BASELINE: Update Chromium to 59.0.3071.134

Change-Id: Id02ef6fb2204c5fd21668a1c3e6911c83b17585a Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2017-07-12 14:07:37 +0200
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2017-07-17 10:29:26 +0000
commit: ec02ee4181c49b61fce1c8fb99292dbb8139cc90 (patch)
tree: 25cde714b2b71eb639d1cd53f5a22e9ba76e14ef /chromium/sandbox
parent: bb09965444b5bb20b096a291445170876225268d (diff)
download: qtwebengine-chromium-ec02ee4181c49b61fce1c8fb99292dbb8139cc90.tar.gz
7 files changed, 70 insertions, 50 deletions
diff --git a/chromium/sandbox/linux/BUILD.gn b/chromium/sandbox/linux/BUILD.gn
index 3e98defa5c6..d250d216acc 100644
--- a/chromium/sandbox/linux/BUILD.gn
+++ b/chromium/sandbox/linux/BUILD.gn
@@ -391,14 +391,19 @@ source_set("sandbox_services_headers") {
     "system_headers/arm_linux_syscalls.h",
     "system_headers/arm_linux_ucontext.h",
     "system_headers/i386_linux_ucontext.h",
+    "system_headers/linux_filter.h",
     "system_headers/linux_futex.h",
     "system_headers/linux_seccomp.h",
     "system_headers/linux_signal.h",
     "system_headers/linux_syscalls.h",
     "system_headers/linux_time.h",
     "system_headers/linux_ucontext.h",
+    "system_headers/mips64_linux_syscalls.h",
+    "system_headers/mips_linux_syscalls.h",
+    "system_headers/mips_linux_ucontext.h",
     "system_headers/x86_32_linux_syscalls.h",
     "system_headers/x86_64_linux_syscalls.h",
+    "system_headers/x86_64_linux_ucontext.h",
   ]
 }
 
diff --git a/chromium/sandbox/linux/services/credentials.cc b/chromium/sandbox/linux/services/credentials.cc
index 50a109e2f45..ba2cb7f1fcb 100644
--- a/chromium/sandbox/linux/services/credentials.cc
+++ b/chromium/sandbox/linux/services/credentials.cc
@@ -132,9 +132,10 @@ bool ChrootToSafeEmptyDir() {
 void CheckCloneNewUserErrno(int error) {
   // EPERM can happen if already in a chroot. EUSERS if too many nested
   // namespaces are used. EINVAL for kernels that don't support the feature.
-  // Valgrind will ENOSYS unshare().
+  // Valgrind will ENOSYS unshare().  ENOSPC can occur when the system has
+  // reached its maximum configured number of user namespaces.
   PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
-         error == ENOSYS);
+         error == ENOSYS || error == ENOSPC);
 }
 
 // Converts a Capability to the corresponding Linux CAP_XXX value.
@@ -150,16 +151,21 @@ int CapabilityToKernelValue(Credentials::Capability cap) {
   return 0;
 }
 
-void SetGidAndUidMaps(gid_t gid, uid_t uid) {
+bool SetGidAndUidMaps(gid_t gid, uid_t uid) {
+  const char kGidMapFile[] = "/proc/self/gid_map";
+  const char kUidMapFile[] = "/proc/self/uid_map";
+  struct stat buf;
+  if (stat(kGidMapFile, &buf) || stat(kGidMapFile, &buf)) {
+    return false;
+  }
   if (NamespaceUtils::KernelSupportsDenySetgroups()) {
     PCHECK(NamespaceUtils::DenySetgroups());
   }
   DCHECK(GetRESIds(NULL, NULL));
-  const char kGidMapFile[] = "/proc/self/gid_map";
-  const char kUidMapFile[] = "/proc/self/uid_map";
   PCHECK(NamespaceUtils::WriteToIdMapFile(kGidMapFile, gid));
   PCHECK(NamespaceUtils::WriteToIdMapFile(kUidMapFile, uid));
   DCHECK(GetRESIds(NULL, NULL));
+  return true;
 }
 
 }  // namespace.
@@ -284,7 +290,8 @@ bool Credentials::CanCreateProcessInNewUserNS() {
   if (pid == 0) {
     // unshare() requires the effective uid and gid to have a mapping in the
     // parent namespace.
-    SetGidAndUidMaps(gid, uid);
+    if (!SetGidAndUidMaps(gid, uid))
+      _exit(1);
 
