bootstrap_sandbox_mac.cc revision f8ee788a64d60abd8f2d742a5fdedde054ecd910
1f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// found in the LICENSE file. 4f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 5f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/browser/bootstrap_sandbox_mac.h" 6f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 7f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "base/logging.h" 8f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "base/mac/mac_util.h" 9f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 10f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "base/memory/singleton.h" 11f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/common/sandbox_init_mac.h" 12f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/public/browser/browser_child_process_observer.h" 13f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/public/browser/child_process_data.h" 14f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "content/public/common/sandbox_type_mac.h" 15f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)#include "sandbox/mac/bootstrap_sandbox.h" 16f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 17f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)namespace content { 18f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 19f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)namespace { 20f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 21f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// This class is responsible for creating the BootstrapSandbox global 22f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)// singleton, as well as registering all associated policies with it. 23f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)class BootstrapSandboxPolicy : public BrowserChildProcessObserver { 24f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) public: 25f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) static BootstrapSandboxPolicy* GetInstance(); 26f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 27f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox::BootstrapSandbox* sandbox() const { 28f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) return sandbox_.get(); 29f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) } 30f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 31f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) // BrowserChildProcessObserver: 32f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) virtual void BrowserChildProcessHostDisconnected( 33f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) const ChildProcessData& data) OVERRIDE; 34f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) virtual void BrowserChildProcessCrashed( 35f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) const ChildProcessData& data) OVERRIDE; 36f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 37f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) private: 38f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) friend struct DefaultSingletonTraits<BootstrapSandboxPolicy>; 39f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) BootstrapSandboxPolicy(); 40f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) virtual ~BootstrapSandboxPolicy(); 41f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 42f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) void RegisterSandboxPolicies(); 43f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) void RegisterNPAPIPolicy(); 44f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 45f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) scoped_ptr<sandbox::BootstrapSandbox> sandbox_; 46f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)}; 47f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 48f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)BootstrapSandboxPolicy* BootstrapSandboxPolicy::GetInstance() { 49f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) return Singleton<BootstrapSandboxPolicy>::get(); 50f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 51f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 52f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)void BootstrapSandboxPolicy::BrowserChildProcessHostDisconnected( 53f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) const ChildProcessData& data) { 54f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox()->ChildDied(data.handle); 55f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 56f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 57f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)void BootstrapSandboxPolicy::BrowserChildProcessCrashed( 58f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) const ChildProcessData& data) { 59f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox()->ChildDied(data.handle); 60f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 61f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 62f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)BootstrapSandboxPolicy::BootstrapSandboxPolicy() 63f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) : sandbox_(sandbox::BootstrapSandbox::Create()) { 64f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) CHECK(sandbox_.get()); 65f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) BrowserChildProcessObserver::Add(this); 66f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) RegisterSandboxPolicies(); 67f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 68f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 69f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)BootstrapSandboxPolicy::~BootstrapSandboxPolicy() { 70f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) BrowserChildProcessObserver::Remove(this); 71f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 72f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 73f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)void BootstrapSandboxPolicy::RegisterSandboxPolicies() { 74f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) RegisterNPAPIPolicy(); 75f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 76f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 77f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)void BootstrapSandboxPolicy::RegisterNPAPIPolicy() { 78f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox::BootstrapSandboxPolicy policy; 79f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) policy.default_rule = sandbox::Rule(sandbox::POLICY_ALLOW); 80f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) policy.rules[kBootstrapPortNameForNPAPIPlugins] = 81f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox::Rule(sandbox_->real_bootstrap_port()); 82f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_NPAPI, policy); 83f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 84f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 85f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} // namespace 86f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 87f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)bool ShouldEnableBootstrapSandbox() { 88f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) return base::mac::IsOSMountainLionOrEarlier() || 89f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) base::mac::IsOSMavericks(); 90f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 91f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 92f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)sandbox::BootstrapSandbox* GetBootstrapSandbox() { 93f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) return BootstrapSandboxPolicy::GetInstance()->sandbox(); 94f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} 95f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles) 96f8ee788a64d60abd8f2d742a5fdedde054ecd910Torne (Richard Coles)} // namespace content 97