| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Linux: add a Credentials class to handle Linux capabilities.
>
> (This is a re-land of https://chromiumcodereview.appspot.com/51113009/)
>
> BUG=312380
> TBR=jorgelo@chromium.org
>
> Review URL: https://codereview.chromium.org/55603003
TBR=jln@chromium.org
Review URL: https://codereview.chromium.org/45923006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232842 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
(This is a re-land of https://chromiumcodereview.appspot.com/51113009/)
BUG=312380
TBR=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/55603003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232837 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Linux: add a Credentials class to handle Linux capabilities.
>
> BUG=312380
> R=jorgelo@chromium.org
>
> Review URL: https://codereview.chromium.org/51113009
TBR=jln@chromium.org
Review URL: https://codereview.chromium.org/54463008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232281 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
| |
BUG=312380
R=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/51113009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232280 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code is unused - it was probably added long ago when we were trying to
figure out the correct value for the memory margin. Removing it will make
it easier to remove the setuid sandbox.
BUG=312388
TEST=compiles, usual browser_tests
R=jln@chromium.org
TBR=joi@chromium.org for removing an unused method from content/public/browser/zygote_host_linux.h
Review URL: https://codereview.chromium.org/49843002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231611 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
they are failing with the Nt event patches.
BUG=305815
TBR=rvargas
Review URL: https://codereview.chromium.org/45623003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231121 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the \Sessions\Session id\BaseNamedObjects path
does not always exist on Windows XP. It only exists for terminal server sessions.
Relanding this with fixes for the SyncPolicyTest.TestEvent and SyncPolicyTest.TestEventReadOnly tests.
Replace the CreateEvent/OpenEvent patches with their Nt counterparts like
NtOpenEvent and NtCreateEvent.
Reason being :- We patch these APIS via the Export table patch which does not
work with bound imports. This results in our
patched functions never getting called.
This should fix the GPU process hang with the XP presentation path.
The change from the previous patch is to resolve the BaseNamedObjects path via the \Sessions\BNOLinks directory which
contains the BaseNamedObjects symbolic links for the running sessions
BUG=305815
R=cpu@chromium.org, rvargas@chromium.org, cpu, rvargas
Review URL: https://codereview.chromium.org/41193002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@231063 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the reland XP dbg failed again:
http://build.chromium.org/p/chromium.win/builders/XP%20Tests%20%28dbg%29%283%29/builds/40676
> Relanding this with fixes for the SyncPolicyTest.TestEvent and SyncPolicyTest.TestEventReadOnly tests.
>
> Replace the CreateEvent/OpenEvent patches with their Nt counterparts like
> NtOpenEvent and NtCreateEvent.
>
> Reason being :- We patch these APIS via the Export table patch which does not
> work with bound imports. This results in our
> patched functions never getting called.
>
> This should fix the GPU process hang with the XP presentation path.
>
> BUG=305815
> TBR=cpu,rvargas,thakis
>
> Review URL: https://codereview.chromium.org/39473002
TBR=ananta@chromium.org
Review URL: https://codereview.chromium.org/39583002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@230670 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SyncPolicyTest.TestEventReadOnly tests.
Replace the CreateEvent/OpenEvent patches with their Nt counterparts like
NtOpenEvent and NtCreateEvent.
Reason being :- We patch these APIS via the Export table patch which does not
work with bound imports. This results in our
patched functions never getting called.
This should fix the GPU process hang with the XP presentation path.
BUG=305815
TBR=cpu,rvargas,thakis
Review URL: https://codereview.chromium.org/39473002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@230660 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Broke sbox_integration_tests on xp, vista, win7
http://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20%28dbg%29%283%29/builds/22841
http://build.chromium.org/p/chromium.win/builders/Vista%20Tests%20%281%29/builds/41417
http://build.chromium.org/p/chromium.win/builders/XP%20Tests%20%281%29/builds/28655
Failing tests:
SyncPolicyTest.TestEvent
SyncPolicyTest.TestEventReadOnly
> Replace the CreateEvent/OpenEvent patches with their Nt counterparts like NtOpenEvent and NtCreateEvent.
>
> Reason being :- We patch these APIS via the Export table patch which does not work with bound imports. This results in our
> patched functions never getting called.
>
> This should fix the GPU process hang with the XP presentation path.
>
> BUG=305815
> R=cpu@chromium.org, rvargas@chromium.org, cpu
>
> Review URL: https://codereview.chromium.org/31933005
TBR=ananta@chromium.org
Review URL: https://codereview.chromium.org/39303002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@230629 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NtOpenEvent and NtCreateEvent.
Reason being :- We patch these APIS via the Export table patch which does not work with bound imports. This results in our
patched functions never getting called.
