8 files changed, 77 insertions, 103 deletions
diff --git a/chrome/browser/nacl-loader.sb b/chrome/browser/nacl_loader.sb
index 61716a6..946871c 100644
--- a/chrome/browser/nacl-loader.sb
+++ b/chrome/browser/nacl_loader.sb
@@ -6,26 +6,8 @@
 ; This is the Sandbox configuration file used for safeguarding the user's
 ; untrusted code within Native Client.
 ;
-(version 1)
-(deny default)
-; Support for programmatically enabling verbose debugging.
-;ENABLE_LOGGING (debug deny)
 
-; Allow sending signals to self - http://crbug.com/20370
-(allow signal (target self))
-
-; Needed for full-page-zoomed controls - http://crbug.com/11325
-(allow sysctl-read)
-
-; Each line is marked with the System version that needs it.
-; This profile is tested with the following system versions:
-;     10.5.6, 10.6
-
-; Allow following symlinks
-(allow file-read-metadata)  ; 10.5.6
-
-; Needed for IPC on 10.6
-;10.6_ONLY (allow ipc-posix-shm)
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
 
 ; Needed for the Native Client plugin and loader.
 ; TODO(msneck): Refactor Native Client to use something other than Unix
@@ -36,4 +18,4 @@
 ;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-"))
 ;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-"))
 ;10.6_ONLY (allow network-bind (local ip4))
-;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
+;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
+\ No newline at end of file
diff --git a/chrome/browser/utility.sb b/chrome/browser/utility.sb
index a4bd16b..1d3a12b 100644
--- a/chrome/browser/utility.sb
+++ b/chrome/browser/utility.sb
@@ -10,31 +10,8 @@
 ; This configuration locks everything down, except access to one configurable
 ; directory.  This is different from other sandbox configuration files where
 ; file system access is entireley restricted.
-(version 1)
-(deny default)
-; Support for programmatically enabling verbose debugging.
-;ENABLE_LOGGING (debug deny)
 
-; Allow sending signals to self - http://crbug.com/20370
-(allow signal (target self))
-
-; Needed for full-page-zoomed controls - http://crbug.com/11325
-(allow sysctl-read)
-
-; Each line is marked with the System version that needs it.
-; This profile is tested with the following system versions:
-;     10.5.6, 10.6
-
-; Allow following symlinks
-(allow file-read-metadata)  ; 10.5.6
-
-; Loading System Libraries.
-(allow file-read-data (regex #"^/System/Library/Frameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/CoreServices($|/)"))  ; 10.5.6
-
-; Needed for IPC on 10.6
-;10.6_ONLY (allow ipc-posix-shm)
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
 
 ; Enable full access to given directory if needed.
-;ENABLE_DIRECTORY_ACCESS (allow file-read* file-write* (regex #"DIR_TO_ALLOW_ACCESS"))
+;ENABLE_DIRECTORY_ACCESS (allow file-read* file-write* (regex #"DIR_TO_ALLOW_ACCESS"))
+\ No newline at end of file
diff --git a/chrome/browser/worker.sb b/chrome/browser/worker.sb
index 6d3907b..c984670 100644
--- a/chrome/browser/worker.sb
+++ b/chrome/browser/worker.sb
@@ -8,28 +8,5 @@
 ;
 ; This is the most restrictive sandbox profile and only enables just enough
 ; to allow basic use of Cocoa.
-(version 1)
-(deny default)
-; Support for programmatically enabling verbose debugging.
-;ENABLE_LOGGING (debug deny)
 
