summaryrefslogtreecommitdiffstats
path: root/chrome/browser/utility.sb
Commit message (Collapse)AuthorAgeFilesLines
* Mac: block ability to stat arbitrary files in the Sandbox.jeremy@chromium.org2010-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This change removes the ability to stat any file on disk and instead only allows stating files to which we have read access. The complication with removing the ability to stat an arbitrary path is that without extra work you get into a situation where you can stat a leaf directory, but not it's parent. e.g. stat("/foo/bar") succeeds while stat("/foo") fails with errno == EPERM. The only place we currently run into this is the utility process where the file system is off limits except for one directory. This causes problems in 2 places: 1) DirectoryExists() works it's way from / down to the leaf directory stating each directory as it goes. 2) The extension installation code calls realpath() which fails if it can't stat parent directories. The fix for the above is to explictly allow stating parent directories. We achieve this in the sandbox code by adding a function which generates the appropriate sandbox syntax. This CL also contains unit tests for the above functionality and re-enables it [bug 56765, the underlying issue appears to be unrelated to the test and previously fixed]. BUG=42989, 56765 TEST=Chrome should continue to render web pages correctly, installing extensions and themes should continue to work on OS X. Review URL: http://codereview.chromium.org/4044002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63884 0039d316-1c4b-4281-b951-d872f2087c98
* Mac: Refactor sandbox profiles to use a common base configuration file.jeremy@chromium.org2010-04-161-25/+2
| | | | | | | | | | | Eliminate rule duplication in our sandbox profiles by creating a new common.sb file which we include implicitly at the start of all other sandbox configuration files. BUG=39987 TEST=Chrome on Mac should continue to render pages, all unit tests should pass. Review URL: http://codereview.chromium.org/1656006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44804 0039d316-1c4b-4281-b951-d872f2087c98
* Tighten down OS X sandbox a bit.jeremy@chromium.org2010-03-071-3/+3
| | | | | | | | | | BUG=None TEST=Browsing to popular websites on OS X 10.5 & 10.6 should continue to work. Be sure to test on both 10.5 and 10.6 Review URL: http://codereview.chromium.org/660444 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40867 0039d316-1c4b-4281-b951-d872f2087c98
* Add regex escaping code to Mac sandbox implementation and re-enable the ↵jeremy@chromium.org2009-12-031-2/+2
| | | | | | | | | | | | | | | utility process on OS X. Other changes: * An error initializing the sandbox on OS X is now treated as fatal. * Improved error reporting for sandbox-related failures. BUG=26492,23837 TEST=Installing extensions and themes should still work on OS X. Review URL: http://codereview.chromium.org/434077 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33682 0039d316-1c4b-4281-b951-d872f2087c98
* TBR: mark@chromium.orgjeremy@chromium.org2009-11-051-0/+40
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31091 0039d316-1c4b-4281-b951-d872f2087c98
* TBR:markjeremy@chromium.org2009-11-051-40/+0
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31090 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox Worker process on the Mac.jeremy@chromium.org2009-11-051-0/+40
* Add plumbing to allow multiple Sandbox profiles on OS X. * Separate sandbox_init_wrapper into platform specific files. * Sandbox Worker process & add plumbing to Sandbox utility process when we bring that up. * Remove mention of stale bugs in utility process on Mac. BUG=23582 TEST=Worker process should work. Review URL: http://codereview.chromium.org/341033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31089 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-11 18:15:43 +0000