Merge 202267 "Allow sandboxed OS X processes to open /dev/urandom"

> Allow sandboxed OS X processes to open /dev/urandom
> 
> Match Linux/POSIX and Windows in allowing sandboxed processes access to
> OS entropy (RtlGenRandom on Win, /dev/urandom on Linux/POSIX).
> 
> BUG=242702
> R=jeremy
> TBR=cevans@chromium.org, piman@chromium.org
> 
> Review URL: https://chromiumcodereview.appspot.com/15637004

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/16186004

git-svn-id: svn://svn.chromium.org/chrome/branches/1500/src@202883 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 13 insertions, 28 deletions

diff --git a/content/common/common.sb b/content/common/common.sb
index b19528a..50b0d2c 100644
--- a/content/common/common.sb
+++ b/content/common/common.sb
@@ -35,6 +35,10 @@
 ; Needed for IPC on 10.6
 (allow ipc-posix-shm)
 
+; Allow direct access to /dev/urandom, similar to Linux/POSIX, to allow
+; third party code (eg: bits of Adobe Flash and NSS) to function properly.
+(allow file-read-data (literal "/dev/urandom"))
+
 ; Component build workaround for a dyld bug, used on OS X <= 10.6.
 ; Enables reading file metadata for the Chrome bundle and its parent paths.
 ; http://crbug.com/127465
diff --git a/content/common/sandbox_mac_system_access_unittest.mm b/content/common/sandbox_mac_system_access_unittest.mm
index 1b4eea3..9c53daa 100644
--- a/content/common/sandbox_mac_system_access_unittest.mm
+++ b/content/common/sandbox_mac_system_access_unittest.mm
@@ -69,7 +69,7 @@ TEST_F(MacSandboxTest, ClipboardAccess) {
 
   std::string pasteboard_name = base::SysNSStringToUTF8([pb name]);
   EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedClipboardTestCase",
-                  pasteboard_name.c_str()));
+                                       pasteboard_name.c_str()));
 
   // After executing the test, the clipboard should still be empty.
   EXPECT_EQ([[pb types] count], 0U);
@@ -95,7 +95,7 @@ TEST_F(MacSandboxTest, FileAccess) {
 }
 
 //--------------------- /dev/urandom Sandboxing ----------------------
-// /dev/urandom is available to ppapi sandbox only.
+// /dev/urandom is available to any sandboxed process.
 class MacSandboxedUrandomTestCase : public MacSandboxTestCase {
  public:
   virtual bool SandboxedTest() OVERRIDE;
@@ -107,32 +107,17 @@ bool MacSandboxedUrandomTestCase::SandboxedTest() {
   int fdes = open("/dev/urandom", O_RDONLY);
   file_util::ScopedFD file_closer(&fdes);
 
-  // Open succeeds under ppapi sandbox, else it is not permitted.
-  if (test_data_ == "ppapi") {
-    if (fdes == -1)
-      return false;
+  // Opening /dev/urandom succeeds under the sandbox.
+  if (fdes == -1)
+    return false;
 
-    char buf[16];
-    int rc = read(fdes, buf, sizeof(buf));
-    return rc == sizeof(buf);
-  } else {
-    return fdes == -1 && errno == EPERM;
-  }
+  char buf[16];
+  int rc = read(fdes, buf, sizeof(buf));
+  return rc == sizeof(buf);
 }
 
 TEST_F(MacSandboxTest, UrandomAccess) {
-  // Similar to RunTestInAllSandboxTypes(), except changing
-  // |test_data| for the ppapi case.  Passing "" in the non-ppapi case
-  // to overwrite the test data (NULL means not to change it).
-  for (SandboxType i = SANDBOX_TYPE_FIRST_TYPE;
-       i < SANDBOX_TYPE_AFTER_LAST_TYPE; ++i) {
-    if (i == SANDBOX_TYPE_PPAPI) {
-      EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", "ppapi"));
-    } else {
-      EXPECT_TRUE(RunTestInSandbox(i, "MacSandboxedUrandomTestCase", ""))
-          << "for sandbox type " << i;
-    }
-  }
+  EXPECT_TRUE(RunTestInAllSandboxTypes("MacSandboxedUrandomTestCase", NULL));
 }
 
 }  // namespace content
diff --git a/content/ppapi_plugin/ppapi.sb b/content/ppapi_plugin/ppapi.sb
index f87be9d..9ef9d31 100644
--- a/content/ppapi_plugin/ppapi.sb
+++ b/content/ppapi_plugin/ppapi.sb
@@ -18,7 +18,3 @@
 
 ; http://crbug.com/11269
 (allow file-read* (subpath "@USER_HOMEDIR_AS_LITERAL@/Library/Fonts"))  ; 10.6
-
-; Bits of Adobe Flash wish to open /dev/urandom directly rather than
-; using our cached file descriptor.
-(allow file-read-data (literal "/dev/urandom"))