We should update the macOS sandbox to use more explicit rules instead of the SandboxWarmup routine. This will be explored in greater detail in a design doc.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18 commit 16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18 Author: kerrnel <kerrnel@chromium.org> Date: Wed Feb 08 22:47:41 2017 Move SandboxCompiler class into the sandbox library. This moves the SandboxCompiler class into the isolated sandbox library, as it only works with the sandbox and does not depend on any Chrome libraries. This will allow the SandboxCompiler to be re-used in other executables for the v2 sandbox. In addition, it checks in unit tests for the V2 sandbox rules to check that they are consistently supported across the test bots and OS version. BUG= 689306 Review-Url: https://codereview.chromium.org/2686433002 Cr-Commit-Position: refs/heads/master@{#449117} [modify] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/content/common/sandbox_mac.h [modify] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/content/common/sandbox_mac.mm [modify] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/content/common/sandbox_mac_diraccess_unittest.mm [modify] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/content/test/BUILD.gn [modify] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/sandbox/mac/BUILD.gn [add] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/sandbox/mac/sandbox_compiler.cc [add] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/sandbox/mac/sandbox_compiler.h [rename] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/sandbox/mac/sandbox_mac_compiler_unittest.mm [add] https://crrev.com/16b6fc55bc0b25e8c64d0bec64ab8ddbf4684a18/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/169c4a19654509f37de918d8aee9df4ad343cc2a commit 169c4a19654509f37de918d8aee9df4ad343cc2a Author: kerrnel <kerrnel@chromium.org> Date: Thu May 18 04:17:33 2017 Add the SeatbeltExec classes to facilitate the V2 sandbox. This adds the SeatbeltExec classes and unit tests. These classes are used to pipe data, such as the sandbox profile and parameters, from the browser process to the helper process which launces the sandboxed renderers. BUG= 689306 Review-Url: https://codereview.chromium.org/2869203003 Cr-Commit-Position: refs/heads/master@{#472658} [modify] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/BUILD.gn [modify] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/sandbox_mac_compiler_unittest.mm [modify] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm [add] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc [add] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/seatbelt.proto [add] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/seatbelt_exec.cc [add] https://crrev.com/169c4a19654509f37de918d8aee9df4ad343cc2a/sandbox/mac/seatbelt_exec.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4c69297c5da0d7332ee3a24a985fcc0b89ce3cc1 commit 4c69297c5da0d7332ee3a24a985fcc0b89ce3cc1 Author: kerrnel <kerrnel@chromium.org> Date: Thu May 25 21:12:01 2017 Rename chrome_exe_main_mac.c to chrome_exe_main_mac.cc Converts the chrome_exe_main_mac.c file to C++ for use in a future sandboxing CL, which requires this fill to use C++ code. NOPRESUBMIT=true BUG= 689306 Review-Url: https://codereview.chromium.org/2907663002 Cr-Commit-Position: refs/heads/master@{#474804} [modify] https://crrev.com/4c69297c5da0d7332ee3a24a985fcc0b89ce3cc1/chrome/BUILD.gn [rename] https://crrev.com/4c69297c5da0d7332ee3a24a985fcc0b89ce3cc1/chrome/app/chrome_exe_main_mac.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c95caf021bebd3bc58dafc206ff9f43678dc8d73 commit c95caf021bebd3bc58dafc206ff9f43678dc8d73 Author: kerrnel <kerrnel@chromium.org> Date: Tue May 30 20:53:20 2017 Plumb sandbox rules through the helper executable. Add code to the helper executable to send it the sandbox rules. The helper executable will apply the sandbox rules to its process and re-execute itself in the sandbox. NOPRESUBMIT=true BUG= 689306 CQ-DEPEND=2907663002 Review-Url: https://codereview.chromium.org/2891933005 Cr-Commit-Position: refs/heads/master@{#475664} [modify] https://crrev.com/c95caf021bebd3bc58dafc206ff9f43678dc8d73/chrome/BUILD.gn [modify] https://crrev.com/c95caf021bebd3bc58dafc206ff9f43678dc8d73/chrome/app/chrome_exe_main_mac.cc [modify] https://crrev.com/c95caf021bebd3bc58dafc206ff9f43678dc8d73/sandbox/mac/sandbox_mac_seatbelt_exec_unittest.cc [modify] https://crrev.com/c95caf021bebd3bc58dafc206ff9f43678dc8d73/sandbox/mac/seatbelt_exec.cc [modify] https://crrev.com/c95caf021bebd3bc58dafc206ff9f43678dc8d73/sandbox/mac/seatbelt_exec.