Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(481)

Unified Diff: services/shell/service_manager.cc

Issue 2338793003: services/shell: Turn on sandboxing for mojo apps.
Patch Set: . Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/leveldb/manifest.json ('k') | services/ui/manifest.json » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: services/shell/service_manager.cc
diff --git a/services/shell/service_manager.cc b/services/shell/service_manager.cc
index 5e1de8467fe1d6f2d738fcf1758d13b7c543665f..fcbfa071040a5237e87ea8b9f0606d625b096799 100644
--- a/services/shell/service_manager.cc
+++ b/services/shell/service_manager.cc
@@ -39,6 +39,7 @@ const char kCapabilityClass_ClientProcess[] = "shell:client_process";
const char kCapabilityClass_InstanceName[] = "shell:instance_name";
const char kCapabilityClass_AllUsers[] = "shell:all_users";
const char kCapabilityClass_ExplicitClass[] = "shell:explicit_class";
+const char kCapabilityClass_Unsandboxed[] = "shell:unsandboxed";
} // namespace
@@ -216,10 +217,10 @@ class ServiceManager::Instance
StartWithService(std::move(service));
}
- void StartWithFilePath(const base::FilePath& path) {
+ void StartWithFilePath(const base::FilePath& path, bool unsandboxed) {
CHECK(!service_);
runner_ = service_manager_->native_runner_factory_->Create(path);
- bool start_sandboxed = false;
+ bool start_sandboxed = !unsandboxed;
mojom::ServicePtr service = runner_->Start(
path, identity_, start_sandboxed,
base::Bind(&Instance::PIDAvailable, weak_factory_.GetWeakPtr()),
@@ -821,7 +822,8 @@ void ServiceManager::OnGotResolvedName(std::unique_ptr<ConnectParams> params,
instance_name);
CreateServiceWithFactory(factory, target.name(), std::move(request));
} else {
- instance->StartWithFilePath(result->package_path);
+ bool unsandboxed = HasClass(capabilities, kCapabilityClass_Unsandboxed);
+ instance->StartWithFilePath(result->package_path, unsandboxed);
}
}
« no previous file with comments | « components/leveldb/manifest.json ('k') | services/ui/manifest.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698