Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(326)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 469383002: Fix Mac sandbox meta data access (reland) (Closed)

Created:
6 years, 4 months ago by Jiang Jiang
Modified:
5 years, 6 months ago
Reviewers:
Nico
CC:
chromium-reviews, darin-cc_chromium.org, jam, Nico, Robert Sesek
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

Fix Mac sandbox meta data access (reland) We currently allow all metadata access due to https://codereview.chromium.org/10539009/ made the for loop comparison in Sandbox::AllowMetadataForPath() always false, when we actually only want to allow access to the path and all its parent path until root. Turn the for loop to a do/while loop instead as it's a better fit, also add a test case for Sandbox::AllowMetadataForPath(). We also need file read meta data access to all the .dylibs we linked to. It should only affect component builds on OS X 10.6 and utility process as no other process is using this mechanism. BUG=403801 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=289738

Patch Set 1 #

Patch Set 2 : Typo fix #

Unified diffs Side-by-side diffs Delta from patch set Stats (+35 lines, -5 lines) Patch
M content/common/sandbox_mac.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/common/sandbox_mac.mm View 1 2 chunks +22 lines, -4 lines 0 comments Download
M content/common/sandbox_mac_diraccess_unittest.mm View 2 chunks +12 lines, -1 line 0 comments Download

Messages

Total messages: 10 (1 generated)
Jiang Jiang
Any of you has better idea of how to test it further on 10.6 component ...
6 years, 4 months ago (2014-08-14 17:04:36 UTC) #1
Nico
Since this only makes the sandbox larger (compared the the first, already approved version of ...
6 years, 4 months ago (2014-08-14 17:42:08 UTC) #2
Nico
(ps: for relanding cls, it's good practice to upload the original change as patchset 1, ...
6 years, 4 months ago (2014-08-14 17:42:39 UTC) #3
Avi (use Gerrit)
slgtm
6 years, 4 months ago (2014-08-14 17:47:50 UTC) #4
Jiang Jiang
The CQ bit was checked by jiangj@opera.com
6 years, 4 months ago (2014-08-14 19:01:20 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jiangj@opera.com/469383002/20001
6 years, 4 months ago (2014-08-14 19:03:58 UTC) #6
commit-bot: I haz the power
Committed patchset #2 (20001) as 289738
6 years, 4 months ago (2014-08-15 01:10:33 UTC) #7
adamk
A revert of this CL (patchset #2) has been created in https://codereview.chromium.org/470693004/ by adamk@chromium.org. The ...
6 years, 4 months ago (2014-08-15 15:38:33 UTC) #8
Greg K
5 years, 6 months ago (2015-06-15 23:16:44 UTC) #10
Message was sent while issue was closed. 
On 2014/08/15 15:38:33, adamk wrote:
> A revert of this CL (patchset #2) has been created in
> https://codereview.chromium.org/470693004/ by mailto:adamk@chromium.org.
> 
> The reason for reverting is: Caused GPU crashes on Mac10.6 Blink layout tests
> running with component=shared_library..

Woops, I meant to change the bug and accidentally changed this CL.

Powered by Google App Engine
This is Rietveld 408576698