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6276ea0023c2fdc01609622f5d6b4820d37e04c9 commit 6276ea0023c2fdc01609622f5d6b4820d37e04c9 Author: kerrnel <kerrnel@chromium.org> Date: Sat Jun 03 02:23:52 2017 Add flags for v2 sandbox to Chrome and Helper executable. This adds the flags for the v2 sandbox to Chrome and the Helper executable. The helper executable has its own declarations of the flags to minimize the static linking size. BUG= 689306 Review-Url: https://codereview.chromium.org/2921733002 Cr-Commit-Position: refs/heads/master@{#476865} [modify] https://crrev.com/6276ea0023c2fdc01609622f5d6b4820d37e04c9/chrome/app/chrome_exe_main_mac.cc [modify] https://crrev.com/6276ea0023c2fdc01609622f5d6b4820d37e04c9/content/common/sandbox_init_mac.cc [modify] https://crrev.com/6276ea0023c2fdc01609622f5d6b4820d37e04c9/content/public/common/content_switches.cc [modify] https://crrev.com/6276ea0023c2fdc01609622f5d6b4820d37e04c9/content/public/common/content_switches.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a2e4f7f5c265cc867f21564d027afaf6a31550a9 commit a2e4f7f5c265cc867f21564d027afaf6a31550a9 Author: kerrnel <kerrnel@chromium.org> Date: Mon Jun 05 17:56:44 2017 Update sandbox profiles and remove regular expressions. To simplify code cleanup and refactoring the V2 sandbox, remove the no longer needed regular expressions from the current sandbox code. Sandbox profiles now use (subpath) instead of the regular expressions. BUG= 689306 Review-Url: https://codereview.chromium.org/2919963003 Cr-Commit-Position: refs/heads/master@{#477020} [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/browser/gpu.sb [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/common/common.sb [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/common/sandbox_mac.h [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/common/sandbox_mac.mm [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/common/sandbox_mac_diraccess_unittest.mm [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/ppapi_plugin/ppapi.sb [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/renderer/renderer.sb [modify] https://crrev.com/a2e4f7f5c265cc867f21564d027afaf6a31550a9/content/utility/utility.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/147d8ebbba78a52af03a6ab1570af96536b4e1fa commit 147d8ebbba78a52af03a6ab1570af96536b4e1fa Author: kerrnel <kerrnel@chromium.org> Date: Fri Jun 09 23:09:03 2017 Add the V2 sandbox rules for renderer processes. Add the V2 sandbox rules, which eliminate the unsandboxed warmup phase in favor of explicitly enumerating resource access, to the tree. BUG= 689306 Review-Url: https://codereview.chromium.org/2920353002 Cr-Commit-Position: refs/heads/master@{#478443} [modify] https://crrev.com/147d8ebbba78a52af03a6ab1570af96536b4e1fa/content/content_resources.grd [add] https://crrev.com/147d8ebbba78a52af03a6ab1570af96536b4e1fa/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a67fad5ca2650a022181a7d06f502a94aa6f09f1 commit a67fad5ca2650a022181a7d06f502a94aa6f09f1 Author: kerrnel <kerrnel@chromium.org> Date: Wed Jun 14 20:18:16 2017 Expose GetLoggingFileName in ContentBrowserClient. The V2 sandbox will need to get the path to the logging file name, so this exposes the function to content/ through the client. BUG= 689306 Review-Url: https://codereview.chromium.org/2916323004 Cr-Commit-Position: refs/heads/master@{#479485} [modify] https://crrev.com/a67fad5ca2650a022181a7d06f502a94aa6f09f1/chrome/browser/chrome_content_browser_client.cc [modify] https://crrev.com/a67fad5ca2650a022181a7d06f502a94aa6f09f1/chrome/browser/chrome_content_browser_client.h [modify] https://crrev.com/a67fad5ca2650a022181a7d06f502a94aa6f09f1/chrome/browser/chrome_content_browser_client_unittest.cc [modify] https://crrev.com/a67fad5ca2650a022181a7d06f502a94aa6f09f1/content/public/browser/content_browser_client.cc [modify] https://crrev.com/a67fad5ca2650a022181a7d06f502a94aa6f09f1/content/public/browser/content_browser_client.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0f7a19296f354d7ed937a0d161c08638f542d919 commit 0f7a19296f354d7ed937a0d161c08638f542d919 Author: kerrnel <kerrnel@chromium.org> Date: Mon Jun 26 23:40:58 2017 Implement the V2 sandbox in the process launcher. Implements the V2 sandbox in the process launcher, passing the parameters and flags to Chrome Helper executable. The V2 sandbox is currently a disabled by default feature. BUG= 689306 CQ-DEPEND=2916323004 Review-Url: https://codereview.chromium.org/2931173003 Cr-Commit-Position: refs/heads/master@{#482462} [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/chrome/app/chrome_exe_main_mac.cc [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/browser/BUILD.gn [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/browser/child_process_launcher_helper.h [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/browser/child_process_launcher_helper_mac.cc [add] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/browser/sandbox_parameters_mac.h [add] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/common/sandbox_init_mac.cc [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/common/sandbox_mac.h [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/common/sandbox_mac.mm [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/public/common/content_features.cc [modify] https://crrev.com/0f7a19296f354d7ed937a0d161c08638f542d919/content/public/common/content_features.