipe\\chrome.*");
202 if (result != sandbox::SBOX_ALL_OK) 171 if (result != sandbox::SBOX_ALL_OK)
203 return false; 172 return false;
204 173
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
319 return ApplyPolicyForTrustedPlugin(policy); 288 return ApplyPolicyForTrustedPlugin(policy);
320 case PLUGIN_GROUP_UNTRUSTED: 289 case PLUGIN_GROUP_UNTRUSTED:
321 return ApplyPolicyForUntrustedPlugin(policy); 290 return ApplyPolicyForUntrustedPlugin(policy);
322 default: 291 default:
323 NOTREACHED(); 292 NOTREACHED();
324 break; 293 break;
325 } 294 }
326 295
327 return false; 296 return false;
328 } 297 }
OLDNEW
« chrome/browser/chrome_plugin_host.cc ('K') | « chrome/browser/sandbox_policy.h ('k') | chrome/chrome.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698