Remove "shell" capability from sandbox_policy |
||
Issue descriptionRemove the "shell" capability from sandbox_policy, and modify the build dependencies to include all dynamically linked libraries within the package.
,
Apr 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0 commit 9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0 Author: Kevin Marshall <kmarshall@chromium.org> Date: Tue Apr 10 21:08:26 2018 Fuchsia: remove "shell" capability and add dynamic libraries to packages. Removing the "shell" capability allows packaged apps to load dynamic libraries from the package. In addition, it prevents the app from using any system-provided libraries, in favor of the package supplying all of its data and dynamic library dependencies. This CL includes the system libraries from the SDK's "dist" directory in packages built using the package() GN template. Bug: 823927 Change-Id: I7c0eaef08765f8119bec9a67d381014d07ba4606 Reviewed-on: https://chromium-review.googlesource.com/985474 Reviewed-by: Wez <wez@chromium.org> Reviewed-by: James Robinson <jamesr@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#549641} [modify] https://crrev.com/9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0/build/config/fuchsia/build_manifest.py [modify] https://crrev.com/9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0/build/config/fuchsia/package.gni [modify] https://crrev.com/9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0/build/config/fuchsia/sandbox_policy
,
Apr 10 2018
,
Apr 11 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2841fb2f7be2c0b91953a86fa0460c4ac94aac24 commit 2841fb2f7be2c0b91953a86fa0460c4ac94aac24 Author: Kevin Marshall <kmarshall@chromium.org> Date: Wed Apr 11 00:08:26 2018 Revert "Fuchsia: remove "shell" capability and add dynamic libraries to packages." This reverts commit 9638e4f4233d993bcf1ff7fad6f1ce3925a6dce0. Reason for revert: Test suites fail to execute, breaking FYI Original change's description: > Fuchsia: remove "shell" capability and add dynamic libraries to packages. > > Removing the "shell" capability allows packaged apps to load dynamic libraries > from the package. In addition, it prevents the app from using any > system-provided libraries, in favor of the package supplying all of its > data and dynamic library dependencies. > > This CL includes the system libraries from the SDK's "dist" directory in > packages built using the package() GN template. > > Bug: 823927 > Change-Id: I7c0eaef08765f8119bec9a67d381014d07ba4606 > Reviewed-on: https://chromium-review.googlesource.com/985474 > Reviewed-by: Wez <wez@chromium.org> > Reviewed-by: James Robinson <jamesr@chromium.org> > Commit-Queue: Kevin Marshall <kmarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#549641} TBR=wez@chromium.org,jamesr@chromium.org,kmarshall@chromium.org Change-Id: Id96067185552ed932590c73e87fc57050341dfa5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 823927 Reviewed-on: https://chromium-review.googlesource.com/1005741 Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#549685} [modify] https://crrev.com/2841fb2f7be2c0b91953a86fa0460c4ac94aac24/build/config/fuchsia/build_manifest.py [modify] https://crrev.com/2841fb2f7be2c0b91953a86fa0460c4ac94aac24/build/config/fuchsia/package.gni [modify] https://crrev.com/2841fb2f7be2c0b91953a86fa0460c4ac94aac24/build/config/fuchsia/sandbox_policy
,
Apr 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/54c93b850a2473a1b3d10fb028d44397ab9b9008 commit 54c93b850a2473a1b3d10fb028d44397ab9b9008 Author: Kevin Marshall <kmarshall@chromium.org> Date: Tue Apr 24 01:43:08 2018 Reland "Fuchsia: remove "shell" capability and add dynamic libraries to packages." Removing the "shell" capability allows packaged apps to load dynamic libraries from the package. In addition, it prevents the app from using any system-provided libraries, in favor of the package supplying all of its data and dynamic library dependencies. This CL includes the system libraries from the SDK's "dist" directory in packages built using the package() GN template. Bug: 823927 Change-Id: Ibc22913658f73d992e563e829a377be66f61f805 Reviewed-on: https://chromium-review.googlesource.com/1025046 Reviewed-by: Scott Graham <scottmg@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#552950} [modify] https://crrev.com/54c93b850a2473a1b3d10fb028d44397ab9b9008/build/config/fuchsia/build_manifest.py [modify] https://crrev.com/54c93b850a2473a1b3d10fb028d44397ab9b9008/build/config/fuchsia/config.gni [modify] https://crrev.com/54c93b850a2473a1b3d10fb028d44397ab9b9008/build/config/fuchsia/package.gni [modify] https://crrev.com/54c93b850a2473a1b3d10fb028d44397ab9b9008/build/config/fuchsia/sandbox_policy
