Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(262)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/resources/sandbox_internals/sandbox_internals.js

Issue 2939273002: DO NOT SUBMIT: what chrome/browser/resources/ could eventually look like with clang-format (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/resources/quota_internals/event_handler.js ('k') | chrome/browser/resources/set_as_default_browser.js » ('j') | chrome/browser/resources/settings/device_page/stylus.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 (function() { 5 (function() {
6 let GOOD = 'good'; 6 let GOOD = 'good';
7 let BAD = 'bad'; 7 let BAD = 'bad';
8 let INFO = 'info'; 8 let INFO = 'info';
9 9
10 /** 10 /**
11 * Adds a row to the sandbox status table. 11 * Adds a row to the sandbox status table.
12 * @param {string} name The name of the status item. 12 * @param {string} name The name of the status item.
13 * @param {string} value The status of the item. 13 * @param {string} value The status of the item.
14 * @param {string?} cssClass A CSS class to apply to the row. 14 * @param {string?} cssClass A CSS class to apply to the row.
15 * @return {Element} The newly added TR. 15 * @return {Element} The newly added TR.
16 */ 16 */
17 function addStatusRow(name, value, cssClass) { 17 function addStatusRow(name, value, cssClass) {
18 let row = cr.doc.createElement('tr'); 18 let row = cr.doc.createElement('tr');
19 19
20 let nameCol = row.appendChild(cr.doc.createElement('td')); 20 let nameCol = row.appendChild(cr.doc.createElement('td'));
21 let valueCol = row.appendChild(cr.doc.createElement('td')); 21 let valueCol = row.appendChild(cr.doc.createElement('td'));
22 22
23 nameCol.textContent = name; 23 nameCol.textContent = name;
24 valueCol.textContent = value; 24 valueCol.textContent = value;
25 25
26 if (cssClass != null) { 26 if (cssClass != null) {
27 nameCol.classList.add(cssClass); 27 nameCol.classList.add(cssClass);
28 valueCol.classList.add(cssClass); 28 valueCol.classList.add(cssClass);
29 }
30
31 $('sandbox-status').appendChild(row);
32 return row;
33 }
34
35 /**
36 * Adds a status row that reports either Yes or No.
37 * @param {string} name The name of the status item.
38 * @param {boolean} result The status (good/bad) result.
39 * @return {Element} The newly added TR.
40 */
41 function addGoodBadRow(name, result) {
42 return addStatusRow(name, result ? 'Yes' : 'No', result ? GOOD : BAD);
43 }
44
45 /**
46 * Reports the overall sandbox status evaluation message.
47 * @param {boolean}
48 */
49 function setEvaluation(result) {
50 let message = result ? 'You are adequately sandboxed.' :
51 'You are NOT adequately sandboxed.';
52 $('evaluation').innerText = message;
53 }
54
55 /**
56 * Main page handler for Android.
57 */
58 function androidHandler() {
59 chrome.getAndroidSandboxStatus((status) => {
60 var isIsolated = false;
61 var isTsync = false;
62 var isChromeSeccomp = false;
63
64 addStatusRow('PID', status.pid, INFO);
65 addStatusRow('UID', status.uid, INFO);
66 isIsolated = status.secontext.indexOf(':isolated_app:') != -1;
67 addStatusRow('SELinux Context', status.secontext, isIsolated ? GOOD : BAD);
68
69 let procStatus = status.procStatus.split('\n');
70 for (let line of procStatus) {
71 if (line.startsWith('Seccomp')) {
72 var value = line.split(':')[1].trim();
73 var cssClass = BAD;
74 if (value == '2') {
75 value = 'Yes - TSYNC (' + line + ')';
76 cssClass = GOOD;
77 isTsync = true;
78 } else if (value == '1') {
79 value = 'Yes (' + line + ')';
80 } else {
81 value = line;
82 }
83 addStatusRow('Seccomp-BPF Enabled (Kernel)', value, cssClass);
84 break;
85 }
29 } 86 }
30 87
31 $('sandbox-status').appendChild(row); 88 var seccompStatus = 'Unknown';
32 return row; 89 switch (status.seccompStatus) {
90 case 0:
91 seccompStatus = 'Not Supported';
92 break;
93 case 1:
94 seccompStatus = 'Run-time Detection Failed';
95 break;
96 case 2:
97 seccompStatus = 'Disabled by Field Trial';
98 break;
99 case 3:
100 seccompStatus = 'Enabled by Field Trial (not started)';
101 break;
102 case 4:
103 seccompStatus = 'Sandbox Started';
104 isChromeSeccomp = true;
105 break;
106 }
107 addStatusRow(
108 'Seccomp-BPF Enabled (Chrome)', seccompStatus,
109 status.seccompStatus == 4 ? GOOD : BAD);
110
111 addStatusRow('Android Build ID', status.androidBuildId, INFO);
112
113 setEvaluation(isIsolated && isTsync && isChromeSeccomp);
114 });
115 }
116
117 /**
118 * Main page handler for desktop Linux.