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7e4f7a7f8665855aac32d51897608e12fdc1dc9d commit 7e4f7a7f8665855aac32d51897608e12fdc1dc9d Author: kerrnel <kerrnel@chromium.org> Date: Wed Jun 28 21:28:28 2017 Add about:flags entry for Mac V2 sandbox. Add an entry to about:flags to enable the Mac V2 sandbox feature. BUG= 689306 Review-Url: https://codereview.chromium.org/2960953002 Cr-Commit-Position: refs/heads/master@{#483146} [modify] https://crrev.com/7e4f7a7f8665855aac32d51897608e12fdc1dc9d/chrome/browser/about_flags.cc [modify] https://crrev.com/7e4f7a7f8665855aac32d51897608e12fdc1dc9d/chrome/browser/flag_descriptions.cc [modify] https://crrev.com/7e4f7a7f8665855aac32d51897608e12fdc1dc9d/chrome/browser/flag_descriptions.h [modify] https://crrev.com/7e4f7a7f8665855aac32d51897608e12fdc1dc9d/tools/metrics/histograms/enums.xml
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b2464355416823fb43fc861f51a3ea0135c32932 commit b2464355416823fb43fc861f51a3ea0135c32932 Author: kerrnel <kerrnel@chromium.org> Date: Thu Jul 06 21:33:59 2017 Fix sandbox profile for MacOS 10.9 Mavericks. This fixes the sandbox profile to be backwards compatible on MacOS 10.9, without affecting the security or operation of MacOS 10.10+. BUG= 689306 Review-Url: https://codereview.chromium.org/2973453002 Cr-Commit-Position: refs/heads/master@{#484746} [modify] https://crrev.com/b2464355416823fb43fc861f51a3ea0135c32932/content/browser/OWNERS [modify] https://crrev.com/b2464355416823fb43fc861f51a3ea0135c32932/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/b2464355416823fb43fc861f51a3ea0135c32932/content/common/sandbox_mac.h [modify] https://crrev.com/b2464355416823fb43fc861f51a3ea0135c32932/content/common/sandbox_mac.mm [modify] https://crrev.com/b2464355416823fb43fc861f51a3ea0135c32932/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2b5417ac028acd75faefeabd7102c6ebc37772f2 commit 2b5417ac028acd75faefeabd7102c6ebc37772f2 Author: kerrnel <kerrnel@chromium.org> Date: Fri Jul 07 23:19:10 2017 Call SetApplicationIsDaemon() in V2 sandbox. Calls SetApplicationIsDaemon() to prevent crashing if LaunchServices cannot be connected to. This CL also allows the com.apple.lsdb.mapdb service which exposes the LaunchServices database. BUG= 689306 Review-Url: https://codereview.chromium.org/2944623003 Cr-Commit-Position: refs/heads/master@{#485092} [modify] https://crrev.com/2b5417ac028acd75faefeabd7102c6ebc37772f2/content/common/sandbox_init_mac.cc [modify] https://crrev.com/2b5417ac028acd75faefeabd7102c6ebc37772f2/content/common/sandbox_init_mac.h [modify] https://crrev.com/2b5417ac028acd75faefeabd7102c6ebc37772f2/content/common/sandbox_mac.mm [modify] https://crrev.com/2b5417ac028acd75faefeabd7102c6ebc37772f2/content/renderer/renderer_main_platform_delegate_mac.mm [modify] https://crrev.com/2b5417ac028acd75faefeabd7102c6ebc37772f2/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4fa6e5207cacadbd32b106a780dbdd9c36c6036f commit 4fa6e5207cacadbd32b106a780dbdd9c36c6036f Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Jul 10 19:00:45 2017 Represent OS version as number in sandbox profiles. Represents the OS version as a number in sandbox profiles, so it can be compared to with basic equality operations. BUG= 689306 Change-Id: I86aca6e1f1919738d2ebcc24b7c9a1d80f9378df Reviewed-on: https://chromium-review.googlesource.com/564057 Commit-Queue: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#485332} [modify] https://crrev.com/4fa6e5207cacadbd32b106a780dbdd9c36c6036f/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/4fa6e5207cacadbd32b106a780dbdd9c36c6036f/content/common/sandbox_mac.h [modify] https://crrev.com/4fa6e5207cacadbd32b106a780dbdd9c36c6036f/content/common/sandbox_mac.mm [modify] https://crrev.com/4fa6e5207cacadbd32b106a780dbdd9c36c6036f/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d73f07c3c79e360c3eb8e3605e24d29796b45185 commit d73f07c3c79e360c3eb8e3605e24d29796b45185 Author: Greg Kerr <kerrnel@chromium.org> Date: Tue Jul 11 22:34:38 2017 Post V2 sandbox design doc as md file. BUG= 689306 Change-Id: I20e44886dcb9cd7d378cfbccdead695c6626a065 Reviewed-on: https://chromium-review.googlesource.com/565169 Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#485708} [add] https://crrev.com/d73f07c3c79e360c3eb8e3605e24d29796b45185/sandbox/mac/seatbelt_sandbox_design.md
