[Code Health] Remove MacSyscallSandbox feature
The feature will not be used in the near future. Bug: 356623853, 40637835 Change-Id: I0b09fefb027a7e4c6b304b5a0ff4d70d2e6d723a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6419522 Commit-Queue: Sven Zheng <svenzheng@chromium.org> Reviewed-by: Mark Rowe <markrowe@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/main@{#1442772}
This commit is contained in:
Sven Zheng
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
8458cea489
commit
770eff8844
chrome/browser
content
browser
public
renderer
sandbox/policy/mac
@ -5493,10 +5493,6 @@ const FeatureEntry kFeatureEntries[] = {
|
||||
#endif // BUILDFLAG(IS_ANDROID)
|
||||
|
||||
#if BUILDFLAG(IS_MAC)
|
||||
{"mac-syscall-sandbox", flag_descriptions::kMacSyscallSandboxName,
|
||||
flag_descriptions::kMacSyscallSandboxDescription, kOsMac,
|
||||
FEATURE_VALUE_TYPE(features::kMacSyscallSandbox)},
|
||||
|
||||
{"mac-loopback-audio-for-screen-share",
|
||||
flag_descriptions::kMacLoopbackAudioForScreenShareName,
|
||||
flag_descriptions::kMacLoopbackAudioForScreenShareDescription, kOsMac,
|
||||
|
||||
@ -6062,11 +6062,6 @@
|
||||
"owners": [ "mfoltz@chromium.org", "olka@chromium.org", "eladalon@chromium.org"],
|
||||
"expiry_milestone": 145
|
||||
},
|
||||
{
|
||||
"name": "mac-syscall-sandbox",
|
||||
"owners": [ "rsesek@google.com" ],
|
||||
"expiry_milestone": 88
|
||||
},
|
||||
{
|
||||
"name": "mahi",
|
||||
"owners": [ "thanhdng@chromium.org", "chrome-knowledge-eng@google.com" ],
|
||||
|
||||
@ -5677,10 +5677,6 @@ const char kMacPWAsNotificationAttributionDescription[] =
|
||||
"Route notifications for PWAs on Mac through the app shim, attributing "
|
||||
"notifications to the correct apps.";
|
||||
|
||||
const char kMacSyscallSandboxName[] = "Mac Syscall Filtering Sandbox";
|
||||
const char kMacSyscallSandboxDescription[] =
|
||||
"Controls whether the macOS sandbox filters syscalls.";
|
||||
|
||||
const char kRetryGetVideoCaptureDeviceInfosName[] =
|
||||
"Retry capture device enumeration on crash";
|
||||
const char kRetryGetVideoCaptureDeviceInfosDescription[] =
|
||||
|
||||
@ -139,13 +139,6 @@ void SetupCommonSandboxParameters(
|
||||
sandbox::policy::GetCanonicalPath(base::GetHomeDir()).value();
|
||||
CHECK(serializer->SetParameter(sandbox::policy::kParamHomedirAsLiteral,
|
||||
homedir));
|
||||
|
||||
CHECK(serializer->SetBooleanParameter(
|
||||
sandbox::policy::kParamFilterSyscalls,
|
||||
base::FeatureList::IsEnabled(features::kMacSyscallSandbox)));
|
||||
|
||||
CHECK(serializer->SetBooleanParameter(
|
||||
sandbox::policy::kParamFilterSyscallsDebug, false));
|
||||
}
|
||||
|
||||
void SetupNetworkSandboxParameters(sandbox::SandboxSerializer* serializer,
|
||||
|
||||
@ -1418,10 +1418,6 @@ BASE_FEATURE(kMacImeLiveConversionFix,
|
||||
"MacImeLiveConversionFix",
|
||||
base::FEATURE_ENABLED_BY_DEFAULT);
|
||||
|
||||
BASE_FEATURE(kMacSyscallSandbox,
|
||||
"MacSyscallSandbox",
|
||||
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||
|
||||
// Changes how Chrome responds to accessibility activation signals on macOS
|
||||
// Sonoma, to avoid unnecessary changes to the screen reader state.
