summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Removed a single legacy windows function from the sandbox code.Blurrech@gmail.com2014-04-079-76/+2
| | | | | | | | | | Specifically, Win2k code and mainly the function: IsXPSP2OrLater() BUG=151624 Review URL: https://codereview.chromium.org/227163009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@262197 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox: Add support for starting seccomp-bpf with threads.rsesek@chromium.org2014-04-055-13/+58
| | | | | | | | | | | | | | | This requires an experimental kernel patch that has not yet been accepted upstream. However this is a prerequisite for getting running seccomp-bpf under Android. BUG=308763, 308775 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=261951 Reverted: https://src.chromium.org/viewvc/chrome?view=rev&revision=261959 Review URL: https://codereview.chromium.org/224403002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@262035 0039d316-1c4b-4281-b951-d872f2087c98
* Revert of sandbox: Add support for starting seccomp-bpf with threads. ↵scottmg@chromium.org2014-04-055-56/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/224403002/) Reason for revert: Failed compile on http://build.chromium.org/p/chromium.linux/builders/Linux%20Clang%20%28dbg%29/builds/57969/steps/compile/logs/stdio Original issue's description: > sandbox: Add support for starting seccomp-bpf with threads. > > This requires an experimental kernel patch that has not yet been accepted > upstream. However this is a prerequisite for getting running seccomp-bpf under > Android. > > BUG=308763, 308775 > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=261951 TBR=jln@chromium.org,rsesek@chromium.org NOTREECHECKS=true NOTRY=true BUG=308763, 308775 Review URL: https://codereview.chromium.org/226693004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261959 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox: Add support for starting seccomp-bpf with threads.rsesek@chromium.org2014-04-055-13/+56
| | | | | | | | | | | | This requires an experimental kernel patch that has not yet been accepted upstream. However this is a prerequisite for getting running seccomp-bpf under Android. BUG=308763, 308775 Review URL: https://codereview.chromium.org/224403002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261951 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: componentize almost everything.jln@chromium.org2014-04-0512-24/+52
| | | | | | | | | | | | | | Componentize seccomp_bpf_helpers, sandbox_services and suid_sandbox_client. libc_urandom_override is special since it uses weak symbols hackery. BUG=360124 R=mdempsky@chromium.org TBR=jln Review URL: https://codereview.chromium.org/226083005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261945 0039d316-1c4b-4281-b951-d872f2087c98
* Fix clang warnings and errors in sandbox/winrnk@chromium.org2014-04-044-10/+9
| | | | | | | | | | | | | | | | | | | | | | | - Add final to BrokerServicesBase. This silences an instance of -Wdelete-non-virtual-dtor. BrokerServicesBase has virtual methods, but no virtual dtor, so Clang thinks it might call the wrong dtor. - Change local wchar_t arrays to pointers before passing them to CrossCall. Clang does template deduction before array to pointer decay occurs, so we end up with ~14 element wchar_t array instead of a pointer. The cross call machinery wants the IPC parameters to be 4 bytes only, so this fails a static_assert in the template. - Return NULL from a function returning a pointer instead of false, which was being implicitly converted to a null pointer. - Remove some unnecessary token pasting from policy_opcodes_unittests.cc. There's no need to paste '.' or '<' with member to form a single token. - Use "42UL" instead of "unsigned long(42)", which I don't think is valid C++. R=cpu@chromium.org,thakis@chromium.org BUG=82385 Review URL: https://codereview.chromium.org/224793003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261907 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: make seccomp_bpf a component target.jln@chromium.org2014-04-049-36/+78