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ae0be1410c17707df503d178317d9990ffb3f30b commit ae0be1410c17707df503d178317d9990ffb3f30b Author: Greg Kerr <kerrnel@chromium.org> Date: Wed Jul 12 00:27:57 2017 Add macOS 10.10 fixes to the V2 sandbox profile. Adds fixes to the V2 sandbox profile for Chrome to work on macOS 10.10, by exposing the correct font daemon, and passing the pid of the process. BUG= 689306 Change-Id: I9015c6f4529c18af7b1b9965cde2e2e6ed62364c Reviewed-on: https://chromium-review.googlesource.com/566943 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#485747} [modify] https://crrev.com/ae0be1410c17707df503d178317d9990ffb3f30b/chrome/app/chrome_exe_main_mac.cc [modify] https://crrev.com/ae0be1410c17707df503d178317d9990ffb3f30b/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/ae0be1410c17707df503d178317d9990ffb3f30b/content/common/sandbox_mac.h [modify] https://crrev.com/ae0be1410c17707df503d178317d9990ffb3f30b/content/common/sandbox_mac.mm [modify] https://crrev.com/ae0be1410c17707df503d178317d9990ffb3f30b/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/83299caab664bf69f286da995bcfdfc7a8db5982 commit 83299caab664bf69f286da995bcfdfc7a8db5982 Author: Greg Kerr <kerrnel@chromium.org> Date: Wed Jul 12 22:06:51 2017 Expose FontServer daemon on Mac OS 10.11. Bug: chromium:689306 Change-Id: I84dafbb5f54c90615f2422a59a1cd14f10394b34 Reviewed-on: https://chromium-review.googlesource.com/568844 Commit-Queue: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#486124} [modify] https://crrev.com/83299caab664bf69f286da995bcfdfc7a8db5982/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9e96523ae3dee27d2af4d48fbfcc12881aa8e721 commit 9e96523ae3dee27d2af4d48fbfcc12881aa8e721 Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Jul 24 22:44:22 2017 Unit test the real V2 sandbox profile. This unit tests the real V2 sandbox profile for certain resource access that should be banned, and also allows the bots to verify the profile against all macOS versions. Bug: 738129 , 689306 , 37285 Change-Id: I775104464225a1521e37b1e7abce9be2b8f355cb Reviewed-on: https://chromium-review.googlesource.com/576157 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#489111} [add] https://crrev.com/9e96523ae3dee27d2af4d48fbfcc12881aa8e721/content/renderer/sandbox_mac_v2_unittest.mm [modify] https://crrev.com/9e96523ae3dee27d2af4d48fbfcc12881aa8e721/content/test/BUILD.gn [modify] https://crrev.com/9e96523ae3dee27d2af4d48fbfcc12881aa8e721/sandbox/mac/sandbox_mac_compiler_v2_unittest.mm
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a7b943b9f3c63f03cec4dec83b351861d4c2d7a5 commit a7b943b9f3c63f03cec4dec83b351861d4c2d7a5 Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Jul 24 23:17:17 2017 Forward elastic scrolling information from browser to renderer. Forward elastic scrolling preferences from the browser to the renderer, since the renderer can no longer access cfprefsd. Bug: 739542 , 689306 Change-Id: Id6e0a9bb66ddd51b4f61bd941a29d964c9376e90 Reviewed-on: https://chromium-review.googlesource.com/580672 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#489131} [modify] https://crrev.com/a7b943b9f3c63f03cec4dec83b351861d4c2d7a5/content/browser/theme_helper_mac.mm [modify] https://crrev.com/a7b943b9f3c63f03cec4dec83b351861d4c2d7a5/content/common/renderer.mojom [modify] https://crrev.com/a7b943b9f3c63f03cec4dec83b351861d4c2d7a5/content/renderer/render_thread_impl.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0bb30f3f5be483b9e08f5933ea446e0dbfcb5beb commit 0bb30f3f5be483b9e08f5933ea446e0dbfcb5beb Author: Greg Kerr <kerrnel@chromium.org> Date: Wed Jul 26 22:01:59 2017 V2 Sandbox: Allow access to subpaths for 10.13. This allows access to the entire icu subfolder, since the exact version of the icu database changes between macOS versions. It also allows access to additional library and frameworks which may be loaded directly if the shared cache is not used. Bug: 689306 Change-Id: I399b7fd15bb703a68b1739fb0ce1bd0f61bc1e58 Reviewed-on: https://chromium-review.googlesource.com/584852 Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#489769} [modify] https://crrev.com/0bb30f3f5be483b9e08f5933ea446e0dbfcb5beb/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fc9ec7151cfd716690ff501ef0291dc303c46d1b commit fc9ec7151cfd716690ff501ef0291dc303c46d1b Author: Greg Kerr <kerrnel@chromium.org> Date: Fri Aug 04 19:58:20 2017 Add sysctl for browser process metrics. The cputype sysctl is required for the browser process metrics. Bug: 689306 Change-Id: I17161b91304dc76643039128974df89bc65b88f2 Reviewed-on: https://chromium-review.googlesource.com/602472 Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#492108} [modify] https://crrev.com/fc9ec7151cfd716690ff501ef0291dc303c46d1b/content/renderer/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2edbbbdfb91b9d9ada8fae3eef033b2210569c14 commit 2edbbbdfb91b9d9ada8fae3eef033b2210569c14 Author: Greg Kerr <kerrnel@chromium.org> Date: Wed Aug 16 00:39:28 2017 Configure LaunchServices to continue with launchservicesd access. LaunchServices may hang without access to launchservicesd, so this configures it to ignroe those failures. Bug: 689306 Change-Id: I325c25d00461502375e4abffd87c954db252f6d6 Reviewed-on: https://chromium-review.googlesource.com/611386 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#494637} [modify] https://crrev.com/2edbbbdfb91b9d9ada8fae3eef033b2210569c14/content/renderer/renderer_main_platform_delegate_mac.mm