-; Allow sending signals to self - http://crbug.com/20370
-(allow signal (target self))
-
-; Needed for full-page-zoomed controls - http://crbug.com/11325
-(allow sysctl-read)
-
-; Each line is marked with the System version that needs it.
-; This profile is tested with the following system versions:
-;     10.5.6, 10.6
-
-; Allow following symlinks
-(allow file-read-metadata)  ; 10.5.6
-
-; Loading System Libraries.
-(allow file-read-data (regex #"^/System/Library/Frameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/CoreServices($|/)"))  ; 10.5.6
-
-; Needed for IPC on 10.6
-;10.6_ONLY (allow ipc-posix-shm)
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
+\ No newline at end of file
diff --git a/chrome/chrome_browser.gypi b/chrome/chrome_browser.gypi
index 78bda8a..3cf5e02 100644
--- a/chrome/chrome_browser.gypi
+++ b/chrome/chrome_browser.gypi
@@ -2625,7 +2625,7 @@
               '$(SDKROOT)/System/Library/Frameworks/OpenGL.framework',
             ],
             'mac_bundle_resources': [
-              'browser/nacl-loader.sb',
+              'browser/nacl_loader.sb',
               'browser/utility.sb',
               'browser/worker.sb',
             ],
diff --git a/chrome/chrome_common.gypi b/chrome/chrome_common.gypi
index 55b2a4c..1d0c864 100644
--- a/chrome/chrome_common.gypi
+++ b/chrome/chrome_common.gypi
@@ -293,6 +293,11 @@
           'sources!': [
             'common/process_watcher_posix.cc',
           ],
+          'link_settings': {
+            'mac_bundle_resources': [
+              'common/common.sb',
+            ],
+          },
         }],
         ['OS!="win"', {
           'sources!': [
diff --git a/chrome/common/common.sb b/chrome/common/common.sb
new file mode 100644
index 0000000..71c73cf
--- /dev/null
+++ b/chrome/common/common.sb
@@ -0,0 +1,33 @@
+;;
+;; Copyright (c) 2010 The Chromium Authors. All rights reserved.
+;; Use of this source code is governed by a BSD-style license that can be
+;; found in the LICENSE file.
+;;
+; This configuration file isn't used on it's own, but instead implicity included
+; at the start of all other sandbox configuration files in Chrome.
+(version 1)
+(deny default)
+
+; Support for programmatically enabling verbose debugging.
+;ENABLE_LOGGING (debug deny)
+
+; Allow sending signals to self - http://crbug.com/20370
+(allow signal (target self))
+
+; Needed for full-page-zoomed controls - http://crbug.com/11325
+(allow sysctl-read)
+
+; Each line is marked with the System version that needs it.
+; This profile is tested with the following system versions:
+;     10.5.6, 10.6
+
+; Allow following symlinks
+(allow file-read-metadata)  ; 10.5.6
+
+; Loading System Libraries.
+(allow file-read-data (regex #"^/System/Library/Frameworks($|/)"))  ; 10.5.6
+(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)"))  ; 10.5.6
+(allow file-read-data (regex #"^/System/Library/CoreServices($|/)"))  ; 10.5.6
+
+; Needed for IPC on 10.6
+;10.6_ONLY (allow ipc-posix-shm)
+\ No newline at end of file
diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm
index 1299481..dc160dd 100644
--- a/chrome/common/sandbox_mac.mm
+++ b/chrome/common/sandbox_mac.mm
@@ -244,6 +244,10 @@ void SandboxWarmup() {
 // Turns on the OS X sandbox for this process.
 bool EnableSandbox(SandboxProcessType sandbox_type,
                    const FilePath& allowed_dir) {
+  // Name of the file containing a common prefix included at the start of
+  // all the other sandbox profiles.
+  const NSString* kCommonSandboxPrefixFileName = @"common";
+
   // Sanity - currently only SANDBOX_TYPE_UTILITY supports a directory being
   // passed in.
   if (sandbox_type != SANDBOX_TYPE_UTILITY) {
@@ -281,30 +285,49 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
       // TODO(msneck): Remove the use of Unix sockets from Native Client and
       // then decide on an appropriate sandbox type for the untrusted code.
       // This might simply mean removing the Unix socket rules from
-      // chrome/browser/nacl-loader.sb or it might mean sharing the
+      // chrome/browser/nacl_loader.sb or it might mean sharing the
       // sandbox configuration with SANDBOX_TYPE_WORKER.
       // See http://code.google.com/p/nativeclient/issues/detail?id=344
-      sandbox_config_filename = @"nacl-loader";
+      sandbox_config_filename = @"nacl_loader";
       break;
     default:
       NOTREACHED();
       return false;
   }
 
