Fuchsia: implement Chrome sandbox |
||||
Issue descriptionTracking bug for getting the Chrome sandbox working under Fuchsia.
,
Sep 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/65c26702c247365a1e908f03855a7af8bee36049 commit 65c26702c247365a1e908f03855a7af8bee36049 Author: Kevin Marshall <kmarshall@chromium.org> Date: Mon Sep 25 18:21:42 2017 Fuchsia: implement sandbox support via Fuchsia launch clone policy. This CL adds a function "GetClonePolicyForSandbox()" which returns the set of clone flags needed to achieve the level of isolation appropriate for a SandboxType. Calling LaunchProcess() without setting the clone policy will result in the child process being spawned with the same capabilities as its parent, so as to not break the existing call sites of LaunchProcess(). Bug: 750938 Change-Id: I09033892246a93322970b24ab79d107b103c1671 Reviewed-on: https://chromium-review.googlesource.com/628861 Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Scott Graham <scottmg@chromium.org> Cr-Commit-Position: refs/heads/master@{#504107} [modify] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/base/process/launch.h [modify] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/base/process/launch_fuchsia.cc [modify] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/content/browser/child_process_launcher_helper_fuchsia.cc [modify] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/content/common/BUILD.gn [add] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/content/common/sandbox_policy_fuchsia.cc [add] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/content/common/sandbox_policy_fuchsia.h [modify] https://crrev.com/65c26702c247365a1e908f03855a7af8bee36049/content/renderer/renderer_main_platform_delegate_fuchsia.cc
,
Oct 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a7b86de0790b893bcf51fc333847420da1e1bae commit 9a7b86de0790b893bcf51fc333847420da1e1bae Author: Kevin Marshall <kmarshall@chromium.org> Date: Thu Oct 05 23:29:49 2017 Disable child process sandboxing on Fuchsia. There are some issues that need to be worked out, such as sharing resource files to embedder processes, before sandboxing will work satisfactorily on Fuchsia. This CL disables sandboxing and logs a soft NOTIMPLEMENTED() error when the browser attempts to launch one. Bug: 750938 Change-Id: I7a0253a2c4532e79fd8158d23cd262779285cf6f Reviewed-on: https://chromium-review.googlesource.com/701636 Reviewed-by: Wez <wez@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#506910} [modify] https://crrev.com/9a7b86de0790b893bcf51fc333847420da1e1bae/content/common/sandbox_policy_fuchsia.cc [modify] https://crrev.com/9a7b86de0790b893bcf51fc333847420da1e1bae/content/renderer/renderer_main_platform_delegate_fuchsia.cc
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/95010a2777feb146943a62fd38f57c8915611548 commit 95010a2777feb146943a62fd38f57c8915611548 Author: Wez <wez@chromium.org> Date: Fri Oct 06 23:41:20 2017 Temporarily report EnableSandbox() success, but NOTIMPLEMENTED(). We have a working sandbox, but do not yet have working access to resource files from within it, so EnableSandbox() was wired to report failure, requiring binaries to all be run with --no-sandbox. To simplify development, temporarily report success from EnableSandbox() but report NOTIMPLEMENTED() and don't actually engage the sandbox. Bug: 750938 Change-Id: I400e57def2dd65ded1093e4f8c3f256062c45364 Reviewed-on: https://chromium-review.googlesource.com/706351 Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#507225} [modify] https://crrev.com/95010a2777feb146943a62fd38f57c8915611548/content/common/sandbox_policy_fuchsia.cc [modify] https://crrev.com/95010a2777feb146943a62fd38f57c8915611548/content/renderer/renderer_main_platform_delegate_fuchsia.cc
,
Oct 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d6dbaef54612681fba29930af1501fecace9acd3 commit d6dbaef54612681fba29930af1501fecace9acd3 Author: Wez <wez@chromium.org> Date: Mon Oct 23 22:31:56 2017 Clear the environment passed to sandboxed child processes. Bug: 750938 Change-Id: Id7df53078224216b1c1192c94a90503120c7dc5f Reviewed-on: https://chromium-review.googlesource.com/731852 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#510945} [modify] https://crrev.com/d6dbaef54612681fba29930af1501fecace9acd3/content/common/sandbox_policy_fuchsia.cc
,
Oct 31 2017
,
Jan 3 2018
Sandboxing needs Fuchsia package-based deployment to work properly. We cannot sandbox on the existing bootfs-based deployment system. Files in a bootfs are always mutable. They cannot be cloned as RO handles due to a limitation by design in bootfs. packagefs, on the other hand, supports handle cloning and provides strong guarantees the integrity of shared files.
