diff options
| author | msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-28 13:59:41 +0000 |
|---|---|---|
| committer | msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-28 13:59:41 +0000 |
| commit | a719e0b0f1332b7eabd27e769f442f95c034ee9c (patch) | |
| tree | 7010ea5429f4d7d0ccf92d64786fbfb5aa5dbaf6 | |
| parent | c9b569337a250250ba730fa50c389c18e87915c8 (diff) | |
| download | chromium_src-a719e0b0f1332b7eabd27e769f442f95c034ee9c.zip chromium_src-a719e0b0f1332b7eabd27e769f442f95c034ee9c.tar.gz chromium_src-a719e0b0f1332b7eabd27e769f442f95c034ee9c.tar.bz2 | |
Fully remove the hole in the Mac Sandbox that was used to support
Native Client. This removes the special sandbox commands as well
as all special code.
This CL replaces http://codereview.chromium.org/2881016/show which
was rolled back because of problems on Mac OS X 10.5. Those problems
were addressed in Native Client and pulled into Chrome with a DEPS
file update in http://codereview.chromium.org/2881034/show which was
committed as Chrome revision 53711.
BUG=http://code.google.com/p/nativeclient/issues/detail?id=344
TEST=all tests pass, including nacl_ui_tests
Review URL: http://codereview.chromium.org/3077003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53936 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/nacl_loader.sb | 11 | ||||
| -rw-r--r-- | chrome/common/sandbox_init_wrapper_mac.cc | 8 | ||||
| -rw-r--r-- | chrome/common/sandbox_mac.h | 4 | ||||
| -rw-r--r-- | chrome/common/sandbox_mac.mm | 23 | ||||
| -rw-r--r-- | chrome/renderer/renderer.sb | 14 |
5 files changed, 1 insertions, 59 deletions
diff --git a/chrome/browser/nacl_loader.sb b/chrome/browser/nacl_loader.sb index 6c476d7..38cb29c 100644 --- a/chrome/browser/nacl_loader.sb +++ b/chrome/browser/nacl_loader.sb @@ -12,14 +12,3 @@ ; Allow a Native Client application to use semaphores, specifically ; sem_init(), et.al. (allow ipc-posix-sem) - -; Needed for the Native Client plugin and loader. -; TODO(msneck): Refactor Native Client to use something other than Unix -; sockets. -; See http://code.google.com/p/nativeclient/issues/detail?id=344 -;BEFORE_10.6 (allow network-inbound (from unix-socket)) -;BEFORE_10.6 (allow network-outbound (to unix-socket)) -;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-")) -;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-")) -;10.6_ONLY (allow network-bind (local ip4)) -;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-")) diff --git a/chrome/common/sandbox_init_wrapper_mac.cc b/chrome/common/sandbox_init_wrapper_mac.cc index 998fe64..1b8e2d9 100644 --- a/chrome/common/sandbox_init_wrapper_mac.cc +++ b/chrome/common/sandbox_init_wrapper_mac.cc @@ -26,14 +26,6 @@ bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line, // platform because the sandbox is initialized later. Remove // this once this flag is removed. return true; - } else if (command_line.HasSwitch(switches::kInternalNaCl)) { - // Renderer process sandbox. If --internal_nacl is present then use the - // version of the renderer sandbox which allows Native Client to use Unix - // sockets. - // TODO(msneck): Remove the use of Unix sockets from Native Client and - // then get rid of the SANDBOX_TYPE_NACL_PLUGIN enum. - // See http://code.google.com/p/nativeclient/issues/detail?id=344 - sandbox_process_type = sandbox::SANDBOX_TYPE_NACL_PLUGIN; } else { sandbox_process_type = sandbox::SANDBOX_TYPE_RENDERER; } diff --git a/chrome/common/sandbox_mac.h b/chrome/common/sandbox_mac.h index add08a8..cc20203 100644 --- a/chrome/common/sandbox_mac.h +++ b/chrome/common/sandbox_mac.h @@ -26,9 +26,7 @@ enum SandboxProcessType { // is allowed