diff options
Diffstat (limited to 'content/ppapi_plugin')
| -rw-r--r-- | content/ppapi_plugin/ppapi.sb | 20 | ||||
| -rw-r--r-- | content/ppapi_plugin/ppapi_thread.cc | 14 |
2 files changed, 34 insertions, 0 deletions
diff --git a/content/ppapi_plugin/ppapi.sb b/content/ppapi_plugin/ppapi.sb new file mode 100644 index 0000000..6fa3ebf --- /dev/null +++ b/content/ppapi_plugin/ppapi.sb @@ -0,0 +1,20 @@ +;; +;; Copyright (c) 2011 The Chromium Authors. All rights reserved. +;; Use of this source code is governed by a BSD-style license that can be +;; found in the LICENSE file. +;; + +; TODO(viettrungluu): Confirm that the exceptions below are needed. + +; *** The contents of content/common/common.sb are implicitly included here. *** + +; Needed for Fonts. +(allow file-read* (regex #"^/System/Library/Fonts($|/)")) ; 10.5.6 +; 10.6 for loading fonts in the renderer. +; on 10.5 this is needed for the PDF plugin. +(allow file-read* (regex #"^/Library/Fonts($|/)")) +(allow mach-lookup (global-name "com.apple.FontObjectsServer")) ; 10.5.6 +;10.6_OR_ABOVE (allow mach-lookup (global-name "com.apple.FontServer")) ; 10.6 + +; http://crbug.com/11269 +;10.6_OR_ABOVE (allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts")) ; 10.6 diff --git a/content/ppapi_plugin/ppapi_thread.cc b/content/ppapi_plugin/ppapi_thread.cc index 4ad7cd2..9b3c846 100644 --- a/content/ppapi_plugin/ppapi_thread.cc +++ b/content/ppapi_plugin/ppapi_thread.cc @@ -6,10 +6,13 @@ #include <limits> +#include "base/command_line.h" #include "base/process_util.h" #include "base/rand_util.h" #include "base/stringprintf.h" #include "content/common/child_process.h" +#include "content/common/content_switches.h" +#include "content/common/sandbox_init_wrapper.h" #include "content/ppapi_plugin/broker_process_dispatcher.h" #include "content/ppapi_plugin/plugin_process_dispatcher.h" #include "content/ppapi_plugin/ppapi_webkit_thread.h" @@ -145,6 +148,17 @@ void PpapiThread::OnMsgLoadPlugin(const FilePath& path) { return; } +#if defined(OS_MACOSX) + // We need to do this after getting |PPP_GetInterface()| (or presumably + // doing something nontrivial with the library), else the sandbox + // intercedes. + CommandLine* parsed_command_line = CommandLine::ForCurrentProcess(); + SandboxInitWrapper sandbox_wrapper; + if (!sandbox_wrapper.InitializeSandbox(*parsed_command_line, + switches::kPpapiPluginProcess)) + LOG(WARNING) << "Failed to initialize sandbox"; +#endif + // Get the InitializeModule function (required). pp::proxy::Dispatcher::InitModuleFunc init_module = reinterpret_cast<pp::proxy::Dispatcher::InitModuleFunc>( |