This should fix the GPU process hang with the XP presentation path.
BUG=305815
R=cpu@chromium.org, rvargas@chromium.org, cpu
Review URL: https://codereview.chromium.org/31933005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@230512 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Some functions were using the wrong signatures, which
only happened to work by coincidence since the wrong
signatures had the same number of arguments as the right
signatures.
2) Don't use imported functions from system libraries in
patched functions until after TargetServices::InitCalled()
has been called, which guarantees that our IAT has been
initialized.
BUG=305815
Review URL: https://codereview.chromium.org/29573002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229943 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not sure why this works on previous compilers, because it's linking the
x86 gtest.lib into the nacl64.exe binary. On VS2013 it errors out with
a message to that effect.
(jschuh, bradnelson: any reason this is necessary?)
TBR=cpu@chromium.org
BUG=288948
Review URL: https://codereview.chromium.org/27651002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229362 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
patched. We were patching OpenEventW twice.
BUG=305815
R=rvargas@chromium.org, rvargas
Review URL: https://codereview.chromium.org/27256007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229192 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The broker process that can be used to perform Open() calls on
behalf of a less privileged process now will return an errno
specified at contruction time instead of EPERM.
BUG=270326, 304820
R=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/27234002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@228507 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to intercept kernelbase.dll for the CreateEvent/OpenEvent API's from Windows 7 onwards.
BUG=305815
R=cpu@chromium.org, cpu
Review URL: https://codereview.chromium.org/26563006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@227966 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
Found by clang's new -Wunused-const-variable.
BUG=290204
TBR=mark, acolwell, agl, alexeypa, markus, brettw
Review URL: https://codereview.chromium.org/25849004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@226888 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sandbox_linux_unittests has a test that keeps track on the clone() flags
that can be used by the C library. Recent Android versions don't use the
deprecated CLONE_DETACHED anymore.
BUG=302042
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/25364003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@226101 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
presentation path.
To achieve this we have to allow access to named events created by the dwmapi.dll. This is achieved by
intercepting the CreateEventW/A/OpenEventW/A APIs and proxying them to the broker.
On Windows 8 we need to intercept the kernelbase.dll and kernel32 on previous operating system versions.
BUG=299047
R=cpu@chromium.org, rvargas@chromium.org, cpu, rvargas
Review URL: https://codereview.chromium.org/23654049
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@225811 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some AppContainer methods moved to another DLL and the address
space for 64-bit apps is larger than before.
BUG=none
TEST=current sbox_unittests, sbox_integration_tests, sbox_validation_tests
R=cpu@chromium.org
Review URL: https://codereview.chromium.org/24296002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@224489 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
| |
TBR=jschuh@chromium.org
BUG=288948
Review URL: https://chromiumcodereview.appspot.com/23618047
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@222886 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
Add an async signal safe version of SANDBOX_DIE().
BUG=277240
R=markus@chromium.org
Review URL: https://codereview.chromium.org/23461032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221558 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SIGSYS is a reserved signal on Linux for the seccomp-bpf sandbox.
If a previous handler for SIGSYS exists, log an error.
BUG=178166
R=markus@chromium.org
Review URL: https://codereview.chromium.org/23960006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221539 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
SIGSYS is a reserved signal for sandboxing on Linux. When we receive
a spurious SIGSYS, we typically crash.
This patch changes this behavior to only log an error.
BUG=178166
R=markus@chromium.org
Review URL: https://codereview.chromium.org/23686010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221274 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
BUG=
Review URL: https://codereview.chromium.org/19579005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@220612 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=279503
TEST=sandbox_linux_unittests passes on Precise.
TEST=sandbox_linux_unittests passes on daisy_spring w/ kernel 3.8
TEST=daisy_spring boots, sandbox is on, GPU accel works.
Review URL: https://chromiumcodereview.appspot.com/23619009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@220504 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In x64 this was causing sandbox_nt_util.cc:InitHeap to truncate the
pointer returned from RtlCreateHeap, which made subsequent calls to
RtlAllocateHeap crash.
R=rvargas@chromium.org
BUG=271061
Review URL: https://chromiumcodereview.appspot.com/23558003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@220152 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing assignment is safe because there's no implicit
conversion from HANDLE to ScopedHandle, whereas there is a
HANDLE cast operator for ScopedHandle. However, this change
makes the conversion clearer and silences the PVS warning.
BUG=271530
R=cpu@chromium.org
Review URL: https://chromiumcodereview.appspot.com/23043005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217719 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Not really a pressing matter, but needed a simple end-to-end test to verify my git tree is functional after vacation (had some issues).
