macOS V2 Sandbox: Sandbox PPAPI Processes.
This launches PPAPI processes under the new macOS V2 sandbox. Bug: 689306 Change-Id: I56877dd163d5120f251ad6a791c83383814c641e Reviewed-on: https://chromium-review.googlesource.com/830976 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Mike Pinkerton <pinkerton@chromium.org> Commit-Queue: Greg Kerr <kerrnel@chromium.org> Cr-Commit-Position: refs/heads/master@{#525475}
This commit is contained in:
content
browser
ppapi_plugin
services/service_manager/sandbox/mac
@ -22,9 +22,11 @@
|
||||
#include "mojo/edk/embedder/scoped_platform_handle.h"
|
||||
#include "sandbox/mac/seatbelt_exec.h"
|
||||
#include "services/service_manager/sandbox/mac/common_v2.sb.h"
|
||||
#include "services/service_manager/sandbox/mac/ppapi_v2.sb.h"
|
||||
#include "services/service_manager/sandbox/mac/renderer_v2.sb.h"
|
||||
#include "services/service_manager/sandbox/mac/utility.sb.h"
|
||||
#include "services/service_manager/sandbox/sandbox.h"
|
||||
#include "services/service_manager/sandbox/sandbox_type.h"
|
||||
|
||||
namespace content {
|
||||
namespace internal {
|
||||
@ -63,8 +65,9 @@ void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread(
|
||||
bool no_sandbox = command_line_->HasSwitch(switches::kNoSandbox) ||
|
||||
service_manager::IsUnsandboxedSandboxType(sandbox_type);
|
||||
|
||||
bool v2_process = GetProcessType() == switches::kRendererProcess ||
|
||||
GetProcessType() == switches::kUtilityProcess;
|
||||
bool v2_process = sandbox_type == service_manager::SANDBOX_TYPE_PPAPI ||
|
||||
sandbox_type == service_manager::SANDBOX_TYPE_RENDERER ||
|
||||
sandbox_type == service_manager::SANDBOX_TYPE_UTILITY;
|
||||
|
||||
bool use_v2 =
|
||||
v2_process && base::FeatureList::IsEnabled(features::kMacV2Sandbox);
|
||||
@ -74,9 +77,11 @@ void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread(
|
||||
std::string profile =
|
||||
std::string(service_manager::kSeatbeltPolicyString_common_v2);
|
||||
|
||||
if (GetProcessType() == switches::kRendererProcess) {
|
||||
if (sandbox_type == service_manager::SANDBOX_TYPE_PPAPI) {
|
||||
profile += service_manager::kSeatbeltPolicyString_ppapi_v2;
|
||||
} else if (sandbox_type == service_manager::SANDBOX_TYPE_RENDERER) {
|
||||
profile += service_manager::kSeatbeltPolicyString_renderer_v2;
|
||||
} else if (GetProcessType() == switches::kUtilityProcess) {
|
||||
} else if (sandbox_type == service_manager::SANDBOX_TYPE_UTILITY) {
|
||||
profile += service_manager::kSeatbeltPolicyString_utility;
|
||||
}
|
||||
|
||||
@ -87,9 +92,10 @@ void ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread(
|
||||
seatbelt_exec_client_ = std::make_unique<sandbox::SeatbeltExecClient>();
|
||||
seatbelt_exec_client_->SetProfile(profile);
|
||||
|
||||
if (GetProcessType() == switches::kRendererProcess) {
|
||||
SetupRendererSandboxParameters(seatbelt_exec_client_.get());
|
||||
} else {
|
||||
if (sandbox_type == service_manager::SANDBOX_TYPE_RENDERER ||
|
||||
sandbox_type == service_manager::SANDBOX_TYPE_PPAPI) {
|
||||
SetupCommonSandboxParameters(seatbelt_exec_client_.get());
|
||||
} else if (sandbox_type == service_manager::SANDBOX_TYPE_UTILITY) {
|
||||
SetupUtilitySandboxParameters(seatbelt_exec_client_.get(),
|
||||
*command_line_.get());
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ namespace content {
|
||||
// All of the below functions populate the |client| with the parameters that the
|
||||
// sandbox needs to resolve information that cannot be known at build time, such
|
||||
// as the user's home directory.
