diff options
| author | viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-14 20:11:05 +0000 |
|---|---|---|
| committer | viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-14 20:11:05 +0000 |
| commit | a8dcee933c481e605099cf9497e5c3f5f72ef93f (patch) | |
| tree | 8eb73683165f9be55c2366f2c07ecad3dc0f1793 /content/ppapi_plugin | |
| parent | 6443aa7460501212450e0e7a28413aa961b08034 (diff) | |
| download | chromium_src-a8dcee933c481e605099cf9497e5c3f5f72ef93f.zip chromium_src-a8dcee933c481e605099cf9497e5c3f5f72ef93f.tar.gz chromium_src-a8dcee933c481e605099cf9497e5c3f5f72ef93f.tar.bz2 | |
Mac: Make PPAPI plugins work out of process (i.e., with a proxy) and a sandbox.
Also make sure that --no-sandbox works correctly in disabling the sandbox for
the PPAPI plugin process.
BUG=none
TEST=Mac Flapper works out of process (at least for some content). \
--no-sandbox also works correctly in disabling the sandbox for the PPAPI \
process.
Review URL: http://codereview.chromium.org/6979022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89058 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/ppapi_plugin')
| -rw-r--r-- | content/ppapi_plugin/ppapi.sb | 20 | ||||
| -rw-r--r-- | content/ppapi_plugin/ppapi_thread.cc | 14 |
2 files changed, 34 insertions, 0 deletions
diff --git a/content/ppapi_plugin/ppapi.sb b/content/ppapi_plugin/ppapi.sb new file mode 100644 index 0000000..6fa3ebf --- /dev/null +++ b/content/ppapi_plugin/ppapi.sb @@ -0,0 +1,20 @@ +;; +;; Copyright (c) 2011 The Chromium Authors. All rights reserved. +;; Use of this source code is governed by a BSD-style license that can be +;; found in the LICENSE file. +;; + +; TODO(viettrungluu): Confirm that the exceptions below are needed. + +; *** The contents of content/common/common.sb are implicitly included here. *** + +; Needed for Fonts. +(allow file-read* (regex #"^/System/Library/Fonts($|/)")) ; 10.5.6 +; 10.6 for loading fonts in the renderer. +; on 10.5 this is needed for the PDF plugin. +(allow file-read* (regex #"^/Library/Fonts($|/)")) +(allow mach-lookup (global-name "com.apple.FontObjectsServer")) ; 10.5.6 +;10.6_OR_ABOVE (allow mach-lookup (global-name "com.apple.FontServer")) ; 10.6 + +; http://crbug.com/11269 +;10.6_OR_ABOVE (allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts")) ; 10.6 diff --git a/content/ppapi_plugin/ppapi_thread.cc b/content/ppapi_plugin/ppapi_thread.cc index 4ad7cd2..9b3c846 100644 --- a/content/ppapi_plugin/ppapi_thread.cc +++ b/content/ppapi_plugin/ppapi_thread.cc @@ -6,10 +6,13 @@ #include <limits> +#include "base/command_line.h" #include "base/process_util.h" #include "base/rand_util.h" #include "base/stringprintf.h" #include "content/common/child_process.h" +#include "content/common/content_switches.h" +#include "content/common/sandbox_init_wrapper.h" #include "content/ppapi_plugin/broker_process_dispatcher.h" #include "content/ppapi_plugin/plugin_process_dispatcher.h" #include "content/ppapi_plugin/ppapi_webkit_thread.h" @@ -145,6 +148,17 @@ void PpapiThread::OnMsgLoadPlugin(const FilePath& path) { return; } +#if defined(OS_MACOSX) + // We need to do this after getting |PPP_GetInterface()| (or presumably + // doing something nontrivial with the library), else the sandbox + // intercedes. + CommandLine* parsed_command_line = CommandLine::ForCurrentProcess(); + SandboxInitWrapper sandbox_wrapper; + if (!sandbox_wrapper.InitializeSandbox(*parsed_command_line, + switches::kPpapiPluginProcess)) + LOG(WARNING) << "Failed to initialize sandbox"; +#endif + // Get the InitializeModule function (required). pp::proxy::Dispatcher::InitModuleFunc init_module = reinterpret_cast<pp::proxy::Dispatcher::InitModuleFunc>( |