summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Add basic ARM support to the seccomp-bpf sandbox.jorgelo@chromium.org2012-08-104-31/+86
| | | | | | | | | | BUG=141157 TEST=unit tests on daisy. Review URL: https://chromiumcodereview.appspot.com/10827223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151007 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-102-45/+110
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10837151 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150957 0039d316-1c4b-4281-b951-d872f2087c98
* Setuid sandbox unittest: fix environment.jln@chromium.org2012-08-091-0/+12
| | | | | | | | | | | Don't pollute LD_PRELOAD in the environment after a test runs. BUG= Review URL: https://chromiumcodereview.appspot.com/10823251 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150739 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp: always call setSandboxPolicy in unittest.jln@chromium.org2012-08-091-1/+6
| | | | | | | | | | | | In seccomp-bpf unittest, we now call setSandboxPolicy even if we have no kernel support for seccomp-bpf. BUG=141545 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10837178 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150690 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 150423 - Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-072-111/+45
| | | | | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10831160 TBR=rvargas@google.com Review URL: https://chromiumcodereview.appspot.com/10831200 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150429 0039d316-1c4b-4281-b951-d872f2087c98
* Remove X32 syscalls numbers from x86_64_linux_syscalls.hjln@chromium.org2012-08-071-116/+0
| | | | | | | | | | | | | | | There was a bug where X32 syscalls were included in x86_64_linux_syscalls.h. Thankfully, the "#if defined" guard prevented those lines from actually doing anything. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826190 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150428 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-072-45/+111
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10831160 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150423 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: add our own headers for system call numbers.jln@chromium.org2012-08-073-0/+2801
| | | | | | | | | BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10825227 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150390 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 149782 - Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-032-105/+45
| | | | | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10823134 TBR=rvargas@google.com Review URL: https://chromiumcodereview.appspot.com/10828142 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149790 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Fix CreateProcess policy tests.rvargas@google.com2012-08-032-45/+105
| | | | | | | | BUG=6944 TEST=sbox_integration_tests Review URL: https://chromiumcodereview.appspot.com/10823134 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149782 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Verify that members of TargetProcess are valid before freeing them.rvargas@google.com2012-08-031-10/+13
| | | | | | | | | | SpawnCleanup may trigger the destruction of a partially created TargetProcess. BUG=139898 TEST=none Review URL: https://chromiumcodereview.appspot.com/10831133 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149763 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-3/+19
| | | | | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. (Note: this is a re-land of https://chromiumcodereview.appspot.com/10826093/ with a trivial fix for ARM architectures). BUG= TBR=piman@chromium.org NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10843059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149734 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 149692 - Create a LinuxSandbox class.mazda@chromium.org2012-08-023-19/+3
| | | | | | | | | | | | | | | | | | | | r149692 broke ChromiumOS (tegra2) build. The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10837081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149705 0039d316-1c4b-4281-b951-d872f2087c98
* Create a LinuxSandbox class.jln@chromium.org2012-08-023-3/+19
| | | | | | | | | | | | | | | The LinuxSandbox class aims to become the central place for Linux sandboxing inside content/. For now, this refactors mostly code from the Zygote. BUG= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10826093 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149692 0039d316-1c4b-4281-b951-d872f2087c98
* Fixing a couple of issues in sandbox::RestrictedToken:alexeypa@chromium.org2012-08-012-13/+82
| | | | | | | | | | | | - Specify access bits on the duplicated handle correctly. - Avoid touching an uninitialized buffer in case of an error. BUG=139841 TEST=RestrictedTokenTest.DenyOwnerSidCustom, RestrictedTokenTest.AddRestrictingSidCurrentUserCustom Review URL: https://chromiumcodereview.appspot.com/10844003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149475 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox unit test: log BPF supportjln@chromium.org2012-07-311-1/+11
| | | | | | | | | | Write whether or not the kernel supports seccomp BPF on stdout when running unit tests. Review URL: https://chromiumcodereview.appspot.com/10834075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149233 0039d316-1c4b-4281-b951-d872f2087c98
* Coverity: Fix several pass-by-values.jhawkins@chromium.org2012-07-271-1/+1