|
||||
BASE_FEATURE(kSonomaAccessibilityActivationRefinements,
|
||||
|
||||
@ -314,7 +314,6 @@ CONTENT_EXPORT BASE_DECLARE_FEATURE(kUserMediaScreenCapturing);
|
||||
#if BUILDFLAG(IS_MAC)
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kMacAllowBackgroundingRenderProcesses);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kMacImeLiveConversionFix);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kMacSyscallSandbox);
|
||||
CONTENT_EXPORT BASE_DECLARE_FEATURE(kSonomaAccessibilityActivationRefinements);
|
||||
#endif // BUILDFLAG(IS_MAC)
|
||||
|
||||
|
||||
@ -40,8 +40,7 @@ namespace {
|
||||
|
||||
void SetParametersForTest(SandboxSerializer* serializer,
|
||||
const base::FilePath& logging_path,
|
||||
const base::FilePath& executable_path,
|
||||
bool use_syscall_filter) {
|
||||
const base::FilePath& executable_path) {
|
||||
bool enable_logging = true;
|
||||
CHECK(serializer->SetBooleanParameter(sandbox::policy::kParamEnableLogging,
|
||||
enable_logging));
|
||||
@ -75,9 +74,6 @@ void SetParametersForTest(SandboxSerializer* serializer,
|
||||
|
||||
CHECK(serializer->SetParameter(sandbox::policy::kParamExecutablePath,
|
||||
executable_path.value()));
|
||||
|
||||
CHECK(serializer->SetBooleanParameter(sandbox::policy::kParamFilterSyscalls,
|
||||
use_syscall_filter));
|
||||
}
|
||||
|
||||
} // namespace
|
||||
@ -107,11 +103,7 @@ MULTIPROCESS_TEST_MAIN(SandboxProfileProcess) {
|
||||
const base::FilePath log_file = temp_path.Append("log-file");
|
||||
const base::FilePath exec_file("/bin/ls");
|
||||
|
||||
// TODO(crbug.com/40273168): re-enable syscall filter for this test.
|
||||
// SandboxV2Test.SandboxProfileTest uses system() which uses a denied syscall,
|
||||
// which should cause the test to fail.
|
||||
SetParametersForTest(&serializer, log_file, exec_file,
|
||||
/*use_syscall_filter=*/false);
|
||||
SetParametersForTest(&serializer, log_file, exec_file);
|
||||
|
||||
std::string error, serialized;
|
||||
CHECK(serializer.SerializePolicy(serialized, error)) << error;
|
||||
|
||||
@ -59,20 +59,3 @@
|
||||
(sysctl-name "hw.optional.sse4_1")
|
||||
(sysctl-name "hw.optional.sse4_2")
|
||||
)
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls-debug)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS_csrctl)
|
||||
(syscall-number SYS_mlock)
|
||||
(syscall-number SYS_poll)
|
||||
(syscall-number SYS_proc_rlimit_control)
|
||||
(syscall-number SYS_psynch_cvbroad)
|
||||
(syscall-number SYS_psynch_cvwait)
|
||||
(syscall-number SYS_setsockopt)
|
||||
(syscall-number SYS_socketpair)
|
||||
(syscall-number SYS_work_interval_ctl)
|
||||
(syscall-number SYS_write)
|
||||
)))
|
||||
|
||||
@ -9,8 +9,3 @@
|
||||
|
||||
; mach IPC
|
||||
(allow mach-lookup (global-name "com.apple.windowserver.active"))
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls-debug)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))))
|
||||
|
||||
@ -24,11 +24,6 @@
|
||||
(define darwin-user-cache-dir "DARWIN_USER_CACHE_DIR")
|
||||
(define darwin-user-dir "DARWIN_USER_DIR")
|
||||
(define darwin-user-temp-dir "DARWIN_USER_TEMP_DIR")
|
||||
; There are two separate flags for syscall filtering to allow it
|
||||
; to be rolled out to one process type at a time, while still allowing
|
||||
; local development.
