BootstrapSandbox does not work on macOS Sierra. |
||||
Issue descriptionA large number of TIMEOUT failures. e.g. """ [ RUN ] BootstrapSandboxTest.PolicySubstitutePort [94708:2571:0719/183941:193847058767096:WARNING:test_suite.cc(210)] Test launcher output path /var/folders/sc/zt7v5m6x5dbfr16s_mw6091m0000gn/T/.org.chromium.Chromium.YJxh0c/test_results.xml exists. Not adding test launcher result printer. [94708:2571:0719/183941:193847059026809:FATAL:bootstrap_sandbox_unittest.mm(282)] Check failed: 0 == kr (0 vs. 118) 0 libbase.dylib 0x00000001074e887e _ZN4base5debug10StackTraceC2Ev + 30 1 libbase.dylib 0x00000001074e88e5 _ZN4base5debug10StackTraceC1Ev + 21 2 libbase.dylib 0x000000010756cfc0 _ZN7logging10LogMessageD2Ev + 80 3 libbase.dylib 0x000000010756ab75 _ZN7logging10LogMessageD1Ev + 21 4 sandbox_mac_unittests 0x00000001070681a8 _ZN7sandbox20PolicySubstitutePortEv + 216 5 sandbox_mac_unittests 0x00000001070eb6c2 _ZN27multi_process_function_list22InvokeChildProcessTestERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE + 658 6 sandbox_mac_unittests 0x00000001070f7fd3 _ZN4base9TestSuite3RunEv + 323 7 sandbox_mac_unittests 0x0000000107083f9d _ZN4base8internal13FunctorTraitsIMNS_9TestSuiteEFivEvE6InvokeIPS2_JEEEiS4_OT_DpOT0_ + 125 8 sandbox_mac_unittests 0x0000000107083ecf _ZN4base8internal12InvokeHelperILb0EiE8MakeItSoIRKMNS_9TestSuiteEFivEJPS4_EEEiOT_DpOT0_ + 63 9 sandbox_mac_unittests 0x0000000107083e5b _ZN4base8internal7InvokerINS0_9BindStateIMNS_9TestSuiteEFivEJNS0_17UnretainedWrapperIS3_EEEEEFivEE7RunImplIRKS5_RKNSt3__15tupleIJS7_EEEJLm0EEEEiOT_OT0_NS_13IndexSequenceIJXspT1_EEEE + 91 10 sandbox_mac_unittests 0x0000000107083abc _ZN4base8internal7InvokerINS0_9BindStateIMNS_9TestSuiteEFivEJNS0_17UnretainedWrapperIS3_EEEEEFivEE3RunEPNS0_13BindStateBaseE + 44 11 sandbox_mac_unittests 0x000000010713c0be _ZNK4base8CallbackIFivELNS_8internal8CopyModeE1EE3RunEv + 46 12 sandbox_mac_unittests 0x0000000107139697 _ZN4base12_GLOBAL__N_123LaunchUnitTestsInternalERKNS_8CallbackIFivELNS_8internal8CopyModeE1EEEiibRKNS1_IFvvELS4_1EEE + 375 13 sandbox_mac_unittests 0x00000001071394e2 _ZN4base15LaunchUnitTestsEiPPcRKNS_8CallbackIFivELNS_8internal8CopyModeE1EEE + 130 14 sandbox_mac_unittests 0x0000000107083818 main + 184 15 sandbox_mac_unittests 0x0000000107062bf4 start + 52 ../../sandbox/mac/bootstrap_sandbox_unittest.mm:111: Failure Value of: code Actual: 1 Expected: 0 [37/41] BootstrapSandboxTest.PolicySubstitutePort (TIMED OUT) [0719/184026:ERROR:kill_posix.cc(82)] Unable to terminate process group 94710: No such process """
,
Jul 20 2016
This issue is marked as Beta blocker, M53 is scheduled to be promoted to Beta next week (07/27) please resolve asap.
,
Jul 21 2016
,
Jul 22 2016
This particular sandbox test tests that the launchd interception server can return a dummy port. bootstrap_look_up calls bootstrap_look_up3 calls _xpc_bootstrap_routine calls _xpc_interface_routine. The 10.12 implementation of _xpc_interface_routine differs from 10.11 implementation. There is a block that calls _xpc_dictionary_get_audit_token, and then conditionally returns 118. I'm not familiar with XPC, but I assume it will be possible for us to set this audit token in a new subclass of OSCompatibility. Until we fix that, I'm going to guess that bootstrap_look_up is broken from all sandboxed processes on 10.12 (which apparently isn't causing that much of a hassle). We should, however, fix this for M53.
,
Jul 22 2016
Digging more, _xpc_interface_routine calls _xpc_pipe_routine calls _xpc_serializer_unpack calls _xpc_mach_msg_get_audit_token The latter message takes the mach message's audit token and returns it as the xpc message's audit token. In fact, it would appear that an xpc message is just a fancy wrapper around a mach message. The actual conditional being checked in _xpc_interface_routine is audit_token_t.val[1] == 0 && audit_token_t.val[5] == 1. Looking at libbsm, http://src.gnu-darwin.org/src/contrib/openbsm/bsm/libbsm.h.html, this corresponds to euid == 0 && pid == 1. [Note that /sbin/launchd always has pid == 1] It looks like we won't be able to man-in-the-middle calls to bootstrap_look_up, and other methods that invoke _xpc_interface_routine. This seems potentially problematic, but I don't see any bugs filed that sound related? Maybe we don't need boostrap_look_up to work from sandboxed processes? Investigating further.
,
Jul 22 2016
The Bootstrap Sandbox is not fully functional on macOS Sierra. Access to all services can still be denied, but it is no longer possible to use the POLICY_ALLOW and POLICY_SUBSTITUTE_PORT rules. This isn't causing any problems because the Bootstrap Sandbox is currently always disabled. https://bugs.chromium.org/p/chromium/issues/detail?id=367863
,
Jul 22 2016
I'm disabling the tests on macOS Sierra: https://codereview.chromium.org/2170393004/ We could always fix this by swizzling _xpc_interface_routine, if we still want the feature. Assigning bug to rsesek.
,
Jul 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/96b9ba41a7be9329fd486b973082a068bf7ec07c commit 96b9ba41a7be9329fd486b973082a068bf7ec07c Author: erikchen <erikchen@chromium.org> Date: Mon Jul 25 17:49:04 2016 Disable BootstrapSandbox tests on macOS Sierra. bootstrap_look_up can no longer be intercepted. See bug for more details. BUG= 629714 Review-Url: https://codereview.chromium.org/2170393004 Cr-Commit-Position: refs/heads/master@{#407507} [modify] https://crrev.com/96b9ba41a7be9329fd486b973082a068bf7ec07c/sandbox/mac/bootstrap_sandbox_unittest.mm
,
Oct 17 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by karandeepb@chromium.org
, Jul 20 2016Status: Assigned (was: Untriaged)