diff options
21 files changed, 2 insertions, 628 deletions
diff --git a/chrome/browser_tests.isolate b/chrome/browser_tests.isolate index 237d48e..61b46f6 100644 --- a/chrome/browser_tests.isolate +++ b/chrome/browser_tests.isolate @@ -139,7 +139,6 @@ '<(PRODUCT_DIR)/clearkeycdm.dll', '<(PRODUCT_DIR)/clearkeycdmadapter.dll', '<(PRODUCT_DIR)/ppapi_tests.dll', - '<(PRODUCT_DIR)/security_tests.dll', 'tools/build/repack_locales.py', ], 'isolate_dependency_untracked': [ diff --git a/chrome/chrome_tests.gypi b/chrome/chrome_tests.gypi index 58fd42c..d62b459 100644 --- a/chrome/chrome_tests.gypi +++ b/chrome/chrome_tests.gypi @@ -1598,8 +1598,6 @@ 'test/remoting/remote_desktop_browsertest.h', 'test/remoting/waiter.cc', 'test/remoting/waiter.h', - 'test/security_tests/sandbox_browsertest_linux.cc', - 'test/security_tests/sandbox_browsertest_win.cc', # TODO(craig): Rename this and run from base_unittests when the test # is safe to run there. See http://crbug.com/78722 for details. '../base/files/file_path_watcher_browsertest.cc', @@ -1828,7 +1826,6 @@ ], 'dependencies': [ 'chrome_version_resources', - 'security_tests', # run time dependency ], 'conditions': [ ['win_use_allocator_shim==1', { @@ -2612,31 +2609,6 @@ ['OS=="mac"', { 'targets': [ { - # This is the mac equivalent of the security_tests target below. It - # generates a framework bundle which bundles tests to be run in a - # renderer process. The test code is built as a framework so it can be - # run in the context of a renderer without shipping the code to end - # users. - 'target_name': 'renderer_sandbox_tests', - 'type': 'shared_library', - 'product_name': 'Renderer Sandbox Tests', - 'mac_bundle': 1, - 'xcode_settings': { - 'INFOPLIST_FILE': 'test/security_tests/sandbox_tests_mac-Info.plist', - }, - 'sources': [ - 'test/security_tests/renderer_sandbox_tests_mac.mm', - ], - 'include_dirs': [ - '..', - ], - 'link_settings': { - 'libraries': [ - '$(SDKROOT)/System/Library/Frameworks/Cocoa.framework', - ], - }, - }, # target renderer_sandbox_tests - { # Tests for Mac app launcher. 'target_name': 'app_mode_app_tests', 'type': 'executable', @@ -2735,24 +2707,6 @@ }, ], },], # OS!="mac" - ['OS=="win"', { - 'targets': [ - { - 'target_name': 'security_tests', - 'type': 'shared_library', - 'include_dirs': [ - '..', - ], - 'sources': [ - 'test/security_tests/ipc_security_tests.cc', - 'test/security_tests/ipc_security_tests.h', - 'test/security_tests/security_tests.cc', - '../sandbox/win/tests/validation_tests/commands.cc', - '../sandbox/win/tests/validation_tests/commands.h', - ], - }, - ]}, # 'targets' - ], # OS=="win" ['OS == "android"', { 'targets': [ { diff --git a/chrome/test/security_tests/ipc_security_tests.cc b/chrome/test/security_tests/ipc_security_tests.cc deleted file mode 100644 index 3b026b3..0000000 --- a/chrome/test/security_tests/ipc_security_tests.cc +++ /dev/null @@ -1,192 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <windows.h> -#include <string> -#include <sstream> - -#include "chrome/test/security_tests/ipc_security_tests.h" - -namespace { - -// Debug output messages prefix. -const char kODSMgPrefix[] = "[security] "; -// Format of the Chrome browser pipe for plugins. -const wchar_t kChromePluginPipeFmt[] = L"\\\\.\\pipe\\chrome.