|
||||
(define filter-syscalls "FILTER_SYSCALLS")
|
||||
(define filter-syscalls-debug "FILTER_SYSCALLS_DEBUG")
|
||||
|
||||
; Sandboxed processes which use Metal may need to disable the shader cache.
|
||||
(define disable-metal-shader-cache "DISABLE_METAL_SHADER_CACHE")
|
||||
@ -323,90 +318,6 @@
|
||||
(literal "/private/var/run/syslog")
|
||||
)
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls)
|
||||
(when (defined? 'syscall-unix)
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS___disable_threadsignal)
|
||||
(syscall-number SYS___mac_syscall)
|
||||
(syscall-number SYS___pthread_kill)
|
||||
(syscall-number SYS___pthread_markcancel)
|
||||
(syscall-number SYS___pthread_sigmask)
|
||||
(syscall-number SYS___semwait_signal)
|
||||
(syscall-number SYS___semwait_signal_nocancel)
|
||||
(syscall-number SYS_access)
|
||||
(syscall-number SYS_bsdthread_create)
|
||||
(syscall-number SYS_bsdthread_ctl)
|
||||
(syscall-number SYS_bsdthread_register)
|
||||
(syscall-number SYS_bsdthread_terminate)
|
||||
(syscall-number SYS_close)
|
||||
(syscall-number SYS_close_nocancel)
|
||||
(syscall-number SYS_csops_audittoken)
|
||||
(syscall-number SYS_exit)
|
||||
(syscall-number SYS_fcntl)
|
||||
(syscall-number SYS_fileport_makefd)
|
||||
(syscall-number SYS_fileport_makeport)
|
||||
(syscall-number SYS_fstat64)
|
||||
(syscall-number SYS_fstatat64)
|
||||
(syscall-number SYS_fstatfs64)
|
||||
(syscall-number SYS_getattrlist)
|
||||
(syscall-number SYS_getattrlistbulk)
|
||||
(syscall-number SYS_getaudit_addr)
|
||||
(syscall-number SYS_getdirentries64)
|
||||
(syscall-number SYS_geteuid)
|
||||
(syscall-number SYS_getgid)
|
||||
(syscall-number SYS_gethostuuid)
|
||||
(syscall-number SYS_getpid)
|
||||
(syscall-number SYS_getppid)
|
||||
(syscall-number SYS_getpriority)
|
||||
(syscall-number SYS_getrlimit)
|
||||
(syscall-number SYS_gettimeofday)
|
||||
(syscall-number SYS_getuid)
|
||||
(syscall-number SYS_ioctl)
|
||||
(syscall-number SYS_issetugid)
|
||||
(syscall-number SYS_kdebug_trace64)
|
||||
(syscall-number SYS_kevent64)
|
||||
(syscall-number SYS_kevent_id)
|
||||
(syscall-number SYS_kevent_qos)
|
||||
(syscall-number SYS_kqueue)
|
||||
(syscall-number SYS_lstat64)
|
||||
(syscall-number SYS_madvise)
|
||||
(syscall-number SYS_mmap)
|
||||
(syscall-number SYS_mprotect)
|
||||
(syscall-number SYS_munmap)
|
||||
(syscall-number SYS_open)
|
||||
(syscall-number SYS_open_dprotected_np)
|
||||
(syscall-number SYS_open_nocancel)
|
||||
(syscall-number SYS_pread)
|
||||
(syscall-number SYS_proc_info)
|
||||
(syscall-number SYS_psynch_mutexdrop)
|
||||
(syscall-number SYS_psynch_mutexwait)
|
||||
(syscall-number SYS_psynch_rw_downgrade)
|
||||
(syscall-number SYS_psynch_rw_longrdlock)
|
||||
(syscall-number SYS_psynch_rw_rdlock)
|
||||
(syscall-number SYS_psynch_rw_unlock)
|
||||
(syscall-number SYS_psynch_rw_unlock2)
|
||||
(syscall-number SYS_psynch_rw_upgrade)
|
||||