| | | | | | | | | | | | | | | Make sure that for component builds, seccomp_bpf gets built as a .so library. This should prevent duplicated implementations from living in a given process, which breaks singletons. BUG=360124 R=rsesek@chromium.org Review URL: https://codereview.chromium.org/226253004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261892 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: add unit test sanity check.jln@chromium.org2014-04-041-0/+21
| | | | | | | | | | | Explicitly check that it's ok for a subprocess to use exit(3) instead of exit(2) without breaking the test suite. TBR=jln Review URL: https://codereview.chromium.org/224953002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261651 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox tests: change a magic exit code value.jln@chromium.org2014-04-031-1/+3
| | | | | | | | | | | Change kExpectedExitCode to avoid a collision with kExpectedValue. R=mdempsky@chromium.org TBR=jln Review URL: https://codereview.chromium.org/224843002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261577 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: reformat codegen_unittest.ccjln@chromium.org2014-03-311-81/+76
| | | | | | | | | | Reformat codegen_unittest.cc according to the Chromium style guide. R=rsesek@chromium.org Review URL: https://codereview.chromium.org/218623012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260659 0039d316-1c4b-4281-b951-d872f2087c98
* Linux Sandbox: fix BPF compiler bugjln@chromium.org2014-03-282-1/+121
| | | | | | | | | | | | | | | | | The code responsible for detecting similar blocks and merging them didn't check for the next blocks if the last instruction was not a JMP or a RET. The patch to fix this bug (in codegen.cc) is based on a patch by jld@panix.com, attached to the bug report. Additional unittests are from jln@chromium.org BUG=351103 Review URL: https://codereview.chromium.org/215173002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260157 0039d316-1c4b-4281-b951-d872f2087c98
* Fix masking error in InterceptionManager::PatchNtdlljschuh@chromium.org2014-03-281-1/+1
| | | | | | | | | | | BUG=344415 R=rvargas TBR=rvargas NOTRY=true Review URL: https://codereview.chromium.org/215363005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260135 0039d316-1c4b-4281-b951-d872f2087c98
* Add HANDLE_EINTR in some places missing it.brettw@chromium.org2014-03-271-1/+1
| | | | | | | | | | | This implements agl's comments on https://codereview.chromium.org/191673003/ R=agl@chromium.org TBR=agl Review URL: https://codereview.chromium.org/203213005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259986 0039d316-1c4b-4281-b951-d872f2087c98
* Add x86_64 ucontext structure for Android x64zhenyu.liang@intel.com2014-03-272-0/+90
| | | | | | | | BUG=346626 Review URL: https://codereview.chromium.org/204983015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259817 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: disable bare BPF tests on TSANv2thakis@chromium.org2014-03-261-2/+2
| | | | | | | | | | | | BUG=356588 NOTRY=true R=thakis@chromium.org Review URL: https://codereview.chromium.org/213103006 Patch from Julien Tinnes <jln@chromium.org>. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259724 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: do not associate SIGSYS with the StackDumpSignalHandlerjln@chromium.org2014-03-261-2/+5
| | | | | | | | | | | | | | | On Linux, SIGSYS is reserved for the kernel's seccomp-bpf feature, so don't set a handler for it before engaging the sandbox. When we engage the sandbow we DLOG(FATAL) if there is an existing signal handler for SIGSYS. BUG=355453 NOTRY=true Review URL: https://codereview.chromium.org/209323012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259471 0039d316-1c4b-4281-b951-d872f2087c98
* Make seccomp-bpf mandatory on ARM.jln@chromium.org2014-03-251-4/+3
