OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_MAC_H_ |
6 #define CONTENT_COMMON_SANDBOX_MAC_H_ | 6 #define CONTENT_COMMON_SANDBOX_MAC_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 | 10 |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
118 // | 118 // |
119 // On output |final_sandbox_profile_str| contains the final sandbox profile. | 119 // On output |final_sandbox_profile_str| contains the final sandbox profile. |
120 // Returns true on success, false otherwise. | 120 // Returns true on success, false otherwise. |
121 static bool PostProcessSandboxProfile( | 121 static bool PostProcessSandboxProfile( |
122 NSString* in_sandbox_data, | 122 NSString* in_sandbox_data, |
123 NSArray* comments_to_remove, | 123 NSArray* comments_to_remove, |
124 SandboxVariableSubstitions& substitutions, | 124 SandboxVariableSubstitions& substitutions, |
125 std::string *final_sandbox_profile_str); | 125 std::string *final_sandbox_profile_str); |
126 | 126 |
127 private: | 127 private: |
128 // Returns a (allow file-read-metadata) rule for |allowed_dir| and all its | |
Avi (use Gerrit)
2012/06/07 14:50:01
incorrect variable name
also, wouldn't that be "a
Nico
2012/06/07 14:59:56
Done.
| |
129 // parent directories. | |
130 static NSString* AllowMetadataForPath(const FilePath& allowed_path); | |
131 | |
128 // Escape |src_utf8| for use in a plain string variable in a sandbox | 132 // Escape |src_utf8| for use in a plain string variable in a sandbox |
129 // configuraton file. On return |dst| is set to the quoted output. | 133 // configuraton file. On return |dst| is set to the quoted output. |
130 // Returns: true on success, false otherwise. | 134 // Returns: true on success, false otherwise. |
131 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); | 135 static bool QuotePlainString(const std::string& src_utf8, std::string* dst); |
132 | 136 |
133 // Escape |str_utf8| for use in a regex literal in a sandbox | 137 // Escape |str_utf8| for use in a regex literal in a sandbox |
134 // configuraton file. On return |dst| is set to the utf-8 encoded quoted | 138 // configuraton file. On return |dst| is set to the utf-8 encoded quoted |
135 // output. | 139 // output. |
136 // | 140 // |
137 // The implementation of this function is based on empirical testing of the | 141 // The implementation of this function is based on empirical testing of the |
138 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to | 142 // OS X sandbox on 10.5.8 & 10.6.2 which is undocumented and subject to |
139 // change. | 143 // change. |
140 // | 144 // |
141 // Note: If str_utf8 contains any characters < 32 || >125 then the function | 145 // Note: If str_utf8 contains any characters < 32 || >125 then the function |
142 // fails and false is returned. | 146 // fails and false is returned. |
143 // | 147 // |
144 // Returns: true on success, false otherwise. | 148 // Returns: true on success, false otherwise. |
145 static bool QuoteStringForRegex(const std::string& str_utf8, | 149 static bool QuoteStringForRegex(const std::string& str_utf8, |
146 std::string* dst); | 150 std::string* dst); |
147 | 151 |
148 // Convert provided path into a "canonical" path matching what the Sandbox | 152 // Convert provided path into a "canonical" path matching what the Sandbox |
149 // expects i.e. one without symlinks. | 153 // expects i.e. one without symlinks. |
150 // This path is not necessarily unique e.g. in the face of hardlinks. | 154 // This path is not necessarily unique e.g. in the face of hardlinks. |
151 static void GetCanonicalSandboxPath(FilePath* path); | 155 static FilePath GetCanonicalSandboxPath(const FilePath& path); |
Nico
2012/06/05 17:54:21
This is a behavior-preserving refactoring to make
| |
152 | 156 |
153 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); | 157 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape); |
154 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); | 158 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape); |
155 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); | 159 FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess); |
156 | 160 |
157 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); | 161 DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox); |
158 }; | 162 }; |
159 | 163 |
160 } // namespace sandbox | 164 } // namespace sandbox |
161 | 165 |
162 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ | 166 #endif // CONTENT_COMMON_SANDBOX_MAC_H_ |
OLD | NEW |