diff options
| author | mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-10-08 19:35:21 +0000 |
|---|---|---|
| committer | mpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-10-08 19:35:21 +0000 |
| commit | 8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8 (patch) | |
| tree | 7bd18aae0fb746fe0ab54593cb7ef0d98610000b /chrome/browser | |
| parent | cf13cfb4b44dc30a8d3dde60e6d900a7cacb29d2 (diff) | |
| download | chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.zip chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.gz chromium_src-8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8.tar.bz2 | |
Hackish changes to make gears work in the renderer with the sandbox.
Review URL: http://codereview.chromium.org/6434
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3032 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
| -rw-r--r-- | chrome/browser/render_process_host.cc | 8 | ||||
| -rw-r--r-- | chrome/browser/sandbox_policy.cc | 31 | ||||
| -rw-r--r-- | chrome/browser/sandbox_policy.h | 3 |
3 files changed, 42 insertions, 0 deletions
diff --git a/chrome/browser/render_process_host.cc b/chrome/browser/render_process_host.cc index ed969a6..b39c89b 100644 --- a/chrome/browser/render_process_host.cc +++ b/chrome/browser/render_process_host.cc @@ -372,6 +372,14 @@ bool RenderProcessHost::Init() { return false; } + CommandLine command_line; + if (command_line.HasSwitch(switches::kGearsInRenderer)) { + if (!AddPolicyForGearsInRenderer(policy)) { + NOTREACHED(); + return false; + } + } + if (!AddDllEvictionPolicy(policy)) { NOTREACHED(); return false; diff --git a/chrome/browser/sandbox_policy.cc b/chrome/browser/sandbox_policy.cc index 0969bd3..04c61c2 100644 --- a/chrome/browser/sandbox_policy.cc +++ b/chrome/browser/sandbox_policy.cc @@ -116,6 +116,37 @@ bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { return true; } +bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy) { + sandbox::ResultCode result; + + // TODO(mpcomplete): need to restrict access to database files only. This + // is just temporary for debugging purposes. + std::wstring plugin_data; + if (!PathService::Get(chrome::DIR_USER_DATA, &plugin_data)) + return false; + if (!win_util::ConvertToLongPath(plugin_data, &plugin_data)) + return false; + + file_util::AppendToPath(&plugin_data, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + plugin_data.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + std::wstring temppath; + if (!file_util::GetTempDir(&temppath)) + return false; + file_util::AppendToPath(&temppath, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + temppath.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + return true; +} + bool AddGenericPolicy(sandbox::TargetPolicy* policy) { sandbox::ResultCode result; diff --git a/chrome/browser/sandbox_policy.h b/chrome/browser/sandbox_policy.h index b32e5d8..3beafdd 100644 --- a/chrome/browser/sandbox_policy.h +++ b/chrome/browser/sandbox_policy.h @@ -15,6 +15,9 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy); // Adds policy rules for unloaded the known dlls that cause chrome to crash. bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy); +// Adds policy rules for running Gears in the renderer process. +bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy); + // Adds the custom policy rules for a given plugin. If dll is activex-shim, // then clsid is the clsid of ActiveX control. Otherwise clsid is ignored. // |trusted_plugins| contains the comma separate list of plugins that should |