sandbox/mac/pre_exec_delegate.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/mac/pre_exec_delegate.h"
   6
   7 #include <mach/mach.h>
   8 #include <servers/bootstrap.h>
   9
  10 #include "base/logging.h"
  11 #include "base/mac/mac_util.h"
  12 #include "sandbox/mac/bootstrap_sandbox.h"
  13
  14 namespace sandbox {
  15
  16 PreExecDelegate::PreExecDelegate(
  17     const std::string& sandbox_server_bootstrap_name,
  18     uint64_t sandbox_token)
  19     : sandbox_server_bootstrap_name_(sandbox_server_bootstrap_name),
  20       sandbox_server_bootstrap_name_ptr_(
  21           sandbox_server_bootstrap_name_.c_str()),
  22       sandbox_token_(sandbox_token),
  23       is_yosemite_or_later_(base::mac::IsOSYosemiteOrLater()) {
  24 }
  25
  26 PreExecDelegate::~PreExecDelegate() {}
  27
  28 void PreExecDelegate::RunAsyncSafe() {
  29   mach_port_t sandbox_server_port = MACH_PORT_NULL;
  30   kern_return_t kr = bootstrap_look_up(bootstrap_port,
  31       sandbox_server_bootstrap_name_ptr_, &sandbox_server_port);
  32   if (kr != KERN_SUCCESS)
  33     RAW_LOG(FATAL, "Failed to look up bootstrap sandbox server port.");
  34
  35   mach_port_t new_bootstrap_port = MACH_PORT_NULL;
  36   if (!BootstrapSandbox::ClientCheckIn(sandbox_server_port,
  37                                        sandbox_token_,
  38                                        &new_bootstrap_port)) {
  39     RAW_LOG(FATAL, "Failed to check in with sandbox server.");
  40   }
  41
  42   kr = task_set_bootstrap_port(mach_task_self(), new_bootstrap_port);
  43   if (kr != KERN_SUCCESS)
  44     RAW_LOG(FATAL, "Failed to replace bootstrap port.");
  45
  46   // On OS X 10.10 and higher, libxpc uses the port stash to transfer the
  47   // XPC root port. This is effectively the same connection as the Mach
  48   // bootstrap port, but not transferred using the task special port.
  49   // Therefore, stash the replacement bootstrap port, so that on 10.10 it
  50   // will be retrieved by the XPC code and used as a replacement for the
  51   // XPC root port as well.
  52   if (is_yosemite_or_later_) {
  53     kr = mach_ports_register(mach_task_self(), &new_bootstrap_port, 1);
  54     if (kr != KERN_SUCCESS)
  55       RAW_LOG(ERROR, "Failed to register replacement bootstrap port.");
  56   }
  57 }
  58
  59 }  // namespace sandbox