0

Debug Mac V2 GPU sandbox issues by crashing the process.

This enumerates all known denials encountered with local testing and
makes unknown denials fatal. This will enable crash data collection to
identify resources that we do not know about. It also turns on sandbox
logging to make it easier to identify issues.

Also allows reading the SubmitDiagInfo search tree in /System/Library
because the file in /Library is already allowed.

Change-Id: If14054b213c65064d971f717089731ad6e3c2bb2
Bug: 1126350
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2398915
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813591}
This commit is contained in:
Robert Sesek
2020-10-04 19:05:44 +00:00
committed by Commit Bot
parent a0f2646dea
commit a5dd0e75a1
2 changed files with 48 additions and 1 deletions
content/browser
sandbox/policy/mac

@ -224,10 +224,19 @@ void SetupSandboxParameters(sandbox::policy::SandboxType sandbox_type,
case sandbox::policy::SandboxType::kRenderer:
SetupCommonSandboxParameters(client);
break;
case sandbox::policy::SandboxType::kGpu:
case sandbox::policy::SandboxType::kGpu: {
SetupCommonSandboxParameters(client);
// Temporary for https://crbug.com/1126350.
CHECK(client->SetParameter("PARENT_DIR",
sandbox::policy::SandboxMac::GetCanonicalPath(
base::mac::OuterBundlePath().DirName())
.value()));
base::FilePath pwd;
CHECK(base::GetCurrentDirectory(&pwd));
CHECK(client->SetParameter("PWD", pwd.value()));
AddDarwinDirs(client);
break;
}
case sandbox::policy::SandboxType::kCdm:
SetupCDMSandboxParameters(client);
break;