Add security ownership to 3 files where mojo service provider sandbox levels are currently hard-coded. |
||||
Issue descriptionOS: All Contained within ServiceManager in browser, currently in three files total: 1) service_manager_context.cc (https://cs.chromium.org/chromium/src/content/browser/service_manager/service_manager_context.cc?q=service_manager_context.cc&sq=package:chromium&l=351) and ContentBrowserClient implementations: 2) chrome_content_browser_client.cc (https://cs.chromium.org/chromium/src/chrome/browser/chrome_content_browser_client.cc?q=chrome_content_browser_client.cc&sq=package:chromium&l=3005) 3) shell_content_browser_client.cc (https://cs.chromium.org/chromium/src/content/shell/browser/shell_content_browser_client.cc?q=shell_content_browser_client.cc&sq=package:chromium&l=241) They seem to be contained in the context of "registering out of process services". Until the sandbox types are pulled out of these code files and into manifests (or any other form of config), we should ensure security oversight of these sandbox levels.
,
Sep 12 2017
Hey Tom, Could you just comment on whether your current sandbox cleanup CLs will remove the hard-coded sbox_types out of these three files (and into manifests)? Will this ticket become obsolete? And if so, perhaps we assign this to you, or just block it on your current work? P
,
Sep 18 2017
,
Sep 19 2017
This should now be handled by manifests. The question becomes, do we have security owners on manifest.json files?
,
Sep 19 2017
Yes, adding SECURITY_OWNERS to manifests was done in issue 695922 . |
||||
►
Sign in to add a comment |
||||
Comment 1 by rsesek@chromium.org
, Aug 18 2017