|
||||
void SetupRendererSandboxParameters(sandbox::SeatbeltExecClient* client);
|
||||
void SetupCommonSandboxParameters(sandbox::SeatbeltExecClient* client);
|
||||
|
||||
void SetupUtilitySandboxParameters(sandbox::SeatbeltExecClient* client,
|
||||
const base::CommandLine& command_line);
|
||||
|
@ -39,6 +39,8 @@ std::string GetOSVersion() {
|
||||
return std::to_string(final_os_version);
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
void SetupCommonSandboxParameters(sandbox::SeatbeltExecClient* client) {
|
||||
const base::CommandLine* command_line =
|
||||
base::CommandLine::ForCurrentProcess();
|
||||
@ -89,12 +91,6 @@ void SetupCommonSandboxParameters(sandbox::SeatbeltExecClient* client) {
|
||||
service_manager::SandboxMac::kSandboxHomedirAsLiteral, homedir));
|
||||
}
|
||||
|
||||
} // namespace
|
||||
|
||||
void SetupRendererSandboxParameters(sandbox::SeatbeltExecClient* client) {
|
||||
SetupCommonSandboxParameters(client);
|
||||
}
|
||||
|
||||
void SetupUtilitySandboxParameters(sandbox::SeatbeltExecClient* client,
|
||||
const base::CommandLine& command_line) {
|
||||
SetupCommonSandboxParameters(client);
|
||||
|
@ -456,10 +456,14 @@ void PpapiThread::OnLoadPlugin(const base::FilePath& path,
|
||||
}
|
||||
} else {
|
||||
#if defined(OS_MACOSX)
|
||||
// We need to do this after getting |PPP_GetInterface()| (or presumably
|
||||
// doing something nontrivial with the library), else the sandbox
|
||||
// intercedes.
|
||||
CHECK(InitializeSandbox());
|
||||
// TODO(kerrnel): Delete this once the V2 sandbox is default.
|
||||
const base::CommandLine* cmdline = base::CommandLine::ForCurrentProcess();
|
||||
if (!cmdline->HasSwitch(switches::kEnableV2Sandbox)) {
|
||||
// We need to do this after getting |PPP_GetInterface()| (or presumably
|
||||
// doing something nontrivial with the library), else the sandbox
|
||||
// intercedes.
|
||||
CHECK(InitializeSandbox());
|
||||
}
|
||||
#endif
|
||||
|
||||
#if BUILDFLAG(ENABLE_CDM_HOST_VERIFICATION)
|
||||
|
@ -11,6 +11,7 @@ action_foreach("package_sb_files") {
|
||||
"gpu.sb",
|
||||
"nacl_loader.sb",
|
||||
"ppapi.sb",
|
||||
"ppapi_v2.sb",
|
||||
"renderer.sb",
|
||||
"renderer_v2.sb",
|
||||
"utility.sb",
|
||||
|
@ -43,6 +43,25 @@
|
||||
(define (user-homedir-path subpath)
|
||||
(string-append (param homedir-as-literal) subpath))
|
||||
|
||||
; A function that specific profiles (i.e. renderer) can call to allow
|
||||
; font rendering.
|
||||
(define (allow-font-access)
|
||||
(begin
|
||||
(allow file-read-data
|
||||
(subpath "/Library/Fonts")
|
||||
(subpath "/System/Library/Fonts")
|
||||
(subpath (user-homedir-path "/Library/Fonts")))
|
||||
(allow mach-lookup
|
||||
(global-name "com.apple.fonts")
|
||||
; crbug.com/756145, crbug.com/786615
|
||||
(global-name "com.apple.FontObjectsServer"))
|
||||
(if (< os-version 1012)
|
||||
(allow mach-lookup (global-name "com.apple.FontServer")))
|
||||
; To allow accessing downloaded and other hidden fonts in
|
||||
; /System/Library/Asssets/com_apple_MobileAsset_Font*.
|
||||
; (https://crbug.com/662686)
|
||||
(allow file-read* (extension "com.apple.app-sandbox.read"))))
|
||||
|
||||
; Allow logging for all processes.
|
||||
(allow file-write*
|
||||
(require-all
|
||||
@ -99,7 +118,11 @@
|
||||
|
||||
; Reads from /Library.
|
||||
(allow file-read-data
|
||||
(path "/Library/Preferences/.GlobalPreferences.plist")
|
||||
(path "/Library/Preferences/.GlobalPreferences.plist"))
|
||||
|
||||
; Reads from /System.
