summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Reland "Remove base/scoped_handle_win.h."tfarina@chromium.org2011-01-098-52/+56
| | | | | | | | | | | | | | | Fixed the problem with rlz library. Now should be fine to land this again. This reverts commit 3620d9501af7bff688862c54fdd60f7eb41797f3. Original Review URL: http://codereview.chromium.org/6126002/ BUG=None TEST=trybots Review URL: http://codereview.chromium.org/6110005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70861 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Remove base/scoped_handle_win.h stub and fix up all callers to use ↵thakis@chromium.org2011-01-078-56/+52
| | | | | | | | | | the new location and namespace." This reverts r 70795, it broke the build. TBR=vandebo git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70802 0039d316-1c4b-4281-b951-d872f2087c98
* Remove base/scoped_handle_win.h stub and fix up all callers to use the new ↵tfarina@chromium.org2011-01-078-52/+56
| | | | | | | | | | | location and namespace. BUG=None TEST=trybots Review URL: http://codereview.chromium.org/6126002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70795 0039d316-1c4b-4281-b951-d872f2087c98
* Remove base/platform_thread.h stub and fix up all callers to use the new ↵brettw@google.com2011-01-011-2/+2
| | | | | | | | | location and namespace. TEST=none BUG=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70346 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix the memory protection code to handle page boundaries.rvargas@google.com2010-12-281-1/+1
| | | | | | | | | BUG=43867 TEST=none Review URL: http://codereview.chromium.org/6034008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70233 0039d316-1c4b-4281-b951-d872f2087c98
* Windows Sandbox: Perform case insensitive tests when checkingrvargas@google.com2010-12-212-3/+32
| | | | | | | | | | | file handles to be returned to a sandboxed process. BUG=67215 TEST=sbox_unittests Review URL: http://codereview.chromium.org/5989004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69847 0039d316-1c4b-4281-b951-d872f2087c98
* Avoid the use of wow_helper for Windows7cpu@chromium.org2010-10-291-2/+5
| | | | | | | | | | | | | | | In Windows7 64-bit the wow subsystem maps the 32 bit ntdll from the get go, so there is no need to use wow_helper at all. This also should speed process creation for chrome. BUG=60854 TEST=existing validation and integration tests suffice. Review URL: http://codereview.chromium.org/4185004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64446 0039d316-1c4b-4281-b951-d872f2087c98
* Add a bunch of missing bug references to FLAKY testsstuartmorgan@chromium.org2010-10-271-0/+1
| | | | | | | | | BUG=None TEST=N/A Review URL: http://codereview.chromium.org/4135007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64150 0039d316-1c4b-4281-b951-d872f2087c98
* Move pe_image and registry from base to base/win and use the namespace. It ↵brettw@chromium.org2010-10-178-16/+16
| | | | | | | | | | | | removes windows_message_list which isn't used. This keeps a stub for registry in the old location until we can update that. TEST=it compiles BUG=none Review URL: http://codereview.chromium.org/3836005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62888 0039d316-1c4b-4281-b951-d872f2087c98
* Move windows version-related stuff out of base/win_util and into ↵brettw@chromium.org2010-10-156-23/+24
| | | | | | | | | | | | | | base/win/windows_version. Many files now only need to include this instead of all of win_util. Remove a bunch of unused code from base/win_util. There was a surprising amount. Replace the AppUserModel property key with the one from the SDK now that we use the Win7 SDK. Move GetLogonSessionOnlyDACL from win_util to ipc since it's only used in that one place. TEST=it compiles BUG=none Review URL: http://codereview.chromium.org/3823002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62694 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 62205 - Make writing to stdout and stderr work in Chrome processes ↵isherman@chromium.org2010-10-121-5/+0
| | | | | | | | | | | | | | | | | | | | | when inherited handles are available. Don't create a console, just attach to any existing console. R=cpu BUG=none TEST=none Review URL: http://codereview.chromium.org/3574008 Reverting because it breaks browser_tests logging TBR=darin@chromium.org Review URL: http://codereview.chromium.org/3691005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62236 0039d316-1c4b-4281-b951-d872f2087c98
