BASELINE: Update Chromium to 75.0.3770.56

Change-Id: I86d2007fd27a45d5797eee06f4c9369b8b50ac4f Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2019-05-24 11:40:17 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2019-05-24 12:42:11 +0000
commit: 5d87695f37678f96492b258bbab36486c59866b4 (patch)
tree: be9783bbaf04fb930c4d74ca9c00b5e7954c8bc6 /chromium/sandbox
parent: 6c11fb357ec39bf087b8b632e2b1e375aef1b38b (diff)
download: qtwebengine-chromium-5d87695f37678f96492b258bbab36486c59866b4.tar.gz
8 files changed, 22 insertions, 12 deletions
diff --git a/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc b/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc
index 56a0dd27e18..bca3d7a916c 100644
--- a/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc
+++ b/chromium/sandbox/linux/bpf_dsl/codegen_unittest.cc
@@ -11,8 +11,8 @@
 #include <utility>
 #include <vector>
 
+#include "base/hash/md5.h"
 #include "base/macros.h"
-#include "base/md5.h"
 #include "base/strings/string_piece.h"
 #include "sandbox/linux/system_headers/linux_filter.h"
 #include "testing/gtest/include/gtest/gtest.h"
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 68ce32a136c..100afe50e3f 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -21,6 +21,7 @@
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/synchronization/synchronization_buildflags.h"
 #include "build/build_config.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
@@ -300,6 +301,11 @@ ResultExpr RestrictFutex() {
   const Arg<int> op(1);
   return Switch(op & ~kAllowedFutexFlags)
       .CASES((FUTEX_WAIT, FUTEX_WAKE, FUTEX_REQUEUE, FUTEX_CMP_REQUEUE,
+#if BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE)
+              // Enable priority-inheritance operations.
+              FUTEX_LOCK_PI, FUTEX_UNLOCK_PI, FUTEX_TRYLOCK_PI,
+              FUTEX_WAIT_REQUEUE_PI, FUTEX_CMP_REQUEUE_PI,
+#endif  // BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE)
               FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET),
              Allow())
       .Default(IsBuggyGlibcSemPost() ? Error(EINVAL) : CrashSIGSYSFutex());
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
index f468b131bc6..f1160ff45ea 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -415,8 +415,10 @@ class PtraceTestHarness {
   DISALLOW_COPY_AND_ASSIGN(PtraceTestHarness);
 };
 
+// Fails on Android L and M.
+// See https://crbug.com/934930
 BPF_TEST_C(ParameterRestrictions,
-           ptrace_getregs_allowed,
+           DISABLED_ptrace_getregs_allowed,
            RestrictPtracePolicy) {
   auto tracer = [](pid_t pid) {
 #if defined(__arm__)
@@ -435,8 +437,10 @@ BPF_TEST_C(ParameterRestrictions,
   PtraceTestHarness(tracer, false).Run();
 }
 
+// Fails on Android L and M.
+// See https://crbug.com/934930
 BPF_TEST_C(ParameterRestrictions,
-           ptrace_syscall_blocked,
+           DISABLED_ptrace_syscall_blocked,
            RestrictPtracePolicy) {
   auto tracer = [](pid_t pid) {
     // The tracer is about to die. Make sure the tracee is not stopped so it
diff --git a/chromium/sandbox/linux/services/libc_interceptor.cc b/chromium/sandbox/linux/services/libc_interceptor.cc
index 55ab6954f22..50c8f96c06d 100644
--- a/chromium/sandbox/linux/services/libc_interceptor.cc
+++ b/chromium/sandbox/linux/services/libc_interceptor.cc
@@ -200,7 +200,7 @@ static void InitLibcLocaltimeFunctions() {
       reinterpret_cast<LocaltimeRFunction>(dlsym(RTLD_NEXT, "localtime64_r"));
 
   if (!g_libc_funcs->localtime || !g_libc_funcs->localtime_r) {
-    // http://code.google.com/p/chromium/issues/detail?id=16800
+    // https://bugs.chromium.org/p/chromium/issues/detail?id=16800
     //
     // Nvidia's libGL.so overrides dlsym for an unknown reason and replaces
     // it with a version which doesn't work. In this case we'll get a NULL
@@ -208,7 +208,7 @@ static void InitLibcLocaltimeFunctions() {
     LOG(ERROR) << "Your system is broken: dlsym doesn't work! This has been "
                   "reported to be caused by Nvidia's libGL. You should expect"
                   " time related functions to misbehave. "
-                  "http://code.google.com/p/chromium/issues/detail?id=16800";
+                  "https://bugs.chromium.org/p/chromium/issues/detail?id=16800";
   }
 