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4a23e2ea71ed77700f59faeca3f9abfb9a4e175b commit 4a23e2ea71ed77700f59faeca3f9abfb9a4e175b Author: Greg Kerr <kerrnel@chromium.org> Date: Fri Oct 06 16:41:29 2017 Add resource access to the V2 sandbox profile. This adds safe resources to the V2 sandbox profile, to avoid any slowdown when Chrome's libraries initialize. Bug: 689306 Change-Id: Ic7c8b6979360b61ad24701c7bd0cf64acda48b0a Reviewed-on: https://chromium-review.googlesource.com/703463 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Greg Kerr <kerrnel@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#507097} [modify] https://crrev.com/4a23e2ea71ed77700f59faeca3f9abfb9a4e175b/services/service_manager/sandbox/mac/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/49c0741868c54e93d54faa1d2163a32824c77428 commit 49c0741868c54e93d54faa1d2163a32824c77428 Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Nov 13 19:11:20 2017 macOS V2 Sandbox: Allow cfprefs and gamecontrollerd for perf experiment. This experimental CL allows cfprefs and gamecontrollerd to observe how the perf bots respond. This will likely be reverted once the results show up. Bug: 689306 Change-Id: I8e0ab2919e4cf7e65217be1169b63a7bde806df4 Reviewed-on: https://chromium-review.googlesource.com/764394 Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Mike Pinkerton <pinkerton@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#515997} [modify] https://crrev.com/49c0741868c54e93d54faa1d2163a32824c77428/content/renderer/sandbox_mac_v2_unittest.mm [modify] https://crrev.com/49c0741868c54e93d54faa1d2163a32824c77428/services/service_manager/sandbox/mac/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6516911db1df461f4292794636df276adb8c43a6 commit 6516911db1df461f4292794636df276adb8c43a6 Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Nov 27 23:00:37 2017 Revert "macOS V2 Sandbox: Allow cfprefs and gamecontrollerd for perf experiment." This reverts commit 49c0741868c54e93d54faa1d2163a32824c77428, to see how the performance histograms respond without cfprefs access. Tbr: rsesek@chromium.org Bug: 689306 Change-Id: I195a729e611c964b6221ec0e98ccde04444dc78f Reviewed-on: https://chromium-review.googlesource.com/792092 Commit-Queue: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Cr-Commit-Position: refs/heads/master@{#519440} [modify] https://crrev.com/6516911db1df461f4292794636df276adb8c43a6/content/renderer/sandbox_mac_v2_unittest.mm [modify] https://crrev.com/6516911db1df461f4292794636df276adb8c43a6/services/service_manager/sandbox/mac/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c382e2ae86b559f9215ec5d600b6312826a0a2e0 commit c382e2ae86b559f9215ec5d600b6312826a0a2e0 Author: Greg Kerr <kerrnel@chromium.org> Date: Thu Dec 14 23:43:34 2017 macOS V2 Sandbox: Sandbox utility processes. This sandboxes utility processes with the V2 sandbox on macOS. Bug: 689306 Change-Id: Ie7cca11834f060a4c0f59862f68de95c79893288 Reviewed-on: https://chromium-review.googlesource.com/817515 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#524233} [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/content/app/content_main_runner.cc [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/content/browser/child_process_launcher_helper_mac.cc [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/content/browser/sandbox_parameters_mac.h [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/content/renderer/sandbox_mac_v2_unittest.mm [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/services/service_manager/sandbox/mac/BUILD.gn [add] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/services/service_manager/sandbox/mac/common_v2.sb [modify] https://crrev.com/c382e2ae86b559f9215ec5d600b6312826a0a2e0/services/service_manager/sandbox/mac/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/159fc4ac77b00a0c1134765d2615b6e9a2b5311b commit 159fc4ac77b00a0c1134765d2615b6e9a2b5311b Author: Greg Kerr <kerrnel@chromium.org> Date: Wed Dec 20 21:49:57 2017 macOS V2 Sandbox: Sandbox PPAPI Processes. This launches PPAPI processes under the new macOS V2 sandbox. Bug: 689306 Change-Id: I56877dd163d5120f251ad6a791c83383814c641e Reviewed-on: https://chromium-review.googlesource.com/830976 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Mike Pinkerton <pinkerton@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#525475} [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/content/browser/child_process_launcher_helper_mac.cc [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/content/browser/sandbox_parameters_mac.h [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/content/ppapi_plugin/ppapi_thread.cc [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/services/service_manager/sandbox/mac/BUILD.gn [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/services/service_manager/sandbox/mac/common_v2.sb [add] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/services/service_manager/sandbox/mac/ppapi_v2.sb [modify] https://crrev.com/159fc4ac77b00a0c1134765d2615b6e9a2b5311b/services/service_manager/sandbox/mac/renderer_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e185dbf77a25908b8a2dffaeee1728ef71921369 