diff options
author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-29 16:41:15 +0000 |
---|---|---|
committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-29 16:41:15 +0000 |
commit | 08842580e6d76309b90784043eed96e3c2a46911 (patch) | |
tree | 3ba1c01809c076c5dcd786f5356eb3e8e345cd0e | |
parent | 5f3cb3fc9360e30b059a26e0f2e38f701350da46 (diff) | |
download | chromium_src-08842580e6d76309b90784043eed96e3c2a46911.zip chromium_src-08842580e6d76309b90784043eed96e3c2a46911.tar.gz chromium_src-08842580e6d76309b90784043eed96e3c2a46911.tar.bz2 |
Merge 202267 "Allow sandboxed OS X processes to open /dev/urandom"
> Allow sandboxed OS X processes to open /dev/urandom
>
> Match Linux/POSIX and Windows in allowing sandboxed processes access to
> OS entropy (RtlGenRandom on Win, /dev/urandom on Linux/POSIX).
>
> BUG=242702
> R=jeremy
> TBR=cevans@chromium.org, piman@chromium.org
>
> Review URL: https://chromiumcodereview.appspot.com/15637004
TBR=rsleevi@chromium.org
Review URL: https://codereview.chromium.org/16186004
git-svn-id: svn://svn.chromium.org/chrome/branches/1500/src@202883 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | content/common/common.sb | 4 | ||||
-rw-r--r-- | content/common/sandbox_mac_system_access_unittest.mm | 33 | ||||
-rw-r--r-- | content/ppapi_plugin/ppapi.sb | 4 |
3 files changed, 13 insertions, 28 deletions
diff --git a/content/common/common.sb b/content/common/common.sb index b19528a..50b0d2c 100644 --- a/content/common/common.sb +++ b/content/common/common.sb @@ -35,6 +35,10 @@ ; Needed for IPC on 10.6 (allow ipc-posix-shm) +; Allow direct access to /dev/urandom, similar to Linux/POSIX, to allow +; third party code (eg: bits of Adobe Flash and NSS) to function properly. +(allow file-read-data (literal "/dev/urandom")) + ; Component build workaround for a dyld bug, used on OS X <= 10.6. ; Enables reading file metadata for the Chrome bundle and its parent paths. ; http://crbug.com/127465 diff --git a/content/common/sandbox_mac_system_access_unittest.mm b/content/common/sandbox_mac_system_access_unittest.mm index 1b4eea3..9c53daa 100644 --- a/content/common/sandbox_mac_system_access_unittest.mm +++ b/content/common/sandbox_mac_system_access_unittest.mm @@ -69,7 +69,7 @@ TEST_F(MacSandboxTest, ClipboardAccess) { std::string pasteboard_name = base::SysNSStringToUTF8([pb name]); EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedClipboardTestCase", - pasteboard_name.c_str())); + pasteboard_name.c_str())); // After executing the test, the clipboard should still be empty. EXPECT_EQ([[pb types] count], 0U); @@ -95,7 +95,7 @@ TEST_F(MacSandboxTest, FileAccess) { } //--------------------- /dev/urandom Sandboxing ---------------------- -// /dev/urandom is available to ppapi sandbox only. +// /dev/urandom is available to any sandboxed process. class MacSandboxedUrandomTestCase : public MacSandboxTestCase { public: virtual bool SandboxedTest() OVERRIDE; @@ -107,32 +107,17 @@ bool MacSandboxedUrandomTestCase::SandboxedTest() { int fdes = open("/dev/urandom", O_RDONLY); file_util::ScopedFD file_closer(&fdes); - // Open succeeds under ppapi sandbox, else it is not permitted. - if (test_data_ == "ppapi") { - if (fdes == -1) - return false; + // Opening /dev/urandom succeeds under the sandbox. + if (fdes == -1) + return false; - char buf[16]; - int rc = read(fdes, buf, sizeof(buf)); - return rc == sizeof(buf); - } else { - return fdes == -1 && errno == EPERM; - } + char buf[16]; + int rc = read(fdes, buf, sizeof(buf)); + return rc == sizeof(buf); } TEST_F(MacSandboxTest, UrandomAccess) { - // Similar to RunTestInAllSandboxTypes(), except changing - // |test_data| for the ppapi case. Passing "" in the non-ppapi case - // to overwrite the test data (NULL means not to change it). - for (SandboxType i = SANDBOX_TYPE_FIRST_TYPE; - i < SANDBOX_TYPE_AFTER_LAST_TYPE; ++i) { - if (i == SANDBOX_TYPE_PPAPI) { - EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "ppapi")); - } else { - EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "")) - << "for sandbox type " << i; - } - } + EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL)); } } // namespace content diff --git a/content/ppapi_plugin/ppapi.sb b/content/ppapi_plugin/ppapi.sb index f87be9d..9ef9d31 100644 --- a/content/ppapi_plugin/ppapi.sb +++ b/content/ppapi_plugin/ppapi.sb @@ -18,7 +18,3 @@ ; http://crbug.com/11269 (allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts")) ; 10.6 - -; Bits of Adobe Flash wish to open /dev/urandom directly rather than -; using our cached file descriptor. -(allow file-read-data (literal "/dev/urandom")) |