summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Revert 147510 - Revert "Remove part of a sandbox test that fails on XP"vitalybuka@chromium.org2012-07-201-0/+3
| | | | | | | | | | | | | | | | | | | | It still brakes sbox_unittests. This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10810033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147613 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Remove part of a sandbox test that fails on XP"jln@chromium.org2012-07-191-3/+0
| | | | | | | | | | | | | | | This reverts commit 147165 (2f575e44d375c7324571f58b9888a72fc77abd7e). It has been tested on a local XP machine and works fine. BUG=137791 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10805016 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147510 0039d316-1c4b-4281-b951-d872f2087c98
* Move sandbox/sandbox_linux.gypi to sandbox/linuxjln@chromium.org2012-07-182-18/+18
| | | | | | | | | | | | Make it symmetrical with the Windows version. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10808003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147291 0039d316-1c4b-4281-b951-d872f2087c98
* Move /seccompsandbox to /sandbox/linux/seccomp-legacyjln@chromium.org2012-07-181-1/+1
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10792027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147179 0039d316-1c4b-4281-b951-d872f2087c98
* Remove part of a sandbox test that fails on XPjln@chromium.org2012-07-181-0/+3
| | | | | | | | | | | | | | | | | IPCTest.ClientFastServer inexplicably fails on XP after we moved the Windows sandbox to sandbox/win. Disable the part that fails for now. BUG= TEST= NOTRY=true TBR=cpu@chromium.org Review URL: https://chromiumcodereview.appspot.com/10806003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147165 0039d316-1c4b-4281-b951-d872f2087c98
* Move the Windows sandbox to sandbox/winjln@chromium.org2012-07-18215-628/+628
| | | | | | | | | | | | | This is a rather large refactor to move the Windows sandbox to the right place. BUG= TEST= NOTRY=true TBR=sky@chromium.org Review URL: https://chromiumcodereview.appspot.com/10689170 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147151 0039d316-1c4b-4281-b951-d872f2087c98
* Increase default delay for sandbox testsjschuh@chromium.org2012-07-171-1/+1
| | | | | | | | BUG=137652 Review URL: https://chromiumcodereview.appspot.com/10793027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147051 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp Sandbox: detect a bug with old glibcsjln@chromium.org2012-07-162-6/+46
| | | | | | | | | | | | | | With some version of the Seccomp BPF kernel patch, an old glibc and a kernel using vsyscall=emulate would cause a SIGKILL under a seccomp BPF policy. We now detect this condition in supportsSeccompSandbox(). BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10703183 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146902 0039d316-1c4b-4281-b951-d872f2087c98
* Emergency revert; rietveld broke; tree brokeerg@google.com2012-07-13215-628/+628
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146646 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_win.gypi: one less.. for other .gyp filesjln@chromium.org2012-07-131-10/+10
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146630 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/wow_helper -> sandbox/win/wow_helperjln@chromium.org2012-07-133-5/+5
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146629 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/tools -> sandbox/win/toolsjln@chromium.org2012-07-137-8/+8
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146628 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox_poc + test to sandbox/winjln@chromium.org2012-07-1331-43/+43
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146627 0039d316-1c4b-4281-b951-d872f2087c98
* sandbox/src -> sandbox/win/srcjln@chromium.org2012-07-13162-566/+566
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146626 0039d316-1c4b-4281-b951-d872f2087c98
* Move Windows sandboxjln@chromium.org2012-07-13215-16/+16
| | | | | | | - Move Windows sandbox to sandbox/win - Update sandbox_win.gypi git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146625 0039d316-1c4b-4281-b951-d872f2087c98
* Share the zygote's fopen overrides with nacl_helper.ncbray@chromium.org2012-07-133-0/+198
| | | | | | | | | | | | | | This will allow ChromeOS's version of NSS to initialize inside of nacl_helper without killing the process, which in turn allows validation caching to be enabled on ChromeOS. BUG= https://code.google.com/p/chromium/issues/detail?id=134538 TEST= none Review URL: https://chromiumcodereview.appspot.com/10736017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146498 0039d316-1c4b-4281-b951-d872f2087c98
* Suppress STATUS_INVALID_HANDLE (0xc0000008) exceptions triggered by ↵alexeypa@chromium.org2012-07-121-7/+27