| | | | | | | | | | | | | | Seccomp-bpf used to be optional on non Chrome OS ARM bots, since Ubuntu lacked kernel support. Now that Ubuntu has kernel support, make seccomp-bpf mandatory on ARM. BUG=243478 NOTRY=true Review URL: https://codereview.chromium.org/203493007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259094 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: use openat() instead of open() in broker process.jln@chromium.org2014-03-221-3/+18
| | | | | | | | | | | | | | | The broker process needs to perform system calls directly. syscall(__NR_open, ...) was used, however __NR_open doesn't exist on the modern ARM64 architecture. We replace this call with openat(AT_FDCWD, ...). This is a re-land of https://codereview.chromium.org/208823003/ BUG=354852 TBR=jorgelo Review URL: https://codereview.chromium.org/208813006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258793 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 258683 "Linux sandbox: use openat() instead of open() in ..."jln@chromium.org2014-03-211-1/+1
| | | | | | | | | | | | | | | | | | | > Linux sandbox: use openat() instead of open() in broker process. > > The broker process needs to perform system calls directly. > syscall(__NR_open, ...) was used, however __NR_open doesn't exist on > the modern ARM64 architecture. We replace this call with openat(AT_FDCWD, ...). > > BUG=354852 > R=jorgelo@chromium.org > > Review URL: https://codereview.chromium.org/208823003 TBR=jln@chromium.org Review URL: https://codereview.chromium.org/199793009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258710 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: use openat() instead of open() in broker process.jln@chromium.org2014-03-211-1/+1
| | | | | | | | | | | | | The broker process needs to perform system calls directly. syscall(__NR_open, ...) was used, however __NR_open doesn't exist on the modern ARM64 architecture. We replace this call with openat(AT_FDCWD, ...). BUG=354852 R=jorgelo@chromium.org Review URL: https://codereview.chromium.org/208823003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258683 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: add a few missing HANDLE_EINTR()jln@chromium.org2014-03-212-3/+3
| | | | | | | | R=mdempsky@chromium.org Review URL: https://codereview.chromium.org/207353002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258470 0039d316-1c4b-4281-b951-d872f2087c98
* Fix DEATH_BY_SIGNAL helpermdempsky@chromium.org2014-03-193-1/+34
| | | | | | | | | | | | For compatibility with old Android versions, we can't rely on abort() raising SIGABRT. Instead, we expect that raise(SIGKILL) will raise SIGKILL. BUG=352226 Review URL: https://codereview.chromium.org/201773003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257889 0039d316-1c4b-4281-b951-d872f2087c98
* Make chrome_elf use thunks instead of function pointers.caitkp@chromium.org2014-03-183-0/+59
| | | | | | | | | | | | | | 1. Add functionality to ServiceResolverThunk to copy a thunk without patching. 2. Move chrome_elf thunk-handling code to a common location. 3. Use a thunk instead of a f'n ptr for redirects. BUG=334379 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=255151 Review URL: https://codereview.chromium.org/183833004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257749 0039d316-1c4b-4281-b951-d872f2087c98
* Move ScopedFILE to base namespace and scoped_file.hbrettw@chromium.org2014-03-171-1/+1
| | | | | | | | R=viettrungluu@chromium.org Review URL: https://codereview.chromium.org/196073002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257518 0039d316-1c4b-4281-b951-d872f2087c98
* Implement ScopedFD in terms of ScopedGeneric.brettw@chromium.org2014-03-174-19/+18
| | | | | | | | | | | | | | | Move to a new file base/files/scoped_file.h. I will also add ScopedFILE to here (currently in file_util.h) later. I think there is a crash in the old code in content/browser/zygote_host/zygote_host_impl_linux.cc that this patch should fix. The old ScopedFD took the address of something in a vector that is being modified. I removed SafeScopedFD from content/common/sandbox_linux/sandbox_linux.cc since base's ScopedFD not CHECKs on close failure (this is a more recent addition). Reland of https://codereview.chromium.org/191673003/ R=agl, viettrungluu Review URL: https://codereview.chromium.org/202113004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257473 0039d316-1c4b-4281-b951-d872f2087c98