commit e185dbf77a25908b8a2dffaeee1728ef71921369 Author: Greg Kerr <kerrnel@chromium.org> Date: Fri Jan 05 04:28:00 2018 macOS V2 Sandbox: Sandbox CDM Processes. This launches CDM processes under the V2 sandbox. Bug: 689306 Change-Id: Ie835ea5864b66c12abb1dd3dfbe8d2d60a0f6451 Reviewed-on: https://chromium-review.googlesource.com/847904 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#527200} [modify] https://crrev.com/e185dbf77a25908b8a2dffaeee1728ef71921369/content/browser/child_process_launcher_helper_mac.cc [modify] https://crrev.com/e185dbf77a25908b8a2dffaeee1728ef71921369/content/browser/sandbox_parameters_mac.h [modify] https://crrev.com/e185dbf77a25908b8a2dffaeee1728ef71921369/content/browser/sandbox_parameters_mac.mm
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/39b65bfdd9867db3ccc2ff5e7c1c29dc5d8bcfcd commit 39b65bfdd9867db3ccc2ff5e7c1c29dc5d8bcfcd Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Jan 08 17:03:56 2018 macOS V2 Sandbox: Sandbox GPU Processes. This launches GPU processes under the V2 sandbox. Bug: 689306 Change-Id: I40f3f4ad841cab0985cb6e6b944b47878f57767e Reviewed-on: https://chromium-review.googlesource.com/853197 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#527650} [modify] https://crrev.com/39b65bfdd9867db3ccc2ff5e7c1c29dc5d8bcfcd/content/browser/child_process_launcher_helper_mac.cc [modify] https://crrev.com/39b65bfdd9867db3ccc2ff5e7c1c29dc5d8bcfcd/services/service_manager/sandbox/mac/BUILD.gn [add] https://crrev.com/39b65bfdd9867db3ccc2ff5e7c1c29dc5d8bcfcd/services/service_manager/sandbox/mac/gpu_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bca744092ee7f8f8a16b7ee2bf305c077a2ef2ad commit bca744092ee7f8f8a16b7ee2bf305c077a2ef2ad Author: Greg Kerr <kerrnel@chromium.org> Date: Mon Jan 08 23:33:24 2018 macOS V2 Sandbox: Sandbox NACL Processes. This launches NACL processes under the V2 sandbox. Bug: 689306 Change-Id: I7856ca9f2c263fce41f0e7e1edff6c8f6b765e1e Reviewed-on: https://chromium-review.googlesource.com/854780 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#527810} [modify] https://crrev.com/bca744092ee7f8f8a16b7ee2bf305c077a2ef2ad/content/browser/child_process_launcher_helper_mac.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6ef424c269d8b5d2671c2c55fb71a185e8545f19 commit 6ef424c269d8b5d2671c2c55fb71a185e8545f19 Author: Greg Kerr <kerrnel@chromium.org> Date: Thu Jan 11 00:05:21 2018 macOS V2 Sandbox: Sandbox Other Utility Process Types. This adds all other process types, which are currently run as utility processes, to the V2 sandbox. Bug: 689306 Change-Id: I5e0c7639c918085e3c2fd95c44a96a27c59621ae Reviewed-on: https://chromium-review.googlesource.com/855517 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#528496} [modify] https://crrev.com/6ef424c269d8b5d2671c2c55fb71a185e8545f19/content/browser/child_process_launcher_helper_mac.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646 commit 28bc65ff4fd69fabb622eb8dc2b8efb8704c8646 Author: Robert Sesek <rsesek@chromium.org> Date: Mon Jul 16 16:53:25 2018 Remove the bundled App Shell.app target from //extensions/shell:app_shell. Per //extensions/shell/README, app_shell is only officially supported on ChromeOS, and support for Chrome Apps on Mac won't be developed further. This removes the bundled version of the app_shell and turns it into a standalone executable. This reduces the platform-specific maintenance burden for the extensions_browsertests. This moves the SetAmIBundleOverride() call from the BrowserTestBase subclass to ContentBrowserTest. While content_browsertests uses the bundled Content Shell.app, other browsertests do not use bundled binaries and so this does not belong in the base class. Bug: 844401, 689306 Test: All extensions_browsertests continue to run. Change-Id: I300de23bd9cb1a845bd06799887ad386e774b6c7 Reviewed-on: https://chromium-review.googlesource.com/1134217 Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Michael Giuffrida <michaelpg@chromium.org> Reviewed-by: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#575312} [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/chrome/test/base/in_process_browser_test.cc [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/content/public/test/browser_test_base.cc [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/content/public/test/content_browser_test.cc [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/extensions/browser/BUILD.gn [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/extensions/shell/BUILD.gn [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/app-Info.plist [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/framework-Info.plist [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/helper-Info.plist [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/paths_mac.h [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/paths_mac.mm [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/extensions/shell/app/shell_main.cc [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/extensions/shell/app/shell_main_delegate.cc [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/shell_main_mac.cc [delete] https://crrev.com/102c5ce5dbc8e4823a1719b82bc790d328d0c77c/extensions/shell/app/shell_main_mac.h [modify] https://crrev.com/28bc65ff4fd69fabb622eb8dc2b8efb8704c8646/extensions/shell/test/shell_test.