|
||||
(allow file-read-data
|
||||
(path "/System/Library/CoreServices/checkfixlist")
|
||||
(path "/System/Library/CoreServices/SystemVersion.plist"))
|
||||
|
||||
; Reads from /usr.
|
||||
|
21
services/service_manager/sandbox/mac/ppapi_v2.sb
Normal file
21
services/service_manager/sandbox/mac/ppapi_v2.sb
Normal file
@ -0,0 +1,21 @@
|
||||
; Copyright 2017 The Chromium Authors. All rights reserved.
|
||||
; Use of this source code is governed by a BSD-style license that can be
|
||||
; found in the LICENSE file.
|
||||
|
||||
; --- The contents of common.sb implicitly included here. ---
|
||||
|
||||
; Needed for Fonts.
|
||||
(allow-font-access)
|
||||
|
||||
; IOKit
|
||||
(allow iokit-open
|
||||
(iokit-registry-entry-class "IOSurfaceRootUserClient"))
|
||||
|
||||
; Reads from home dir.
|
||||
(allow file-read-data
|
||||
(path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist")))
|
||||
|
||||
; Reads from /System.
|
||||
(allow file-read-data
|
||||
(subpath "/System/Library/CoreServices/SystemAppearance.bundle")
|
||||
(path "/System/Library/Colors/System.clr/System.clr"))
|
@ -11,8 +11,7 @@
|
||||
; Reads from the home directory.
|
||||
(allow file-read-data
|
||||
(path (user-homedir-path "/.CFUserTextEncoding"))
|
||||
(path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist"))
|
||||
(subpath (user-homedir-path "/Library/Fonts")))
|
||||
(path (user-homedir-path "/Library/Preferences/com.apple.universalaccess.plist")))
|
||||
|
||||
; Reads of /dev devices.
|
||||
(allow file-read-data
|
||||
@ -24,19 +23,17 @@
|
||||
(path "/dev/null")
|
||||
(vnode-type CHARACTER-DEVICE)))
|
||||
|
||||
; Reads from /Library.
|
||||
(allow file-read-data (subpath "/Library/Fonts"))
|
||||
; Needed for Fonts.
|
||||
(allow-font-access)
|
||||
|
||||
; Reads from /System.
|
||||
(allow file-read-data
|
||||
(path "/System/Library/CoreServices/checkfixlist")
|
||||
(path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Library/AppExceptions.bundle/Exceptions.plist")
|
||||
(path "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Exceptions.plist")
|
||||
(path "/System/Library/Preferences/Logging/Subsystems/com.apple.SkyLight.plist")
|
||||
(subpath "/System/Library/ColorSync/Profiles")
|
||||
(subpath "/System/Library/CoreServices/SystemAppearance.bundle")
|
||||
(subpath "/System/Library/CoreServices/SystemVersion.bundle")
|
||||
(subpath "/System/Library/Fonts")
|
||||
(subpath "/System/Library/LinguisticData"))
|
||||
|
||||
; IOKit
|
||||
@ -55,20 +52,7 @@
|
||||
(allow mach-lookup
|
||||
; crbug.com/792257
|
||||
(global-name "com.apple.distributed_notifications@Uv3")
|
||||
(global-name "com.apple.fonts")
|
||||
; crbug.com/756145, crbug.com/786615
|
||||
(global-name "com.apple.FontObjectsServer")
|
||||
(global-name "com.apple.lsd.mapdb")
|
||||
; crbug.com/792217
|
||||
(global-name "com.apple.system.notification_center")
|
||||
(global-name "com.apple.windowserver.active"))
|
||||
|
||||
; MacOS dropped FontServer to replace it with the (XPC based) com.apple.fonts,
|
||||
; but 10.9 through 10.11 use FontServer.
|
||||
(if (< os-version 1012)
|
||||
(allow mach-lookup (global-name "com.apple.FontServer")))
|
||||
|
||||
; To allow accessing downloaded and other hidden fonts in
|
||||
; /System/Library/Asssets/com_apple_MobileAsset_Font*.
|
||||
; (https://crbug.com/662686)
|
||||
(allow file-read* (extension "com.apple.app-sandbox.read"))
|
||||
|
Reference in New Issue
Block a user