     // Make sure we drop CAP_SYS_ADMIN.
     CHECK(sandbox::Credentials::DropAllCapabilities());
@@ -292,7 +299,10 @@ bool Credentials::CanCreateProcessInNewUserNS() {
     // Ensure we have unprivileged use of CLONE_NEWUSER.  Debian
     // Jessie explicitly forbids this case.  See:
     // add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
-    _exit(!!sys_unshare(CLONE_NEWUSER));
+    if (sys_unshare(CLONE_NEWUSER))
+      _exit(1);
+
+    _exit(kExitSuccess);
   }
 
   // Always reap the child.
@@ -324,7 +334,7 @@ bool Credentials::MoveToNewUserNS() {
 
   // The current {r,e,s}{u,g}id is now an overflow id (c.f.
   // /proc/sys/kernel/overflowuid). Setup the uid and gid maps.
-  SetGidAndUidMaps(gid, uid);
+  PCHECK(SetGidAndUidMaps(gid, uid));
   return true;
 }
 
diff --git a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
index 24608ecf6ee..58cb8c712a7 100644
--- a/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
+++ b/chromium/sandbox/linux/suid/client/setuid_sandbox_host.cc
@@ -86,9 +86,9 @@ void SaveSUIDUnsafeEnvironmentVariables(base::Environment* env) {
 
     std::string value;
     if (env->GetVar(env_var, &value))
-      env->SetVar(saved_env_var->c_str(), value);
+      env->SetVar(*saved_env_var, value);
     else
-      env->UnSetVar(saved_env_var->c_str());
+      env->UnSetVar(*saved_env_var);
   }
 }
 
diff --git a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
index a6225a91c32..3f71e650b7f 100644
--- a/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
+++ b/chromium/sandbox/mac/bootstrap_sandbox_unittest.mm
@@ -104,13 +104,14 @@ class BootstrapSandboxTest : public base::MultiProcessTest {
     base::LaunchOptions options;
     options.pre_exec_delegate = pre_exec_delegate.get();
 
-    base::Process process = SpawnChildWithOptions(child_name, options);
-    ASSERT_TRUE(process.IsValid());
+    base::SpawnChildResult spawn_child =
+        SpawnChildWithOptions(child_name, options);
+    ASSERT_TRUE(spawn_child.process.IsValid());
     int code = 0;
-    EXPECT_TRUE(process.WaitForExit(&code));
+    EXPECT_TRUE(spawn_child.process.WaitForExit(&code));
     EXPECT_EQ(0, code);
     if (out_pid)
-      *out_pid = process.Pid();
+      *out_pid = spawn_child.process.Pid();
   }
 
  protected:
@@ -124,15 +125,15 @@ TEST_F(BootstrapSandboxTest, DistributedNotifications_Unsandboxed) {
   base::scoped_nsobject<DistributedNotificationObserver> observer(
       [[DistributedNotificationObserver alloc] init]);
 
-  base::Process process = SpawnChild(kNotificationTestMain);
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child = SpawnChild(kNotificationTestMain);
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int code = 0;
-  EXPECT_TRUE(process.WaitForExit(&code));
+  EXPECT_TRUE(spawn_child.process.WaitForExit(&code));
   EXPECT_EQ(0, code);
 
   [observer waitForNotification];
   EXPECT_EQ(1, [observer receivedCount]);
-  EXPECT_EQ(process.Pid(), [[observer object] intValue]);
+  EXPECT_EQ(spawn_child.process.Pid(), [[observer object] intValue]);
 }
 
 // Run the test with the sandbox enabled without notifications on the policy
@@ -471,7 +472,9 @@ TEST_F(BootstrapSandboxTest, ChildOutliveSandbox) {
       sandbox_->NewClient(kTestPolicyId));
   base::LaunchOptions options;
   options.pre_exec_delegate = pre_exec_delegate.get();
-  base::Process process = SpawnChildWithOptions("ChildOutliveSandbox", options);
+  base::SpawnChildResult spawn_result =
+      SpawnChildWithOptions("ChildOutliveSandbox", options);
+  base::Process& process = spawn_result.process;
   ASSERT_TRUE(process.IsValid());
 
   // Synchronize with the child.
diff --git a/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm b/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm
index 404bf4bbabb..0e9ee97c739 100644
--- a/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm
+++ b/chromium/sandbox/mac/sandbox_mac_compiler_unittest.mm
@@ -32,11 +32,11 @@ MULTIPROCESS_TEST_MAIN(BasicProfileProcess) {
 }
 
