summaryrefslogtreecommitdiffstats
path: root/sandbox/win
Commit message (Collapse)AuthorAgeFilesLines
* Disabling nacl_win64 targets when building in target_arch!=ia32 mode.bradnelson@google.com2013-01-211-30/+36
| | | | | | | | | | | | | | | | When building on windows with target_arch=x64, we no longer need win32 targets forced to be 64-bit. This gates out these targets when target_arch!=ia32. (Prior CL dropped the minimal set to break the dependency between these targets and the rest of the build. This eliminates them completely.) BUG=None TEST=None R=jschuh@chromium.org,thestig@chromium.org TBR=darin@chromium.org,abodenha@chromium.org,apatrick@chromium.org,sra@chromium.org,wtc@chromium.org Review URL: https://chromiumcodereview.appspot.com/11929039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@177959 0039d316-1c4b-4281-b951-d872f2087c98
* Make the Windows sandbox support a normal x64 buildjschuh@chromium.org2013-01-052-26/+32
| | | | | | | | | | I've fixed the dependencies, so we can now support building the sandbox and running the tests as part of a normal Win64 build. BUG=168414 Review URL: https://chromiumcodereview.appspot.com/11788002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175278 0039d316-1c4b-4281-b951-d872f2087c98
* Base: Update ScopedProcessInformation to use ScopedHandle and restrict Receive()rvargas@google.com2013-01-031-3/+4
| | | | | | | | | | to the span of the callsite. BUG=none TEST=base_unittests Review URL: https://codereview.chromium.org/11636061 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@174998 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Don't create an ScopedHandle with an invalid handle.rvargas@chromium.org2012-12-201-1/+2
| | | | | | | | | BUG=166888 TEST=none Review URL: https://chromiumcodereview.appspot.com/11639024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@174122 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Verify the return value when changing memory protection.rvargas@google.com2012-11-272-2/+6
| | | | | | | BUG=162073 TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@169545 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Increase the default timeout of multiprocess tests to 1 minute.rvargas@google.com2012-11-171-1/+1
| | | | | | | | | | | This means that external timeouts (the test framework) are now the dominant factor to detect a hung test. BUG=137652 TEST=none Review URL: https://codereview.chromium.org/11299052 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@168336 0039d316-1c4b-4281-b951-d872f2087c98
* Fix memory smashing on the sandbox PolicyRulecpu@chromium.org2012-11-143-10/+52
| | | | | | | | | | | | | | | | | | | | | | | | | PolicyRule copy ctor was not taking into account that the source policy rule could be using some 'constants' memory at the bottom, so adding further opcodes to the new policy rule would overwrite the copied ones. In other words, this pattern PolicyRule pr_orig(ASK_BROKER); pr_orig.AddStringMatch(...); PolicyRule pr_copy(pr_orig); pr_copy.AddStringMatch(...); Was broken. This was not impacting the chrome sbox code because we don't mutate the new rule after copy construction. Acknoledgments to Ashutosh Mehra from Adobe Corp for pointing the bug and providing a test case. BUG=160890 TEST=new unittest added Review URL: https://codereview.chromium.org/11275301 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@167571 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 162293 - Enable DEP earlier on Vista and belowmattm@chromium.org2012-10-173-29/+29
| | | | | | | | | | | | | We can't enable DEP at launch prior to Win7, but we can queue an APC to enable immediately after the loader finishes. BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10944015 TBR=jschuh@chromium.org Review URL: https://codereview.chromium.org/11194027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162300 0039d316-1c4b-4281-b951-d872f2087c98
* Enable DEP earlier on Vista and belowjschuh@chromium.org2012-10-173-29/+29
| | | | | | | | | | We can't enable DEP at launch prior to Win7, but we can queue an APC to enable immediately after the loader finishes. BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10944015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@162293 0039d316-1c4b-4281-b951-d872f2087c98
* Re-enable the tests for jobless children and add some more to them.pastarmovj@chromium.org2012-10-111-17/+100
| | | | | | | | | | | | | The new tests do aral end-to-end testing that the JOB_NONE flag works as expected. BUG=79091 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/11017012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161245 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 160252 - Make mitigation failures CHECKjschuh@chromium.org2012-10-051-17/+23
| | | | | | | | | | | | This is a temporary change to narrow down failures enabling mitigations on Win8. I'll revert once the cause is determined. BUG=153399 Review URL: https://codereview.chromium.org/11040046 TBR=jschuh@chromium.org Review URL: https://codereview.chromium.org/11026071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160419 0039d316-1c4b-4281-b951-d872f2087c98
* Make mitigation failures CHECKjschuh@chromium.org2012-10-041-23/+17
| | | | | | | | | This is a temporary change to narrow down failures enabling mitigations on Win8. I'll revert once the cause is determined. BUG=153399 Review URL: https://codereview.chromium.org/11040046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160252 0039d316-1c4b-4281-b951-d872f2087c98
* Temporarily disable failing integration tests on Windowsbartfab@chromium.org2012-10-041-5/+5
| | | | | | | | | | | | | These tests are failing due to timing issues on the slower bots after crrev.com/160133 landed. Julian will fiddle with the timings and re- enable the tests tomorrow. BUG=79091 TBR=pastarmovj@chromium.org Review URL: https://codereview.chromium.org/11030028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160137 0039d316-1c4b-4281-b951-d872f2087c98
