diff options
Diffstat (limited to 'chrome/browser/sandbox_policy.cc')
| -rw-r--r-- | chrome/browser/sandbox_policy.cc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/chrome/browser/sandbox_policy.cc b/chrome/browser/sandbox_policy.cc index 0969bd3..04c61c2 100644 --- a/chrome/browser/sandbox_policy.cc +++ b/chrome/browser/sandbox_policy.cc @@ -116,6 +116,37 @@ bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { return true; } +bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy) { + sandbox::ResultCode result; + + // TODO(mpcomplete): need to restrict access to database files only. This + // is just temporary for debugging purposes. + std::wstring plugin_data; + if (!PathService::Get(chrome::DIR_USER_DATA, &plugin_data)) + return false; + if (!win_util::ConvertToLongPath(plugin_data, &plugin_data)) + return false; + + file_util::AppendToPath(&plugin_data, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + plugin_data.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + std::wstring temppath; + if (!file_util::GetTempDir(&temppath)) + return false; + file_util::AppendToPath(&temppath, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + temppath.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + return true; +} + bool AddGenericPolicy(sandbox::TargetPolicy* policy) { sandbox::ResultCode result; |