content/browser/sandbox_parameters_mac.mm - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/browser/sandbox_parameters_mac.h"

 #include <unistd.h>

 #include "base/command_line.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/mac/bundle_locations.h"
 #include "base/mac/mac_util.h"
 #include "base/numerics/checked_math.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/sys_info.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/mac/seatbelt_exec.h"
 #include "services/service_manager/sandbox/mac/sandbox_mac.h"

 namespace content {

 namespace {

 // Produce the OS version as an integer "1010", etc. and pass that to the
 // profile. The profile converts the string back to a number and can do
 // comparison operations on OS version.
 std::string GetOSVersion() {
   int32_t major_version, minor_version, bugfix_version;
   base::SysInfo::OperatingSystemVersionNumbers(&major_version, &minor_version,
                                                &bugfix_version);
   base::CheckedNumeric<int32_t> os_version(major_version);
   os_version *= 100;
   os_version += minor_version;

   int32_t final_os_version = os_version.ValueOrDie();
   return std::to_string(final_os_version);
 }

 }  // namespace

 void SetupCommonSandboxParameters(sandbox::SeatbeltExecClient* client) {
   const base::CommandLine* command_line =
       base::CommandLine::ForCurrentProcess();
   bool enable_logging =
       command_line->HasSwitch(switches::kEnableSandboxLogging);

   CHECK(client->SetBooleanParameter(
       service_manager::SandboxMac::kSandboxEnableLogging, enable_logging));
   CHECK(client->SetBooleanParameter(
       service_manager::SandboxMac::kSandboxDisableDenialLogging,
       !enable_logging));

   std::string bundle_path =
       service_manager::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
           .value();
   CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBundlePath,
                              bundle_path));

   NSBundle* bundle = base::mac::OuterBundle();
   std::string bundle_id = base::SysNSStringToUTF8([bundle bundleIdentifier]);
   CHECK(client->SetParameter(
       service_manager::SandboxMac::kSandboxChromeBundleId, bundle_id));

   CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBrowserPID,
                              std::to_string(getpid())));

   std::string logging_path =
       GetContentClient()->browser()->GetLoggingFileName(*command_line).value();
   CHECK(client->SetParameter(
       service_manager::SandboxMac::kSandboxLoggingPathAsLiteral, logging_path));

 #if defined(COMPONENT_BUILD)
   // For component builds, allow access to one directory level higher, where
   // the dylibs live.
   base::FilePath component_path = base::mac::MainBundlePath().Append("..");
   std::string component_path_canonical =
       service_manager::SandboxMac::GetCanonicalPath(component_path).value();
   CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxComponentPath,
                              component_path_canonical));
 #endif

   CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxOSVersion,
                              GetOSVersion()));

   std::string homedir =
       service_manager::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
   CHECK(client->SetParameter(
       service_manager::SandboxMac::kSandboxHomedirAsLiteral, homedir));
 }

 void SetupCDMSandboxParameters(sandbox::SeatbeltExecClient* client) {
   SetupCommonSandboxParameters(client);

   base::FilePath bundle_path = service_manager::SandboxMac::GetCanonicalPath(
       base::mac::FrameworkBundlePath().DirName());
   CHECK(!bundle_path.empty());

   CHECK(client->SetParameter(
       service_manager::SandboxMac::kSandboxBundleVersionPath,
       bundle_path.value()));
 }

 void SetupUtilitySandboxParameters(sandbox::SeatbeltExecClient* client,
                                    const base::CommandLine& command_line) {
   SetupCommonSandboxParameters(client);

   base::FilePath permitted_dir =
       command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);

   if (!permitted_dir.empty()) {
     std::string permitted_dir_canonical =
         service_manager::SandboxMac::GetCanonicalPath(permitted_dir).value();
     CHECK(
         client->SetParameter(service_manager::SandboxMac::kSandboxPermittedDir,
                              permitted_dir_canonical));
   }
 }

 }  // namespace content
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/browser/sandbox_parameters_mac.h"

