0
Files
src/content/browser/sandbox_parameters_mac.h
Evan Stade 526e35a6ec Mac sandbox: don't use protobuf for policy serialization
This change replaces protobuf with a custom serialization routine.
Some of the utilities for encoding ints and blobs are lifted from
IndexedDB code.

The change also:
- deletes CompileAndApplyProfile, which was only used in unit tests.
  The tests are updated to verify production code instead, so test
  coverage is better.
- Renames SandboxCompiler to SandboxSerializer. This is more
  accurate as "compiling" is a separate step provided by Mac system
  utilities.
- Co-locates all serialization and de-serialization code in
  SandboxSerializer, making it easier to understand and, if
  desired, modify. Previously, these steps were spread across
  SandboxCompiler and sandbox_exec.cc.

Bug: 328417294
Change-Id: I41bdffdb5331a0bfd979942b079fe5dd3670fe53
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6208630
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Evan Stade <estade@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1414452}
2025-01-31 16:09:37 -08:00

40 lines
1.1 KiB
C++

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_SANDBOX_PARAMETERS_MAC_H_
#define CONTENT_BROWSER_SANDBOX_PARAMETERS_MAC_H_
#include "content/common/content_export.h"
namespace base {
class CommandLine;
class FilePath;
}
namespace sandbox {
class SandboxSerializer;
namespace mojom {
enum class Sandbox;
} // namespace mojom
} // namespace sandbox
namespace content {
// This populates the sandbox parameters in the client for the given
// |sandbox_type|. Some parameters may be extracted from the |command_line|.
CONTENT_EXPORT bool SetupSandboxParameters(
sandbox::mojom::Sandbox sandbox_type,
const base::CommandLine& command_line,
sandbox::SandboxSerializer* serializer);
// Expands the SandboxType::kNetwork policy to allow reading files from
// the specified |path|, which stores TLS certificates used by the browser
// test web servers.
CONTENT_EXPORT void SetNetworkTestCertsDirectoryForTesting(
const base::FilePath& path);
} // namespace content
#endif // CONTENT_BROWSER_SANDBOX_PARAMETERS_MAC_H_