Don't load third-party code from any of the following locations:

Prefixes: ~/Library /Library /Network/Library Suffixes: Application Support/SIMBL/Plugins Contextual Menu Items InputManagers ScriptingAdditions Hosting parasitic third-party code in our application is the cause of instability which has only increased since the release of Mac OS X 10.7 ("Lion"). This replaces an earlier version of the change that only blocked NSBundle loads. This version blocks CFBundle loads. NSBundle uses CFBundle to load modules internally, so the NSBundle code is removed. The earlier version was only operative in the browser process. This version is active in all process types. Some blocked modules may result in messages being logged to the system console, such as: Google Chrome: OpenScripting.framework - can't find entry point (EntryPointName) in scripting addition /Library/ScriptingAdditions/... Google Chrome[12345:678] Cannot find function pointer (EntryPointName) for factory (UUID) in CFBundle/CFPlugin (address) </Library/Contextual Menu Items/...> (not loaded) BUG=90193 TEST=Crash less? Watch the stats. Make sure that things in /Library/Contextual Menu Items, /Library/InputManagers, and /Library/ScriptingAdditions aren't loaded into the process. Any functionality they provide should be absent from Chrome. Any crashes they provide should be absent as well. Review URL: http://codereview.chromium.org/7694008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97497 0039d316-1c4b-4281-b951-d872f2087c98
author: mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-19 20:01:24 +0000
committer: mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-08-19 20:01:24 +0000
commit: 00ecec5a16ba6b78117a52ace06086f6f912c59d (patch)
tree: dafaa97c656d74979864fef9b1b688d21fd91d9b /chrome/browser/chrome_browser_application_mac.mm
parent: 67d2dcd800579b0e16395b42474dfceb0786db10 (diff)
download: chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.zip
chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.tar.gz
chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.tar.bz2
1 files changed, 0 insertions, 92 deletions
diff --git a/chrome/browser/chrome_browser_application_mac.mm b/chrome/browser/chrome_browser_application_mac.mm
index 3ad3e23..9394767 100644
--- a/chrome/browser/chrome_browser_application_mac.mm
+++ b/chrome/browser/chrome_browser_application_mac.mm
@@ -5,7 +5,6 @@
 #import "chrome/browser/chrome_browser_application_mac.h"
 
 #import "base/logging.h"
-#import "base/mac/mac_util.h"
 #import "base/mac/scoped_nsexception_enabler.h"
 #import "base/metrics/histogram.h"
 #import "base/memory/scoped_nsobject.h"
@@ -122,90 +121,6 @@ static IMP gOriginalInitIMP = NULL;
 }
 @end
 
-static IMP gOriginalNSBundleLoadIMP = NULL;
-
-@interface NSBundle (CrNSBundleSwizzle)
-// -crLoad swizzles -load. It refuses to load parasitic third-party code
-// located in certain directories, returning NO instead of attempting to load
-// the bundle. This circumvents some of the mechanisms that third-party code
-// attempts to use to inject itself into applications. Note that some of these
-// mechanisms are unavailable to 64-bit applications anyway.
-- (BOOL)crLoad;
-@end
-
-@implementation NSBundle (CrNSBundleSwizzle)
-- (BOOL)crLoad {
-  // Method only called when swizzled.
-  DCHECK(_cmd == @selector(load));
-
-  // ~/Library, /Library, and /Network/Library. Things in /System/Library
-  // aren't blacklisted.
-  NSArray* blockedPrefixes =
-     NSSearchPathForDirectoriesInDomains(NSLibraryDirectory,
-                                         NSUserDomainMask |
-                                             NSLocalDomainMask |
-                                             NSNetworkDomainMask,
-                                         YES);
-
-  // Everything in the suffix list has a trailing slash so as to only block
-  // loading things contained in these directories.
-  NSString* const blockedSuffixes[] = {
-    // SIMBL - http://code.google.com/p/simbl/source/browse/src/SIMBL.{h,m}.
-    // It attempts to inject itself via an AppleScript event.
-    // http://code.google.com/p/simbl/source/browse/SIMBL%20Agent/SIMBLAgent.m
-    @"Application Support/SIMBL/Plugins/",
-
-#if !defined(__LP64__)
-    // Contextual menu manager plug-ins are unavailable to 64-bit processes.
-    // http://developer.apple.com/library/mac/releasenotes/Cocoa/AppKitOlderNotes.html#NSMenu
-    @"Contextual Menu Items/",
-
-    // Input managers are deprecated, would only be loaded under specific
-    // circumstances, and are entirely unavailable to 64-bit processes.
-    // http://developer.apple.com/library/mac/releasenotes/Cocoa/AppKitOlderNotes.html#NSInputManager
-    @"InputManagers/",
-#endif  // __LP64__
-
-    // Don't load third-party scripting additions either.
-    @"ScriptingAdditions/"
-
-    // This list is intentionally incomplete. For example, it doesn't block
-    // printer drivers or Internet plug-ins.
-  };
-
-  NSString* bundlePath = [self bundlePath];
-  NSUInteger bundlePathLength = [bundlePath length];
-
-  // Merge the prefix and suffix lists.
-  for (NSString* blockedPrefix in blockedPrefixes) {
-    for (size_t blockedSuffixIndex = 0;
-         blockedSuffixIndex < arraysize(blockedSuffixes);
-         ++blockedSuffixIndex) {
-      NSString* blockedSuffix = blockedSuffixes[blockedSuffixIndex];
-      NSString* blockedPath =
-          [blockedPrefix stringByAppendingPathComponent:blockedSuffix];
-      NSUInteger blockedPathLength = [blockedPath length];
-
-      // Do a case-insensitive comparison because most users will be on
-      // case-insensitive HFS+ filesystems and it's cheaper than asking the
-      // disk. This is like [bundlePath hasPrefix:blockedPath] but is
-      // case-insensitive.
-      if (bundlePathLength >= blockedPathLength &&
-          [bundlePath compare:blockedPath
-                      options:NSCaseInsensitiveSearch
-                        range:NSMakeRange(0, blockedPathLength)] ==
-          NSOrderedSame) {
-        // If bundlePath is inside blockedPath (it has blockedPath as a
-        // prefix), refuse to load it.
-        return NO;
-      }
-    }
-  }
-
-  return gOriginalNSBundleLoadIMP(self, _cmd) != nil;
-}
-@end
-
 namespace chrome_browser_application_mac {
 
 // Maximum number of known named exceptions we'll support.  There is
@@ -286,13 +201,6 @@ void SwizzleInit() {
       [NSException class],
       @selector(initWithName:reason:userInfo:),
       @selector(crInitWithName:reason:userInfo:));
-
-  // Avoid loading broken input managers and other parasitic plug-ins.
-  gOriginalNSBundleLoadIMP =
-      ObjcEvilDoers::SwizzleImplementedInstanceMethods(
-          [NSBundle class],
-          @selector(load),
-          @selector(crLoad));
 }
 
 }  // namespace
author	mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-19 20:01:24 +0000
committer	mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-08-19 20:01:24 +0000
commit	00ecec5a16ba6b78117a52ace06086f6f912c59d (patch)
tree	dafaa97c656d74979864fef9b1b688d21fd91d9b /chrome/browser/chrome_browser_application_mac.mm
parent	67d2dcd800579b0e16395b42474dfceb0786db10 (diff)
download	chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.zip chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.tar.gz chromium_src-00ecec5a16ba6b78117a52ace06086f6f912c59d.tar.bz2