* Make writing to stdout and stderr work in Chrome processes when inheriteddarin@chromium.org2010-10-111-0/+5
| | | | | | | | | | | | | | handles are available. Don't create a console, just attach to any existing console. R=cpu BUG=none TEST=none Review URL: http://codereview.chromium.org/3574008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62205 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox change. Remove inheritance of the duplicated tokens.cpu@chromium.org2010-09-221-4/+4
| | | | | | | | | | | | | I don't think this is necessary at all and coult potentially leak tokens into other child processes. BUG=none TEST=run chrome, verify renderers are sandboxed Review URL: http://codereview.chromium.org/3386012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60136 0039d316-1c4b-4281-b951-d872f2087c98
* Support for building Chrome using Clang.evan@chromium.org2010-09-181-2/+2
| | | | | | | | | | | | | | | | To build, set the clang=1 gyp_define. This patch is the culmination of many months of effort and many patches. It contains the minimal changes to Chrome that are Clang-specific. With this, I can build the "chrome" target. Once this patch is in, we can incrementally fix bits of Chrome and various tests and remove the Clang-specific workarounds. Review URL: http://codereview.chromium.org/522020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59882 0039d316-1c4b-4281-b951-d872f2087c98
* Fix SameObject to not return false when the volume name returned by ↵nsylvain@chromium.org2010-09-161-1/+1
| | | | | | | | | QueryDosDevice ends with more than 2 NULL chars. Review URL: http://codereview.chromium.org/3429010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59719 0039d316-1c4b-4281-b951-d872f2087c98
* Pull seccomp-sandbox in via DEPS rather than using an in-tree copy mseaborn@chromium.org2010-09-0146-14320/+1
| | | | | | | | | | | | | | | | This means changes to the sandbox won't have to be committed twice, to both trees. This is a retry of r57921, which was committed with git-svn and failed to remove the "seccomp" directory. This caused problems when trying to "svn checkout" to the same location, and the change was reverted. This time I will use SVN to commit the change. BUG=none TEST=smoke test of running chromium with --enable-seccomp-sandbox Review URL: http://codereview.chromium.org/3225010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58184 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 57921 - Pull seccomp-sandbox in via DEPS rather than using an in-tree ↵nsylvain@chromium.org2010-08-3145-0/+14319
| | | | | | | | | | | | | | | | | copy This means changes to the sandbox won't have to be committed twice, to both trees. BUG=none TEST=smoke test of running chromium with --enable-seccomp-sandbox Review URL: http://codereview.chromium.org/3249003 TBR=mseaborn@chromium.org Review URL: http://codereview.chromium.org/3245011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57933 0039d316-1c4b-4281-b951-d872f2087c98
* Pull seccomp-sandbox in via DEPS rather than using an in-tree copymseaborn@chromium.org2010-08-3045-14319/+0
| | | | | | | | | | | | This means changes to the sandbox won't have to be committed twice, to both trees. BUG=none TEST=smoke test of running chromium with --enable-seccomp-sandbox Review URL: http://codereview.chromium.org/3249003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57921 0039d316-1c4b-4281-b951-d872f2087c98
* FBTF: Remove unneeded headers from base/ (part 7)thestig@chromium.org2010-08-271-2/+1
| | | | | | | | BUG=none TEST=none Review URL: http://codereview.chromium.org/3176026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57737 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp sandbox: Add a policy flag to allow file namespace access to be disabledmseaborn@chromium.org2010-08-276-14/+103
| | | | | | | | | | | | | | | | This allows file namespace access to be turned on for the purpose of testing, and we use this in some of the tests, but it is disabled by default. This synchronises the Chromium copy with r88 in the non-Chromium copy of seccomp-sandbox. BUG=none TEST=make test Review URL: http://codereview.chromium.org/3248002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57722 0039d316-1c4b-4281-b951-d872f2087c98
* Remove NEWNS from the setuid sandbox.mal@chromium.org2010-08-261-4/+0