,
Feb 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2bd0455cf4e95d6e877e50d90ca6282ac3cd244d commit 2bd0455cf4e95d6e877e50d90ca6282ac3cd244d Author: Kevin Marshall <kmarshall@chromium.org> Date: Thu Feb 01 21:23:45 2018 Fuchsia: Add selective path cloning to launch options, for sandboxing. The parent/browser process can set these clone options to configure the capabilities which will be propagated to the newly launched child process. Bug: 750938 Change-Id: Ic4403c5e9c61e7ce226af22d0bcdb3f1362a95f4 Reviewed-on: https://chromium-review.googlesource.com/861283 Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#533815} [modify] https://crrev.com/2bd0455cf4e95d6e877e50d90ca6282ac3cd244d/base/process/launch.h [modify] https://crrev.com/2bd0455cf4e95d6e877e50d90ca6282ac3cd244d/base/process/launch_fuchsia.cc [modify] https://crrev.com/2bd0455cf4e95d6e877e50d90ca6282ac3cd244d/base/process/process_util_unittest.cc [modify] https://crrev.com/2bd0455cf4e95d6e877e50d90ca6282ac3cd244d/content/common/sandbox_policy_fuchsia.cc
,
May 14 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce commit c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce Author: Kevin Marshall <kmarshall@chromium.org> Date: Mon May 14 03:34:45 2018 Fuchsia: Allow individual files to be cloned by launch_fuchsia.cc The ability to propagate files affords the sandboxing policy logic more precision in propagating the exact capabilities needed by child processes. Also some minor cleanup which changes the LaunchOptions interface to use FilePaths instead of strings for representing paths. Bug: 750938 Change-Id: I38059c39f629bc9234e4f94c0b215a39828f3665 Reviewed-on: https://chromium-review.googlesource.com/1050494 Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Wez <wez@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#558186} [modify] https://crrev.com/c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce/base/process/launch.h [modify] https://crrev.com/c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce/base/process/launch_fuchsia.cc [modify] https://crrev.com/c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce/base/process/process_util_unittest.cc [modify] https://crrev.com/c948f0f2c8a8fe56b995c4d9d0066fe3003e25ce/content/common/sandbox_policy_fuchsia.cc
,
Jun 7 2018
,
Sep 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/57a19db65282f8603012e735b6ca4b7ea8cbb99f commit 57a19db65282f8603012e735b6ca4b7ea8cbb99f Author: Kevin Marshall <kmarshall@chromium.org> Date: Wed Sep 12 20:07:05 2018 [fuchsia] Whitelist required Fuchsia services in component manifest. The application manager will require components to explicitly declare the services which they depend on in the component manifest. This CL defines new, more granular "sandbox_policy" files which specifies the minimal list of required features and services for each type of package. Bug: 750938 Change-Id: Iec3b4e5abe96d81a9e4e149a2a1d9e387d55ab42 Reviewed-on: https://chromium-review.googlesource.com/1208444 Reviewed-by: Alex Sakhartchouk <alexst@chromium.org> Reviewed-by: Michael Spang <spang@chromium.org> Reviewed-by: Sami Kyöstilä <skyostil@chromium.org> Reviewed-by: John Budorick <jbudorick@chromium.org> Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Wez <wez@chromium.org> Reviewed-by: Scott Graham <scottmg@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#590799} [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/BUILD.gn [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/build/config/fuchsia/package.gni [delete] https://crrev.com/c015c9c2e2626a8b1533a790c826b9b2cdb568e9/build/config/fuchsia/sandbox_policy [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/build/config/fuchsia/testing_sandbox_policy [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/headless/BUILD.gn [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/testing/test.gni [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/ui/ozone/demo/BUILD.gn [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/webrunner/BUILD.gn [add] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/webrunner/app/sandbox_policy [modify] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/webrunner/net_http/BUILD.gn [add] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/webrunner/net_http/sandbox_policy [add] https://crrev.com/57a19db65282f8603012e735b6ca4b7ea8cbb99f/webrunner/service/sandbox_policy
,
Sep 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e1f59d71a2c2bb2dd64e20a62a87d1be86535fe9 commit e1f59d71a2c2bb2dd64e20a62a87d1be86535fe9 Author: Wez <wez@chromium.org> Date: Wed Sep 12 20:56:43 2018 Add missing sandbox_policy_file to cast_shell package. The fuchsia_package() rule now requires all non-test packages to specify a sandbox_policy file explicitly. The "cast_shell" fuchsia_package was missing that. TBR: kmarshall, halliwell Bug: 750938 Change-Id: If966cf284c4b38d70329d7a7db52690732c9219b Reviewed-on: https://chromium-review.googlesource.com/1222670 Reviewed-by: Wez <wez@chromium.org> Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#590816} [modify] https://crrev.com/e1f59d71a2c2bb2dd64e20a62a87d1be86535fe9/chromecast/BUILD.gn |
||||
►
Sign in to add a comment |
||||
Comment 1 by bugdroid1@chromium.org
, Aug 17 2017