* Don't explicitly set DEP flags on Vistajschuh@chromium.org2014-03-151-3/+1
| | | | | | | | | | | | | | | Mandatory DEP is set in the PE headers so trying to force enable it manually fails without an error code that's not discernable from the no DEP case (so we get a startup crash on Vista). NOTRY=true R=CPU TBR=cpu BUG=352932 Review URL: https://codereview.chromium.org/199523003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257345 0039d316-1c4b-4281-b951-d872f2087c98
* Revert of Implement ScopedFD in terms of ScopedGeneric. ↵jochen@chromium.org2014-03-154-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/191673003/) Reason for revert: Doesn't correctly link /mnt/data/b/build/slave/Chromium_Linux_Codesearch/build/src/third_party/gold/gold64: warning: hidden symbol 'base::internal::ScopedFDCloseTraits::Free(int)' in obj/base/files/nacl_helper.scoped_file.o is referenced by DSO lib/libipc.so Original issue's description: > Implement ScopedFD in terms of ScopedGeneric. > > Move to a new file base/files/scoped_file.h. I will also add ScopedFILE to here (currently in file_util.h) later. > > I think there is a crash in the old code in content/browser/zygote_host/zygote_host_impl_linux.cc that this patch should fix. The old ScopedFD took the address of something in a vector that is being modified. > > I removed SafeScopedFD from content/common/sandbox_linux/sandbox_linux.cc since base's ScopedFD not CHECKs on close failure (this is a more recent addition). > > BUG= > R=agl@chromium.org, viettrungluu@chromium.org > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=257001 > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=257179 TBR=viettrungluu@chromium.org,agl@chromium.org,brettw@chromium.org NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/201203002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257323 0039d316-1c4b-4281-b951-d872f2087c98
* Implement ScopedFD in terms of ScopedGeneric.brettw@chromium.org2014-03-144-19/+18
| | | | | | | | | | | | | | | | | Move to a new file base/files/scoped_file.h. I will also add ScopedFILE to here (currently in file_util.h) later. I think there is a crash in the old code in content/browser/zygote_host/zygote_host_impl_linux.cc that this patch should fix. The old ScopedFD took the address of something in a vector that is being modified. I removed SafeScopedFD from content/common/sandbox_linux/sandbox_linux.cc since base's ScopedFD not CHECKs on close failure (this is a more recent addition). BUG= R=agl@chromium.org, viettrungluu@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=257001 Review URL: https://codereview.chromium.org/191673003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257179 0039d316-1c4b-4281-b951-d872f2087c98
* Fix unreachable code in sandbox/. Found with MSVC warning 4702.pkasting@chromium.org2014-03-141-2/+3
| | | | | | | | | | | | It looks like this would have made Chrome not use DEP on Vista or something? BUG=346382 TEST=none R=jschuh@chromium.org Review URL: https://codereview.chromium.org/199593003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257155 0039d316-1c4b-4281-b951-d872f2087c98
* Pass expected value as first argument to ASSERT_EQmdempsky@chromium.org2014-03-141-3/+3
| | | | | | | | BUG=352226 Review URL: https://codereview.chromium.org/199603002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257075 0039d316-1c4b-4281-b951-d872f2087c98
* Revert of Implement ScopedFD in terms of ScopedGeneric. ↵thakis@chromium.org2014-03-144-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/191673003/) Reason for revert: Doesn't build on android: FAILED: /mnt/data/b/build/goma/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/base/memory/base.discardable_memory_allocator_android.o.d -DV8_DEPRECATION_WARNINGS -DBLINK_SCALE_FILTERS_AT_RECORD_TIME -D_FILE_OFFSET_BITS=64 -DNO_TCMALLOC -DDISABLE_NACL -DCHROMIUM_BUILD -DCOMPONENT_BUILD -DUSE_LIBJPEG_TURBO=1 -DENABLE_WEBRTC=1 -DUSE_PROPRIETARY_CODECS -DENABLE_CONFIGURATION_POLICY -DENABLE_NEW_GAMEPAD_API=1 -DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY -DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE -DENABLE_EGLIMAGE=1 -DENABLE_AUTOFILL_DIALOG=1 -DCLD_VERSION=1 -DENABLE_PRINTING=1 -DENABLE_MANAGED_USERS=1 -DUSE_OPENSSL=1 -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DBASE_IMPLEMENTATION -DANDROID -D__GNU_SOURCE=1 -DUSE_STLPORT=1 -D_STLP_USE_PTR_SPECIALIZATIONS=1 '-DCHROME_BUILD_ID=""' -DHAVE_SYS_UIO_H -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DWTF_USE_DYNAMIC_ANNOTATIONS=1 -D_DEBUG -Igen/base -I../../third_party/android_tools/ndk/sources/android/cpufeatures -I../.. -fstack-protector --param=ssp-buffer-size=4 -Werror -fno-exceptions -fno-strict-aliasing -Wall -Wno-unused-parameter -Wno-missing-field-initializers -fvisibility=hidden -pipe -fPIC -Wheader-hygiene -Wno-char-subscripts -Wno-unneeded-internal-declaration -Wno-covered-switch-default -Wstring-conversion -Wno-c++11-narrowing -Wno-reserved-user-defined-literal -Wno-deprecated-register -Xclang -load -Xclang /mnt/data/b/build/slave/Android_Clang_Builder__dbg_/build/src/tools/clang/scripts/../../../third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-url-directory -fcolor-diagnostics -Wexit-time-destructors -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=softfp -mthumb -no-integrated-as -B/mnt/data/b/build/slave/Android_Clang_Builder__dbg_/build/src/third_party/android_tools/ndk//toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86_64/bin -ffunction-sections -funwind-tables -g -fstack-protector -fno-short-enums -Wa,--noexecstack -D__compiler_offsetof=__builtin_offsetof -Dnan=__builtin_nan -target arm-linux-androideabi -mllvm -arm-enable-ehabi --sysroot=/mnt/data/b/build/slave/Android_Clang_Builder__dbg_/build/src/third_party/android_tools/ndk//platforms/android-14/arch-arm -I/mnt/data/b/build/slave/Android_Clang_Builder__dbg_/build/src/third_party/android_tools/ndk//sources/cxx-stl/stlport/stlport -Os -g -fomit-frame-pointer -fdata-sections -ffunction-sections -funwind-tables -g0 -fno-rtti -fno-threadsafe-statics -fvisibility-inlines-hidden -Wsign-compare -std=gnu++11 -Wno-implicit-exception-spec-mismatch -Wno-abi -c ../../base/memory/discardable_memory_allocator_android.cc -o obj/base/memory/base.discardable_memory_allocator_android.o ../../base/memory/discardable_memory_allocator_android.cc:84:25:error: no matching function for call to 'mmap' void* const address = mmap( ^~~~ /mnt/data/b/build/slave/Android_Clang_Builder__dbg_/build/src/third_party/android_tools/ndk//platforms/android-14/arch-arm/usr/include/sys/mman.h:47:15: note: candidate function not viable: no known conversion from 'base::ScopedFD' (aka 'ScopedGeneric<int, internal::ScopedFDCloseTraits>') to 'int' for 5th argument extern void* mmap(void *, size_t, int, int, int, off_t); ^ 1 error generated. Original issue's description: > Implement ScopedFD in terms of ScopedGeneric. > > Move to a new file base/files/scoped_file.h. I will also add ScopedFILE to here (currently in file_util.h) later. > > I think there is a crash in the old code in content/browser/zygote_host/zygote_host_impl_linux.cc that this patch should fix. The old ScopedFD took the address of something in a vector that is being modified. > > I removed SafeScopedFD from content/common/sandbox_linux/sandbox_linux.cc since base's ScopedFD not CHECKs on close failure (this is a more recent addition). > > BUG= > R=agl@chromium.org, viettrungluu@chromium.org > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=257001 TBR=viettrungluu@chromium.org,agl@chromium.org,brettw@chromium.org NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/197873014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257005 0039d316-1c4b-4281-b951-d872f2087c98
* Implement ScopedFD in terms of ScopedGeneric.brettw@chromium.org2014-03-144-19/+18
| | | | | | | | | | | | | | | Move to a new file base/files/scoped_file.h. I will also add ScopedFILE to here (currently in file_util.h) later. I think there is a crash in the old code in content/browser/zygote_host/zygote_host_impl_linux.cc that this patch should fix. The old ScopedFD took the address of something in a vector that is being modified. I removed SafeScopedFD from content/common/sandbox_linux/sandbox_linux.cc since base's ScopedFD not CHECKs on close failure (this is a more recent addition). BUG= R=agl@chromium.org, viettrungluu@chromium.org Review URL: https://codereview.chromium.org/191673003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@257001 0039d316-1c4b-4281-b951-d872f2087c98
* Revert of Fix DEATH_BY_SIGNAL test helper ↵mdempsky@chromium.org2014-03-133-26/+1
| | | | | | | | | | | | | | | | | | | | (https://codereview.chromium.org/193453002/) Reason for revert: UnitTests.DeathBySignal is failing on Android: http://crbug.com/352226 Original issue's description: > Fix DEATH_BY_SIGNAL test helper > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=256653 TBR=jln@chromium.org,mdempsky@google.com NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/198923004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256872 0039d316-1c4b-4281-b951-d872f2087c98
* Fix DEATH_BY_SIGNAL test helpermdempsky@chromium.org2014-03-123-1/+26
| | | | | | Review URL: https://codereview.chromium.org/193453002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256653 0039d316-1c4b-4281-b951-d872f2087c98
* Remove DELETE permission on the sandboxed desktopjschuh@chromium.org2014-03-111-0/+1
| | | | | | | | | | | | It's not needed, and it may allow a narrow window where the desktop can be deleted and replaced by one with looser permissions. BUG=346586 R=cpu Review URL: https://codereview.chromium.org/189993005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256261 0039d316-1c4b-4281-b951-d872f2087c98
* Linux Sandbox: scope child process with BrokerProcess class.jln@chromium.org2014-03-106-20/+102
| | | | | | | | | | | | | | Make sure that the broker process (the child) dies when a BrokerProcess object is destroyed. This also adds automatic detection of leaking processes in sandbox_linux_unittests. R=jorgelo@chromium.org, mdempsky@chromium.org Review URL: https://codereview.chromium.org/191723002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256027 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 255151 "Make chrome_elf use thunks instead of function po..."caitkp@chromium.org2014-03-073-59/+0
| | | | | | | | | | | | | | | | | | | (Crashy on today's canary) > Make chrome_elf use thunks instead of function pointers. > > 1. Add functionality to ServiceResolverThunk to copy a thunk without patching. > 2. Move chrome_elf thunk-handling code to a common location. > 3. Use a thunk instead of a f'n ptr for redirects. > > BUG=334379 > > Review URL: https://codereview.chromium.org/183833004 TBR=caitkp@chromium.org Review URL: https://codereview.chromium.org/189803007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255703 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 255478 "Style nits"jln@chromium.org2014-03-071-2/+0
| | | | | | | | | | | | | | > Style nits > > NOTRY=true > > Review URL: https://codereview.chromium.org/189293003 TBR=matthew@dempsky.org Review URL: https://codereview.chromium.org/190543004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255665 0039d316-1c4b-4281-b951-d872f2087c98
* Style nitsmatthew@dempsky.org2014-03-071-0/+2
| | | | | | | | NOTRY=true Review URL: https://codereview.chromium.org/189293003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255478 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: add basic Yama supportjln@chromium.org2014-03-0714-10/+667
| | | | | | | | | | | | This CL adds basic detection of whether or not the Yama LSM module is available, and allow to opt-in and opt-out of its protections. BUG=349673 R=jorgelo@chromium.org, keescook@chromium.org Review URL: https://codereview.chromium.org/188193002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255475 0039d316-1c4b-4281-b951-d872f2087c98