to one configurable directory. SANDBOX_TYPE_UTILITY, - // Native Client sandboxes. The plugin contains trusted code and the - // loader contains the user's untrusted code. - SANDBOX_TYPE_NACL_PLUGIN, + // Native Client sandbox for the user's untrusted code. SANDBOX_TYPE_NACL_LOADER, SANDBOX_AFTER_TYPE_LAST_TYPE, // Placeholder to ease iteration. diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm index 3d2985c..31c4463 100644 --- a/chrome/common/sandbox_mac.mm +++ b/chrome/common/sandbox_mac.mm @@ -255,7 +255,6 @@ bool EnableSandbox(SandboxProcessType sandbox_type, // TODO(jeremy): Look at using include syntax to unify common parts of sandbox // definition files. NSString* sandbox_config_filename = nil; - bool allow_nacl_lines = false; switch (sandbox_type) { case SANDBOX_TYPE_RENDERER: sandbox_config_filename = @"renderer"; @@ -266,24 +265,9 @@ bool EnableSandbox(SandboxProcessType sandbox_type, case SANDBOX_TYPE_UTILITY: sandbox_config_filename = @"utility"; break; - case SANDBOX_TYPE_NACL_PLUGIN: - // The Native Client plugin is a standard renderer sandbox with some - // additional lines to support use of Unix sockets. - // TODO(msneck): Remove the use of Unix sockets from Native Client and - // then remove the associated rules from chrome/renderer/renderer.sb. - // See http://code.google.com/p/nativeclient/issues/detail?id=344 - sandbox_config_filename = @"renderer"; - allow_nacl_lines = true; - break; case SANDBOX_TYPE_NACL_LOADER: // The Native Client loader is used for safeguarding the user's // untrusted code within Native Client. - // TODO(msneck): Remove the use of Unix sockets from Native Client and - // then decide on an appropriate sandbox type for the untrusted code. - // This might simply mean removing the Unix socket rules from - // chrome/browser/nacl_loader.sb or it might mean sharing the - // sandbox configuration with SANDBOX_TYPE_WORKER. - // See http://code.google.com/p/nativeclient/issues/detail?id=344 sandbox_config_filename = @"nacl_loader"; break; default: @@ -333,13 +317,6 @@ bool EnableSandbox(SandboxProcessType sandbox_type, withString:@""]; } - // Enable Native Client lines if they are allowed. - if (allow_nacl_lines) { - sandbox_data = [sandbox_data - stringByReplacingOccurrencesOfString:@";NACL" - withString:@""]; - } - if (!allowed_dir.empty()) { // The sandbox only understands "real" paths. This resolving step is // needed so the caller doesn't need to worry about things like /var diff --git a/chrome/renderer/renderer.sb b/chrome/renderer/renderer.sb index 4165162..9c075b4 100644 --- a/chrome/renderer/renderer.sb +++ b/chrome/renderer/renderer.sb @@ -19,17 +19,3 @@ ; USER_HOMEDIR is substitued at runtime - http://crbug.com/11269 ;10.6_ONLY (allow file-read-data (subpath "USER_HOMEDIR/Library/Fonts")) ; 10.6 - -; Needed for the Native Client plugin and loader. These lines are enabled -; if and only if --internal-nacl (or --enable-nacl) are used (and they -; are off by default). -; TODO(msneck): Refactor Native Client to use something other than Unix -; sockets. Then change or remove the code in chrome/common/sandbox_mac.mm -; which deals with the ";NACL" prefix. -; See http://code.google.com/p/nativeclient/issues/detail?id=344 -;NACL;BEFORE_10.6 (allow network-inbound (from unix-socket)) -;NACL;BEFORE_10.6 (allow network-outbound (to unix-socket)) -;NACL;10.6_ONLY (allow network-inbound (regex #"^(/private)?/tmp/nacl-")) -;NACL;10.6_ONLY (allow network-outbound (regex #"^(/private)?/tmp/nacl-")) -;NACL;10.6_ONLY (allow network-bind (local ip4)) -;NACL;10.6_ONLY (allow file-write* (regex #"^(/private)?/tmp/nacl-"))
\ No newline at end of file |