As reported in http://www.viva64.com/en/b/0205/
BUG=271530
R=rvargas
Review URL: https://chromiumcodereview.appspot.com/23053002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@217404 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
| |
BUG=267893
R=rvargas@chromium.org
Review URL: https://chromiumcodereview.appspot.com/21886007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@215496 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
This issue was found by a Linter.
R=erikwright@chromium.org,jschuh@chromium.org
BUG=
Review URL: https://chromiumcodereview.appspot.com/21031008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@214627 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
| |
BUG=242290
R=rvargas@chromium.org
Review URL: https://codereview.chromium.org/19824004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@213104 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
Cleanup temporary file creation to its own re-usable class.
Review URL: https://chromiumcodereview.appspot.com/19368008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@212068 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
Android sometimes run the tests as root. Make sure that our unittests
pass when running as root.
R=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/19240009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@211842 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Sometimes, we receive spurious SIGSYS signals. Clean up this code
a little to make it more clear which problems we're actually seeing.
BUG=178166
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/19054014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@211313 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
RUNNING_ON_VALGRIND was used as a compile-time option. However, Valgrind has to
be detected dynamically. Because of this bug, Valgrind was always considered
running and we would never assert properly that seccomp-bpf was available
when running our tests.
BUG=259106
R=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/18539020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@211001 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sandbox_bpf_policy_forward.h can forward declare ErrorCode. This should fix
a Chromium on MIPS compilation issue.
BUG=130022
NOTRY=true
R=markus@chromium.org
Review URL: https://codereview.chromium.org/18943004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@210691 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
BUG=256452
TEST=sandbox_linux_unittests passes.
TEST=about:gpu shows "Sandboxed: true", browser works.
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/18337010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@210651 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TSAN uses a helper thread. For all intent and purposes it should be hidden
and it looks like we can fork() happily with this thread running.
So when counting threads, we ignore it.
We still disable BPF sandbox tests under TSAN though, the BPF sandbox is not
compatible with TSAN.
BUG=256905,243968
R=glider@chromium.org
Review URL: https://codereview.chromium.org/18603002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@210014 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Text relocations are a minor security risk. Add compiler flags
that prevent them from reappearing in Android binary.
All existing occurences have been removed after
http://crrev.com/17714003.
TEST=Compile.
BUG=b/8061013
Review URL: https://chromiumcodereview.appspot.com/17820002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209885 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that sandbox_linux_unittests can run under TSAN by simply disabling
the tests that require forking.
This will need to be fixed better in the future, but this will allow us to
run part of sandbox_linux_unittests under TSAN immediately.
BUG=256905
R=ajwong@chromium.org
Review URL: https://codereview.chromium.org/18580009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209845 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
This patch attempts to generalise the linux libc urandom override, so that it works for non-glibc linux platforms too.
BUG=255215
Review URL: https://chromiumcodereview.appspot.com/18093002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209281 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Broke Linux ASAN build:
[1054/1063] LINK nacl_helper
../../chrome/nacl/nacl_helper_linux.cc:229: error: undefined reference to 'sandbox::InitLibcUrandomOverrides()'
> attempt to make the libc urandom override work for non-glibc too
>
> This patch attempts to generalise the linux libc urandom override, so
> that it works for non-glibc linux platforms too.
>
> Review URL: https://chromiumcodereview.appspot.com/17066002
TBR=mostynb@opera.com
Review URL: https://codereview.chromium.org/18069003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@208926 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
| |
This patch attempts to generalise the linux libc urandom override, so
that it works for non-glibc linux platforms too.
Review URL: https://chromiumcodereview.appspot.com/17066002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@208924 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
BUG=252425
R=cpu@chromium.org
TEST=Dr. Memory no longer reports the mismatch
Review URL: https://codereview.chromium.org/16983011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@207829 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We capture the IPC buffer before doing real work with it, but a crazy
compiler _could_ mess up the initial checks that we do. So, do more checks!
BUG=247898
TEST=current tests.
Review URL: https://chromiumcodereview.appspot.com/17126002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@207309 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a new API to start a sandbox for process types out of
content/.
BUG=229673, 168812
Review URL: https://chromiumcodereview.appspot.com/16775010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206939 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
We should not attempt to override libc functions using glibc-specific
code when not actually using glibc. This still needs to be fixed
for other libc's though.
Review URL: https://chromiumcodereview.appspot.com/16132015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206040 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
BUG=247723
TEST=none
TBR=ben@chromium.org
Review URL: https://chromiumcodereview.appspot.com/16358024
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205458 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
scoped_ptr<C, base::FreeDeleter>.
BUG=246802
R=jschuh@chromium.org
TEST=browser_tests under Dr. Memory
Review URL: https://chromiumcodereview.appspot.com/16404003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205053 0039d316-1c4b-4281-b951-d872f2087c98
|