(syscall-number SYS_psynch_rw_wrlock)
|
||||
(syscall-number SYS_psynch_rw_yieldwrlock)
|
||||
(syscall-number SYS_read)
|
||||
(syscall-number SYS_read_nocancel)
|
||||
(syscall-number SYS_readlink)
|
||||
(syscall-number SYS_shm_open)
|
||||
(syscall-number SYS_sigaction)
|
||||
(syscall-number SYS_sigprocmask)
|
||||
(syscall-number SYS_sigreturn)
|
||||
(syscall-number SYS_stat64)
|
||||
(syscall-number SYS_statfs64)
|
||||
(syscall-number SYS_sysctl)
|
||||
(syscall-number SYS_sysctlbyname)
|
||||
(syscall-number SYS_thread_selfid)
|
||||
(syscall-number SYS_ulock_wait)
|
||||
(syscall-number SYS_ulock_wake)
|
||||
(syscall-number SYS_workq_kernreturn)
|
||||
(syscall-number SYS_workq_open)
|
||||
)))
|
||||
|
||||
; Explicit denials. These are already covered by the blanket `(deny default)`,
|
||||
; but benefit from explanation as to why they're denied.
|
||||
(deny mach-lookup
|
||||
|
||||
@ -132,19 +132,6 @@
|
||||
(extension-class "com.apple.app-sandbox.read")
|
||||
(subpath "/")))
|
||||
|
||||
(if (param-true? filter-syscalls-debug)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS_csrctl)
|
||||
(syscall-number SYS_getentropy)
|
||||
(syscall-number SYS_getxattr)
|
||||
(syscall-number SYS_kdebug_typefilter)
|
||||
(syscall-number SYS_sigaltstack)
|
||||
(syscall-number SYS_write)
|
||||
(syscall-number SYS_write_nocancel)
|
||||
)))
|
||||
|
||||
(if (not (maybe-disable-metal-shader-cache))
|
||||
(maybe-allow-metal-shader-cache-access))
|
||||
|
||||
|
||||
@ -20,16 +20,3 @@
|
||||
; https://crbug.com/1237384
|
||||
(subpath "/System/Library/CoreServices/SystemAppearance.bundle")
|
||||
)
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls-debug)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS_fsgetpath)
|
||||
(syscall-number SYS_getfsstat64)
|
||||
(syscall-number SYS_mkdir)
|
||||
(syscall-number SYS_pathconf)
|
||||
(syscall-number SYS_sigaltstack)
|
||||
(syscall-number SYS_write)
|
||||
)))
|
||||
|
||||
@ -98,88 +98,3 @@
|
||||
(allow sysctl-read (sysctl-name "kern.tcsm_enable"))
|
||||
(allow sysctl-write (sysctl-name "kern.tcsm_enable"))
|
||||
(allow sysctl-read (sysctl-name "kern.tcsm_available"))
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS_change_fdguard_np)
|
||||
(syscall-number SYS_chdir)
|
||||
(syscall-number SYS_chmod)
|
||||
(syscall-number SYS_csops)
|
||||
(syscall-number SYS_csrctl)
|
||||
(syscall-number SYS_dup)
|
||||
(syscall-number SYS_dup2)
|
||||
(syscall-number SYS_fchmod)
|
||||
(syscall-number SYS_fcntl_nocancel)
|
||||
(syscall-number SYS_fgetxattr)
|
||||
(syscall-number SYS_fileport_makefd)
|
||||
(syscall-number SYS_fileport_makeport)
|
||||
(syscall-number SYS_flock)
|
||||
(syscall-number SYS_fsetattrlist)
|
||||
(syscall-number SYS_fsgetpath)
|
||||
(syscall-number SYS_fsync)
|
||||
(syscall-number SYS_ftruncate)
|
||||
(syscall-number SYS_getegid)
|
||||
(syscall-number SYS_getentropy)
|
||||
