Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(786)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/renderer_main_platform_delegate_mac.mm

Issue 545603002: [Mac] Shut down connections to WindowServer before engaging the sandbox. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/renderer_main_platform_delegate.h" 5 #include "content/renderer/renderer_main_platform_delegate.h"
6 6
7 #include <Carbon/Carbon.h> 7 #include <Carbon/Carbon.h>
8 #import <Cocoa/Cocoa.h> 8 #import <Cocoa/Cocoa.h>
9 #include <objc/runtime.h> 9 #include <objc/runtime.h>
10 10
11 #include "base/command_line.h" 11 #include "base/command_line.h"
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/mac/mac_util.h" 13 #include "base/mac/mac_util.h"
14 #include "base/mac/scoped_cftyperef.h" 14 #include "base/mac/scoped_cftyperef.h"
15 #include "base/strings/string_number_conversions.h" 15 #include "base/strings/string_number_conversions.h"
16 #include "base/strings/sys_string_conversions.h" 16 #include "base/strings/sys_string_conversions.h"
17 #include "content/common/sandbox_mac.h" 17 #include "content/common/sandbox_mac.h"
18 #include "content/public/common/content_switches.h" 18 #include "content/public/common/content_switches.h"
19 #include "content/common/sandbox_init_mac.h" 19 #include "content/common/sandbox_init_mac.h"
20 20
21 extern "C" {
22 void CGSSetDenyWindowServerConnections(bool);
23 void CGSShutdownServerConnections();
24 };
25
21 namespace content { 26 namespace content {
22 27
23 namespace { 28 namespace {
24 29
25 // You are about to read a pretty disgusting hack. In a static initializer, 30 // You are about to read a pretty disgusting hack. In a static initializer,
26 // CoreFoundation decides to connect with cfprefsd(8) using Mach IPC. There is 31 // CoreFoundation decides to connect with cfprefsd(8) using Mach IPC. There is
27 // no public way to close this Mach port after-the-fact, nor a way to stop it 32 // no public way to close this Mach port after-the-fact, nor a way to stop it
28 // from happening since it is done pre-main in dyld. But the address of the 33 // from happening since it is done pre-main in dyld. But the address of the
29 // CFMachPort can be found in the run loop's string description. Below, that 34 // CFMachPort can be found in the run loop's string description. Below, that
30 // address is parsed, cast, and then used to invalidate the Mach port to 35 // address is parsed, cast, and then used to invalidate the Mach port to
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
129 [NSThread detachNewThreadSelector:@selector(length) 134 [NSThread detachNewThreadSelector:@selector(length)
130 toTarget:string 135 toTarget:string
131 withObject:nil]; 136 withObject:nil];
132 } 137 }
133 } 138 }
134 139
135 void RendererMainPlatformDelegate::PlatformUninitialize() { 140 void RendererMainPlatformDelegate::PlatformUninitialize() {
136 } 141 }
137 142
138 bool RendererMainPlatformDelegate::EnableSandbox() { 143 bool RendererMainPlatformDelegate::EnableSandbox() {
144 // Disconnect from WindowServer before entering the sandbox, after all
145 // objects have been warmed up. Shutting down the connection requires
146 // connecting to WindowServer, so do this before engaging the sandbox.
Avi (use Gerrit) 2014/09/04 20:10:54 "It's like having to connect to the WindowServer t
147 CGSSetDenyWindowServerConnections(true);
148 CGSShutdownServerConnections();
149
139 // Enable the sandbox. 150 // Enable the sandbox.
140 bool sandbox_initialized = InitializeSandbox(); 151 bool sandbox_initialized = InitializeSandbox();
141 152
142 // The sandbox is now engaged. Make sure that the renderer has not connected 153 // The sandbox is now engaged. Make sure that the renderer has not connected
143 // itself to Cocoa. 154 // itself to Cocoa.
144 CHECK(NSApp == nil); 155 CHECK(NSApp == nil);
145 156
146 DisconnectCFNotificationCenter(); 157 DisconnectCFNotificationCenter();
147 158
148 return sandbox_initialized; 159 return sandbox_initialized;
149 } 160 }
150 161
151 } // namespace content 162 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698