| | | | | | | | | | | | | HandleCloserAgent. Dereferncing an invalid handle generates the STATUS_INVALID_HANDLE exception when handle tracing is enabled (by AppVerifier for example). HandleCloserAgent is expected to probe invalid handles, so this CL suppresses STATUS_INVALID_HANDLE exceptions triggered by HandleCloserAgent to make debugging easier. BUG=131699 Review URL: https://chromiumcodereview.appspot.com/10689081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146470 0039d316-1c4b-4281-b951-d872f2087c98
* Make wow_helper.sln pure ASCIIjln@chromium.org2012-07-121-1/+1
| | | | | | | | | | | | | Non 7-bit ASCII characters confused the hell out of try bots and scripts and led to hard to track bugs. BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10696187 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146270 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the rest of #pragma once in one big CL.ajwong@chromium.org2012-07-114-4/+0
| | | | | | | | | For context see this thread: https://groups.google.com/a/chromium.org/forum/?fromgroups#!topic/chromium-dev/RMcVNGjB4II TBR=thakis,pkasting,jam git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146163 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp-BPF: add a new synthetic unittestjln@chromium.org2012-07-091-0/+59
| | | | | | | | | | | | This adds a synthetic but slightly more complex unittest for the BPF compiler. BUG=130662 TEST= Review URL: https://chromiumcodereview.appspot.com/10693019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145800 0039d316-1c4b-4281-b951-d872f2087c98
* Add Julien Tinnes as OWNER of Linux sandboxing and Zygotejln@chromium.org2012-07-091-0/+5
| | | | | | | | | | | | | | Add Chris Evans as OWNER of sandbox/ Set noparent in sandbox/ BUG= TEST= NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10753003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145756 0039d316-1c4b-4281-b951-d872f2087c98
* Force the interception agent trampoline into the random rangejschuh@chromium.org2012-06-291-6/+19
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10686007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144861 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Move code around.rvargas@google.com2012-06-283-218/+236
| | | | | | | | | | | This is mostly a NOP, except for the initialization of ui_exceptions_. BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10697013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144804 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Two files were left behind when changing the uservargas@google.com2012-06-282-3/+4
| | | | | | | | | | | of scoped handles (r144571), because they were not part of the original (backed out) CL. BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10703012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144803 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Use ScopedProcessInformation.rvargas@google.com2012-06-278-186/+176
| | | | | | | | | | | | This is a partial reland of 130716 - Use ScopedProcessInformation and other RAII types in sandbox - minus the bugs introduced by that cl. BUG=127931 TEST=none Review URL: https://chromiumcodereview.appspot.com/10605002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144571 0039d316-1c4b-4281-b951-d872f2087c98
* Make chrome compile with the win8 sdk cpu@chromium.org2012-06-265-7/+7
| | | | | | | | | | | | | | | | | | | | | So we can move the metro bits to \src THREAD_INFORMATION_CLASS is now defined with unrelated values as follows: typedef enum _THREAD_INFORMATION_CLASS { ThreadMemoryPriority, ThreadAbsoluteCpuPriority, ThreadInformationClassMax } THREAD_INFORMATION_CLASS; BUG=127799 TEST= it builds, current test suffice Review URL: https://chromiumcodereview.appspot.com/10669027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144217 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: add a unittest for a SIGSYS handlerjln@chromium.org2012-06-261-0/+52
| | | | | | | | | | BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10666032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144210 0039d316-1c4b-4281-b951-d872f2087c98
* Add eight more bits of entropy to the sandbox intercept trampolinejschuh@chromium.org2012-06-252-8/+44
| | | | | | Review URL: https://chromiumcodereview.appspot.com/10666018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144031 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: add a simple whitelist unittestjln@chromium.org2012-06-232-22/+113
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10663011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143804 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox Gyp: split Windows into its own .gypi filejln@chromium.org2012-06-232-338/+347
| | | | | | | | | | BUG=None TEST=None Review URL: https://chromiumcodereview.appspot.com/10649004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143786 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox BPF: add basic unittestsjln@chromium.org2012-06-222-2/+54