,
Apr 24 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8def47b99d87059f1c34e1ea68c30e9de1c86ba7 commit 8def47b99d87059f1c34e1ea68c30e9de1c86ba7 Author: Kevin Marshall <kmarshall@chromium.org> Date: Tue Apr 24 22:00:30 2018 Revert "Reland "Fuchsia: remove "shell" capability and add dynamic libraries to packages."" This reverts commit 54c93b850a2473a1b3d10fb028d44397ab9b9008. Reason for revert: Multiple nontrivial failures in FYI https://ci.chromium.org/buildbot/chromium.fyi/Fuchsia/16409 Original change's description: > Reland "Fuchsia: remove "shell" capability and add dynamic libraries to packages." > > Removing the "shell" capability allows packaged apps to load dynamic libraries > from the package. In addition, it prevents the app from using any > system-provided libraries, in favor of the package supplying all of its > data and dynamic library dependencies. > > This CL includes the system libraries from the SDK's "dist" directory in > packages built using the package() GN template. > > > Bug: 823927 > Change-Id: Ibc22913658f73d992e563e829a377be66f61f805 > Reviewed-on: https://chromium-review.googlesource.com/1025046 > Reviewed-by: Scott Graham <scottmg@chromium.org> > Commit-Queue: Kevin Marshall <kmarshall@chromium.org> > Cr-Commit-Position: refs/heads/master@{#552950} TBR=kmarshall@chromium.org,scottmg@chromium.org Change-Id: I1b0b9517c878d1c4483efbba3e46502d875b194f No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 823927 Reviewed-on: https://chromium-review.googlesource.com/1026811 Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#553305} [modify] https://crrev.com/8def47b99d87059f1c34e1ea68c30e9de1c86ba7/build/config/fuchsia/build_manifest.py [modify] https://crrev.com/8def47b99d87059f1c34e1ea68c30e9de1c86ba7/build/config/fuchsia/config.gni [modify] https://crrev.com/8def47b99d87059f1c34e1ea68c30e9de1c86ba7/build/config/fuchsia/package.gni [modify] https://crrev.com/8def47b99d87059f1c34e1ea68c30e9de1c86ba7/build/config/fuchsia/sandbox_policy
,
Apr 25 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3a52bf670fb4e7da6832c2cd3e407b42bc2447cf commit 3a52bf670fb4e7da6832c2cd3e407b42bc2447cf Author: Wez <wez@chromium.org> Date: Wed Apr 25 10:02:05 2018 Restore 'shell' feature in test package sandbox policy. The 'shell' feature removal CL was reverted after the sandbox policy files had been split into production and test versions, so the revert did not apply to the new test process policy. TBR: kmarshall Bug: 823927 , 836341 Change-Id: I9a4c75cb01c255887a4928c31ab199e039d53397 Reviewed-on: https://chromium-review.googlesource.com/1027441 Reviewed-by: Wez <wez@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#553500} [modify] https://crrev.com/3a52bf670fb4e7da6832c2cd3e407b42bc2447cf/build/config/fuchsia/testing_sandbox_policy
,
Apr 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/98ffc41ad2518b62ec32d2c62f8da62ea1571357 commit 98ffc41ad2518b62ec32d2c62f8da62ea1571357 Author: Kevin Marshall <kmarshall@chromium.org> Date: Thu Apr 26 20:38:53 2018 Fuchsia: remove "shell" capability and add dynamic libraries to packages. Removing the "shell" capability allows packaged apps to load dynamic libraries from the package. In addition, it prevents the app from using any system-provided libraries, in favor of the package supplying all of its data and dynamic library dependencies. This CL includes the system libraries from the SDK's "dist" directory in packages built using the package() GN template. This reverts commit 2841fb2f7be2c0b91953a86fa0460c4ac94aac24. Bug: 823927 , 836341 , 837203 Change-Id: Iea57853f6c3c4ebc36de4f758f168fffbd4d79ba Reviewed-on: https://chromium-review.googlesource.com/1027087 Reviewed-by: Wez <wez@chromium.org> Commit-Queue: Kevin Marshall <kmarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#554129} [modify] https://crrev.com/98ffc41ad2518b62ec32d2c62f8da62ea1571357/build/config/fuchsia/build_manifest.py [modify] https://crrev.com/98ffc41ad2518b62ec32d2c62f8da62ea1571357/build/config/fuchsia/config.gni [modify] https://crrev.com/98ffc41ad2518b62ec32d2c62f8da62ea1571357/build/config/fuchsia/package.gni [modify] https://crrev.com/98ffc41ad2518b62ec32d2c62f8da62ea1571357/build/config/fuchsia/sandbox_policy [modify] https://crrev.com/98ffc41ad2518b62ec32d2c62f8da62ea1571357/build/config/fuchsia/testing_sandbox_policy |
||
►
Sign in to add a comment |
||
Comment 1 by kmarshall@chromium.org
, Mar 20 2018Labels: OS-Fuchsia