| | | | | | | | | | | This can cause issues with the automounter on ubuntu. R= agl BUG= http://b/2824277 TEST= see bug. Or see traffic on the bug drop to <10 comments/day. Review URL: http://codereview.chromium.org/3146044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57469 0039d316-1c4b-4281-b951-d872f2087c98
* Sbox IPC fixcpu@chromium.org2010-08-203-40/+79
| | | | | | | | | | | | | | Second take, I had off-by-one bad check in line 164 for more info see review 3142022 BUG=52682 TEST=included Review URL: http://codereview.chromium.org/3130037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56938 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 56796 - Sbox IPC fixcpu@chromium.org2010-08-203-72/+39
| | | | | | | | | | | | | | | Tests failing on vista BUG=52682 TEST=included Review URL: http://codereview.chromium.org/3142022 TBR=cpu@chromium.org Review URL: http://codereview.chromium.org/3122031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56798 0039d316-1c4b-4281-b951-d872f2087c98
* Sbox IPC fixcpu@chromium.org2010-08-203-39/+72
| | | | | | | | | | BUG=52682 TEST=included Review URL: http://codereview.chromium.org/3142022 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56796 0039d316-1c4b-4281-b951-d872f2087c98
* Allow native (nt-style) paths to be used for sandbox policy specificationcpu@chromium.org2010-08-074-17/+61
| | | | | | | | | | | | | 1- bypass fixup when adding the path into the policy 2- make SameObject() do case-insensitive perfect match BUG=50774 TEST= unit test included Review URL: http://codereview.chromium.org/3092014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55329 0039d316-1c4b-4281-b951-d872f2087c98
* FBTF: Remove unneeded headers from base/ (part 1)thestig@chromium.org2010-08-053-3/+2
| | | | | | | | BUG=none TEST=none Review URL: http://codereview.chromium.org/3071012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55034 0039d316-1c4b-4281-b951-d872f2087c98
* Check the IPC filename length does not exceed the message size.jschuh@google.com2010-07-221-0/+5
| | | | | | | | BUG=49763 TEST=None. Review URL: http://codereview.chromium.org/2806067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53415 0039d316-1c4b-4281-b951-d872f2087c98
* Fix about:sandbox's network isolation indication.agl@chromium.org2010-07-211-1/+1
| | | | | | (aka: agl's an idiot. Thanks Julien.) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53180 0039d316-1c4b-4281-b951-d872f2087c98
* Remove <iostream> where possible.erg@google.com2010-07-203-3/+0
| | | | | | | | | | | | | <iostream> creates a static initializer. Most people don't need <iostream> anyway--they really need <ostream> for operator<< overloads. <iostream> should *never* be included in a header file; <iosfwd> exists for that purpose. BUG=none TEST=none Review URL: http://codereview.chromium.org/3014015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53083 0039d316-1c4b-4281-b951-d872f2087c98
* Add about:sandbox.agl@chromium.org2010-07-131-1/+14
| | | | | | | | | | | (Idea from Julien Tinnes) BUG=none TEST=Navigate to about:sandbox on Linux and see the status of the sandbox. http://codereview.chromium.org/2966003/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52176 0039d316-1c4b-4281-b951-d872f2087c98
* Fix compiler error in sandbox util in case exception is enabled.victorw@chromium.org2010-06-222-0/+12
| | | | | | | | | | | | | | | | | Add operator delete that matches the placement form of the operator new. This is required by compiler to generate code to call operator delete in case the object's constructor throws an exception. See http://msdn.microsoft.com/en-us/library/cxdxz3x6.aspx R=rvargas BUG=none TEST=sandbox code compiles if exception is enabled. Review URL: http://codereview.chromium.org/2870017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50486 0039d316-1c4b-4281-b951-d872f2087c98
* FAILS tests should not turn the bot red.vandebo@chromium.org2010-06-181-2/+2
| | | | | | | | | | | | | | | | | | | Revert 50258 - TTF: Reenable some disabled tests. DevToolsSanityTest.TestConsoleLog seems to work ProxyResolverV8Test.FAILS_ReturnUnicode DepTest.FAILS_TestDepDisable VectorCanvasTest.FAILS_Matrix TEST=none BUG=disabled tests Review URL: http://codereview.chromium.org/2819011 TBR=vandebo@chromium.org Review URL: http://codereview.chromium.org/2862016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50261 0039d316-1c4b-4281-b951-d872f2087c98
* TTF: Reenable some disabled tests.vandebo@chromium.org2010-06-181-2/+2