   if (!g_libc_funcs->localtime)
diff --git a/chromium/sandbox/linux/services/namespace_sandbox.cc b/chromium/sandbox/linux/services/namespace_sandbox.cc
index eb91e525f73..2a1814ba3e6 100644
--- a/chromium/sandbox/linux/services/namespace_sandbox.cc
+++ b/chromium/sandbox/linux/services/namespace_sandbox.cc
@@ -200,7 +200,7 @@ base::Process NamespaceSandbox::LaunchProcessWithOptions(
       std::make_pair(CLONE_NEWNET, kSandboxNETNSEnvironmentVarName),
   };
 
-  base::EnvironmentMap* environ = &launch_options_copy.environ;
+  base::EnvironmentMap* environ = &launch_options_copy.environment;
   for (const auto& entry : clone_flag_environ) {
     const int flag = entry.first;
     const char* environ_name = entry.second;
diff --git a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
index 7a103bf7f13..a277ffa5eb5 100644
--- a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
+++ b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
@@ -170,7 +170,7 @@ void SetuidSandboxHost::SetupLaunchOptions(
 
   // Launching a setuid binary requires PR_SET_NO_NEW_PRIVS to not be used.
   options->allow_new_privs = true;
-  UnsetExpectedEnvironmentVariables(&options->environ);
+  UnsetExpectedEnvironmentVariables(&options->environment);
 
   // Set dummy_fd to the reading end of a closed pipe.
   int pipe_fds[2];
diff --git a/chromium/sandbox/mac/seatbelt_exec.cc b/chromium/sandbox/mac/seatbelt_exec.cc
index f05a6a8b5c6..85e35388947 100644
--- a/chromium/sandbox/mac/seatbelt_exec.cc
+++ b/chromium/sandbox/mac/seatbelt_exec.cc
@@ -59,6 +59,10 @@ bool ReadOrWrite(int fd,
     if (transacted_bytes < 0) {
       logging::PError("%s failed", Traits::kNameString);
       return false;
+    } else if (transacted_bytes == 0) {
+      // A short read from the sender, perhaps the sender process died.
+      logging::Error("%s failed", Traits::kNameString);
+      return false;
     }
 
     bytes_to_transact -= transacted_bytes;
diff --git a/chromium/sandbox/win/src/restricted_token.cc b/chromium/sandbox/win/src/restricted_token.cc
index fdc1dbe743b..b68ffd81767 100644
--- a/chromium/sandbox/win/src/restricted_token.cc
+++ b/chromium/sandbox/win/src/restricted_token.cc
@@ -117,13 +117,9 @@ DWORD RestrictedToken::GetRestrictedToken(
 
   bool result = true;
   HANDLE new_token_handle = nullptr;
-  // The SANDBOX_INERT flag did nothing in XP and it was just a way to tell
-  // if a token has ben restricted given the limiations of IsTokenRestricted()
-  // but it appears that in Windows 7 it hints the AppLocker subsystem to
-  // leave us alone.
   if (deny_size || restrict_size || privileges_size) {
     result = ::CreateRestrictedToken(
-        effective_token_.Get(), SANDBOX_INERT, static_cast<DWORD>(deny_size),
+        effective_token_.Get(), 0, static_cast<DWORD>(deny_size),
         deny_only_array, static_cast<DWORD>(privileges_size),
         privileges_to_disable_array, static_cast<DWORD>(restrict_size),
         sids_to_restrict_array, &new_token_handle);
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2019-05-24 11:40:17 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2019-05-24 12:42:11 +0000
commit	5d87695f37678f96492b258bbab36486c59866b4 (patch)
tree	be9783bbaf04fb930c4d74ca9c00b5e7954c8bc6 /chromium/sandbox
parent	6c11fb357ec39bf087b8b632e2b1e375aef1b38b (diff)
download	qtwebengine-chromium-5d87695f37678f96492b258bbab36486c59866b4.tar.gz