| | | | | | | | | | | | | CID_COUNT=8 CID=7757,8647,11476,16931,16932,100206,100577,102872 BUG=none TEST=none R=tbreisacher@chromium.org TBR=brettw@chromium.org,kalman@chromium.org Review URL: https://chromiumcodereview.appspot.com/10824033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148687 0039d316-1c4b-4281-b951-d872f2087c98
* Fix gcc 4.7 building problems - cont 2.shenhan@google.com2012-07-262-0/+2
| | | | | | | | | | | | | | | | | (The gcc 4.7 building problems keep popping up as I sync the repo, so there are several "fix gcc 4.7 .." cls.) Fixes include - - added static_cast for narrowing conversion in simple(short) initiliazation lists - added explicit <unistd.h> inclusion BUG=None TEST=Built successfully using GCC-4.7 under linux and under chromeos chroot. Review URL: https://chromiumcodereview.appspot.com/10833017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148519 0039d316-1c4b-4281-b951-d872f2087c98
* Fixed coverity defects pertaining to pass-by-value use where ↵orenb@chromium.org2012-07-252-2/+2
| | | | | | | | | | | | | | pass-by-reference is preferred CID_COUNT=3 CID=(104210, 104215),104237,104238 BUG= TEST= TBR=jln,bolms,brettw Review URL: https://chromiumcodereview.appspot.com/10825016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148437 0039d316-1c4b-4281-b951-d872f2087c98
* Coverity: Initialize member variables.jhawkins@chromium.org2012-07-251-1/+4
| | | | | | | | | | | | | CID_COUNT=6 CID=103934,104157,[104037,104088,104089,104091],104223,104241,104263 BUG=none TEST=none R=tbreisacher TBR=brettw Review URL: https://chromiumcodereview.appspot.com/10830013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148432 0039d316-1c4b-4281-b951-d872f2087c98
* Remove use-after-free bug.tbreisacher@chromium.org2012-07-251-3/+3
| | | | | | | | | | | CID=104376 BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10821018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148424 0039d316-1c4b-4281-b951-d872f2087c98
* Create a new SetuidSandboxClient class.jln@chromium.org2012-07-238-47/+389
| | | | | | | | | | | | We move the setuid sandbox "client" code to its own location in /sandbox/linux/suid/client and we create a SetuidSandboxClient class to use it. NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10807059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147993 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 147510 - Revert "Remove part of a sandbox test that fails on XP"vitalybuka@chromium.org2012-07-201-0/+3
| | | | | | | | | | | | | | | | | | | | It still brakes sbox_unittests. This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10810033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147613 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Remove part of a sandbox test that fails on XP"jln@chromium.org2012-07-191-3/+0
| | | | | | | | | | | | | | | This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147510 0039d316-1c4b-4281-b951-d872f2087c98
* Move sandbox/sandbox_linux.gypi to sandbox/linuxjln@chromium.org2012-07-182-18/+18
| | | | | | | | | | | | Make it symmetrical with the Windows version. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10808003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147291 0039d316-1c4b-4281-b951-d872f2087c98
* Move /seccompsandbox to /sandbox/linux/seccomp-legacyjln@chromium.org2012-07-181-1/+1
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10792027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147179 0039d316-1c4b-4281-b951-d872f2087c98
* Remove part of a sandbox test that fails on XPjln@chromium.org2012-07-181-0/+3
| | | | | | | | | | | | | | | | | IPCTest.ClientFastServer inexplicably fails on XP after we moved the Windows sandbox to sandbox/win. Disable the part that fails for now. BUG= TEST= NOTRY=true TBR=cpu@chromium.org Review URL: https://chromiumcodereview.appspot.com/10806003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147165 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Windows sandbox to sandbox/winjln@chromium.org2012-07-18215-628/+628
| | | | | | | | | | | | | This is a rather large refactor to move the Windows sandbox to the right place. BUG= TEST= NOTRY=true TBR=sky@chromium.org Review URL: https://chromiumcodereview.appspot.com/10689170 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147151 0039d316-1c4b-4281-b951-d872f2087c98
* Increase default delay for sandbox testsjschuh@chromium.org2012-07-171-1/+1
| | | | | | | | BUG=137652 Review URL: https://chromiumcodereview.appspot.com/10793027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147051 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp Sandbox: detect a bug with old glibcsjln@chromium.org2012-07-162-6/+46
| | | | | | | | | | | | | | With some version of the Seccomp BPF kernel patch, an old glibc and a kernel using vsyscall=emulate would cause a SIGKILL under a seccomp BPF policy. We now detect this condition in supportsSeccompSandbox(). BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10703183 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146902 0039d316-1c4b-4281-b951-d872f2087c98
* Emergency revert; rietveld broke; tree brokeerg@google.com2012-07-13215-628/+628
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146646 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_win.gypi: one less.. for other .gyp filesjln@chromium.org2012-07-131-10/+10
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146630 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/wow_helper -> sandbox/win/wow_helperjln@chromium.org2012-07-133-5/+5
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146629 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/tools -> sandbox/win/toolsjln@chromium.org2012-07-137-8/+8