119 */
120 function linuxHandler() {
121 addGoodBadRow('SUID Sandbox', loadTimeData.getBoolean('suid'));
122 addGoodBadRow('Namespace Sandbox', loadTimeData.getBoolean('userNs'));
123 addGoodBadRow('PID namespaces', loadTimeData.getBoolean('pidNs'));
124 addGoodBadRow('Network namespaces', loadTimeData.getBoolean('netNs'));
125 addGoodBadRow('Seccomp-BPF sandbox', loadTimeData.getBoolean('seccompBpf'));
126 addGoodBadRow(
127 'Seccomp-BPF sandbox supports TSYNC',
128 loadTimeData.getBoolean('seccompTsync'));
129 addGoodBadRow('Yama LSM Enforcing', loadTimeData.getBoolean('yama'));
130 setEvaluation(loadTimeData.getBoolean('sandboxGood'));
131 }
132
133 document.addEventListener('DOMContentLoaded', () => {
134 if (cr.isAndroid) {
135 androidHandler();
136 } else {
137 linuxHandler();
33 } 138 }
34 139 });
35 /**
36 * Adds a status row that reports either Yes or No.
37 * @param {string} name The name of the status item.
38 * @param {boolean} result The status (good/bad) result.
39 * @return {Element} The newly added TR.
40 */
41 function addGoodBadRow(name, result) {
42 return addStatusRow(name, result ? 'Yes' : 'No', result ? GOOD : BAD);
43 }
44
45 /**
46 * Reports the overall sandbox status evaluation message.
47 * @param {boolean}
48 */
49 function setEvaluation(result) {
50 let message = result ? 'You are adequately sandboxed.'
51 : 'You are NOT adequately sandboxed.';
52 $('evaluation').innerText = message;
53 }
54
55 /**
56 * Main page handler for Android.
57 */
58 function androidHandler() {
59 chrome.getAndroidSandboxStatus((status) => {
60 var isIsolated = false;
61 var isTsync = false;
62 var isChromeSeccomp = false;
63
64 addStatusRow('PID', status.pid, INFO);
65 addStatusRow('UID', status.uid, INFO);
66 isIsolated = status.secontext.indexOf(':isolated_app:') != -1;
67 addStatusRow('SELinux Context', status.secontext,
68 isIsolated ? GOOD : BAD);
69
70 let procStatus = status.procStatus.split('\n');
71 for (let line of procStatus) {
72 if (line.startsWith('Seccomp')) {
73 var value = line.split(':')[1].trim();
74 var cssClass = BAD;
75 if (value == '2') {
76 value = 'Yes - TSYNC (' + line + ')';
77 cssClass = GOOD;
78 isTsync = true;
79 } else if (value == '1') {
80 value = 'Yes (' + line + ')';
81 } else {
82 value = line;
83 }
84 addStatusRow('Seccomp-BPF Enabled (Kernel)', value, cssClass);
85 break;
86 }
87 }
88
89 var seccompStatus = 'Unknown';
90 switch (status.seccompStatus) {
91 case 0:
92 seccompStatus = 'Not Supported';
93 break;
94 case 1:
95 seccompStatus = 'Run-time Detection Failed';
96 break;
97 case 2:
98 seccompStatus = 'Disabled by Field Trial';
99 break;
100 case 3:
101 seccompStatus = 'Enabled by Field Trial (not started)';
102 break;
103 case 4:
104 seccompStatus = 'Sandbox Started';
105 isChromeSeccomp = true;
106 break;
107 }
108 addStatusRow('Seccomp-BPF Enabled (Chrome)', seccompStatus,
109 status.seccompStatus == 4 ? GOOD : BAD);
110
111 addStatusRow('Android Build ID', status.androidBuildId, INFO);
112
113 setEvaluation(isIsolated && isTsync && isChromeSeccomp);
114 });
115 }
116
117 /**
118 * Main page handler for desktop Linux.
119 */
120 function linuxHandler() {
121 addGoodBadRow('SUID Sandbox', loadTimeData.getBoolean('suid'));
122 addGoodBadRow('Namespace Sandbox', loadTimeData.getBoolean('userNs'));
123 addGoodBadRow('PID namespaces', loadTimeData.getBoolean('pidNs'));
124 addGoodBadRow('Network namespaces', loadTimeData.getBoolean('netNs'));
125 addGoodBadRow('Seccomp-BPF sandbox', loadTimeData.getBoolean('seccompBpf'));
126 addGoodBadRow('Seccomp-BPF sandbox supports TSYNC',
127 loadTimeData.getBoolean('seccompTsync'));
128 addGoodBadRow('Yama LSM Enforcing', loadTimeData.getBoolean('yama'));
129 setEvaluation(loadTimeData.getBoolean('sandboxGood'));
130 }
131
132 document.addEventListener('DOMContentLoaded', () => {
133 if (cr.isAndroid) {
134 androidHandler();
135 } else {
136 linuxHandler();
137 }
138 });
139 })(); 140 })();
OLDNEW
« no previous file with comments | « chrome/browser/resources/quota_internals/event_handler.js ('k') | chrome/browser/resources/set_as_default_browser.js » ('j') | chrome/browser/resources/settings/device_page/stylus.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698