	#include <unistd.h>

	#include "base/command_line.h"
	#include "base/files/file_util.h"
	#include "base/logging.h"
	#include "base/mac/bundle_locations.h"
	#include "base/mac/mac_util.h"
	#include "base/numerics/checked_math.h"
	#include "base/strings/sys_string_conversions.h"
	#include "base/sys_info.h"
	#include "content/public/browser/content_browser_client.h"
	#include "content/public/common/content_client.h"
	#include "content/public/common/content_switches.h"
	#include "sandbox/mac/seatbelt_exec.h"
	#include "services/service_manager/sandbox/mac/sandbox_mac.h"

	namespace content {

	namespace {

	// Produce the OS version as an integer "1010", etc. and pass that to the
	// profile. The profile converts the string back to a number and can do
	// comparison operations on OS version.
	std::string GetOSVersion() {
	int32_t major_version, minor_version, bugfix_version;
	base::SysInfo::OperatingSystemVersionNumbers(&major_version, &minor_version,
	&bugfix_version);
	base::CheckedNumeric<int32_t> os_version(major_version);
	os_version *= 100;
	os_version += minor_version;

	int32_t final_os_version = os_version.ValueOrDie();
	return std::to_string(final_os_version);
	}

	} // namespace

	void SetupCommonSandboxParameters(sandbox::SeatbeltExecClient* client) {
	const base::CommandLine* command_line =
	base::CommandLine::ForCurrentProcess();
	bool enable_logging =
	command_line->HasSwitch(switches::kEnableSandboxLogging);

	CHECK(client->SetBooleanParameter(
	service_manager::SandboxMac::kSandboxEnableLogging, enable_logging));
	CHECK(client->SetBooleanParameter(
	service_manager::SandboxMac::kSandboxDisableDenialLogging,
	!enable_logging));

	std::string bundle_path =
	service_manager::SandboxMac::GetCanonicalPath(base::mac::MainBundlePath())
	.value();
	CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBundlePath,
	bundle_path));

	NSBundle* bundle = base::mac::OuterBundle();
	std::string bundle_id = base::SysNSStringToUTF8([bundle bundleIdentifier]);
	CHECK(client->SetParameter(
	service_manager::SandboxMac::kSandboxChromeBundleId, bundle_id));

	CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxBrowserPID,
	std::to_string(getpid())));

	std::string logging_path =
	GetContentClient()->browser()->GetLoggingFileName(*command_line).value();
	CHECK(client->SetParameter(
	service_manager::SandboxMac::kSandboxLoggingPathAsLiteral, logging_path));

	#if defined(COMPONENT_BUILD)
	// For component builds, allow access to one directory level higher, where
	// the dylibs live.
	base::FilePath component_path = base::mac::MainBundlePath().Append("..");
	std::string component_path_canonical =
	service_manager::SandboxMac::GetCanonicalPath(component_path).value();
	CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxComponentPath,
	component_path_canonical));
	#endif

	CHECK(client->SetParameter(service_manager::SandboxMac::kSandboxOSVersion,
	GetOSVersion()));

	std::string homedir =
	service_manager::SandboxMac::GetCanonicalPath(base::GetHomeDir()).value();
	CHECK(client->SetParameter(
	service_manager::SandboxMac::kSandboxHomedirAsLiteral, homedir));
	}

	void SetupCDMSandboxParameters(sandbox::SeatbeltExecClient* client) {
	SetupCommonSandboxParameters(client);

	base::FilePath bundle_path = service_manager::SandboxMac::GetCanonicalPath(
	base::mac::FrameworkBundlePath().DirName());
	CHECK(!bundle_path.empty());

	CHECK(client->SetParameter(
	service_manager::SandboxMac::kSandboxBundleVersionPath,
	bundle_path.value()));
	}

	void SetupUtilitySandboxParameters(sandbox::SeatbeltExecClient* client,
	const base::CommandLine& command_line) {
	SetupCommonSandboxParameters(client);

	base::FilePath permitted_dir =
	command_line.GetSwitchValuePath(switches::kUtilityProcessAllowedDir);

	if (!permitted_dir.empty()) {
	std::string permitted_dir_canonical =
	service_manager::SandboxMac::GetCanonicalPath(permitted_dir).value();
	CHECK(
	client->SetParameter(service_manager::SandboxMac::kSandboxPermittedDir,
	permitted_dir_canonical));
	}
	}

	} // namespace content