+  // Read in the sandbox profile and the common prefix file.
+  NSString* common_sandbox_prefix_path =
+      [mac_util::MainAppBundle() pathForResource:kCommonSandboxPrefixFileName
+                                          ofType:@"sb"];
+  NSString* common_sandbox_prefix_data =
+      [NSString stringWithContentsOfFile:common_sandbox_prefix_path
+                                encoding:NSUTF8StringEncoding
+                                   error:NULL];
+
+  if (!common_sandbox_prefix_data) {
+    LOG(ERROR) << "Failed to find the sandbox profile on disk "
+                << [common_sandbox_prefix_path fileSystemRepresentation];
+    return false;
+  }
+
   NSString* sandbox_profile_path =
       [mac_util::MainAppBundle() pathForResource:sandbox_config_filename
                                           ofType:@"sb"];
-  NSString* sandbox_data = [NSString
-      stringWithContentsOfFile:sandbox_profile_path
-                      encoding:NSUTF8StringEncoding
-                         error:nil];
+  NSString* sandbox_data =
+      [NSString stringWithContentsOfFile:sandbox_profile_path
+                                 encoding:NSUTF8StringEncoding
+                                    error:NULL];
 
   if (!sandbox_data) {
-    PLOG(ERROR) << "Failed to find the sandbox profile on disk "
-                << base::SysNSStringToUTF8(sandbox_profile_path);
+    LOG(ERROR) << "Failed to find the sandbox profile on disk "
+                << [sandbox_profile_path fileSystemRepresentation];
     return false;
   }
 
+  // Prefix sandbox_data with common_sandbox_prefix_data.
+  sandbox_data =
+      [common_sandbox_prefix_data stringByAppendingString:sandbox_data];
+
   // Enable verbose logging if enabled on the command line.
   // (see renderer.sb for details).
   const CommandLine *command_line = CommandLine::ForCurrentProcess();
diff --git a/chrome/renderer/renderer.sb b/chrome/renderer/renderer.sb
index bbdf1c2..341652f 100644
--- a/chrome/renderer/renderer.sb
+++ b/chrome/renderer/renderer.sb
@@ -3,28 +3,8 @@
 ;; Use of this source code is governed by a BSD-style license that can be
 ;; found in the LICENSE file.
 ;;
-(version 1)
-(deny default)
-; Support for programmatically enabling verbose debugging.
-;ENABLE_LOGGING (debug deny)
 
-; Allow sending signals to self - http://crbug.com/20370
-(allow signal (target self))
-
-; Needed for full-page-zoomed controls - http://crbug.com/11325
-(allow sysctl-read)
-
-; Each line is marked with the System version that needs it.
-; This profile is tested with the following system versions:
-;     10.5.6, 10.6
-
-; Allow following symlinks
-(allow file-read-metadata)  ; 10.5.6
-
-; Loading System Libraries.
-(allow file-read-data (regex #"^/System/Library/Frameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/PrivateFrameworks($|/)"))  ; 10.5.6
-(allow file-read-data (regex #"^/System/Library/CoreServices($|/)"))  ; 10.5.6
+; *** The contents of chrome/common/common.sb are implicitly included here. ***
 
 ; Needed for Fonts.
 (allow file-read-data (regex #"^/System/Library/Fonts($|/)"))  ; 10.5.6
@@ -35,9 +15,6 @@
 ; USER_HOMEDIR is substitued at runtime - http://crbug.com/11269
 ;10.6_ONLY (allow file-read-data (subpath "USER_HOMEDIR/Library/Fonts"))  ; 10.6
 
-; Needed for IPC on 10.6
-;10.6_ONLY (allow ipc-posix-shm)
-
 ; Needed for the Native Client plugin and loader. These lines are enabled
 ; if and only if --internal-nacl (or --enable-nacl) are used (and they
 ; are off by default).
@@ -50,4 +27,4 @@
 ;NACL;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-"))
 ;NACL;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-"))
 ;NACL;10.6_ONLY (allow network-bind (local ip4))
-;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
+;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
+\ No newline at end of file