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a9f52e8431b8ebaf17e5be2252bf30d2d43ac91 commit 9a9f52e8431b8ebaf17e5be2252bf30d2d43ac91 Author: Robert Sesek <rsesek@chromium.org> Date: Mon Jul 16 20:49:45 2018 Fix browsertests that do not use bundled executables when the MacV2Sandbox is enabled. - Invoke the SeatbeltExecServer in content::LaunchTests, which is the entrypoint for test child processes when not using bundled binaries. This is how the V2 sandbox is engaged in test environments. - Use the base::mac::BaseBundleID() for the seatbelt parameter, rather than the OuterBundle()'s CFBundleIdentifier. The MachPortBroker uses the former ID. Bug: 689306 Change-Id: I075fa97df87b29b27556dd6edadb717d5742ee60 Reviewed-on: https://chromium-review.googlesource.com/1136525 Reviewed-by: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#575414} [modify] https://crrev.com/9a9f52e8431b8ebaf17e5be2252bf30d2d43ac91/content/browser/sandbox_parameters_mac.mm [modify] https://crrev.com/9a9f52e8431b8ebaf17e5be2252bf30d2d43ac91/content/public/test/test_launcher.cc [modify] https://crrev.com/9a9f52e8431b8ebaf17e5be2252bf30d2d43ac91/content/test/BUILD.gn
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/56325ccd9afadb2b2451906832f42eaa18508b01 commit 56325ccd9afadb2b2451906832f42eaa18508b01 Author: Robert Sesek <rsesek@chromium.org> Date: Tue Jul 17 21:24:41 2018 Drop read access to /usr/share/locale in the MacV2Sandbox. It appears to be unneeded and it causes the fast/css/opacity-float.html LayoutTest to fail. Bug: 689306 Change-Id: I704a22a40fbdbfbb9fd98d6676ec0ce244d4a0ee Reviewed-on: https://chromium-review.googlesource.com/1140208 Reviewed-by: Greg Kerr <kerrnel@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#575778} [modify] https://crrev.com/56325ccd9afadb2b2451906832f42eaa18508b01/services/service_manager/sandbox/mac/common_v2.sb
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6528ab86187022c24d36630831babcaf625c3f92 commit 6528ab86187022c24d36630831babcaf625c3f92 Author: Robert Sesek <rsesek@chromium.org> Date: Wed Jul 18 16:30:48 2018 Enable the MacV2Sandbox feature by default. Changes in sandbox behavior can have couple-pixel adjustments to controls drawn with Cocoa, like scrollbars. This moves some affected layout test baselines from mac10.12 to mac10.10 as a result. The baseline search path for macOS 10.10 is 10.10->10.11->10.12->mac->generic. Enabling the V2 sandbox means that mac10.11 and 10.12 now behave like "mac", and now only 10.10 has a differing result for these tests. Bug: 749839, 689306 Change-Id: I9133a74c39fe995282daf950efe6d8b0fbcb2b4f Reviewed-on: https://chromium-review.googlesource.com/1132398 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#576088} [modify] https://crrev.com/6528ab86187022c24d36630831babcaf625c3f92/content/public/common/content_features.cc [rename] https://crrev.com/6528ab86187022c24d36630831babcaf625c3f92/third_party/WebKit/LayoutTests/platform/mac-mac10.10/paint/invalidation/flexbox/scrollbars-changed-expected.txt [rename] https://crrev.com/6528ab86187022c24d36630831babcaf625c3f92/third_party/WebKit/LayoutTests/platform/mac-mac10.10/paint/invalidation/overflow/inline-vertical-lr-overflow-expected.txt [rename] https://crrev.com/6528ab86187022c24d36630831babcaf625c3f92/third_party/WebKit/LayoutTests/platform/mac-mac10.10/paint/invalidation/overflow/inline-vertical-rl-overflow-expected.txt [rename] https://crrev.com/6528ab86187022c24d36630831babcaf625c3f92/third_party/WebKit/LayoutTests/platform/mac-mac10.10/paint/invalidation/vertical-rl-as-paint-container-expected.txt
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229 commit 6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229 Author: Robert Sesek <rsesek@chromium.org> Date: Wed Jul 25 17:09:54 2018 Fix headless mode under the MacV2Sandbox. - The standalone headless_shell needs to invoke the Seatbelt server in its child processes. - The --headless flag in Chrome needs to set up the CHILD_PROCESS_EXE override for finding the Helper.app. The --headless flag was incorrectly spawning the main app executable rather than the helper. Bug: 866606 , 689306 Change-Id: I0e4fec109fad5577263059fd0b62dea3bb966860 Reviewed-on: https://chromium-review.googlesource.com/1148478 Reviewed-by: David Vallet <dvallet@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#577949} [modify] https://crrev.com/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229/chrome/app/chrome_main_delegate.cc [modify] https://crrev.com/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229/chrome/app/chrome_main_mac.mm [modify] https://crrev.com/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229/headless/BUILD.gn [modify] https://crrev.com/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229/headless/app/DEPS [modify] https://crrev.com/6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229/headless/app/headless_shell_main.