Issue 1186233004: Refactor OS X sandbox processing and audit sandbox files

Issue 1186233004: Refactor OS X sandbox processing and audit sandbox files (Closed)

Created:
5 years, 6 months ago by Greg K

Modified:
5 years, 5 months ago

Reviewers:
*Robert Sesek

CC:
chromium-reviews, mkwst+moarreviews-renderer_chromium.org, darin-cc_chromium.org, jam, rickyz+watch_chromium.org, mlamouri+watch-content_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Refactor OS X sandbox processing and audit sandbox files Audited the sandbox files to enusre all rules are necessary and removed any incorrect comments. The OS X Sandbox code is refactored to get rid of all string processing of the raw scheme code in the sandbox profiles. By using the ability to pass parameters into sandbox profiles, the variable substitution logic is performed by the scheme interpreter itself. BUG=242704 Committed: https://crrev.com/76eaa8778a322803dc3ac20cda05525e615dec4d Cr-Commit-Position: refs/heads/master@{#336610} Committed: https://crrev.com/e46995fce5cb605f406927ecd0b2eb2018e7e3aa Cr-Commit-Position: refs/heads/master@{#339038}

Patch Set 1 #

Total comments: 3

Patch Set 2 : Refactor OS X sandbox processing and audit sandbox files #

Total comments: 31

Patch Set 3 : Changes per code review #

Total comments: 16

Patch Set 4 : More iterations from the code review. #

Patch Set 5 : Cleaned up the component build workaround. #

Total comments: 4

Patch Set 6 : Final review: Refactor OS X sandbox processing and audit sandbox files #

Patch Set 7 : Fix the crashes on 10.6 #

Total comments: 8

Patch Set 8 : Refined 10.6 crash fix per code review #

Total comments: 4

Patch Set 9 : Move struct to anon namespace and use static_cast<> #

Created: 5 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+375 lines, -328 lines)			Patch
M	content/browser/gpu.sb	View	1 2 3 4 5	1 chunk	+11 lines, -10 lines	0 comments	Download
M	content/common/common.sb	View	1 2 3 4	2 chunks	+26 lines, -14 lines	0 comments	Download
M	content/common/sandbox_mac.h	View	1 2 3 4 5 7	4 chunks	+28 lines, -73 lines	0 comments	Download
M	content/common/sandbox_mac.mm	View	1 2 3 4 5 6 7 8	7 chunks	+112 lines, -186 lines	0 comments	Download
A	content/common/sandbox_mac_compiler_unittest.mm	View	1 2 3	1 chunk	+160 lines, -0 lines	0 comments	Download
M	content/common/sandbox_mac_diraccess_unittest.mm	View	1 2 3	1 chunk	+22 lines, -30 lines	0 comments	Download
M	content/content_common.gypi	View	1 2 3 4 5 6	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/content_tests.gypi	View	1 2 3 4 5 6 7	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/ppapi_plugin/ppapi.sb	View	1 2 3	1 chunk	+4 lines, -6 lines	0 comments	Download
M	content/renderer/renderer.sb	View	1 2 3 4 5	1 chunk	+6 lines, -8 lines	0 comments	Download
M	content/utility/utility.sb	View	1 2 3	1 chunk	+4 lines, -1 line	0 comments	Download

Messages

Total messages: 37 (13 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

jln (very slow on Chromium)

Did a 30s first-pass to check that you knew about the style guide etc, here ...

5 years, 6 months ago (2015-06-16 18:18:13 UTC) #2

Robert Sesek

https://codereview.chromium.org/1186233004/diff/20001/content/common/common.sb File content/common/common.sb (right): https://codereview.chromium.org/1186233004/diff/20001/content/common/common.sb#newcode42 content/common/common.sb:42: ; Each line is marked with the System version ...

5 years, 6 months ago (2015-06-16 23:52:41 UTC) #7

Greg K

https://codereview.chromium.org/1186233004/diff/20001/content/common/sandbox_mac.h File content/common/sandbox_mac.h (right): https://codereview.chromium.org/1186233004/diff/20001/content/common/sandbox_mac.h#newcode31 content/common/sandbox_mac.h:31: // ensure proper initialization and cleanup On 2015/06/16 23:52:40, ...