%ls.p%d"; -// Size for the in/out pipe buffers. -const int kBufferSize = 1024; - -// Define the next symbol if you want to have tracing of errors. -#ifdef PIPE_SECURITY_DBG -// Generic debug output function. -void ODSMessageGLE(const char* txt) { - DWORD gle = ::GetLastError(); - std::ostringstream oss; - oss << kODSMgPrefix << txt << " 0x" << std::hex << gle; - ::OutputDebugStringA(oss.str().c_str()); -} -#else -void ODSMessageGLE(const char* txt) { -} -#endif - -// Retrieves the renderer pipe name from the command line. Returns true if the -// name was found. -bool PipeNameFromCommandLine(std::wstring* pipe_name) { - std::wstring cl(::GetCommandLineW()); - const wchar_t key_name[] = L"--channel"; - std::wstring::size_type pos = cl.find(key_name, 0); - if (std::wstring::npos == pos) { - return false; - } - pos = cl.find(L"=", pos); - if (std::wstring::npos == pos) { - return false; - } - ++pos; - size_t dst = cl.length() - pos; - if (dst <4) { - return false; - } - for (; dst != 0; --dst) { - if (!isspace(cl[pos])) { - break; - } - ++pos; - } - if (0 == dst) { - return false; - } - std::wstring::size_type pos2 = pos; - for (; dst != 0; --dst) { - if (isspace(cl[pos2])) { - break; - } - ++pos2; - } - *pipe_name = cl.substr(pos, pos2); - return true; -} - -// Extracts the browser process id and the channel id given the renderer -// pipe name. -bool InfoFromPipeName(const std::wstring& pipe_name, std::wstring* parent_id, - std::wstring* channel_id) { - std::wstring::size_type pos = pipe_name.find(L".", 0); - if (std::wstring::npos == pos) { - return false; - } - *parent_id = pipe_name.substr(0, pos); - *channel_id = pipe_name.substr(pos + 1); - return true; -} - -// Creates a server pipe, in byte mode. -HANDLE MakeServerPipeBase(const wchar_t* pipe_name) { - HANDLE pipe = ::CreateNamedPipeW(pipe_name, PIPE_ACCESS_DUPLEX, - PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 3, - kBufferSize, kBufferSize, 5000, NULL); - if (INVALID_HANDLE_VALUE == pipe) { - ODSMessageGLE("pipe creation failed"); - } - return pipe; -} - -// Creates a chrome plugin server pipe. -HANDLE MakeServerPluginPipe(const std::wstring& prefix, int channel) { - wchar_t pipe_name[MAX_PATH]; - swprintf_s(pipe_name, kChromePluginPipeFmt, prefix.c_str(), channel); - return MakeServerPipeBase(pipe_name); -} - -struct Context { - HANDLE pipe; - explicit Context(HANDLE arg_pipe) : pipe(arg_pipe) { - } -}; - -// This function is called from a thread that has a security context that is -// higher than the renderer security context. This can be the plugin security -// context or the browser security context. -void DoEvilThings(Context* context) { - // To make the test fail we simply trigger a breakpoint in the renderer. - ::DisconnectNamedPipe(context->pipe); - __debugbreak(); -} - -// This is a pipe server thread routine. -DWORD WINAPI PipeServerProc(void* thread_param) { - if (NULL == thread_param) { - return 0; - } - Context* context = static_cast<Context*>(thread_param); - HANDLE server_pipe = context->pipe; - - char buffer[4]; - DWORD bytes_read = 0; - - for (;;) { - // The next call blocks until a connection is made. - if (!::ConnectNamedPipe(server_pipe, NULL)) { - if (GetLastError() != ERROR_PIPE_CONNECTED) { - ODSMessageGLE("== connect named pipe failed =="); - continue; - } - } - // return value of ReadFile is unimportant. - ::ReadFile(server_pipe, buffer, 1, &bytes_read, NULL); - if (::ImpersonateNamedPipeClient(server_pipe)) { - ODSMessageGLE("impersonation obtained"); - DoEvilThings(context); - break; - } else { - ODSMessageGLE("impersonation failed"); - } - ::DisconnectNamedPipe(server_pipe); - } - delete context; - return 0; -} -} // namespace - -// Implements a pipe impersonation attack resulting on a privilege elevation on -// the chrome pipe-based IPC. -// When a web-page that has a plug-in is loaded, chrome will do the following -// steps: -// 1) Creates a server pipe with name 'chrome.<pid>.p<n>'. Initially n = 1. -// 2) Launches chrome with command line --type=plugin --channel=<pid>.p<n> -// 3) The new (plugin) process connects to the pipe and sends a 'hello' -// message. -// The attack creates another server pipe with the same name before step one -// so when the plugin connects it connects to the renderer instead. Once the -// connection is acepted and at least a byte is read from the pipe, the -// renderer can impersonate the plugin process which has a more relaxed -// security context (privilege elevation). -// -// Note that the attack can also be peformed after step 1. In this case we need -// another thread which used to connect to the existing server pipe so the -// plugin does not connect to chrome but to our pipe. -bool PipeImpersonationAttack() { - std::wstring pipe_name; - if (!PipeNameFromCommandLine(&pipe_name)) { - return false; - } - std::wstring parent_id; - std::wstring channel_id; - if (!InfoFromPipeName(pipe_name, &parent_id, &channel_id)) { - return false; - } - HANDLE plugin_pipe = MakeServerPluginPipe(parent_id, 1); - if (INVALID_HANDLE_VALUE == plugin_pipe) { - return true; - } - - HANDLE thread = ::CreateThread(NULL, 0, PipeServerProc, - new Context(plugin_pipe), 0, NULL); - if (NULL == thread) { - return false; - } - ::CloseHandle(thread); - return true; -} diff --git a/chrome/test/security_tests/ipc_security_tests.h b/chrome/test/security_tests/ipc_security_tests.h deleted file mode 100644 index c036dc2..0000000 --- a/chrome/test/security_tests/ipc_security_tests.h +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROME_TEST_SECURITY_TESTS_IPC_SECURITY_TESTS_H__ -#define CHROME_TEST_SECURITY_TESTS_IPC_SECURITY_TESTS_H__ - -// Impersonates a chrome server pipe. See the implementation for details. -// Returns false if the attack could not be set. If it returns true then -// it spawns a thread that will terminate the renderer if the attack is -// successful. -bool PipeImpersonationAttack(); - -#endif // CHROME_TEST_SECURITY_TESTS_IPC_SECURITY_TESTS_H__ diff --git a/chrome/test/security_tests/renderer_sandbox_tests_mac.mm b/chrome/test/security_tests/renderer_sandbox_tests_mac.mm deleted file mode 100644 index ea90a535..0000000 --- a/chrome/test/security_tests/renderer_sandbox_tests_mac.mm +++ /dev/null @@ -1,85 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#import "content/public/common/injection_test_mac.h" - -#import <Cocoa/Cocoa.h> - - -//--------------------- Sandbox Tests --------------------- -// Below is a list of test functions that check the renderer sandbox. -// In order for a test function to be executed, it must be added to the -// |sandbox_test_cases| array in +[RendererSandboxTestsRunner runTests] below. -// TODO(ofri): Consider moving these to another file once there are enough tests -// to justify. - -// Test case for checking sandboxing of clipboard access. -bool SandboxTestClipboardTestCase(void) { - return [NSPasteboard generalPasteboard] == nil; -} - -// Test case for checking sandboxing of filesystem apis. -bool SandboxTestFileAccessTestCase(void) { - int fdes = open("/etc/passwd", O_RDONLY); - if (fdes == -1) { - return true; - } else { - close(fdes); - return false; - } -} - -//--------------------- Test Execution --------------------- - -static LogRendererSandboxTestMessage log_function = NULL; - -static inline void LogInfoMessage(std::string message) { - log_function(message, false); -} - -static inline void LogErrorMessage(std::string message) { - log_function(message, true); -} - -@implementation RendererSandboxTestsRunner - -+ (void)setLogFunction:(LogRendererSandboxTestMessage)logFunction { - log_function = logFunction; -} - -+ (BOOL)runTests { - // A test case entry. One must exist for each test. - struct SandboxTestCase { - std::string name; - bool (*test_function)(void); - }; - const struct SandboxTestCase sandbox_test_cases[] = { -#define DEFINE_TEST_CASE(testFunction) { #testFunction, testFunction } - - // The list of registered tests - DEFINE_TEST_CASE(SandboxTestClipboardTestCase), - DEFINE_TEST_CASE(SandboxTestFileAccessTestCase), - -#undef DEFINE_TEST_CASE - // Termination entry - { "", NULL } - }; - - // Execute the tests - BOOL tests_passed = YES; - for (const struct SandboxTestCase* test_case = sandbox_test_cases; - test_case->test_function != NULL; - ++test_case) { - LogInfoMessage("Running sandbox test: " + test_case->name); - if (test_case->test_function()) { - LogInfoMessage("Test: " + test_case->name + " - PASSED"); - } else { - LogErrorMessage("Test: " + test_case->name + " - FAILED"); - tests_passed = NO; - } - } - return tests_passed; -} - -@end diff --git a/chrome/test/security_tests/sandbox_browsertest_linux.cc b/chrome/test/security_tests/sandbox_browsertest_linux.cc deleted file mode 100644 index f51db55..0000000 --- a/chrome/test/security_tests/sandbox_browsertest_linux.cc +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/test/base/in_process_browser_test.h" -#include "content/public/browser/zygote_host_linux.h" -#include "content/public/common/sandbox_linux.h" - -typedef InProcessBrowserTest SandboxLinuxTest; - -// Both the SUID sandbox (http://crbug.com/137653) and the Seccomp-BPF sandbox -// are currently incompatible with ASan. -#if defined(OS_LINUX) && !defined(ADDRESS_SANITIZER) -#define MAYBE_SandboxStatus \ - SandboxStatus -#else -#define MAYBE_SandboxStatus \ - DISABLED_SandboxStatus -#endif - -IN_PROC_BROWSER_TEST_F(SandboxLinuxTest, MAYBE_SandboxStatus) { - // Get expected sandboxing status of renderers. - const int status = content::ZygoteHost::GetInstance()->GetSandboxStatus(); - - // The setuid sandbox is required as our first-layer sandbox. - bool good_layer1 = status & content::kSandboxLinuxSUID && - status & content::kSandboxLinuxPIDNS && - status & content::kSandboxLinuxNetNS; - // A second-layer sandbox is also required to be adequately sandboxed. - bool good_layer2 = status & content::kSandboxLinuxSeccompBPF; - - EXPECT_TRUE(good_layer1); - EXPECT_TRUE(good_layer2); -} diff --git a/chrome/test/security_tests/sandbox_browsertest_win.cc b/chrome/test/security_tests/sandbox_browsertest_win.cc deleted file mode 100644 index 05c10bb..0000000 --- a/chrome/test/security_tests/sandbox_browsertest_win.cc +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "base/command_line.h" -#include "chrome/browser/ui/browser.h" -#include "chrome/browser/ui/tabs/tab_strip_model.h" -#include "chrome/common/chrome_switches.h" -#include "chrome/test/base/in_process_browser_test.h" - -class SandboxWinTest : public InProcessBrowserTest { - protected: - SandboxWinTest() : InProcessBrowserTest() {} - - virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { - command_line->AppendSwitchASCII(switches::kTestSandbox, - "security_tests.dll"); - } -}; - -// Need a cross-platform test library: http://crbug.com/45771 -// Verifies that chrome is running properly. -IN_PROC_BROWSER_TEST_F(SandboxWinTest, ExecuteDll) { - EXPECT_EQ(1, browser()->tab_strip_model()->count()); -} diff --git a/chrome/test/security_tests/sandbox_tests_mac-Info.plist b/chrome/test/security_tests/sandbox_tests_mac-Info.plist deleted file mode 100644 index 20567ab..0000000 --- a/chrome/test/security_tests/sandbox_tests_mac-Info.plist +++ /dev/null @@ -1,22 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>CFBundleDevelopmentRegion</key> - <string>English</string> - <key>CFBundleExecutable</key> - <string>${EXECUTABLE_NAME}</string> - <key>CFBundleIdentifier</key> - <string>org.chromium.renderer_sandbox_tests</string> - <key>CFBundleInfoDictionaryVersion</key> - <string>6.0</string> - <key>CFBundlePackageType</key> - <string>BNDL</string> - <key>CFBundleShortVersionString</key> - <string>1.0</string> - <key>CFBundleSignature</key> - <string>????