(syscall-number SYS_getfsstat64)
|
||||
(syscall-number SYS_getrusage)
|
||||
(syscall-number SYS_getsockopt)
|
||||
(syscall-number SYS_gettid)
|
||||
(syscall-number SYS_getxattr)
|
||||
(syscall-number SYS_guarded_close_np)
|
||||
(syscall-number SYS_guarded_open_np)
|
||||
(syscall-number SYS_guarded_pwrite_np)
|
||||
(syscall-number SYS_kdebug_trace)
|
||||
(syscall-number SYS_kdebug_typefilter)
|
||||
(syscall-number SYS_listxattr)
|
||||
(syscall-number SYS_lseek)
|
||||
(syscall-number SYS_memorystatus_control)
|
||||
(syscall-number SYS_mkdir)
|
||||
(syscall-number SYS_mkdirat)
|
||||
(syscall-number SYS_mlock)
|
||||
(syscall-number SYS_msync)
|
||||
(syscall-number SYS_munlock)
|
||||
(syscall-number SYS_necp_client_action)
|
||||
(syscall-number SYS_necp_open)
|
||||
(syscall-number SYS_openat)
|
||||
(syscall-number SYS_openat_nocancel)
|
||||
(syscall-number SYS_pathconf)
|
||||
(syscall-number SYS_pipe)
|
||||
(syscall-number SYS_pread_nocancel)
|
||||
(syscall-number SYS_proc_rlimit_control)
|
||||
(syscall-number SYS_process_policy)
|
||||
(syscall-number SYS_psynch_cvbroad)
|
||||
(syscall-number SYS_psynch_cvclrprepost)
|
||||
(syscall-number SYS_psynch_cvsignal)
|
||||
(syscall-number SYS_psynch_cvwait)
|
||||
(syscall-number SYS_psynch_rw_unlock)
|
||||
(syscall-number SYS_psynch_rw_wrlock)
|
||||
(syscall-number SYS_pwrite)
|
||||
(syscall-number SYS_quotactl)
|
||||
(syscall-number SYS_recvfrom_nocancel)
|
||||
(syscall-number SYS_rename)
|
||||
(syscall-number SYS_rmdir)
|
||||
(syscall-number SYS_select)
|
||||
(syscall-number SYS_select_nocancel)
|
||||
(syscall-number SYS_sem_close)
|
||||
(syscall-number SYS_sem_open)
|
||||
(syscall-number SYS_sem_post)
|
||||
(syscall-number SYS_sem_wait)
|
||||
(syscall-number SYS_sendmsg_nocancel)
|
||||
(syscall-number SYS_sendto)
|
||||
(syscall-number SYS_sendto_nocancel)
|
||||
(syscall-number SYS_setpriority)
|
||||
(syscall-number SYS_setrlimit)
|
||||
(syscall-number SYS_setsockopt)
|
||||
(syscall-number SYS_shared_region_check_np)
|
||||
(syscall-number SYS_shutdown)
|
||||
(syscall-number SYS_sigaltstack)
|
||||
(syscall-number SYS_umask)
|
||||
(syscall-number SYS_unlink)
|
||||
(syscall-number SYS_work_interval_ctl)
|
||||
(syscall-number SYS_write)
|
||||
(syscall-number SYS_write_nocancel)
|
||||
(syscall-number SYS_writev)
|
||||
)))
|
||||
|
||||
@ -13,13 +13,3 @@
|
||||
; *** The contents of common.sb are implicitly included here. ***
|
||||
|
||||
; No additional resource access needed.
|
||||
|
||||
; This is available in 10.15+, and rolled out as a Finch experiment.
|
||||
(if (param-true? filter-syscalls-debug)
|
||||
(when (defined? 'syscall-unix)
|
||||
(deny syscall-unix (with send-signal SIGSYS))
|
||||
(allow syscall-unix
|
||||
(syscall-number SYS_psynch_cvwait)
|
||||
(syscall-number SYS_sendto)
|
||||
(syscall-number SYS_socketpair)
|
||||
)))
|
||||
|
||||
Reference in New Issue
Block a user