* Add a parameter to the sandbox policy to allow sandboxed process to run ↵pastarmovj@chromium.org2012-10-0410-26/+211
| | | | | | | | | | | | | | | | | | | outside of a job and wire it to a cmd line flag. This is needed for running chrome in Citrix or RemoteApp (Terminal Services) environments. These envoronments both start the main process inside a job spawned by rdpinit.exe (at least in the RemoteApp case) and the process are not allowed to escape it therefore when the job assignment is attempted it failes with ERROR_PERMISSION_DENIED. This is not a problem in Windows 8/Server 2012 because these allow nested jobs so we should only respect this flag for versions older than that. BUG=79091 TEST=Start Chrome as a published app with --allow-no-job and observe it spawning renderer processes properly. Review URL: https://chromiumcodereview.appspot.com/10908171 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@160133 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 159850 - Enable handle tracing in Canary, Dev, and all debug builds ↵alexeypa@google.com2012-10-031-11/+6
| | | | | | | | | | | | | | | of Chrome (Windows only). BUG=131699,153148 Enabling handle tracing for the whole lifetime of a process uncovers to many bugs, causing lots of crashes. A supression or selective enablement mechanism is required to make it work. Review URL: https://chromiumcodereview.appspot.com/11035012 TBR=alexeypa@chromium.org Review URL: https://codereview.chromium.org/11043021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159914 0039d316-1c4b-4281-b951-d872f2087c98
* Enable handle tracing in Canary, Dev, and all debug builds of Chrome ↵alexeypa@chromium.org2012-10-031-6/+11
| | | | | | | | | | | (Windows only). BUG=131699,153148 Review URL: https://chromiumcodereview.appspot.com/11035012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159850 0039d316-1c4b-4281-b951-d872f2087c98
* Improve error handling in ApplyProcessMitigationsToCurrentProcessjschuh@chromium.org2012-10-021-7/+15
| | | | | | | BUG=153399 Review URL: https://codereview.chromium.org/11036009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159632 0039d316-1c4b-4281-b951-d872f2087c98
* Add extra buckets to CrashExitCodes histogram for sandbox terminations.eroman@chromium.org2012-09-281-2/+3
| | | | | | | | BUG=152814 Review URL: https://chromiumcodereview.appspot.com/10981061 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159215 0039d316-1c4b-4281-b951-d872f2087c98
* Remove GetModuleHandleHelper(), which was only needed for Win2k (which we ↵pkasting@chromium.org2012-09-226-83/+26
| | | | | | | | | | don't support). BUG=none TEST=none Review URL: https://codereview.chromium.org/10951038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@158165 0039d316-1c4b-4281-b951-d872f2087c98
* Make ProcessMitigationsTest.CheckWin8 work in debug buildsjschuh@chromium.org2012-09-221-11/+15
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10956050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@158132 0039d316-1c4b-4281-b951-d872f2087c98
* Cleanup: avoid foo ? true : false, part 2.thestig@chromium.org2012-09-195-14/+9
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10942004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@157509 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-309/+767
| | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156657 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 156550 - Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-746/+309
| | | | | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/10907217 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156556 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigations jschuh@chromium.org2012-09-1317-309/+746
| | | | | | | BUG=147752 Review URL: https://codereview.chromium.org/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156550 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 156315 - Add sandbox support for Windows process mitigationsjschuh@chromium.org2012-09-1217-738/+304
| | | | | | | | | | BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10690058 TBR=jschuh@chromium.org Review URL: https://chromiumcodereview.appspot.com/10918197 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156322 0039d316-1c4b-4281-b951-d872f2087c98
* Add sandbox support for Windows process mitigationsjschuh@chromium.org2012-09-1217-304/+738
| | | | | | | BUG=147752 Review URL: https://chromiumcodereview.appspot.com/10690058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156315 0039d316-1c4b-4281-b951-d872f2087c98
* Disable FilePolicyTest, DISABLED_TestReparsePointtbreisacher@chromium.org2012-09-071-1/+2
| | | | | | | | | | BUG=146944 TBR=nsylvain@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10910125 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155286 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Add support for Windows 8' AppContainer.rvargas@google.com2012-09-0517-82/+665
| | | | | | | | | | | | | Both sandboxes are not fully compatible yet; it is not possible to enable the AppContainer if the process is to be fully sandboxed (USER_LOCKDOWN), but the sandbox is user configurable anyway. BUG=none TEST=sbox_unittests, sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10825425 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154986 0039d316-1c4b-4281-b951-d872f2087c98
* Move STARTUPINFO manipulation into SpawnTargetjschuh@chromium.org2012-08-283-13/+25
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10878071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153606 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Disable a test that fails on Win64.rvargas@google.com2012-08-231-0/+2