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0562c348616685f77f385776508013680f81601c commit 0562c348616685f77f385776508013680f81601c Author: Robert Sesek <rsesek@chromium.org> Date: Fri Jul 27 16:31:13 2018 Fix headless mode under the MacV2Sandbox. - The standalone headless_shell needs to invoke the Seatbelt server in its child processes. - The --headless flag in Chrome needs to set up the CHILD_PROCESS_EXE override for finding the Helper.app. The --headless flag was incorrectly spawning the main app executable rather than the helper. (cherry picked from commit 6a8df1b08fffbb4ca0ddb787b14ce362f0fc2229) Bug: 866606 , 689306 Change-Id: I0e4fec109fad5577263059fd0b62dea3bb966860 Reviewed-on: https://chromium-review.googlesource.com/1148478 Reviewed-by: David Vallet <dvallet@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#577949} Reviewed-on: https://chromium-review.googlesource.com/1153227 Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/branch-heads/3497@{#155} Cr-Branched-From: 271eaf50594eb818c9295dc78d364aea18c82ea8-refs/heads/master@{#576753} [modify] https://crrev.com/0562c348616685f77f385776508013680f81601c/chrome/app/chrome_main_delegate.cc [modify] https://crrev.com/0562c348616685f77f385776508013680f81601c/chrome/app/chrome_main_mac.mm [modify] https://crrev.com/0562c348616685f77f385776508013680f81601c/headless/BUILD.gn [modify] https://crrev.com/0562c348616685f77f385776508013680f81601c/headless/app/DEPS [modify] https://crrev.com/0562c348616685f77f385776508013680f81601c/headless/app/headless_shell_main.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b1cd8fe1a3d450926341910550f12e97f7fd6ccb commit b1cd8fe1a3d450926341910550f12e97f7fd6ccb Author: Robert Sesek <rsesek@chromium.org> Date: Tue Aug 21 18:32:53 2018 Create new //sandbox/mac:system_services target for disabling launchservicesd. Multiple process types will need to disable the connection to launchservicesd, so centralizing the SPI call into a helper will make it easier. Bug: 689306 , 867461, 874785 Change-Id: I5c5c6d34cc162616cc9cd94378e13def71c4181a Reviewed-on: https://chromium-review.googlesource.com/1183624 Reviewed-by: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#584854} [modify] https://crrev.com/b1cd8fe1a3d450926341910550f12e97f7fd6ccb/content/renderer/renderer_main_platform_delegate_mac.mm [modify] https://crrev.com/b1cd8fe1a3d450926341910550f12e97f7fd6ccb/sandbox/BUILD.gn [modify] https://crrev.com/b1cd8fe1a3d450926341910550f12e97f7fd6ccb/sandbox/mac/BUILD.gn [add] https://crrev.com/b1cd8fe1a3d450926341910550f12e97f7fd6ccb/sandbox/mac/system_services.cc [add] https://crrev.com/b1cd8fe1a3d450926341910550f12e97f7fd6ccb/sandbox/mac/system_services.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1de60697b302d36813c2ce4207d0044204357588 commit 1de60697b302d36813c2ce4207d0044204357588 Author: Robert Sesek <rsesek@chromium.org> Date: Tue Dec 18 21:43:30 2018 Delete unused V1 Mac sandbox profiles. - The V1 common.sb file is merged into the V1 gpu.sb file. The GPU sandbox will be moved to V2 as part of https://crbug.com/915934. - common_v2.sb, renderer_v2.sb, and ppapi_v2.sb all lose their "_v2" suffix and replace the V1 file by the same name. - sandbox_mac.mm is thinned out to only support the V1 GPU sandbox. No intended behavior change. Bug: 689306 Change-Id: Icfc36c5a7b1907e0c93d6a87bdd1d0ffe18cf616 Reviewed-on: https://chromium-review.googlesource.com/c/1380554 Reviewed-by: Greg Kerr <kerrnel@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#617638} [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/content/browser/child_process_launcher_helper_mac.cc [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/content/browser/sandbox_mac_unittest.mm [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/content/renderer/sandbox_mac_v2_unittest.mm [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/BUILD.gn [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/common.sb [delete] https://crrev.com/f409f5b62b2d78e1436851640f1f1459a5e8244c/services/service_manager/sandbox/mac/common_v2.sb [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/gpu.sb [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/ppapi.sb [delete] https://crrev.com/f409f5b62b2d78e1436851640f1f1459a5e8244c/services/service_manager/sandbox/mac/ppapi_v2.sb [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/renderer.sb [delete] https://crrev.com/f409f5b62b2d78e1436851640f1f1459a5e8244c/services/service_manager/sandbox/mac/renderer_v2.sb [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/sandbox_mac.h [modify] https://crrev.com/1de60697b302d36813c2ce4207d0044204357588/services/service_manager/sandbox/mac/sandbox_mac.mm
Comment 1 by bugdroid1@chromium.org
, Feb 8 2017