| | | | | | | | | | | | | | | | We add our first basic unittests: - Calling Sandbox::supportsSeccompSandbox twice should work fine - We install and test a basic policy that forbids nanosleep() BUG=None TEST=None NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10641015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143728 0039d316-1c4b-4281-b951-d872f2087c98
* Seccomp BPF: initial structure for unittestsjln@chromium.org2012-06-223-11/+62
| | | | | | | | | | | | | | | | - On Linux, support a new sandbox_linux_unittests target - Add a new seccomp_bpf_unittests target as a dependency of the global sandbox_linux_unittests target. - Integrate globally as a chromium_builder_tests dependency BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10635006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143549 0039d316-1c4b-4281-b951-d872f2087c98
* seccomp bpf: make more of the Sandbox class privatejln@chromium.org2012-06-221-3/+3
| | | | | | | | | | | | | | - The Sandbox Class is not supposed to be instantiated for now, so we disallow construction - Move friends declaration to the private part BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10629009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143543 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox Gyp: move Linux to its own .gypi filejln@chromium.org2012-06-212-53/+69
| | | | | | | | | | | BUG=None TEST=None NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10628012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143484 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 143426 - Sandbox GYP: separate Windows and Linuxsky@chromium.org2012-06-213-397/+386
| | | | | | | | | | | | | | | | | | - Have Windows and Linux sandbox GYP in their own .gypi files - Cleanup things: * Get rid of the sandbox_windows_target variable * Merge all Linux targets into one Linux section BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10536228 TBR=jln@chromium.org Review URL: https://chromiumcodereview.appspot.com/10633012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143433 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Add support for the latest version of windows' servicervargas@google.com2012-06-211-6/+49
| | | | | | | | | | stub on 64 bit systems. BUG=133633 TEST=current sbox tests. Review URL: https://chromiumcodereview.appspot.com/10581031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143428 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox GYP: separate Windows and Linuxjln@chromium.org2012-06-213-386/+397
| | | | | | | | | | | | | | | - Have Windows and Linux sandbox GYP in their own .gypi files - Cleanup things: * Get rid of the sandbox_windows_target variable * Merge all Linux targets into one Linux section BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10536228 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143426 0039d316-1c4b-4281-b951-d872f2087c98
* Fix compilation error triggered by gcc-4.7+ running in C++-11 mode.markus@chromium.org2012-06-171-1/+2
| | | | | | | | | | | | Verified that this change list makes the code build with 4.8.0 20120615 BUG=n/a TEST=build with gcc 4.7 or more recent Review URL: https://chromiumcodereview.appspot.com/10556028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142649 0039d316-1c4b-4281-b951-d872f2087c98
* Use binary search to optimize code generation for BPF filters.markus@chromium.org2012-06-153-38/+123
| | | | | | | | | | BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10538075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142365 0039d316-1c4b-4281-b951-d872f2087c98
* Added support for SECCOMP_RET_TRAP handlers.markus@chromium.org2012-06-154-97/+330
| | | | | | | | | | | | | | | | | When setting a sandbox policy, the user has to write a system call evaluator function. This function is passed a system call number and returns a suitable ErrorCode (e.g. an "errno" value). This change list extends ErrorCode, so that in addition to static "errno" values, the system call evaluator can also request that a callback gets called. This allows the sandbox to handle system calls in user space. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10533076 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142353 0039d316-1c4b-4281-b951-d872f2087c98
* Instead of outputting one BPF check per possible system call coalescemarkus@chromium.org2012-06-153-53/+177
| | | | | | | | | | | | | | | | | | | | | | | all system calls that are supposed to be treated identically. This change list depends on https://chromiumcodereview.appspot.com/10546041/ These changes should address the immediate concerns about inefficient BPF evaluation of system calls. But they are only the first step in the process of us generating an optimal BPF program. We are still missing the compilation of the binary search tree. That is going to be the next change list in this series. But for the benefit of better reviewability, I split the changes into two parts. BUG=130662 TEST=make && demo32 && demo64 Review URL: https://chromiumcodereview.appspot.com/10536048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142295 0039d316-1c4b-4281-b951-d872f2087c98
