diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-24 11:40:17 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-24 12:42:11 +0000 |
commit | 5d87695f37678f96492b258bbab36486c59866b4 (patch) | |
tree | be9783bbaf04fb930c4d74ca9c00b5e7954c8bc6 /chromium/sandbox | |
parent | 6c11fb357ec39bf087b8b632e2b1e375aef1b38b (diff) | |
download | qtwebengine-chromium-5d87695f37678f96492b258bbab36486c59866b4.tar.gz |
BASELINE: Update Chromium to 75.0.3770.56
Change-Id: I86d2007fd27a45d5797eee06f4c9369b8b50ac4f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/sandbox')
8 files changed, 22 insertions, 12 deletions
diff --git a/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc b/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc index 56a0dd27e18..bca3d7a916c 100644 --- a/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc +++ b/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc @@ -11,8 +11,8 @@ #include <utility> #include <vector> +#include "base/hash/md5.h" #include "base/macros.h" -#include "base/md5.h" #include "base/strings/string_piece.h" #include "sandbox/linux/system_headers/linux_filter.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc index 68ce32a136c..100afe50e3f 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc @@ -21,6 +21,7 @@ #include "base/logging.h" #include "base/macros.h" +#include "base/synchronization/synchronization_buildflags.h" #include "build/build_config.h" #include "sandbox/linux/bpf_dsl/bpf_dsl.h" #include "sandbox/linux/bpf_dsl/seccomp_macros.h" @@ -300,6 +301,11 @@ ResultExpr RestrictFutex() { const Arg<int> op(1); return Switch(op & ~kAllowedFutexFlags) .CASES((FUTEX_WAIT, FUTEX_WAKE, FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, +#if BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE) + // Enable priority-inheritance operations. + FUTEX_LOCK_PI, FUTEX_UNLOCK_PI, FUTEX_TRYLOCK_PI, + FUTEX_WAIT_REQUEUE_PI, FUTEX_CMP_REQUEUE_PI, +#endif // BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE) FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET), Allow()) .Default(IsBuggyGlibcSemPost() ? Error(EINVAL) : CrashSIGSYSFutex()); diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc index f468b131bc6..f1160ff45ea 100644 --- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc +++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc @@ -415,8 +415,10 @@ class PtraceTestHarness { DISALLOW_COPY_AND_ASSIGN(PtraceTestHarness); }; +// Fails on Android L and M. +// See https://crbug.com/934930 BPF_TEST_C(ParameterRestrictions, - ptrace_getregs_allowed, + DISABLED_ptrace_getregs_allowed, RestrictPtracePolicy) { auto tracer = [](pid_t pid) { #if defined(__arm__) @@ -435,8 +437,10 @@ BPF_TEST_C(ParameterRestrictions, PtraceTestHarness(tracer, false).Run(); } +// Fails on Android L and M. +// See https://crbug.com/934930 BPF_TEST_C(ParameterRestrictions, - ptrace_syscall_blocked, + DISABLED_ptrace_syscall_blocked, RestrictPtracePolicy) { auto tracer = [](pid_t pid) { // The tracer is about to die. Make sure the tracee is not stopped so it diff --git a/chromium/sandbox/linux/services/libc_interceptor.cc b/chromium/sandbox/linux/services/libc_interceptor.cc index 55ab6954f22..50c8f96c06d 100644 --- a/chromium/sandbox/linux/services/libc_interceptor.cc +++ b/chromium/sandbox/linux/services/libc_interceptor.cc @@ -200,7 +200,7 @@ static void InitLibcLocaltimeFunctions() { reinterpret_cast<LocaltimeRFunction>(dlsym(RTLD_NEXT, "localtime64_r")); if (!g_libc_funcs->localtime || !g_libc_funcs->localtime_r) { - // http://code.google.com/p/chromium/issues/detail?id=16800 + // https://bugs.chromium.org/p/chromium/issues/detail?id=16800 // // Nvidia's libGL.so overrides dlsym for an unknown reason and replaces // it with a version which doesn't work. In this case we'll get a NULL @@ -208,7 +208,7 @@ static void InitLibcLocaltimeFunctions() { LOG(ERROR) << "Your system is broken: dlsym doesn't work! This has been " "reported to be caused by Nvidia's libGL. You should expect" " time related functions to misbehave. " - "http://code.google.com/p/chromium/issues/detail?id=16800"; + "https://bugs.chromium.org/p/chromium/issues/detail?id=16800"; } if (!g_libc_funcs->localtime) diff --git a/chromium/sandbox/linux/services/namespace_sandbox.cc b/chromium/sandbox/linux/services/namespace_sandbox.cc index eb91e525f73..2a1814ba3e6 100644 --- a/chromium/sandbox/linux/services/namespace_sandbox.cc +++ b/chromium/sandbox/linux/services/namespace_sandbox.cc @@ -200,7 +200,7 @@ base::Process NamespaceSandbox::LaunchProcessWithOptions( std::make_pair(CLONE_NEWNET, kSandboxNETNSEnvironmentVarName), }; - base::EnvironmentMap* environ = &launch_options_copy.environ; + base::EnvironmentMap* environ = &launch_options_copy.environment; for (const auto& entry : clone_flag_environ) { const int flag = entry.first; const char* environ_name = entry.second; diff --git a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc index 7a103bf7f13..a277ffa5eb5 100644 --- a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc +++ b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc @@ -170,7 +170,7 @@ void SetuidSandboxHost::SetupLaunchOptions( // Launching a setuid binary requires PR_SET_NO_NEW_PRIVS to not be used. options->allow_new_privs = true; - UnsetExpectedEnvironmentVariables(&options->environ); + UnsetExpectedEnvironmentVariables(&options->environment); // Set dummy_fd to the reading end of a closed pipe. int pipe_fds[2]; diff --git a/chromium/sandbox/mac/seatbelt_exec.cc b/chromium/sandbox/mac/seatbelt_exec.cc index f05a6a8b5c6..85e35388947 100644 --- a/chromium/sandbox/mac/seatbelt_exec.cc +++ b/chromium/sandbox/mac/seatbelt_exec.cc @@ -59,6 +59,10 @@ bool ReadOrWrite(int fd, if (transacted_bytes < 0) { logging::PError("%s failed", Traits::kNameString); return false; + } else if (transacted_bytes == 0) { + // A short read from the sender, perhaps the sender process died. + logging::Error("%s failed", Traits::kNameString); + return false; } bytes_to_transact -= transacted_bytes; diff --git a/chromium/sandbox/win/src/restricted_token.cc b/chromium/sandbox/win/src/restricted_token.cc index fdc1dbe743b..b68ffd81767 100644 --- a/chromium/sandbox/win/src/restricted_token.cc +++ b/chromium/sandbox/win/src/restricted_token.cc @@ -117,13 +117,9 @@ DWORD RestrictedToken::GetRestrictedToken( bool result = true; HANDLE new_token_handle = nullptr; - // The SANDBOX_INERT flag did nothing in XP and it was just a way to tell - // if a token has ben restricted given the limiations of IsTokenRestricted() - // but it appears that in Windows 7 it hints the AppLocker subsystem to - // leave us alone. if (deny_size || restrict_size || privileges_size) { result = ::CreateRestrictedToken( - effective_token_.Get(), SANDBOX_INERT, static_cast<DWORD>(deny_size), + effective_token_.Get(), 0, static_cast<DWORD>(deny_size), deny_only_array, static_cast<DWORD>(privileges_size), privileges_to_disable_array, static_cast<DWORD>(restrict_size), sids_to_restrict_array, &new_token_handle); |