content/common/sandbox_mac.mm - Issue 470693004: Revert of Fix Mac sandbox meta data access (reland)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_mac.mm

Issue 470693004: Revert of Fix Mac sandbox meta data access (reland) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/sandbox_mac.mm

diff --git a/content/common/sandbox_mac.mm b/content/common/sandbox_mac.mm

index 8b4dfe3f5f3f24394c4fdb1a3951e2e38a8f5e2e..c7c126594aec3fb2abae774f3359e9a3a1b83c81 100644

--- a/content/common/sandbox_mac.mm

+++ b/content/common/sandbox_mac.mm

@@ -114,14 +114,12 @@

// Collect a list of all parent directories.

base::FilePath last_path = allowed_path;

std::vector<base::FilePath> subpaths;

- base::FilePath path = allowed_path;

- do {

+ for (base::FilePath path = allowed_path;

+ path.value() != last_path.value();

+ path = path.DirName()) {

subpaths.push_back(path);

last_path = path;

- path = path.DirName();

- } while (path.value() != last_path.value());

+ }

// Iterate through all parents and allow stat() on them explicitly.

NSString* sandbox_command = @"(allow file-read-metadata ";

@@ -572,22 +570,6 @@

[base::mac::MainBundle() executablePath]);

NSString* sandbox_command = AllowMetadataForPath(

GetCanonicalSandboxPath(bundle_executable));

- // In addition to the workaround above, for OS X <= 10.6 we also need to

- // allow reading file metadata for all the dylibs under the same directory

- // containing the Chrome bundle. It requires to go 5 levels up from main

- // bundle path because the main bundle here is the Helper.app bundle.

- base::FilePath product_path = base::mac::MainBundlePath()

- .DirName()

- .DirName();

- sandbox_command = [sandbox_command

- stringByAppendingFormat:

- @"(allow file-read-metadata (regex #\"^%@/.*\\.dylib$\"))",

- base::mac::FilePathToNSString(product_path)];

substitutions["COMPONENT_BUILD_WORKAROUND"] =

SandboxSubstring(base::SysNSStringToUTF8(sandbox_command));

}

« no previous file with comments | « content/common/sandbox_mac.h ('k') | content/common/sandbox_mac_diraccess_unittest.mm » ('j') | no next file with comments »