</string> - <key>CFBundleVersion</key> - <string>1</string> -</dict> -</plist> diff --git a/chrome/test/security_tests/security_tests.cc b/chrome/test/security_tests/security_tests.cc deleted file mode 100644 index b124f76..0000000 --- a/chrome/test/security_tests/security_tests.cc +++ /dev/null @@ -1,64 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <windows.h> -#include <string> - -#define TEST_INJECTION_DLL -#include "chrome/test/security_tests/ipc_security_tests.h" -#include "content/public/common/injection_test_win.h" -#include "sandbox/win/tests/common/controller.h" -#include "sandbox/win/tests/validation_tests/commands.h" - -using sandbox::TestOpenKey; -using sandbox::TestOpenReadFile; -using sandbox::TestOpenWriteFile; - -#define SECURITY_CHECK(x) (*test_count)++; \ - if (sandbox::SBOX_TEST_DENIED != x) { \ - return FALSE; \ - }; - -BOOL APIENTRY DllMain(HMODULE module, DWORD ul_reason_for_call, - LPVOID lpReserved) { - return TRUE; -} - -// Runs the security tests of sandbox for the renderer process. -// If a test fails, the return value is FALSE and test_count contains the -// number of tests executed, including the failing test. -BOOL __declspec(dllexport) __cdecl RunRendererTests(int *test_count) { - *test_count = 0; - SECURITY_CHECK(TestOpenReadFile(L"%SystemDrive%")); - SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%")); - SECURITY_CHECK(TestOpenReadFile(L"%ProgramFiles%")); - SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\System32")); - SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\explorer.exe")); - SECURITY_CHECK(TestOpenReadFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); - SECURITY_CHECK(TestOpenReadFile(L"%AllUsersProfile%")); - SECURITY_CHECK(TestOpenReadFile(L"%Temp%")); - SECURITY_CHECK(TestOpenReadFile(L"%AppData%")); - SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, L"")); - SECURITY_CHECK(TestOpenKey(HKEY_CURRENT_USER, L"")); - SECURITY_CHECK(TestOpenKey(HKEY_USERS, L"")); - SECURITY_CHECK(TestOpenKey(HKEY_LOCAL_MACHINE, - L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon")); - // Test below run on a separate thread because they cannot block the - // renderer process. Therefore they do not return a meaningful value. - PipeImpersonationAttack(); - return TRUE; -} - -// Runs the security tests of sandbox for the plugin process. -// If a test fails, the return value is FALSE and test_count contains the -// number of tests executed, including the failing test. -BOOL __declspec(dllexport) __cdecl RunPluginTests(int *test_count) { - *test_count = 0; - SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%")); - SECURITY_CHECK(TestOpenWriteFile(L"%ProgramFiles%")); - SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\System32")); - SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\explorer.exe")); - SECURITY_CHECK(TestOpenWriteFile(L"%SystemRoot%\\Cursors\\arrow_i.cur")); - return TRUE; -} diff --git a/chrome/test/security_tests/security_tests.gyp b/chrome/test/security_tests/security_tests.gyp deleted file mode 100644 index 8362877..0000000 --- a/chrome/test/security_tests/security_tests.gyp +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2009 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -{ - 'variables': { - 'chromium_code': 1, - }, - 'targets': [ - { - 'target_name': 'security_tests', - 'type': 'shared_library', - 'sources': [ - '../../../sandbox/win/tests/validation_tests/commands.cc', - '../../../sandbox/win/tests/validation_tests/commands.h', - 'ipc_security_tests.cc', - 'ipc_security_tests.h', - 'security_tests.cc', - ], - }, - ], -} diff --git a/content/browser/plugin_browsertest.cc b/content/browser/plugin_browsertest.cc index 9effe32..2e40533 100644 --- a/content/browser/plugin_browsertest.cc +++ b/content/browser/plugin_browsertest.cc @@ -64,9 +64,6 @@ class PluginTest : public ContentBrowserTest { KEY_WRITE) == ERROR_SUCCESS) { regkey.CreateKey(L"BROWSER_TESTS.EXE", KEY_READ); } - } else if (strcmp(test_info->name(), "FlashSecurity") == 0) { - command_line->AppendSwitchASCII(switches::kTestSandbox, - "security_tests.dll"); } #elif defined(OS_MACOSX) base::FilePath plugin_dir; diff --git a/content/browser/plugin_process_host.cc b/content/browser/plugin_process_host.cc index c3f6223..84415eb 100644 --- a/content/browser/plugin_process_host.cc +++ b/content/browser/plugin_process_host.cc @@ -198,7 +198,6 @@ bool PluginProcessHost::Init(const WebPluginInfo& info) { switches::kLogPluginMessages, switches::kNoSandbox, switches::kPluginStartupDialog, - switches::kTestSandbox, switches::kTraceStartup, switches::kUseGL, #if defined(OS_MACOSX) diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc index dbfb849d..49aa127 100644 --- a/content/browser/renderer_host/render_process_host_impl.cc +++ b/content/browser/renderer_host/render_process_host_impl.cc @@ -1168,7 +1168,6 @@ void RenderProcessHostImpl::PropagateBrowserCommandLineToRenderer( switches::kShowPaintRects, switches::kSitePerProcess, switches::kStatsCollectionController, - switches::kTestSandbox, switches::kTestType, switches::kTouchEvents, switches::kTraceToConsole, diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc index 92ec08d..035d5d8 100644 --- a/content/public/common/content_switches.cc +++ b/content/public/common/content_switches.cc @@ -798,9 +798,6 @@ const char kTabCaptureUpscaleQuality[] = "tab-capture-upscale-quality"; const char kTestingFixedHttpPort[] = "testing-fixed-http-port"; const char kTestingFixedHttpsPort[] = "testing-fixed-https-port"; -// Runs the security test for the renderer sandbox. -const char kTestSandbox[] = "test-sandbox"; - // Type of the current test harness ("browser" or "ui"). const char kTestType[] = "test-type"; diff --git a/content/public/common/content_switches.h b/content/public/common/content_switches.h index 7be78a4..437c3d2 100644 --- a/content/public/common/content_switches.h +++ b/content/public/common/content_switches.h @@ -223,7 +223,6 @@ CONTENT_EXPORT extern const char kTabCaptureDownscaleQuality[]; CONTENT_EXPORT extern const char kTabCaptureUpscaleQuality[]; CONTENT_EXPORT extern const char kTestingFixedHttpPort[]; CONTENT_EXPORT extern const char kTestingFixedHttpsPort[]; -CONTENT_EXPORT extern const char kTestSandbox[]; CONTENT_EXPORT extern const char kTestType[]; CONTENT_EXPORT extern const char kTouchScrollingMode[]; CONTENT_EXPORT extern const char kTouchScrollingModeAsyncTouchmove[]; diff --git a/content/renderer/renderer_main.cc b/content/renderer/renderer_main.cc index bc538fd..d95287b 100644 --- a/content/renderer/renderer_main.cc +++ b/content/renderer/renderer_main.cc @@ -181,7 +181,6 @@ int RendererMain(const MainFunctionParams& parameters) { platform.PlatformInitialize(); bool no_sandbox = parsed_command_line.HasSwitch(switches::kNoSandbox); - platform.InitSandboxTests(no_sandbox); // Initialize histogram statistics gathering system. base::StatisticsRecorder::Initialize(); @@ -239,8 +238,6 @@ int RendererMain(const MainFunctionParams& parameters) { base::HighResolutionTimerManager