diff options
| author | rsesek@chromium.org <rsesek@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-19 23:46:15 +0000 |
|---|---|---|
| committer | rsesek@chromium.org <rsesek@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-06-19 23:46:15 +0000 |
| commit | 9d3affb15f5d275a19f81aa583fcc33a49fc3c9c (patch) | |
| tree | 4a3e16a92bbeacf6b33266ee64d4d197933dcca9 /content/plugin/plugin_main_mac.mm | |
| parent | c54192896a0121ee9e03fcf0dfaf68d61ba91449 (diff) | |
| download | chromium_src-9d3affb15f5d275a19f81aa583fcc33a49fc3c9c.zip chromium_src-9d3affb15f5d275a19f81aa583fcc33a49fc3c9c.tar.gz chromium_src-9d3affb15f5d275a19f81aa583fcc33a49fc3c9c.tar.bz2 | |
Alter the design of the bootstrap sandbox to only take over the bootstrap port of children when necessary.
Rather than replacing the bootstrap port outright in the browser process, this
change merely registers the sandboxed bootstrap port with launchd. When a
sandboxed child is being launched with base::LaunchProcess(), a new
LaunchOptions can specify a bootstrap name to look up and use as a replacement
bootstrap port.
The bootstrap port in the new child is replaced after fork() but before exec().
The kernel clears the IPC space during both of these system calls, so no other
references to the original bootstrap port will exist after replacing the port
with the sandboxed one and exec()ing.
This change also partially reverts r276026, which introduced a permissive
policy for NPAPI plugins. Since those plugins are no longer affected by the
bootstrap sandbox, it can be removed.
BUG=367863,383513,383517,383791,386330
R=jam@chromium.org, mark@chromium.org
Review URL: https://codereview.chromium.org/347783002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@278530 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/plugin/plugin_main_mac.mm')
| -rw-r--r-- | content/plugin/plugin_main_mac.mm | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/content/plugin/plugin_main_mac.mm b/content/plugin/plugin_main_mac.mm index 557deb7..91deed8 100644 --- a/content/plugin/plugin_main_mac.mm +++ b/content/plugin/plugin_main_mac.mm @@ -3,14 +3,11 @@ // found in the LICENSE file. #import <AppKit/AppKit.h> -#include <servers/bootstrap.h> #include "base/environment.h" -#include "base/mac/mach_logging.h" #include "base/memory/scoped_ptr.h" #include "base/strings/string_util.h" #include "content/common/plugin_carbon_interpose_constants_mac.h" -#include "content/common/sandbox_init_mac.h" #include "content/plugin/plugin_interpose_util_mac.h" #include "content/public/common/content_client.h" @@ -49,27 +46,6 @@ void TrimInterposeEnvironment() { #endif void InitializeChromeApplication() { - // The bootstrap sandbox has taken over the bootstrap port. However, NPAPI - // plugins request servers with the BOOTSTRAP_PER_PID_SERVICE flag. This - // will fail, since the browser will be forwarding the message on behalf of - // the plugin, and the browser has already created these per-pid services - // for itself. - // - // Instead, request the real bootstrap port from the sandbox server, which - // can then be used by the plugin. - mach_port_t new_bootstrap_port = MACH_PORT_NULL; - kern_return_t kr = bootstrap_look_up(bootstrap_port, - kBootstrapPortNameForNPAPIPlugins, &new_bootstrap_port); - BOOTSTRAP_LOG_IF(ERROR, kr != KERN_SUCCESS, kr) - << "Failed to look up original bootstrap port."; - if (kr == KERN_SUCCESS) { - bootstrap_port = new_bootstrap_port; - kr = task_set_bootstrap_port(mach_task_self(), new_bootstrap_port); - MACH_LOG_IF(ERROR, kr != KERN_SUCCESS, kr) - << "Failed to reset TASK_BOOTSTRAP_PORT."; - } - - [NSApplication sharedApplication]; mac_plugin_interposing::SetUpCocoaInterposing(); } |