| | | | | | | | BUG=6944 TEST=none Review URL: https://chromiumcodereview.appspot.com/10860081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@153035 0039d316-1c4b-4281-b951-d872f2087c98
* Re-enable sandbox ClientFastServer test.jln@chromium.org2012-08-221-3/+0
| | | | | | | | | | BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10831414 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152806 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-102-45/+110
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10837151 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150957 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 150423 - Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-072-111/+45
| | | | | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10831160 TBR=rvargas@google.com Review URL: https://chromiumcodereview.appspot.com/10831200 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150429 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-072-45/+111
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10831160 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150423 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 149782 - Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-032-105/+45
| | | | | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10823134 TBR=rvargas@google.com Review URL: https://chromiumcodereview.appspot.com/10828142 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149790 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-032-45/+105
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10823134 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149782 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Verify that members of TargetProcess are valid before freeing them.rvargas@google.com2012-08-031-10/+13
| | | | | | | | | | SpawnCleanup may trigger the destruction of a partially created TargetProcess. BUG=139898 TEST=none Review URL: https://chromiumcodereview.appspot.com/10831133 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149763 0039d316-1c4b-4281-b951-d872f2087c98
* Fixing a couple of issues in sandbox::RestrictedToken:alexeypa@chromium.org2012-08-012-13/+82
| | | | | | | | | | | | - Specify access bits on the duplicated handle correctly. - Avoid touching an uninitialized buffer in case of an error. BUG=139841 TEST=RestrictedTokenTest.DenyOwnerSidCustom, RestrictedTokenTest.AddRestrictingSidCurrentUserCustom Review URL: https://chromiumcodereview.appspot.com/10844003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149475 0039d316-1c4b-4281-b951-d872f2087c98
* Coverity: Fix several pass-by-values.jhawkins@chromium.org2012-07-271-1/+1
| | | | | | | | | | | | | CID_COUNT=8 CID=7757,8647,11476,16931,16932,100206,100577,102872 BUG=none TEST=none R=tbreisacher@chromium.org TBR=brettw@chromium.org,kalman@chromium.org Review URL: https://chromiumcodereview.appspot.com/10824033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148687 0039d316-1c4b-4281-b951-d872f2087c98
* Remove use-after-free bug.tbreisacher@chromium.org2012-07-251-3/+3
| | | | | | | | | | | CID=104376 BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10821018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148424 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 147510 - Revert "Remove part of a sandbox test that fails on XP"vitalybuka@chromium.org2012-07-201-0/+3
| | | | | | | | | | | | | | | | | | | | It still brakes sbox_unittests. This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10810033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147613 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Remove part of a sandbox test that fails on XP"jln@chromium.org2012-07-191-3/+0
| | | | | | | | | | | | | | | This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147510 0039d316-1c4b-4281-b951-d872f2087c98
* Remove part of a sandbox test that fails on XPjln@chromium.org2012-07-181-0/+3
| | | | | | | | | | | | | | | | | IPCTest.ClientFastServer inexplicably fails on XP after we moved the Windows sandbox to sandbox/win. Disable the part that fails for now. BUG= TEST= NOTRY=true TBR=cpu@chromium.org Review URL: https://chromiumcodereview.appspot.com/10806003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147165 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Windows sandbox to sandbox/winjln@chromium.org2012-07-18214-0/+35648
| | | | | | | | | | | | | This is a rather large refactor to move the Windows sandbox to the right place. BUG= TEST= NOTRY=true TBR=sky@chromium.org Review URL: https://chromiumcodereview.appspot.com/10689170 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147151 0039d316-1c4b-4281-b951-d872f2087c98
* Emergency revert; rietveld broke; tree brokeerg@google.com2012-07-13214-35648/+0
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146646 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_win.gypi: one less.. for other .gyp filesjln@chromium.org2012-07-131-10/+10
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146630 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/wow_helper -> sandbox/win/wow_helperjln@chromium.org2012-07-133-5/+5
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146629 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/tools -> sandbox/win/toolsjln@chromium.org2012-07-137-8/+8
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146628 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_poc + test to sandbox/winjln@chromium.org2012-07-1331-43/+43
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146627 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/src -> sandbox/win/srcjln@chromium.org2012-07-13162-566/+566
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146626 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-03-03 15:08:12 +0000