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146628 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_poc + test to sandbox/winjln@chromium.org2012-07-1331-43/+43
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146627 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/src -> sandbox/win/srcjln@chromium.org2012-07-13162-566/+566
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146626 0039d316-1c4b-4281-b951-d872f2087c98
* Move Windows sandboxjln@chromium.org2012-07-13215-16/+16
| | | | | | | - Move Windows sandbox to sandbox/win - Update sandbox_win.gypi git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146625 0039d316-1c4b-4281-b951-d872f2087c98
* Share the zygote's fopen overrides with nacl_helper.ncbray@chromium.org2012-07-133-0/+198
| | | | | | | | | | | | | | This will allow ChromeOS's version of NSS to initialize inside of nacl_helper without killing the process, which in turn allows validation caching to be enabled on ChromeOS. BUG= https://code.google.com/p/chromium/issues/detail?id=134538 TEST= none Review URL: https://chromiumcodereview.appspot.com/10736017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146498 0039d316-1c4b-4281-b951-d872f2087c98
* Suppress STATUS_INVALID_HANDLE (0xc0000008) exceptions triggered by ↵alexeypa@chromium.org2012-07-121-7/+27
| | | | | | | | | | | | | HandleCloserAgent. Dereferncing an invalid handle generates the STATUS_INVALID_HANDLE exception when handle tracing is enabled (by AppVerifier for example). HandleCloserAgent is expected to probe invalid handles, so this CL suppresses STATUS_INVALID_HANDLE exceptions triggered by HandleCloserAgent to make debugging easier. BUG=131699 Review URL: https://chromiumcodereview.appspot.com/10689081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146470 0039d316-1c4b-4281-b951-d872f2087c98
* Make wow_helper.sln pure ASCIIjln@chromium.org2012-07-121-1/+1
| | | | | | | | | | | | | Non 7-bit ASCII characters confused the hell out of try bots and scripts and led to hard to track bugs. BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10696187 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146270 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the rest of #pragma once in one big CL.ajwong@chromium.org2012-07-114-4/+0
| | | | | | | | | For context see this thread: https://groups.google.com/a/chromium.org/forum/?fromgroups#!topic/chromium-dev/RMcVNGjB4II TBR=thakis,pkasting,jam git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146163 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp-BPF: add a new synthetic unittestjln@chromium.org2012-07-091-0/+59
| | | | | | | | | | | | This adds a synthetic but slightly more complex unittest for the BPF compiler. BUG=130662 TEST= Review URL: https://chromiumcodereview.appspot.com/10693019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145800 0039d316-1c4b-4281-b951-d872f2087c98
* Add Julien Tinnes as OWNER of Linux sandboxing and Zygotejln@chromium.org2012-07-091-0/+5
| | | | | | | | | | | | | | Add Chris Evans as OWNER of sandbox/ Set noparent in sandbox/ BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10753003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145756 0039d316-1c4b-4281-b951-d872f2087c98
* Force the interception agent trampoline into the random rangejschuh@chromium.org2012-06-291-6/+19
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10686007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144861 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Move code around.rvargas@google.com2012-06-283-218/+236
| | | | | | | | | | | This is mostly a NOP, except for the initialization of ui_exceptions_. BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10697013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144804 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Two files were left behind when changing the uservargas@google.com2012-06-282-3/+4
| | | | | | | | | | | of scoped handles (r144571), because they were not part of the original (backed out) CL. BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10703012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144803 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Use ScopedProcessInformation.rvargas@google.com2012-06-278-186/+176
| | | | | | | | | | | | This is a partial reland of 130716 - Use ScopedProcessInformation and other RAII types in sandbox - minus the bugs introduced by that cl. BUG=127931 TEST=none Review URL: https://chromiumcodereview.appspot.com/10605002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144571 0039d316-1c4b-4281-b951-d872f2087c98
* Make chrome compile with the win8 sdk cpu@chromium.org2012-06-265-7/+7
| | | | | | | | | | | | | | | | | | | | | So we can move the metro bits to \src THREAD_INFORMATION_CLASS is now defined with unrelated values as follows: typedef enum _THREAD_INFORMATION_CLASS { ThreadMemoryPriority, ThreadAbsoluteCpuPriority, ThreadInformationClassMax } THREAD_INFORMATION_CLASS; BUG=127799 TEST= it builds, current test suffice Review URL: https://chromiumcodereview.appspot.com/10669027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144217 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: add a unittest for a SIGSYS handlerjln@chromium.org2012-06-261-0/+52
| | | | | | | | | | BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10666032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144210 0039d316-1c4b-4281-b951-d872f2087c98
* Add eight more bits of entropy to the sandbox intercept trampolinejschuh@chromium.org2012-06-252-8/+44
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10666018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144031 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-15 05:52:39 +0000