From 8ee8189e6ae18d1d9ada90601b0c4e1b08c865d8 Mon Sep 17 00:00:00 2001 From: "mpcomplete@google.com" Date: Wed, 8 Oct 2008 19:35:21 +0000 Subject: Hackish changes to make gears work in the renderer with the sandbox. Review URL: http://codereview.chromium.org/6434 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3032 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/browser/render_process_host.cc | 8 ++++++++ chrome/browser/sandbox_policy.cc | 31 +++++++++++++++++++++++++++++++ chrome/browser/sandbox_policy.h | 3 +++ 3 files changed, 42 insertions(+) (limited to 'chrome/browser') diff --git a/chrome/browser/render_process_host.cc b/chrome/browser/render_process_host.cc index ed969a6..b39c89b 100644 --- a/chrome/browser/render_process_host.cc +++ b/chrome/browser/render_process_host.cc @@ -372,6 +372,14 @@ bool RenderProcessHost::Init() { return false; } + CommandLine command_line; + if (command_line.HasSwitch(switches::kGearsInRenderer)) { + if (!AddPolicyForGearsInRenderer(policy)) { + NOTREACHED(); + return false; + } + } + if (!AddDllEvictionPolicy(policy)) { NOTREACHED(); return false; diff --git a/chrome/browser/sandbox_policy.cc b/chrome/browser/sandbox_policy.cc index 0969bd3..04c61c2 100644 --- a/chrome/browser/sandbox_policy.cc +++ b/chrome/browser/sandbox_policy.cc @@ -116,6 +116,37 @@ bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy) { return true; } +bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy) { + sandbox::ResultCode result; + + // TODO(mpcomplete): need to restrict access to database files only. This + // is just temporary for debugging purposes. + std::wstring plugin_data; + if (!PathService::Get(chrome::DIR_USER_DATA, &plugin_data)) + return false; + if (!win_util::ConvertToLongPath(plugin_data, &plugin_data)) + return false; + + file_util::AppendToPath(&plugin_data, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + plugin_data.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + std::wstring temppath; + if (!file_util::GetTempDir(&temppath)) + return false; + file_util::AppendToPath(&temppath, L"*"); + result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES, + sandbox::TargetPolicy::FILES_ALLOW_ANY, + temppath.c_str()); + if (result != sandbox::SBOX_ALL_OK) + return false; + + return true; +} + bool AddGenericPolicy(sandbox::TargetPolicy* policy) { sandbox::ResultCode result; diff --git a/chrome/browser/sandbox_policy.h b/chrome/browser/sandbox_policy.h index b32e5d8..3beafdd 100644 --- a/chrome/browser/sandbox_policy.h +++ b/chrome/browser/sandbox_policy.h @@ -15,6 +15,9 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy); // Adds policy rules for unloaded the known dlls that cause chrome to crash. bool AddDllEvictionPolicy(sandbox::TargetPolicy* policy); +// Adds policy rules for running Gears in the renderer process. +bool AddPolicyForGearsInRenderer(sandbox::TargetPolicy* policy); + // Adds the custom policy rules for a given plugin. If dll is activex-shim, // then clsid is the clsid of ActiveX control. Otherwise clsid is ignored. // |trusted_plugins| contains the comma separate list of plugins that should -- cgit v1.1