diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-11-20 10:33:36 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-11-22 11:45:12 +0000 |
commit | be59a35641616a4cf23c4a13fa0632624b021c1b (patch) | |
tree | 9da183258bdf9cc413f7562079d25ace6955467f /chromium/sandbox/mac | |
parent | d702e4b6a64574e97fc7df8fe3238cde70242080 (diff) | |
download | qtwebengine-chromium-be59a35641616a4cf23c4a13fa0632624b021c1b.tar.gz |
BASELINE: Update Chromium to 62.0.3202.101
Change-Id: I2d5eca8117600df6d331f6166ab24d943d9814ac
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/sandbox/mac')
5 files changed, 88 insertions, 79 deletions
diff --git a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm index 3f71e650b7f..a6225a91c32 100644 --- a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm +++ b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm @@ -104,14 +104,13 @@ class BootstrapSandboxTest : public base::MultiProcessTest { base::LaunchOptions options; options.pre_exec_delegate = pre_exec_delegate.get(); - base::SpawnChildResult spawn_child = - SpawnChildWithOptions(child_name, options); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChildWithOptions(child_name, options); + ASSERT_TRUE(process.IsValid()); int code = 0; - EXPECT_TRUE(spawn_child.process.WaitForExit(&code)); + EXPECT_TRUE(process.WaitForExit(&code)); EXPECT_EQ(0, code); if (out_pid) - *out_pid = spawn_child.process.Pid(); + *out_pid = process.Pid(); } protected: @@ -125,15 +124,15 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) { base::scoped_nsobject<DistributedNotificationObserver> observer( [[DistributedNotificationObserver alloc] init]); - base::SpawnChildResult spawn_child = SpawnChild(kNotificationTestMain); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild(kNotificationTestMain); + ASSERT_TRUE(process.IsValid()); int code = 0; - EXPECT_TRUE(spawn_child.process.WaitForExit(&code)); + EXPECT_TRUE(process.WaitForExit(&code)); EXPECT_EQ(0, code); [observer waitForNotification]; EXPECT_EQ(1, [observer receivedCount]); - EXPECT_EQ(spawn_child.process.Pid(), [[observer object] intValue]); + EXPECT_EQ(process.Pid(), [[observer object] intValue]); } // Run the test with the sandbox enabled without notifications on the policy @@ -472,9 +471,7 @@ TEST_F(BootstrapSandboxTest, ChildOutliveSandbox) { sandbox_->NewClient(kTestPolicyId)); base::LaunchOptions options; options.pre_exec_delegate = pre_exec_delegate.get(); - base::SpawnChildResult spawn_result = - SpawnChildWithOptions("ChildOutliveSandbox", options); - base::Process& process = spawn_result.process; + base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options); ASSERT_TRUE(process.IsValid()); // Synchronize with the child. diff --git a/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm b/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm index eea5959ed15..87249e054e3 100644 --- a/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm +++ b/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm @@ -34,11 +34,11 @@ MULTIPROCESS_TEST_MAIN(BasicProfileProcess) { } TEST_F(SandboxMacCompilerTest, BasicProfileTest) { - base::SpawnChildResult spawn_child = SpawnChild("BasicProfileProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("BasicProfileProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -58,12 +58,11 @@ MULTIPROCESS_TEST_MAIN(BasicProfileWithParamProcess) { } TEST_F(SandboxMacCompilerTest, BasicProfileTestWithParam) { - base::SpawnChildResult spawn_child = - SpawnChild("BasicProfileWithParamProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("BasicProfileWithParamProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -90,11 +89,11 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalProcess) { } TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTest) { - base::SpawnChildResult spawn_child = SpawnChild("ProfileFunctionalProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("ProfileFunctionalProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -130,12 +129,11 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalTestWithParamsProcess) { } TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestWithParams) { - base::SpawnChildResult spawn_child = - SpawnChild("ProfileFunctionalTestWithParamsProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("ProfileFunctionalTestWithParamsProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -154,12 +152,11 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalityTestErrorProcess) { } TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestError) { - base::SpawnChildResult spawn_child = - SpawnChild("ProfileFunctionalityTestErrorProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("ProfileFunctionalityTestErrorProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -178,11 +175,11 @@ MULTIPROCESS_TEST_MAIN(SandboxCheckTestProcess) { } TEST_F(SandboxMacCompilerTest, SandboxCheckTest) { - base::SpawnChildResult spawn_child = SpawnChild("SandboxCheckTestProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("SandboxCheckTestProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } diff --git a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm b/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm index 4b0ee197b66..64eae5e4221 100644 --- a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm +++ b/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm @@ -6,15 +6,17 @@ #import <IOSurface/IOSurface.h> #include <fcntl.h> +#include <servers/bootstrap.h> #include <stdint.h> #include <sys/mman.h> -#include <sys/types.h> #include <sys/stat.h> #include <sys/sysctl.h> +#include <sys/types.h> #include <unistd.h> #include "base/files/file.h" #include "base/files/file_path.h" +#include "base/files/file_util.h" #include "base/mac/mac_util.h" #include "base/process/kill.h" #include "base/test/multiprocess_test.h" @@ -39,15 +41,16 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { "(define allowed-dir \"ALLOWED_READ_DIR\")\n" "(define temp-file \"ALLOWED_TEMP_FILE\")\n" "(define is-pre-10_10 \"IS_PRE_10_10\")\n" + "(define zone-tab \"ZONE_TAB\")\n" "; Make it easier to drop (literal) once we stop supporting 10.9\n" "(define (path x) (literal x))\n" - "(allow file-read-metadata (subpath \"/Applications\"))\n" + "(allow file-read-metadata (subpath \"/\"))\n" "(allow file-read* (subpath (param allowed-dir)))\n" - "(allow file-read-data (path \"/usr/share/zoneinfo/zone.tab\"))\n" + "(allow file-read-data (path (param zone-tab)))\n" "(allow file-write* (path (param temp-file)))\n" "(allow ipc-posix-shm-read-data (ipc-posix-name " "\"apple.shm.notification_center\"))\n" - "(allow mach-lookup (global-name \"com.apple.logd\"))\n" + "(allow mach-lookup (global-name \"com.apple.system.logger\"))\n" "(if (string=? (param is-pre-10_10) \"TRUE\") (allow sysctl-read))\n" "(if (string=? (param is-pre-10_10) \"FALSE\") (allow sysctl-read " "(sysctl-name \"hw.activecpu\")))\n"; @@ -59,6 +62,11 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { CHECK(compiler.InsertBooleanParam("IS_PRE_10_10", !base::mac::IsAtLeastOS10_10())); + // crbug.com/748517: The zoneinfo folder is a symlink on 10.13. + base::FilePath zone_tab_path("/usr/share/zoneinfo/zone.tab"); + zone_tab_path = base::MakeAbsoluteFilePath(zone_tab_path); + CHECK(compiler.InsertStringParam("ZONE_TAB", zone_tab_path.value())); + std::string error; bool result = compiler.CompileAndApplyProfile(&error); CHECK(result) << error; @@ -69,12 +77,12 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { CHECK(file.IsValid()); char buf[4096]; - EXPECT_EQ(static_cast<int>(sizeof(buf)), - file.Read(/*offset=*/0, buf, sizeof(buf))); + CHECK_EQ(static_cast<int>(sizeof(buf)), + file.Read(/*offset=*/0, buf, sizeof(buf))); file.Close(); // Protect again other checks accidentally using this file. struct stat sb; - EXPECT_EQ(0, stat("/Applications/TextEdit.app", &sb)); + CHECK_EQ(0, stat("/Applications/TextEdit.app", &sb)); base::FilePath zone_path("/usr/share/zoneinfo/zone.tab"); base::File zone_file(zone_path, @@ -82,15 +90,15 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { CHECK(zone_file.IsValid()); char zone_buf[2]; - EXPECT_EQ(static_cast<int>(sizeof(zone_buf)), - zone_file.Read(/*offset=*/0, zone_buf, sizeof(zone_buf))); + CHECK_EQ(static_cast<int>(sizeof(zone_buf)), + zone_file.Read(/*offset=*/0, zone_buf, sizeof(zone_buf))); zone_file.Close(); // Make sure we cannot read any files in zoneinfo. base::FilePath zone_dir_path("/usr/share/zoneinfo"); base::File zoneinfo(zone_dir_path, base::File::FLAG_OPEN | base::File::FLAG_READ); - EXPECT_FALSE(zoneinfo.IsValid()); + CHECK(!zoneinfo.IsValid()); base::FilePath