New issue
Advanced search Search tips

Issue 625448 link

Starred by 1 user
Status: Fixed
Owner:
pkotw...@chromium.org
Closed: Jul 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

Restrict access to WebApkSandboxedProcessService to host browser only

Project Member Reported by pkotw...@chromium.org, Jul 3 2016 
Restrict access to WebApkSandboxedProcessService to host browser only

Comment 1 by pkotw...@chromium.org, Jul 3 2016 

Unlike Chrome's SandboxedProcessServices, access to WebApkSandboxedProcessService is not protected by a signature permission. This means that any app can bind to a running WebApkSandboxedProcessService and call IChildProcessService#crashIntentionallyForTesting

Comment 2 by pkotw...@chromium.org, Jul 6 2016

Status: Fixed (was: Started)
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 14 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4

commit 9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4
Author: pkotwicz <pkotwicz@chromium.org>
Date: Thu Jul 14 01:59:27 2016

Simplify caller checking logic in WebApkServiceImpl

This CL passes the uid of the host browser instead of the package name of the
host browser. This simplifies things because:
- Several package names can have the same UID.
- There is only one UID per package name. A UID is assigned to an app at install
  time.

This CL also moves the WebApkServiceImplTests JUnit tests to instrumentation tests
(The simplification in this CL would make the JUnit tests super boring).
The instrumentation tests are useful. The behavior when an unauthorized caller
tries to use the WebAPK service was different than I expected

BUG= 625448 
Test=WebApkServiceImplTest.*
R=sievers
TBR=yfriedman (To get around the OWNERS checks for new DEPS files)

Review-Url: https://codereview.chromium.org/2133923002
Cr-Commit-Position: refs/heads/master@{#405399}

[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/BUILD.gn
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/javatests/AndroidManifest.xml
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/DEPS
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/libs/common/src/org/chromium/webapk/lib/common/WebApkUtils.java
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/libs/runtime_library/BUILD.gn
[add] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/libs/runtime_library/javatests/DEPS
[add] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/libs/runtime_library/javatests/src/org/chromium/webapk/lib/runtime_library/WebApkServiceImplTest.java
[delete] https://crrev.com/cf31b77907bb3968b51a6c44c421dcca671adbbc/chrome/android/webapk/libs/runtime_library/junit/DEPS
[delete] https://crrev.com/cf31b77907bb3968b51a6c44c421dcca671adbbc/chrome/android/webapk/libs/runtime_library/junit/src/org/chromium/webapk/lib/runtime_library/WebApkServiceImplTest.java
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/libs/runtime_library/src/org/chromium/webapk/lib/runtime_library/WebApkServiceImpl.java
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/shell_apk/javatests/DEPS
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/android/webapk/shell_apk/src/org/chromium/webapk/shell_apk/WebApkServiceFactory.java
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/test/android/BUILD.gn
[add] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/chrome/test/android/javatests/src/org/chromium/chrome/test/webapk/TestWebApkServiceImplWrapper.java
[modify] https://crrev.com/9af31665e1d8a11e8cef9d1d6ebb8891c1239ad4/testing/buildbot/chromium.linux.json
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 14 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/71de1748dc0a7c4058c8b3662862cda2fb69d8be

commit 71de1748dc0a7c4058c8b3662862cda2fb69d8be
Author: pkotwicz <pkotwicz@chromium.org>
Date: Thu Jul 14 21:31:05 2016

Restrict access to WebApkSandboxedProcessService to host browser only

This CL restricts access to the WebApkSandboxedProcessService
IChildProcessService implementation to the host browser only. The host browser
is defined in the WebAPK's manifest. A RemoteException is thrown if an app other
than the host browser attempts to use WebApkSandboxedProcessService's IBinder
interface

BUG= 625448 

Review-Url: https://codereview.chromium.org/2114293003
Cr-Commit-Position: refs/heads/master@{#405578}

[modify] https://crrev.com/71de1748dc0a7c4058c8b3662862cda2fb69d8be/chrome/android/webapk/shell_apk/src/org/chromium/webapk/shell_apk/WebApkSandboxedProcessService.java
[modify] https://crrev.com/71de1748dc0a7c4058c8b3662862cda2fb69d8be/content/public/android/java/src/org/chromium/content/app/ChildProcessService.java
[modify] https://crrev.com/71de1748dc0a7c4058c8b3662862cda2fb69d8be/content/public/android/java/src/org/chromium/content/app/ChildProcessServiceImpl.java

Sign in to add a comment