 TEST_F(SandboxMacCompilerTest, BasicProfileTest) {
-  base::Process process = SpawnChild("BasicProfileProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child = SpawnChild("BasicProfileProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
@@ -55,11 +55,12 @@ MULTIPROCESS_TEST_MAIN(BasicProfileWithParamProcess) {
 }
 
 TEST_F(SandboxMacCompilerTest, BasicProfileTestWithParam) {
-  base::Process process = SpawnChild("BasicProfileWithParamProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child =
+      SpawnChild("BasicProfileWithParamProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
@@ -86,11 +87,11 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalProcess) {
 }
 
 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTest) {
-  base::Process process = SpawnChild("ProfileFunctionalProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child = SpawnChild("ProfileFunctionalProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
@@ -126,11 +127,12 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalTestWithParamsProcess) {
 }
 
 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestWithParams) {
-  base::Process process = SpawnChild("ProfileFunctionalTestWithParamsProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child =
+      SpawnChild("ProfileFunctionalTestWithParamsProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
@@ -149,11 +151,12 @@ MULTIPROCESS_TEST_MAIN(ProfileFunctionalityTestErrorProcess) {
 }
 
 TEST_F(SandboxMacCompilerTest, ProfileFunctionalityTestError) {
-  base::Process process = SpawnChild("ProfileFunctionalityTestErrorProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child =
+      SpawnChild("ProfileFunctionalityTestErrorProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
diff --git a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm b/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm
index aba42edbc94..adb9895c3ef 100644
--- a/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm
+++ b/chromium/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm
@@ -126,11 +126,11 @@ MULTIPROCESS_TEST_MAIN(V2ProfileProcess) {
 }
 
 TEST_F(SandboxMacCompilerV2Test, V2ProfileTest) {
-  base::Process process = SpawnChild("V2ProfileProcess");
-  ASSERT_TRUE(process.IsValid());
+  base::SpawnChildResult spawn_child = SpawnChild("V2ProfileProcess");
+  ASSERT_TRUE(spawn_child.process.IsValid());
   int exit_code = 42;
-  EXPECT_TRUE(process.WaitForExitWithTimeout(TestTimeouts::action_max_timeout(),
-                                             &exit_code));
+  EXPECT_TRUE(spawn_child.process.WaitForExitWithTimeout(
+      TestTimeouts::action_max_timeout(), &exit_code));
   EXPECT_EQ(exit_code, 0);
 }
 
diff --git a/chromium/sandbox/mac/xpc_message_server_unittest.cc b/chromium/sandbox/mac/xpc_message_server_unittest.cc
index 0feaac975e4..630833f2853 100644
--- a/chromium/sandbox/mac/xpc_message_server_unittest.cc
+++ b/chromium/sandbox/mac/xpc_message_server_unittest.cc
@@ -147,18 +147,17 @@ TEST(XPCMessageServerTest, GetSenderPID) {
 #pragma GCC diagnostic pop
   ASSERT_EQ(KERN_SUCCESS, kr);
 
-  base::Process child = base::SpawnMultiProcessTestChild(
-      "GetSenderPID",
-      base::GetMultiProcessTestChildBaseCommandLine(),
+  base::SpawnChildResult spawn_child = base::SpawnMultiProcessTestChild(
+      "GetSenderPID", base::GetMultiProcessTestChildBaseCommandLine(),
       base::LaunchOptions());
-  ASSERT_TRUE(child.IsValid());
+  ASSERT_TRUE(spawn_child.process.IsValid());
 
   int exit_code = -1;
-  ASSERT_TRUE(child.WaitForExit(&exit_code));
+  ASSERT_TRUE(spawn_child.process.WaitForExit(&exit_code));
   EXPECT_EQ(0, exit_code);
 
-  EXPECT_EQ(child.Pid(), sender_pid);
-  EXPECT_EQ(child.Pid(), child_pid);
+  EXPECT_EQ(spawn_child.process.Pid(), sender_pid);
+  EXPECT_EQ(spawn_child.process.Pid(), child_pid);
   EXPECT_EQ(sender_pid, child_pid);
 }
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2017-07-12 14:07:37 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2017-07-17 10:29:26 +0000
commit	ec02ee4181c49b61fce1c8fb99292dbb8139cc90 (patch)
tree	25cde714b2b71eb639d1cd53f5a22e9ba76e14ef /chromium/sandbox
parent	bb09965444b5bb20b096a291445170876225268d (diff)
download	qtwebengine-chromium-ec02ee4181c49b61fce1c8fb99292dbb8139cc90.tar.gz