| | | | | | | | | | | | | | DevToolsSanityTest.TestConsoleLog seems to work ProxyResolverV8Test.FAILS_ReturnUnicode DepTest.FAILS_TestDepDisable VectorCanvasTest.FAILS_Matrix TEST=none BUG=disabled tests Review URL: http://codereview.chromium.org/2819011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50258 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 49982 - patchthakis@chromium.org2010-06-161-2/+2
| | | | | | | TBR=thakis@chromium.org Review URL: http://codereview.chromium.org/2825006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50002 0039d316-1c4b-4281-b951-d872f2087c98
* patchthakis@chromium.org2010-06-161-2/+2
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49982 0039d316-1c4b-4281-b951-d872f2087c98
* Rename Chrome threads to use a "Cr" prefix.evan@chromium.org2010-06-091-1/+1
| | | | | | | | | | | Before we carefully used the app (Chrome/Chromium) name, but: 1) these are for internal debugging use only, so why compute this name 2) on Linux the thread ids are limited to 16 characters, and "Chromium" is too long Review URL: http://codereview.chromium.org/2741003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49296 0039d316-1c4b-4281-b951-d872f2087c98
* Use DISALLOW_COPY_AND_ASSIGN instead of DISALLOW_EVIL_CONSTRUCTORS in ↵tfarina@chromium.org2010-06-0523-51/+51
| | | | | | | | | | | sandbox directory. BUG=None TEST=trybots Review URL: http://codereview.chromium.org/2643003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49010 0039d316-1c4b-4281-b951-d872f2087c98
* Implement most of the ridealong fixes/cleanups I suggested during review for ↵pkasting@chromium.org2010-06-012-9/+9
| | | | | | | | | | enabling warn-on-signed-versus-unsigned-equality-comparisions on Windows. BUG=none TEST=none Review URL: http://codereview.chromium.org/2395001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48666 0039d316-1c4b-4281-b951-d872f2087c98
* Enable warning 4389 as an error on windows builds. This will make mbelshe@chromium.org2010-05-275-39/+39
| | | | | | | | | | | | windows builds more similar to linux/mac, which already treat signed/ unsigned equality comparisons as warnings (and hence errors). BUG=44471 TEST=none Review URL: http://codereview.chromium.org/2222002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48395 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Another dependency the bbot missed!!!"rafaelw@chromium.org2010-05-265-39/+39
| | | | | | | | | | | | | | | | | | This reverts commit 161f7fd3bdd425167af9fe26fdc5373a2ff44c98. Revert "Missed a file as part of checkin for r48186" This reverts commit cff86beba5938209393a6c3bccced62a7f3ff36b. Revert "Enable warning 4389 as an error on windows builds. This will make" This reverts commit c78936bcfc65b98edf288191d927a495b0364621. TBR=mbelshe Review URL: http://codereview.chromium.org/2253001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48238 0039d316-1c4b-4281-b951-d872f2087c98
* Enable warning 4389 as an error on windows builds. This will makembelshe@chromium.org2010-05-255-39/+39
| | | | | | | | | | | | windows builds more similar to linux/mac, which already treat signed/ unsigned equality comparisons as warnings (and hence errors). BUG=44471 TEST=none Review URL: http://codereview.chromium.org/2081007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48186 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp sandbox: Add Gyp rules for building the test suitemseaborn@chromium.org2010-05-241-0/+30
| | | | | | | | | | | | | | This should work both standalone and inside the Chromium build. I have not included an action for running the tests, since having such an action does not seem to be common in the Chromium build. BUG=none TEST=seccomp_tests Review URL: http://codereview.chromium.org/2165001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48043 0039d316-1c4b-4281-b951-d872f2087c98
* Add NEWNS and NEWNET to the SUID sandbox.agl@chromium.org2010-05-241-15/+30
| | | | | | | | | | | | | | | | | | | This patch attempts to fork off the sandboxed process with the additional NEWNS and NEWNET flags. If these flags aren't supported at runtime then the code will degrade to the current behaviour. NEWNS starts children in a new mount namespace so that they cannot affect the parent's mounts. (This is a little bit useless every little helps.) NEWNET starts children in a new network space, initially with no network devices and this stops sandboxed processes from talking to the network. Additionally, children exist in their own namespaces for UNIX domain sockets and the abstract namespace. http://codereview.chromium.org/2108020/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48040 0039d316-1c4b-4281-b951-d872f2087c98
