1. Create a new sandbox type which allows access to Unix sockets in the Mac

renderer sandbox to support running Native Client. 2. Put the Native Client sel_ldr (which contains the user's untrusted code) into a new Mac sandbox type. 3. Open /dev/random in SandboxWarmup(). 4. Remove the "--nosandbox" flag when running Mac tests. See http://codereview.chromium.org/1234003/show which was reverted because of problems on Mac 10.6. This change is identical except for the ";NACL" lines in the *.sb files. I've removed the 10.6-specific sandbox commands and used the generic commands that work on 10.5 and 10.6. I will work on adding the 10.6-specific commands in a different change list. BUG=http://code.google.com/p/nativeclient/issues/detail?id=327 TEST=nacl_ui_tests still pass while running in the sandbox. Review URL: http://codereview.chromium.org/1525005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43253 0039d316-1c4b-4281-b951-d872f2087c98
author: msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2010-03-31 20:35:05 +0000
committer: msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2010-03-31 20:35:05 +0000
commit: e6a6852f03ea7787c8aff62b4cfc265052b53646 (patch)
tree: 62524899505b19320985f46a3ce4f1e0715aa27d /chrome/common/sandbox_mac.mm
parent: fb92de6f1a1ea1dc6361107656762e87366159f9 (diff)
download: chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.zip
chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.tar.gz
chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.tar.bz2
1 files changed, 38 insertions, 0 deletions
diff --git a/chrome/common/sandbox_mac.mm b/chrome/common/sandbox_mac.mm
index ca8ac6c..1299481 100644
--- a/chrome/common/sandbox_mac.mm
+++ b/chrome/common/sandbox_mac.mm
@@ -15,6 +15,7 @@ extern "C" {
 #include "base/command_line.h"
 #include "base/file_util.h"
 #include "base/mac_util.h"
+#include "base/rand_util_c.h"
 #include "base/scoped_cftyperef.h"
 #include "base/scoped_nsautorelease_pool.h"
 #include "base/string16.h"
@@ -234,6 +235,10 @@ void SandboxWarmup() {
         NULL));
     CGImageSourceGetStatus(img);
   }
+
+  { // Native Client access to /dev/random.
+    GetUrandomFD();
+  }
 }
 
 // Turns on the OS X sandbox for this process.
@@ -250,6 +255,7 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
   // TODO(jeremy): Look at using include syntax to unify common parts of sandbox
   // definition files.
   NSString* sandbox_config_filename = nil;
+  bool allow_nacl_lines = false;
   switch (sandbox_type) {
     case SANDBOX_TYPE_RENDERER:
       sandbox_config_filename = @"renderer";
@@ -260,6 +266,26 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
     case SANDBOX_TYPE_UTILITY:
       sandbox_config_filename = @"utility";
       break;
+    case SANDBOX_TYPE_NACL_PLUGIN:
+      // The Native Client plugin is a standard renderer sandbox with some
+      // additional lines to support use of Unix sockets.
+      // TODO(msneck): Remove the use of Unix sockets from Native Client and
+      // then remove the associated rules from chrome/renderer/renderer.sb.
+      // See http://code.google.com/p/nativeclient/issues/detail?id=344
+      sandbox_config_filename = @"renderer";
+      allow_nacl_lines = true;
+      break;
+    case SANDBOX_TYPE_NACL_LOADER:
+      // The Native Client loader is used for safeguarding the user's
+      // untrusted code within Native Client.
+      // TODO(msneck): Remove the use of Unix sockets from Native Client and
+      // then decide on an appropriate sandbox type for the untrusted code.
+      // This might simply mean removing the Unix socket rules from
+      // chrome/browser/nacl-loader.sb or it might mean sharing the
+      // sandbox configuration with SANDBOX_TYPE_WORKER.
+      // See http://code.google.com/p/nativeclient/issues/detail?id=344
+      sandbox_config_filename = @"nacl-loader";
+      break;
     default:
       NOTREACHED();
       return false;
@@ -288,6 +314,13 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
                                   withString:@""];
   }
 
+  // Enable Native Client lines if they are allowed.
+  if (allow_nacl_lines) {
+    sandbox_data = [sandbox_data
+        stringByReplacingOccurrencesOfString:@";NACL"
+                                  withString:@""];
+  }
+
   if (!allowed_dir.empty()) {
     // The sandbox only understands "real" paths.  This resolving step is
     // needed so the caller doesn't need to worry about things like /var
@@ -341,6 +374,11 @@ bool EnableSandbox(SandboxProcessType sandbox_type,
     sandbox_data = [sandbox_data
         stringByReplacingOccurrencesOfString:@"USER_HOMEDIR"
                                   withString:home_dir_escaped_ns];
+  } else if (major_version == 10 && minor_version < 6) {
+    // Sandbox rules only for versions before 10.6.
+    sandbox_data = [sandbox_data
+        stringByReplacingOccurrencesOfString:@";BEFORE_10.6"
+                                  withString:@""];
   }
 
   char* error_buff = NULL;
author	msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2010-03-31 20:35:05 +0000
committer	msneck@google.com <msneck@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2010-03-31 20:35:05 +0000
commit	e6a6852f03ea7787c8aff62b4cfc265052b53646 (patch)
tree	62524899505b19320985f46a3ce4f1e0715aa27d /chrome/common/sandbox_mac.mm
parent	fb92de6f1a1ea1dc6361107656762e87366159f9 (diff)
download	chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.zip chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.tar.gz chromium_src-e6a6852f03ea7787c8aff62b4cfc265052b53646.tar.bz2