* Don't modify the alternate winstation DACLjschuh@chromium.org2014-03-061-13/+1
| | | | | | | | | | | | | | Turns out the DACL won't apply in most cases, and may run some risk of bad interactions with third-party software. It's also mostly redundant given the existing job and desktop restrictions. BUG=346586 R=cpu TBR=cpu Review URL: https://codereview.chromium.org/186483005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255338 0039d316-1c4b-4281-b951-d872f2087c98
* Make chrome_elf use thunks instead of function pointers.caitkp@chromium.org2014-03-053-0/+59
| | | | | | | | | | | | 1. Add functionality to ServiceResolverThunk to copy a thunk without patching. 2. Move chrome_elf thunk-handling code to a common location. 3. Use a thunk instead of a f'n ptr for redirects. BUG=334379 Review URL: https://codereview.chromium.org/183833004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255151 0039d316-1c4b-4281-b951-d872f2087c98
* Pass correct object_type in AddKnownSidToObjectjschuh@chromium.org2014-03-051-1/+1
| | | | | | | | | | | | The correct DACL wasn't being set on the winstation. BUG=347849 R=cpu TBR=cpu Review URL: https://codereview.chromium.org/180513006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255065 0039d316-1c4b-4281-b951-d872f2087c98
* Correctly bounds check FileNameLength in IsSupportedRenameCalljschuh@chromium.org2014-03-051-5/+8
| | | | | | | | | BUG=348910 R=rvargas@chromium.org Review URL: https://codereview.chromium.org/183893024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255026 0039d316-1c4b-4281-b951-d872f2087c98
* Further tighten desktop permissions and cleanup style nitsjschuh@chromium.org2014-03-051-12/+14
| | | | | | | | | | | Also removed a debug hook that's obseleted by new permissions. BUG=346586 R=cpu@chromium.org,jamesr@chromium.org Review URL: https://codereview.chromium.org/185533017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254993 0039d316-1c4b-4281-b951-d872f2087c98
* refactor ResolveNTFunctionPtrluken@chromium.org2014-03-051-16/+13
| | | | | | | | | | | | makes access to ntdll thread-safe removes retry/sleep loop BUG=11789 Test=Chrome loads on Windows without crashing Review URL: https://codereview.chromium.org/185063003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254921 0039d316-1c4b-4281-b951-d872f2087c98
* Handle waitpid returning EINTR.mdempsky@chromium.org2014-03-031-2/+1
| | | | | | Review URL: https://codereview.chromium.org/184963002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254434 0039d316-1c4b-4281-b951-d872f2087c98
* Linux Sandbox: add Credentials::SupportsNewUserNS()jln@chromium.org2014-03-033-9/+72
| | | | | | | | | | | | | | | We need to be able to check for unprivileged namespace support without actually unsharing the current namespace. We add a method that creates a new process with a new user namespace and see if this succeeds. BUG=312380 NOTRY=true Review URL: https://codereview.chromium.org/182453004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254433 0039d316-1c4b-4281-b951-d872f2087c98
* Check destination in sandbox CopyParamInjschuh@chromium.org2014-03-011-1/+2
| | | | | | | | | | | | This doesn't appear accessible in our code, but it's an easy check. BUG=82817 R=cpu NOTRY=true Review URL: https://codereview.chromium.org/180703005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254334 0039d316-1c4b-4281-b951-d872f2087c98
* Convert scoped_ptr_malloc -> scoped_ptr, part 2.viettrungluu@chromium.org2014-02-266-10/+14
| | | | | | | | | | | | scoped_ptr_malloc is deprecated; let's get rid of it. BUG=344245 R=brettw@chromium.org TBR=rsleevi@chromium.org,miket@chromium.org,ryanmyers@chromium.org,dalecurtis@chromium.org, cpu@chromium.org Review URL: https://codereview.chromium.org/169193002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@253582 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-02 08:52:54 +0000