hi_res_timer_manager; - platform.RunSandboxTests(no_sandbox); - startup_timer.Stop(); // End of Startup Time Measurement. if (run_loop) { diff --git a/content/renderer/renderer_main_platform_delegate.h b/content/renderer/renderer_main_platform_delegate.h index 11ba4ae..8d2f8ed 100644 --- a/content/renderer/renderer_main_platform_delegate.h +++ b/content/renderer/renderer_main_platform_delegate.h @@ -34,16 +34,9 @@ class CONTENT_EXPORT RendererMainPlatformDelegate { void PlatformInitialize(); void PlatformUninitialize(); - // Gives us an opportunity to initialize state used for tests before enabling - // the sandbox. - bool InitSandboxTests(bool no_sandbox); - // Initiate Lockdown, returns true on success. bool EnableSandbox(); - // Runs Sandbox tests. - void RunSandboxTests(bool no_sandbox); - private: const MainFunctionParams& parameters_; #if defined(OS_WIN) diff --git a/content/renderer/renderer_main_platform_delegate_android.cc b/content/renderer/renderer_main_platform_delegate_android.cc index a4de860..ab006be 100644 --- a/content/renderer/renderer_main_platform_delegate_android.cc +++ b/content/renderer/renderer_main_platform_delegate_android.cc @@ -38,10 +38,6 @@ void RendererMainPlatformDelegate::PlatformInitialize() { void RendererMainPlatformDelegate::PlatformUninitialize() { } -bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - return true; -} - bool RendererMainPlatformDelegate::EnableSandbox() { #ifdef USE_SECCOMP_BPF if (!base::CommandLine::ForCurrentProcess()->HasSwitch( @@ -56,7 +52,4 @@ bool RendererMainPlatformDelegate::EnableSandbox() { return true; } -void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { -} - } // namespace content diff --git a/content/renderer/renderer_main_platform_delegate_linux.cc b/content/renderer/renderer_main_platform_delegate_linux.cc index bc9deec..2258b26 100644 --- a/content/renderer/renderer_main_platform_delegate_linux.cc +++ b/content/renderer/renderer_main_platform_delegate_linux.cc @@ -39,31 +39,12 @@ void RendererMainPlatformDelegate::PlatformInitialize() { void RendererMainPlatformDelegate::PlatformUninitialize() { } -bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - // The sandbox is started in the zygote process: zygote_main_linux.cc - // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox - return true; -} - bool RendererMainPlatformDelegate::EnableSandbox() { // The setuid sandbox is started in the zygote process: zygote_main_linux.cc // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox // // Anything else is started in InitializeSandbox(). LinuxSandbox::InitializeSandbox(); - return true; -} - -void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { - // The LinuxSandbox class requires going through initialization before - // GetStatus() and others can be used. When we are not launched through the - // Zygote, this initialization will only happen in the renderer process if - // EnableSandbox() above is called, which it won't necesserily be. - // This only happens with flags such as --renderer-cmd-prefix which are - // for debugging. - if (no_sandbox) - return; - // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before // any renderer has been started. // Here, we test that the status of SeccompBpf in the renderer is consistent @@ -89,6 +70,8 @@ void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { CHECK_EQ(errno, EPERM); } #endif // __x86_64__ + + return true; } } // namespace content diff --git a/content/renderer/renderer_main_platform_delegate_mac.mm b/content/renderer/renderer_main_platform_delegate_mac.mm index 7c42727..9b92532 100644 --- a/content/renderer/renderer_main_platform_delegate_mac.mm +++ b/content/renderer/renderer_main_platform_delegate_mac.mm @@ -15,7 +15,6 @@ #include "base/strings/sys_string_conversions.h" #include "content/common/sandbox_mac.h" #include "content/public/common/content_switches.h" -#import "content/public/common/injection_test_mac.h" #include "content/common/sandbox_init_mac.h" namespace content { @@ -128,35 +127,6 @@ void RendererMainPlatformDelegate::PlatformInitialize() { void RendererMainPlatformDelegate::PlatformUninitialize() { } -static void LogTestMessage(std::string message, bool is_error) { - if (is_error) - LOG(ERROR) << message; - else - VLOG(0) << message; -} - -bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - const CommandLine& command_line = parameters_.command_line; - - if (command_line.HasSwitch(switches::kTestSandbox)) { - std::string bundle_path = - command_line.GetSwitchValueNative(switches::kTestSandbox); - if (bundle_path.empty()) { - NOTREACHED() << "Bad bundle path"; - return false; - } - NSBundle* tests_bundle = - [NSBundle bundleWithPath:base::SysUTF8ToNSString(bundle_path)]; - if (![tests_bundle load]) { - NOTREACHED() << "Failed to load bundle"; - return false; - } - sandbox_tests_bundle_ = [tests_bundle retain]; - [objc_getClass("RendererSandboxTestsRunner") setLogFunction:LogTestMessage]; - } - return true; -} - bool RendererMainPlatformDelegate::EnableSandbox() { // Enable the sandbox. bool sandbox_initialized = InitializeSandbox(); @@ -170,15 +140,4 @@ bool RendererMainPlatformDelegate::EnableSandbox() { return sandbox_initialized; } -void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { - Class tests_runner = objc_getClass("RendererSandboxTestsRunner"); - if (tests_runner) { - if (![tests_runner runTests]) - LOG(ERROR) << "Running renderer with failing sandbox tests!"; - [sandbox_tests_bundle_ unload]; - [sandbox_tests_bundle_ release]; - sandbox_tests_bundle_ = nil; - } -} - } // namespace content diff --git a/content/renderer/renderer_main_platform_delegate_win.cc b/content/renderer/renderer_main_platform_delegate_win.cc index 77d5a34..1bbd705 100644 --- a/content/renderer/renderer_main_platform_delegate_win.cc +++ b/content/renderer/renderer_main_platform_delegate_win.cc @@ -112,28 +112,6 @@ void RendererMainPlatformDelegate::PlatformInitialize() { void RendererMainPlatformDelegate::PlatformUninitialize() { } -bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { - const CommandLine& command_line = parameters_.command_line; - - DVLOG(1) << "Started renderer with " << command_line.GetCommandLineString(); - - sandbox::TargetServices* target_services = - parameters_.sandbox_info->target_services; - - if (target_services && !no_sandbox) { - std::wstring test_dll_name = - command_line.GetSwitchValueNative(switches::kTestSandbox); - if (!test_dll_name.empty()) { - sandbox_test_module_ = LoadLibrary(test_dll_name.c_str()); - DCHECK(sandbox_test_module_); - if (!sandbox_test_module_) { - return false; - } - } - } - return true; -} - bool RendererMainPlatformDelegate::EnableSandbox() { sandbox::TargetServices* target_services = parameters_.sandbox_info->target_services; @@ -152,19 +130,4 @@ bool RendererMainPlatformDelegate::EnableSandbox() { return false; } -void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { - if (sandbox_test_module_) { - RunRendererTests run_security_tests = - reinterpret_cast<RunRendererTests>(GetProcAddress(sandbox_test_module_, - kRenderTestCall)); - DCHECK(run_security_tests); - if (run_security_tests) { - int test_count = 0; - DVLOG(1) << "Running renderer security tests"; - BOOL result = run_security_tests(&test_count); - CHECK(result) << "Test number " << test_count << " has failed."; - } - } -} - } // namespace content |