Hackish changes to make gears work in the renderer with the sandbox.

Review URL: http://codereview.chromium.org/6434 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3032 0039d316-1c4b-4281-b951-d872f2087c98
author: mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-10-08 19:35:21 +0000
committer: mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-10-08 19:35:21 +0000
commit: 8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8 (patch)
tree: 7bd18aae0fb746fe0ab54593cb7ef0d98610000b /chrome/browser/sandbox_policy.cc
parent: cf13cfb4b44dc30a8d3dde60e6d900a7cacb29d2 (diff)
download: chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.zip
chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.gz
chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.bz2
1 files changed, 31 insertions, 0 deletions
diff --git a/chrome/browser/sandbox_policy.cc b/chrome/browser/sandbox_policy.cc
index 0969bd3..04c61c2 100644
--- a/chrome/browser/sandbox_policy.cc
+++ b/chrome/browser/sandbox_policy.cc
@@ -116,6 +116,37 @@ bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy) {
   return true;
 }
 
+bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy) {
+  sandbox::ResultCode result;
+
+  // TODO(mpcomplete): need to restrict access to database files only.  This
+  // is just temporary for debugging purposes.
+  std::wstring plugin_data;
+  if (!PathService::Get(chrome::DIR_USER_DATA, &plugin_data))
+    return false;
+  if (!win_util::ConvertToLongPath(plugin_data, &plugin_data))
+    return false;
+
+  file_util::AppendToPath(&plugin_data, L"*");
+  result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                           sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                           plugin_data.c_str());
+  if (result != sandbox::SBOX_ALL_OK)
+    return false;
+
+  std::wstring temppath;
+  if (!file_util::GetTempDir(&temppath))
+    return false;
+  file_util::AppendToPath(&temppath, L"*");
+  result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
+                           sandbox::TargetPolicy::FILES_ALLOW_ANY,
+                           temppath.c_str());
+  if (result != sandbox::SBOX_ALL_OK)
+    return false;
+
+  return true;
+}
+
 bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
   sandbox::ResultCode result;
author	mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-10-08 19:35:21 +0000
committer	mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-10-08 19:35:21 +0000
commit	8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8 (patch)
tree	7bd18aae0fb746fe0ab54593cb7ef0d98610000b /chrome/browser/sandbox_policy.cc
parent	cf13cfb4b44dc30a8d3dde60e6d900a7cacb29d2 (diff)
download	chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.zip chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.gz chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.bz2