summaryrefslogtreecommitdiff
path: root/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm')
-rw-r--r--Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm35
1 files changed, 35 insertions, 0 deletions
diff --git a/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm b/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
index f4e834c57..7a8cb35f4 100644
--- a/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
+++ b/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
@@ -39,6 +39,10 @@
#import <objc/runtime.h>
#import <wtf/HashSet.h>
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+#import "NetscapeSandboxFunctions.h"
+#endif
+
namespace WebKit {
static pthread_once_t shouldCallRealDebuggerOnce = PTHREAD_ONCE_INIT;
@@ -262,6 +266,33 @@ void PluginProcess::setFullscreenWindowIsShowing(bool fullscreenWindowIsShowing)
m_connection->send(Messages::PluginProcessProxy::SetFullscreenWindowIsShowing(fullscreenWindowIsShowing), 0);
}
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+static void initializeSandbox(const String& pluginPath)
+{
+ RetainPtr<CFStringRef> cfPluginPath = adoptCF(pluginPath.createCFString());
+ RetainPtr<CFURLRef> pluginURL = adoptCF(CFURLCreateWithFileSystemPath(0, cfPluginPath.get(), kCFURLPOSIXPathStyle, false));
+ if (!pluginURL)
+ return;
+
+ RetainPtr<CFBundleRef> pluginBundle = adoptCF(CFBundleCreate(kCFAllocatorDefault, pluginURL.get()));
+ if (!pluginBundle)
+ return;
+
+ CFStringRef bundleIdentifier = CFBundleGetIdentifier(pluginBundle.get());
+ if (!bundleIdentifier)
+ return;
+
+ RetainPtr<CFStringRef> sandboxFileName = CFStringCreateWithFormat(0, 0, CFSTR("%@.sb"), bundleIdentifier);
+ RetainPtr<CFURLRef> pluginSandboxDirectory = adoptCF(CFURLCreateWithFileSystemPath(0, CFSTR("/usr/share/sandbox/"), kCFURLPOSIXPathStyle, YES));
+ RetainPtr<CFURLRef> sandboxURL = adoptCF(CFURLCreateWithFileSystemPathRelativeToBase(0, sandboxFileName.get(), kCFURLPOSIXPathStyle, FALSE, pluginSandboxDirectory.get()));
+ RetainPtr<NSString> profileString = [[NSString alloc] initWithContentsOfURL:(NSURL *)sandboxURL.get() encoding:NSUTF8StringEncoding error:NULL];
+ if (!profileString)
+ return;
+
+ enterSandbox([profileString.get() UTF8String], 0, 0);
+}
+#endif
+
void PluginProcess::platformInitialize(const PluginProcessCreationParameters& parameters)
{
m_compositingRenderServerPort = parameters.acceleratedCompositingPort.port();
@@ -273,6 +304,10 @@ void PluginProcess::platformInitialize(const PluginProcessCreationParameters& pa
(NSString *)parameters.parentProcessName];
WKSetVisibleApplicationName((CFStringRef)applicationName);
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
+ initializeSandbox(m_pluginPath);
+#endif
}
} // namespace WebKit
View Lorry Controller Status