Suppress sandbox deprecation warnings by using the Seatbelt wrapper.

OS X deprecated all of the Sandbox API and never provided a replacement. To hide the deprecation suppressions in the code, we use a wrapper class. BUG=chromium:622489 NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2369553002 Cr-Commit-Position: refs/heads/master@{#420799}
qweri0p · Sep 24, 2016 · df7ac74 · df7ac74
1 parent 14d43b4
commit df7ac74
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 7 deletions.
diff --git a/chrome/utility/safe_browsing/DEPS b/chrome/utility/safe_browsing/DEPS
@@ -1,3 +1,4 @@
 include_rules = [
+  "+sandbox/mac/seatbelt.h",
   "+third_party/zlib",
 ]
diff --git a/chrome/utility/safe_browsing/mac/BUILD.gn b/chrome/utility/safe_browsing/mac/BUILD.gn
@@ -56,6 +56,7 @@ executable("crdmg") {
   deps = [
     ":dmg_common",
     "//base",
+    "//sandbox/mac:seatbelt",
   ]
 }
 

diff --git a/chrome/utility/safe_browsing/mac/crdmg.cc b/chrome/utility/safe_browsing/mac/crdmg.cc
@@ -24,6 +24,7 @@
 #include "chrome/utility/safe_browsing/mac/hfs.h"
 #include "chrome/utility/safe_browsing/mac/read_stream.h"
 #include "chrome/utility/safe_browsing/mac/udif.h"
+#include "sandbox/mac/seatbelt.h"
 
 // This executable only works on 10.10+, so unconditionally use these functions
 // to make sandboxing easier.
@@ -156,14 +157,11 @@ bool SafeDMG::EnableSandbox() {
   }
 
   char* sbox_error;
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-  if (sandbox_init(sbox_profile.c_str(), 0, &sbox_error) != 0) {
+  if (sandbox::Seatbelt::Init(sbox_profile.c_str(), 0, &sbox_error) != 0) {
     LOG(ERROR) << "Failed to initialize sandbox: " << sbox_error;
-    sandbox_free_error(sbox_error);
+    sandbox::Seatbelt::FreeError(sbox_error);
     return false;
   }
-#pragma clang diagnostic pop
 
   return true;
 }

diff --git a/ipc/ipc_send_fds_test.cc b/ipc/ipc_send_fds_test.cc
@@ -196,8 +196,8 @@ MULTIPROCESS_IPC_TEST_CLIENT_MAIN(SendFdsSandboxedClient) {
 
   // Enable the sandbox.
   char* error_buff = NULL;
-  int error = sandbox::Seatbelt::Init(kSBXProfilePureComputation, SANDBOX_NAMED,
-                                      &error_buff);
+  int error = sandbox::Seatbelt::Init(
+      sandbox::Seatbelt::kProfilePureComputation, SANDBOX_NAMED, &error_buff);
   bool success = (error == 0 && error_buff == NULL);
   if (!success)
     return -1;

diff --git a/sandbox/mac/seatbelt.cc b/sandbox/mac/seatbelt.cc
@@ -15,6 +15,17 @@ int sandbox_init_with_parameters(const char* profile,
 
 namespace sandbox {
 
+// Initialize the static member variables.
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+const char* Seatbelt::kProfileNoInternet = kSBXProfileNoInternet;
+const char* Seatbelt::kProfileNoNetwork = kSBXProfileNoNetwork;
+const char* Seatbelt::kProfileNoWrite = kSBXProfileNoWrite;
+const char* Seatbelt::kProfileNoWriteExceptTemporary =
+    kSBXProfileNoWriteExceptTemporary;
+const char* Seatbelt::kProfilePureComputation = kSBXProfilePureComputation;
+#pragma clang diagnostic pop
+
 // static
 int Seatbelt::Init(const char* profile, uint64_t flags, char** errorbuf) {
 // OS X deprecated these functions, but did not provide a suitable replacement,

diff --git a/sandbox/mac/seatbelt.h b/sandbox/mac/seatbelt.h
@@ -26,6 +26,16 @@ class SEATBELT_EXPORT Seatbelt {
 
   static void FreeError(char* errorbuf);
 
+  static const char* kProfileNoInternet;
+
+  static const char* kProfileNoNetwork;
+
+  static const char* kProfileNoWrite;
+
+  static const char* kProfileNoWriteExceptTemporary;
+
+  static const char* kProfilePureComputation;
+
  private:
   Seatbelt();
   DISALLOW_COPY_AND_ASSIGN(Seatbelt);