* Remove a possible race in the SUID sandbox (minor)agl@chromium.org2010-05-201-7/+18
| | | | | | | | | | | | | | | | | The SUID sandbox can be used to set the oom_adj value for non-dumpable processes owned by the same user. When doing so, we previously first checked the directory owner and then opened the oom_adj file. In between the check and the open, the process could have died and another process could have taken that PID value. We would then adjust the OOM value of the wrong process. Given how PIDs are allocated, this is very hard to exploit and, even then, a minor security issue at best, but we can avoid the issue entirely with openat. http://codereview.chromium.org/2118007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47801 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp sandbox: Split source file list into a separate .gyp filemseaborn@chromium.org2010-05-202-52/+67
| | | | | | | | | | | | | | | | | The intention behind this is to make it easier to sync the .gyp file into the non-Chromium copy of the seccomp sandbox so that it can be used to build a standalone version of the sandbox. Also, it arguably makes the .gyp files more manageable. Removes a dependency on "base", which the seccomp sandbox does not use. BUG=none TEST=none Review URL: http://codereview.chromium.org/1939002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47792 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for calling {rt_,}sigaction(), and for invoking signal handlersmarkus@chromium.org2010-05-1810-66/+625
| | | | | | | | | | | | | | from within the sandbox. Added tests for the new functionality and merged the tests for sigreturn() that had previously been committed to the standalone version of the sandbox (on Google Code) TEST=run "make test" BUG=37728 Review URL: http://codereview.chromium.org/2074003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47561 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp sandbox: Add tests for signal handlingmseaborn@chromium.org2010-05-181-3/+145
| | | | | | | | | | | | | | | | | | | Test that signal handlers can be run OK. This tests the support for sigreturn() (that involves patching the VDSO) that was added in r76 of the non-Chromium version of the sandbox. Test that signal masks can be set and read. This tests the sigprocmask() support that was added in r70. Add a mechanism for checking that a test exits with an expected non-zero exit status, such as SIGSEGV. BUG=none TEST=test_syscalls Review URL: http://codereview.chromium.org/2087013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47541 0039d316-1c4b-4281-b951-d872f2087c98
* GYP changes for FreeBSD and OpenBSDpvalchev@google.com2010-05-141-0/+9
| | | | | | Review URL: http://codereview.chromium.org/1480002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47327 0039d316-1c4b-4281-b951-d872f2087c98
* Prevent FPU state corruption by directly creating the signal frame on themarkus@chromium.org2010-05-114-69/+56
| | | | | | | | | | | | | | stack of the newly created thread, instead of creating it on the caller's stack and copying it over. This eliminates the need to do complicated touch-ups of the signal stack's data structure, which turned out to be incorrect for the FPU state. Thanks to Mark Seaborn for pointing out this simplification of the code. TEST=Chrome no longer crashes in tcmalloc BUG=none Review URL: http://codereview.chromium.org/2051005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@46928 0039d316-1c4b-4281-b951-d872f2087c98
* Add a couple more testsmarkus@chromium.org2010-04-281-7/+126
| | | | | | | | | | | | | | | | | | These tests were useful for debugging reference_trusted_thread.cc. Test an easily-forwarded system call, dup(). Also test clone() directly, in addition to testing it indirectly via pthread_create(). Check for leaked FDs. Change the test runner to run all tests, even if one fails, rather than stopping at the first failed test. Review URL: http://codereview.chromium.org/1750014 BUG=none TEST=none Review URL: http://codereview.chromium.org/1756015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45806 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2024-12-28 03:22:19 +0000