temp_path(temp_file_path); base::File temp_file(temp_path, @@ -98,39 +106,46 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) { CHECK(temp_file.IsValid()); const char msg[] = "I can write this file."; - EXPECT_EQ(static_cast<int>(sizeof(msg)), - temp_file.WriteAtCurrentPos(msg, sizeof(msg))); + CHECK_EQ(static_cast<int>(sizeof(msg)), + temp_file.WriteAtCurrentPos(msg, sizeof(msg))); temp_file.Close(); int shm_fd = shm_open("apple.shm.notification_center", O_RDONLY, 0644); - EXPECT_GE(shm_fd, 0); + CHECK_GE(shm_fd, 0); - NSPort* mach = [[NSMachBootstrapServer sharedInstance] - servicePortWithName:@"com.apple.logd"]; - EXPECT_NE(nil, mach); + // Test mach service access. The port is leaked because the multiprocess + // test exits quickly after this look up. + mach_port_t service_port; + kern_return_t status = bootstrap_look_up( + bootstrap_port, "com.apple.system.logger", &service_port); + CHECK_EQ(status, BOOTSTRAP_SUCCESS) << bootstrap_strerror(status); - NSPort* forbidden_mach = [[NSMachBootstrapServer sharedInstance] - servicePortWithName:@"com.apple.fonts."]; - EXPECT_EQ(nil, forbidden_mach); + mach_port_t forbidden_mach; + status = bootstrap_look_up(bootstrap_port, "com.apple.cfprefsd.daemon", + &forbidden_mach); + CHECK_NE(BOOTSTRAP_SUCCESS, status); size_t oldp_len; - EXPECT_EQ(0, sysctlbyname("hw.activecpu", NULL, &oldp_len, NULL, 0)); + CHECK_EQ(0, sysctlbyname("hw.activecpu", NULL, &oldp_len, NULL, 0)); char oldp[oldp_len]; - EXPECT_EQ(0, sysctlbyname("hw.activecpu", oldp, &oldp_len, NULL, 0)); + CHECK_EQ(0, sysctlbyname("hw.activecpu", oldp, &oldp_len, NULL, 0)); - size_t ncpu_len; - EXPECT_NE(0, sysctlbyname("hw.ncpu", NULL, &ncpu_len, NULL, 0)); + // sysctl filtering only exists on macOS 10.10+. + if (base::mac::IsAtLeastOS10_10()) { + size_t ncpu_len; + CHECK_NE(0, sysctlbyname("hw.ncpu", NULL, &ncpu_len, NULL, 0)); + } return 0; } TEST_F(SandboxMacCompilerV2Test, V2ProfileTest) { - base::SpawnChildResult spawn_child = SpawnChild("V2ProfileProcess"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("V2ProfileProcess"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } diff --git a/chromium/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc b/chromium/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc index 9d8b8b573aa..05b3b038651 100644 --- a/chromium/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc +++ b/chromium/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc @@ -47,11 +47,11 @@ MULTIPROCESS_TEST_MAIN(ServerTest) { } TEST_F(SeatbeltExecTest, ServerTest) { - base::SpawnChildResult spawn_child = SpawnChild("ServerTest"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("ServerTest"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } @@ -73,11 +73,11 @@ MULTIPROCESS_TEST_MAIN(ClientTest) { } TEST_F(SeatbeltExecTest, ClientTest) { - base::SpawnChildResult spawn_child = SpawnChild("ClientTest"); - ASSERT_TRUE(spawn_child.process.IsValid()); + base::Process process = SpawnChild("ClientTest"); + ASSERT_TRUE(process.IsValid()); int exit_code = 42; - EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout( - TestTimeouts::action_max_timeout(), &exit_code)); + EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(), + &exit_code)); EXPECT_EQ(exit_code, 0); } diff --git a/chromium/sandbox/mac/xpc_message_server_unittest.cc b/chromium/sandbox/mac/xpc_message_server_unittest.cc index 630833f2853..551db3c00f1 100644 --- a/chromium/sandbox/mac/xpc_message_server_unittest.cc +++ b/chromium/sandbox/mac/xpc_message_server_unittest.cc @@ -147,17 +147,17 @@ TEST(XPCMessageServerTest, GetSenderPID) { #pragma GCC diagnostic pop ASSERT_EQ(KERN_SUCCESS, kr); - base::SpawnChildResult spawn_child = base::SpawnMultiProcessTestChild( + base::Process child = base::SpawnMultiProcessTestChild( "GetSenderPID", base::GetMultiProcessTestChildBaseCommandLine(), base::LaunchOptions()); - ASSERT_TRUE(spawn_child.process.IsValid()); + ASSERT_TRUE(child.IsValid()); int exit_code = -1; - ASSERT_TRUE(spawn_child.process.WaitForExit(&exit_code)); + ASSERT_TRUE(child.WaitForExit(&exit_code)); EXPECT_EQ(0, exit_code); - EXPECT_EQ(spawn_child.process.Pid(), sender_pid); - EXPECT_EQ(spawn_child.process.Pid(), child_pid); + EXPECT_EQ(child.Pid(), sender_pid); + EXPECT_EQ(child.Pid(), child_pid); EXPECT_EQ(sender_pid, child_pid); } |