diff options
| author | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-14 16:11:42 +0000 |
|---|---|---|
| committer | jeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-14 16:11:42 +0000 |
| commit | 5db3b7e4a904820eb5e8bea6aa001421c8098505 (patch) | |
| tree | f44a5c3d19f27a50b6f08828314569396a7f1489 /chrome/common/sandbox_mac.mm | |
| parent | bb8a8ec083edead920f0db810b224bf43ff39717 (diff) | |
| download | chromium_src-5db3b7e4a904820eb5e8bea6aa001421c8098505.zip chromium_src-5db3b7e4a904820eb5e8bea6aa001421c8098505.tar.gz chromium_src-5db3b7e4a904820eb5e8bea6aa001421c8098505.tar.bz2 | |
Mac: Use canonicalization rather than absolute paths for sandbox.
BUG=None
TEST=Installing themes should continue to work.
Review URL: http://codereview.chromium.org/2834044
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52326 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/sandbox_mac.mm')
| -rw-r--r-- | chrome/common/sandbox_mac.mm | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm index bc0929e..8253c55 100644 --- a/chrome/common/sandbox_mac.mm +++ b/chrome/common/sandbox_mac.mm @@ -10,6 +10,7 @@ extern "C" { #include <sandbox.h> } +#include <sys/param.h> #include "base/basictypes.h" #include "base/command_line.h" @@ -118,27 +119,26 @@ bool QuotePlainString(const std::string& str_utf8, std::string* dst) { // // Returns: true on success, false otherwise. bool QuoteStringForRegex(const std::string& str_utf8, std::string* dst) { - // List of chars with special meaning to regex. - // This list is derived from http://perldoc.perl.org/perlre.html . + // Characters with special meanings in sandbox profile syntax. + // Note: ]} are notably absent from this list although in practice escaping + // them has no ill effect. const char regex_special_chars[] = { '\\', // Metacharacters '^', '.', + '[', '$', - '|', '(', ')', - '[', - ']', + '|', // Quantifiers '*', '+', '?', '{', - '}', }; // Anchor regex at start of path. @@ -345,14 +345,11 @@ bool EnableSandbox(SandboxProcessType sandbox_type, // needed so the caller doesn't need to worry about things like /var // being a link to /private/var (like in the paths CreateNewTempDirectory() // returns). - FilePath allowed_dir_absolute(allowed_dir); - if (!file_util::AbsolutePath(&allowed_dir_absolute)) { - PLOG(FATAL) << "Failed to resolve absolute path"; - return false; - } + FilePath allowed_dir_canonical(allowed_dir); + GetCanonicalSandboxPath(&allowed_dir_canonical); std::string allowed_dir_escaped; - if (!QuoteStringForRegex(allowed_dir_absolute.value(), + if (!QuoteStringForRegex(allowed_dir_canonical.value(), &allowed_dir_escaped)) { LOG(FATAL) << "Regex string quoting failed " << allowed_dir.value(); return false; @@ -384,8 +381,12 @@ bool EnableSandbox(SandboxProcessType sandbox_type, // If we ever need this on pre-10.6 OSs then we'll have to rethink the // surrounding sandbox syntax. std::string home_dir = base::SysNSStringToUTF8(NSHomeDirectory()); + + FilePath home_dir_canonical(home_dir); + GetCanonicalSandboxPath(&home_dir_canonical); + std::string home_dir_escaped; - if (!QuotePlainString(home_dir, &home_dir_escaped)) { + if (!QuotePlainString(home_dir_canonical.value(), &home_dir_escaped)) { LOG(FATAL) << "Sandbox string quoting failed"; return false; } @@ -411,4 +412,23 @@ bool EnableSandbox(SandboxProcessType sandbox_type, return success; } +void GetCanonicalSandboxPath(FilePath* path) { + int fd = HANDLE_EINTR(open(path->value().c_str(), O_RDONLY)); + if (fd < 0) { + PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " + << path->value(); + return; + } + file_util::ScopedFD file_closer(&fd); + + FilePath::CharType canonical_path[MAXPATHLEN]; + if (HANDLE_EINTR(fcntl(fd, F_GETPATH, canonical_path)) != 0) { + PLOG(FATAL) << "GetCanonicalSandboxPath() failed for: " + << path->value(); + return; + } + + *path = FilePath(canonical_path); +} + } // namespace sandbox |