1 files changed, 149 insertions, 0 deletions
diff --git a/chromium/content/browser/bootstrap_sandbox_mac.cc b/chromium/content/browser/bootstrap_sandbox_mac.cc
new file mode 100644
index 00000000000..040a23783ea
--- /dev/null
+++ b/chromium/content/browser/bootstrap_sandbox_mac.cc
@@ -0,0 +1,149 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/bootstrap_sandbox_mac.h"
+
+#include "base/logging.h"
+#include "base/mac/mac_util.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/singleton.h"
+#include "content/browser/mach_broker_mac.h"
+#include "content/common/sandbox_init_mac.h"
+#include "content/public/browser/browser_child_process_observer.h"
+#include "content/public/browser/child_process_data.h"
+#include "content/public/browser/notification_details.h"
+#include "content/public/browser/notification_observer.h"
+#include "content/public/browser/notification_registrar.h"
+#include "content/public/browser/notification_service.h"
+#include "content/public/browser/notification_types.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/common/sandbox_type_mac.h"
+#include "sandbox/mac/bootstrap_sandbox.h"
+
+namespace content {
+
+namespace {
+
+// This class is responsible for creating the BootstrapSandbox global
+// singleton, as well as registering all associated policies with it.
+class BootstrapSandboxPolicy : public BrowserChildProcessObserver,
+                               public NotificationObserver {
+ public:
+  static BootstrapSandboxPolicy* GetInstance();
+
+  sandbox::BootstrapSandbox* sandbox() const {
+    return sandbox_.get();
+  }
+
+  // BrowserChildProcessObserver:
+  virtual void BrowserChildProcessHostDisconnected(
+      const ChildProcessData& data) OVERRIDE;
+  virtual void BrowserChildProcessCrashed(
+      const ChildProcessData& data) OVERRIDE;
+
+  // NotificationObserver:
+  virtual void Observe(int type,
+                       const NotificationSource& source,
+                       const NotificationDetails& details) OVERRIDE;
+
+ private:
+  friend struct DefaultSingletonTraits<BootstrapSandboxPolicy>;
+  BootstrapSandboxPolicy();
+  virtual ~BootstrapSandboxPolicy();
+
+  void RegisterSandboxPolicies();
+  void RegisterRendererPolicy();
+
+  void AddBaselinePolicy(sandbox::BootstrapSandboxPolicy* policy);
+
+  NotificationRegistrar notification_registrar_;
+
+  scoped_ptr<sandbox::BootstrapSandbox> sandbox_;
+};
+
+BootstrapSandboxPolicy* BootstrapSandboxPolicy::GetInstance() {
+  return Singleton<BootstrapSandboxPolicy>::get();
+}
+
+void BootstrapSandboxPolicy::BrowserChildProcessHostDisconnected(
+      const ChildProcessData& data) {
+  sandbox()->ChildDied(data.handle);
+}
+
+void BootstrapSandboxPolicy::BrowserChildProcessCrashed(
+      const ChildProcessData& data) {
+  sandbox()->ChildDied(data.handle);
+}
+
+void BootstrapSandboxPolicy::Observe(int type,
+                                     const NotificationSource& source,
+                                     const NotificationDetails& details) {
+  switch (type) {
+    case NOTIFICATION_RENDERER_PROCESS_CLOSED:
+      sandbox()->ChildDied(
+          Details<RenderProcessHost::RendererClosedDetails>(details)->handle);
+      break;
+    default:
+      NOTREACHED() << "Unexpected notification " << type;
+      break;
+  }
+}
+
+BootstrapSandboxPolicy::BootstrapSandboxPolicy()
+    : sandbox_(sandbox::BootstrapSandbox::Create()) {
+  CHECK(sandbox_.get());
+  BrowserChildProcessObserver::Add(this);
+  notification_registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED,
+      NotificationService::AllBrowserContextsAndSources());
+  RegisterSandboxPolicies();
+}
+
+BootstrapSandboxPolicy::~BootstrapSandboxPolicy() {
+  BrowserChildProcessObserver::Remove(this);
+}
+
+void BootstrapSandboxPolicy::RegisterSandboxPolicies() {
+  RegisterRendererPolicy();
+}
+
+void BootstrapSandboxPolicy::RegisterRendererPolicy() {
+  sandbox::BootstrapSandboxPolicy policy;
+  AddBaselinePolicy(&policy);
+
+  // Permit font queries.
+  policy.rules["com.apple.FontServer"] = sandbox::Rule(sandbox::POLICY_ALLOW);
+  policy.rules["com.apple.FontObjectsServer"] =
+      sandbox::Rule(sandbox::POLICY_ALLOW);
+
+  // Allow access to the windowserver. This is needed to get the colorspace
+  // during sandbox warmup. Since NSColorSpace conforms to NSCoding, this
+  // should be plumbed over IPC instead <http://crbug.com/265709>.
+  policy.rules["com.apple.windowserver.active"] =
+      sandbox::Rule(sandbox::POLICY_ALLOW);
+
+  sandbox_->RegisterSandboxPolicy(SANDBOX_TYPE_RENDERER, policy);
+}
+
+void BootstrapSandboxPolicy::AddBaselinePolicy(
+    sandbox::BootstrapSandboxPolicy* policy) {
+  auto& rules = policy->rules;
+
+  // Allow the child to send its task port to the MachBroker.
+  rules[MachBroker::GetMachPortName()] = sandbox::Rule(sandbox::POLICY_ALLOW);
+
+  // Allow logging to the syslog.
+  rules["com.apple.system.logger"] = sandbox::Rule(sandbox::POLICY_ALLOW);
+}
+
+}  // namespace
+
+bool ShouldEnableBootstrapSandbox() {
+  return false;
+}
+
+sandbox::BootstrapSandbox* GetBootstrapSandbox() {
+  return BootstrapSandboxPolicy::GetInstance()->sandbox();
+}
+
+}  // namespace content