#include "base/mac/mac_util.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/singleton.h"
-#include "content/browser/mach_broker_mac.h"
#include "content/common/sandbox_init_mac.h"
#include "content/public/browser/browser_child_process_observer.h"
#include "content/public/browser/child_process_data.h"
-#include "content/public/browser/notification_details.h"
-#include "content/public/browser/notification_observer.h"
-#include "content/public/browser/notification_registrar.h"
-#include "content/public/browser/notification_service.h"
-#include "content/public/browser/notification_types.h"
-#include "content/public/browser/render_process_host.h"
#include "content/public/common/sandbox_type_mac.h"
#include "sandbox/mac/bootstrap_sandbox.h"
// This class is responsible for creating the BootstrapSandbox global
// singleton, as well as registering all associated policies with it.
-class BootstrapSandboxPolicy : public BrowserChildProcessObserver,
- public NotificationObserver {
+class BootstrapSandboxPolicy : public BrowserChildProcessObserver {
public:
static BootstrapSandboxPolicy* GetInstance();
virtual void BrowserChildProcessCrashed(
const ChildProcessData& data) OVERRIDE;
- // NotificationObserver:
- virtual void Observe(int type,
- const NotificationSource& source,
- const NotificationDetails& details) OVERRIDE;
-
private:
friend struct DefaultSingletonTraits<BootstrapSandboxPolicy>;
BootstrapSandboxPolicy();
virtual ~BootstrapSandboxPolicy();
void RegisterSandboxPolicies();
- void RegisterRendererPolicy();
-
- void AddBaselinePolicy(sandbox::BootstrapSandboxPolicy* policy);
-
- NotificationRegistrar notification_registrar_;
scoped_ptr<sandbox::BootstrapSandbox> sandbox_;
};
sandbox()->ChildDied(data.handle);
}
-void BootstrapSandboxPolicy::Observe(int type,
- const NotificationSource& source,
- const NotificationDetails& details) {
- switch (type) {
- case NOTIFICATION_RENDERER_PROCESS_CLOSED:
- sandbox()->ChildDied(
- Details<RenderProcessHost::RendererClosedDetails>(details)->handle);
- break;
- default:
- NOTREACHED() << "Unexpected notification " << type;
- break;
- }
-}
-
BootstrapSandboxPolicy::BootstrapSandboxPolicy()
: sandbox_(sandbox::BootstrapSandbox::Create()) {
CHECK(sandbox_.get());
BrowserChildProcessObserver::Add(this);
- notification_registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED,
- NotificationService::AllBrowserContextsAndSources());
RegisterSandboxPolicies();
}
}
void BootstrapSandboxPolicy::RegisterSandboxPolicies() {
- RegisterRendererPolicy();
-}
-
-void BootstrapSandboxPolicy::RegisterRendererPolicy() {
- sandbox::BootstrapSandboxPolicy policy;
- AddBaselinePolicy(&policy);
-
- // Permit font queries.
- policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW);
- policy.rules["com.apple.FontObjectsServer"] =
- sandbox::Rule(sandbox::POLICY_ALLOW);
-
- // Allow access to the windowserver. This is needed to get the colorspace
- // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this
- // should be plumbed over IPC instead <http://crbug.com/265709>.
- policy.rules["com.apple.windowserver.active"] =
- sandbox::Rule(sandbox::POLICY_ALLOW);
-
- sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy);
-}
-
-void BootstrapSandboxPolicy::AddBaselinePolicy(
- sandbox::BootstrapSandboxPolicy* policy) {
- auto& rules = policy->rules;
-
- // Allow the child to send its task port to the MachBroker.
- rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW);
-
- // Allow logging to the syslog.
- rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW);
}
} // namespace
bool ShouldEnableBootstrapSandbox() {
- return false;
+ return base::mac::IsOSMountainLionOrEarlier() ||
+ base::mac::IsOSMavericks();
}
sandbox::BootstrapSandbox* GetBootstrapSandbox() {
projects / platform / framework / web / crosswalk.git / blobdiff