* Added a new Verifier class to the BPF compiler.markus@chromium.org2012-06-146-8/+286
| | | | | | | | | | | | | | | This class ensures that the generated BPF program does in fact represent the filters that we were asked to compile. Having a verifier will allow us to make more aggressive optimizations in the future without having to worry that we generate invalid code. BUG=130662 TEST=make && demo32 && demo64 Review URL: https://chromiumcodereview.appspot.com/10546041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142258 0039d316-1c4b-4281-b951-d872f2087c98
* Don't break sandboxed sub-processes out of jobs on Win8.siggi@chromium.org2012-06-142-4/+18
| | | | | | | | | | | | | | It's not necessary to break out of the parent process' job on Windows 8, as nested jobs are supported. Under Metro, breaking sub-processes out of the parent process' job prevents them from being suspended with the application. R=rvargas@chromium.org BUG=129697 TEST=Sub-processes are suspended with browser on Metro. Review URL: https://chromiumcodereview.appspot.com/10535167 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142237 0039d316-1c4b-4281-b951-d872f2087c98
* Second try at landing this patch list. This time, we are super careful about ↵markus@chromium.org2012-06-145-25/+75
| | | | | | | | | | | | | | checking all return values from HANDLE_EINTR(). Original CL: https://chromiumcodereview.appspot.com/10545100/ TEST=make && ./demo32 && ./demo64 BUG=130662 Review URL: https://chromiumcodereview.appspot.com/10542149 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@142184 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 141938 - Improve logging, if we fail due to an internal error when ↵sergeyu@chromium.org2012-06-132-65/+19
| | | | | | | | | | | | | | executing supportsSeccompSandbox(). Previously, we would just report that the sandbox is unavailable. That's undesirable behavior, because it would lead the caller to think that they should continue without the sandbox. A simple bug in the sandbox compiler could thus result in us inadvertently disabling sandboxing for all users -- without necessarily noticing this issue for a while. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10545100 TBR=markus@chromium.org Review URL: https://chromiumcodereview.appspot.com/10540145 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141949 0039d316-1c4b-4281-b951-d872f2087c98
* Improve logging, if we fail due to an internal error when executing ↵markus@chromium.org2012-06-132-19/+65
| | | | | | | | | | | supportsSeccompSandbox(). Previously, we would just report that the sandbox is unavailable. That's undesirable behavior, because it would lead the caller to think that they should continue without the sandbox. A simple bug in the sandbox compiler could thus result in us inadvertently disabling sandboxing for all users -- without necessarily noticing this issue for a while. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10545100 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141938 0039d316-1c4b-4281-b951-d872f2087c98
* Avoid all library calls (including calls to destructors) after enabling the ↵markus@chromium.org2012-06-132-17/+38
| | | | | | | | | | | | | | sandbox. This ensures that the sandbox doesn't surprisingly fail, if the user instantiated a particularly strick policy. BUG=130662 TEST=make && ./demo32 && ./demo64 Review URL: https://chromiumcodereview.appspot.com/10535089 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141851 0039d316-1c4b-4281-b951-d872f2087c98
* Explicitly test bit 30 in the system call number to distinguish between the ↵markus@chromium.org2012-06-082-6/+27
| | | | | | | | | | | | | | | | | new x32 API and older Intel APIs. Also, extend the system call range from 0..512 to 0..1024. This covers the extra system calls added with x32. As x32 isn't widely available yet, we don't add any other code to support it (e.g. we don't build a version of demo.cc that runs in x32). But by explicitly blocking it for i386 and x86-64 we ensure that a "default allow" policy is going to do the right thing. TEST=make && demo32 && demo64 BUG=130662 Review URL: https://chromiumcodereview.appspot.com/10542028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141155 0039d316-1c4b-4281-b951-d872f2087c98
* Build seccomp 1 for supported architecture onlyjln@chromium.org2012-06-081-1/+2
| | | | | | | | | | | | Instead of blacklisting ARM, we whitelist IA32 and X86_64 BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10533055 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141129 0039d316-1c4b-4281-b951-d872f2087c98
* Compile the new sandbox-bpf API code, don't use it yet.jln@chromium.org2012-06-071-1/+16
| | | | | | | | | | BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10537048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140985 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-01-31 06:23:08 +0000