5 years, 6 months ago (2015-06-18 20:45:18 UTC) #9

Robert Sesek

https://codereview.chromium.org/1186233004/diff/60001/content/common/common.sb File content/common/common.sb (right): https://codereview.chromium.org/1186233004/diff/60001/content/common/common.sb#newcode20 content/common/common.sb:20: (define perm-dir "PERMITTED_DIR") Use the full name, permitted-dir. https://codereview.chromium.org/1186233004/diff/60001/content/common/common.sb#newcode52 ...

5 years, 6 months ago (2015-06-22 20:40:23 UTC) #10

Greg K

5 years, 6 months ago (2015-06-23 19:05:15 UTC) #11

Robert Sesek

https://codereview.chromium.org/1186233004/diff/100001/content/browser/gpu.sb File content/browser/gpu.sb (right): https://codereview.chromium.org/1186233004/diff/100001/content/browser/gpu.sb#newcode26 content/browser/gpu.sb:26: nit: remove extra blank line https://codereview.chromium.org/1186233004/diff/100001/content/renderer/renderer.sb File content/renderer/renderer.sb (left): ...

5 years, 6 months ago (2015-06-25 20:49:27 UTC) #12

Greg K

https://codereview.chromium.org/1186233004/diff/100001/content/browser/gpu.sb File content/browser/gpu.sb (right): https://codereview.chromium.org/1186233004/diff/100001/content/browser/gpu.sb#newcode26 content/browser/gpu.sb:26: On 2015/06/25 20:49:27, Robert Sesek wrote: > nit: remove ...

5 years, 6 months ago (2015-06-25 23:17:47 UTC) #13

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1186233004/120001

5 years, 5 months ago (2015-06-29 16:24:19 UTC) #16

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/72983)

5 years, 5 months ago (2015-06-29 18:10:13 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1186233004/120001

5 years, 5 months ago (2015-06-29 18:12:31 UTC) #20

commit-bot: I haz the power

Patchset 6 (id:??) landed as https://crrev.com/76eaa8778a322803dc3ac20cda05525e615dec4d Cr-Commit-Position: refs/heads/master@{#336610}

5 years, 5 months ago (2015-06-29 19:14:32 UTC) #22

caseq

A revert of this CL (patchset #6 id:120001) has been created in https://codereview.chromium.org/1213113006/ by caseq@chromium.org. ...

5 years, 5 months ago (2015-06-30 10:25:52 UTC) #23

Robert Sesek

https://codereview.chromium.org/1186233004/diff/220001/content/common/sandbox_mac.h File content/common/sandbox_mac.h (right): https://codereview.chromium.org/1186233004/diff/220001/content/common/sandbox_mac.h#newcode53 content/common/sandbox_mac.h:53: // This is the internal definition of the structure ...

5 years, 5 months ago (2015-07-14 13:17:34 UTC) #29

Greg K

5 years, 5 months ago (2015-07-15 02:57:33 UTC) #30

Robert Sesek

https://codereview.chromium.org/1186233004/diff/240001/content/common/sandbox_mac.mm File content/common/sandbox_mac.mm (right): https://codereview.chromium.org/1186233004/diff/240001/content/common/sandbox_mac.mm#newcode60 content/common/sandbox_mac.mm:60: struct SandboxParams { Move this into the content::(anonymous namespace) ...

5 years, 5 months ago (2015-07-15 15:20:18 UTC) #31

Greg K

5 years, 5 months ago (2015-07-15 17:57:14 UTC) #32

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1186233004/260001

5 years, 5 months ago (2015-07-16 15:35:22 UTC) #35

commit-bot: I haz the power

5 years, 5 months ago (2015-07-16 15:43:38 UTC) #37

Message was sent while issue was closed.

Patchset 9 (id:??) landed as
https://crrev.com/e46995fce5cb605f406927ecd0b2eb2018e7e3aa
Cr-Commit-Position: refs/heads/master@{#339038}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages