From df7ac746097f96e4b6150c017f1e0f7f722926ca Mon Sep 17 00:00:00 2001 From: kerrnel Date: Fri, 23 Sep 2016 17:39:26 -0700 Subject: [PATCH] Suppress sandbox deprecation warnings by using the Seatbelt wrapper. OS X deprecated all of the Sandbox API and never provided a replacement. To hide the deprecation suppressions in the code, we use a wrapper class. BUG=chromium:622489 NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2369553002 Cr-Commit-Position: refs/heads/master@{#420799} --- chrome/utility/safe_browsing/DEPS | 1 + chrome/utility/safe_browsing/mac/BUILD.gn | 1 + chrome/utility/safe_browsing/mac/crdmg.cc | 8 +++----- ipc/ipc_send_fds_test.cc | 4 ++-- sandbox/mac/seatbelt.cc | 11 +++++++++++ sandbox/mac/seatbelt.h | 10 ++++++++++ 6 files changed, 28 insertions(+), 7 deletions(-) diff --git a/chrome/utility/safe_browsing/DEPS b/chrome/utility/safe_browsing/DEPS index c6e9550543b2fd..fbb8c56a14a00d 100644 --- a/chrome/utility/safe_browsing/DEPS +++ b/chrome/utility/safe_browsing/DEPS @@ -1,3 +1,4 @@ include_rules = [ + "+sandbox/mac/seatbelt.h", "+third_party/zlib", ] diff --git a/chrome/utility/safe_browsing/mac/BUILD.gn b/chrome/utility/safe_browsing/mac/BUILD.gn index e37d4f6d91226f..d72d78ba37ffab 100644 --- a/chrome/utility/safe_browsing/mac/BUILD.gn +++ b/chrome/utility/safe_browsing/mac/BUILD.gn @@ -56,6 +56,7 @@ executable("crdmg") { deps = [ ":dmg_common", "//base", + "//sandbox/mac:seatbelt", ] } diff --git a/chrome/utility/safe_browsing/mac/crdmg.cc b/chrome/utility/safe_browsing/mac/crdmg.cc index 8dc0bc9d3cf440..dcaaa8daa665b1 100644 --- a/chrome/utility/safe_browsing/mac/crdmg.cc +++ b/chrome/utility/safe_browsing/mac/crdmg.cc @@ -24,6 +24,7 @@ #include "chrome/utility/safe_browsing/mac/hfs.h" #include "chrome/utility/safe_browsing/mac/read_stream.h" #include "chrome/utility/safe_browsing/mac/udif.h" +#include "sandbox/mac/seatbelt.h" // This executable only works on 10.10+, so unconditionally use these functions // to make sandboxing easier. @@ -156,14 +157,11 @@ bool SafeDMG::EnableSandbox() { } char* sbox_error; -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - if (sandbox_init(sbox_profile.c_str(), 0, &sbox_error) != 0) { + if (sandbox::Seatbelt::Init(sbox_profile.c_str(), 0, &sbox_error) != 0) { LOG(ERROR) << "Failed to initialize sandbox: " << sbox_error; - sandbox_free_error(sbox_error); + sandbox::Seatbelt::FreeError(sbox_error); return false; } -#pragma clang diagnostic pop return true; } diff --git a/ipc/ipc_send_fds_test.cc b/ipc/ipc_send_fds_test.cc index 033ae397e41ecb..94a5a71744ab8a 100644 --- a/ipc/ipc_send_fds_test.cc +++ b/ipc/ipc_send_fds_test.cc @@ -196,8 +196,8 @@ MULTIPROCESS_IPC_TEST_CLIENT_MAIN(SendFdsSandboxedClient) { // Enable the sandbox. char* error_buff = NULL; - int error = sandbox::Seatbelt::Init(kSBXProfilePureComputation, SANDBOX_NAMED, - &error_buff); + int error = sandbox::Seatbelt::Init( + sandbox::Seatbelt::kProfilePureComputation, SANDBOX_NAMED, &error_buff); bool success = (error == 0 && error_buff == NULL); if (!success) return -1; diff --git a/sandbox/mac/seatbelt.cc b/sandbox/mac/seatbelt.cc index c2028d5bb33fc1..0987faee7aa54f 100644 --- a/sandbox/mac/seatbelt.cc +++ b/sandbox/mac/seatbelt.cc @@ -15,6 +15,17 @@ int sandbox_init_with_parameters(const char* profile, namespace sandbox { +// Initialize the static member variables. +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wdeprecated-declarations" +const char* Seatbelt::kProfileNoInternet = kSBXProfileNoInternet; +const char* Seatbelt::kProfileNoNetwork = kSBXProfileNoNetwork; +const char* Seatbelt::kProfileNoWrite = kSBXProfileNoWrite; +const char* Seatbelt::kProfileNoWriteExceptTemporary = + kSBXProfileNoWriteExceptTemporary; +const char* Seatbelt::kProfilePureComputation = kSBXProfilePureComputation; +#pragma clang diagnostic pop + // static int Seatbelt::Init(const char* profile, uint64_t flags, char** errorbuf) { // OS X deprecated these functions, but did not provide a suitable replacement, diff --git a/sandbox/mac/seatbelt.h b/sandbox/mac/seatbelt.h index c5dd386bfe2d4f..2a5db08e4b6f3a 100644 --- a/sandbox/mac/seatbelt.h +++ b/sandbox/mac/seatbelt.h @@ -26,6 +26,16 @@ class SEATBELT_EXPORT Seatbelt { static void FreeError(char* errorbuf); + static const char* kProfileNoInternet; + + static const char* kProfileNoNetwork; + + static const char* kProfileNoWrite; + + static const char* kProfileNoWriteExceptTemporary; + + static const char* kProfilePureComputation; + private: Seatbelt(); DISALLOW_COPY_AND_ASSIGN(Seatbelt);