services/service_manager/sandbox/sandbox.cc - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "services/service_manager/sandbox/sandbox.h"

 #include "build/build_config.h"

 #if defined(OS_MACOSX)
 #include "services/service_manager/sandbox/mac/sandbox_mac.h"
 #endif  // defined(OS_MACOSX)

 #if defined(OS_WIN)
 #include "sandbox/win/src/sandbox.h"
 #include "services/service_manager/sandbox/win/sandbox_win.h"
 #endif  // defined(OS_WIN)

 namespace service_manager {

 #if defined(OS_MACOSX)
 bool Sandbox::Initialize(SandboxType sandbox_type,
                          const base::FilePath& allowed_dir,
                          base::OnceClosure hook) {
   // Warm up APIs before turning on the sandbox.
   SandboxMac::Warmup(sandbox_type);

   // Execute the post warmup callback.
   if (!hook.is_null())
     std::move(hook).Run();

   // Actually sandbox the process.
   return SandboxMac::Enable(sandbox_type, allowed_dir);
 }
 #endif  // defined(OS_MACOSX)

 #if defined(OS_WIN)
 bool Sandbox::Initialize(SandboxType sandbox_type,
                          sandbox::SandboxInterfaceInfo* sandbox_info) {
   sandbox::BrokerServices* broker_services = sandbox_info->broker_services;
   if (broker_services) {
     if (!SandboxWin::InitBrokerServices(broker_services))
       return false;

     // IMPORTANT: This piece of code needs to run as early as possible in the
     // process because it will initialize the sandbox broker, which requires the
     // process to swap its window station. During this time all the UI will be
     // broken. This has to run before threads and windows are created.
     if (!IsUnsandboxedSandboxType(sandbox_type)) {
       // Precreate the desktop and window station used by the renderers.
       scoped_refptr<sandbox::TargetPolicy> policy =
           broker_services->CreatePolicy();
       sandbox::ResultCode result = policy->CreateAlternateDesktop(true);
       CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result);
     }
     return true;
   }
   return IsUnsandboxedSandboxType(sandbox_type) ||
          SandboxWin::InitTargetServices(sandbox_info->target_services);
 }
 #endif  // defined(OS_WIN)

 }  // namespace service_manager
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "services/service_manager/sandbox/sandbox.h"

	#include "build/build_config.h"

	#if defined(OS_MACOSX)
	#include "services/service_manager/sandbox/mac/sandbox_mac.h"
	#endif // defined(OS_MACOSX)

	#if defined(OS_WIN)
	#include "sandbox/win/src/sandbox.h"
	#include "services/service_manager/sandbox/win/sandbox_win.h"
	#endif // defined(OS_WIN)

	namespace service_manager {

	#if defined(OS_MACOSX)
	bool Sandbox::Initialize(SandboxType sandbox_type,
	const base::FilePath& allowed_dir,
	base::OnceClosure hook) {
	// Warm up APIs before turning on the sandbox.
	SandboxMac::Warmup(sandbox_type);

	// Execute the post warmup callback.
	if (!hook.is_null())
	std::move(hook).Run();

	// Actually sandbox the process.
	return SandboxMac::Enable(sandbox_type, allowed_dir);
	}
	#endif // defined(OS_MACOSX)

	#if defined(OS_WIN)
	bool Sandbox::Initialize(SandboxType sandbox_type,
	sandbox::SandboxInterfaceInfo* sandbox_info) {
	sandbox::BrokerServices* broker_services = sandbox_info->broker_services;
	if (broker_services) {
	if (!SandboxWin::InitBrokerServices(broker_services))
	return false;

	// IMPORTANT: This piece of code needs to run as early as possible in the
	// process because it will initialize the sandbox broker, which requires the
	// process to swap its window station. During this time all the UI will be
	// broken. This has to run before threads and windows are created.
	if (!IsUnsandboxedSandboxType(sandbox_type)) {
	// Precreate the desktop and window station used by the renderers.
	scoped_refptr<sandbox::TargetPolicy> policy =
	broker_services->CreatePolicy();
	sandbox::ResultCode result = policy->CreateAlternateDesktop(true);
	CHECK(sandbox::SBOX_ERROR_FAILED_TO_SWITCH_BACK_WINSTATION != result);
	}
	return true;
	}
	return IsUnsandboxedSandboxType(sandbox_type) \|\|
	SandboxWin::InitTargetServices(sandbox_info->target_services);
	}
	#endif // defined(OS_WIN)

	} // namespace service_manager