New issue
Advanced search Search tips

Issue 869216 link

Starred by 2 users
Status: Fixed
Owner: ----
Closed: Aug 2
Components:
EstimatedDays: ----
NextAction: ----
OS: Fuchsia
Pri: 1
Type: Bug



Sign in to add a comment

[Fuchsia] Extend ContextProvider to provide /svc for each Context

Project Member Reported by sergeyu@chromium.org, Jul 31 
Currently Context process inherits /svc from the ContextProvider service. A better solution is to allow the process that owns the web Context to create /svc directory for the context process as well.

Comment 1 by w...@chromium.org, Jul 31 

This is a requirement, not a nice-to-have; the Context process should only receive access to services that its owner grants it, rather than inheriting any abilities from the ContextProvider.

Comment 2 by w...@chromium.org, Jul 31

Components: Security
Labels: -Pri-3 M-70 Pri-1
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 1 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e297cf6060e6a8bf879f9c7654ce9df3aed465d1

commit e297cf6060e6a8bf879f9c7654ce9df3aed465d1
Author: Sergey Ulanov <sergeyu@chromium.org>
Date: Wed Aug 01 18:40:43 2018

[Fuchsia] Update launch options when starting context process.

1. /pkg, /svc and /config/ssl are now cloned to Context processes.
   https://crrev.com/1149262 removed FDIO_SPAWN_CLONE_NAMESPACE.
   As result the context process was failing to open /pkg/icudtl.dat.
2. Added FDIO_SPAWN_CLONE_JOB flag - job needs to be cloned so the
   context process can start its own children.
3. Updated SandboxPolicyFuchsia not to clone /tmp - it doesn't appear
   to be necessary for any sandboxed processes.
4. Removed FDIO_SPAWN_CLONE_STDIO for Context and sandboxed processes.
   Instead stderr is added fds_to_map.

Bug:  852145 ,  869216 ,  868556 
Change-Id: I89c429231cd0e295247c80f12e587e1c7335456b
Reviewed-on: https://chromium-review.googlesource.com/1155967
Commit-Queue: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579872}
[modify] https://crrev.com/e297cf6060e6a8bf879f9c7654ce9df3aed465d1/content/common/sandbox_policy_fuchsia.cc
[modify] https://crrev.com/e297cf6060e6a8bf879f9c7654ce9df3aed465d1/webrunner/service/context_provider_impl.cc
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0

commit db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0
Author: Sergey Ulanov <sergeyu@chromium.org>
Date: Thu Aug 02 00:29:18 2018

[Fuchsia] Add service_directory field in CreateContextParams

Now a process that creates a WebContext must pass a service_directory
handle. That directory is mounted as /svc in the context process.

Also renamed dataDirectory->data_directory, which is a proper struct
member name according to the FIDL style guide.

Bug:  869216 
Change-Id: I63af58a472edf0d45b79b0108082fffcac6eaa72
Reviewed-on: https://chromium-review.googlesource.com/1157196
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Sergey Ulanov <sergeyu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#580010}
[modify] https://crrev.com/db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0/webrunner/app/main.cc
[modify] https://crrev.com/db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0/webrunner/fidl/context_provider.fidl
[modify] https://crrev.com/db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0/webrunner/service/context_provider_impl.cc
[modify] https://crrev.com/db24c0265e7c3b6f7ad7a5bec63484d10e66e6c0/webrunner/service/context_provider_impl_unittest.cc

Comment 5 by sergeyu@chromium.org, Aug 2

Status: Fixed (was: Available)

Sign in to add a comment