From c7b993b3e84a3d35b51f959f21b1418d3cdfed41 Mon Sep 17 00:00:00 2001
From: Tom Anderson <thomasanderson@chromium.org>
Date: Thu, 26 Jul 2018 17:15:04 +0000
Subject: [PATCH] Reland "Stop removing rpath_for_built_shared_libraries from
 chrome_sandbox"

This is a reland of 43a48785f23a65d5b3f0cefac086d67c3dea4eb0

After [1], the RPATH is no longer set for sanitizer builds.  Also, after [2],
the setuid bit is no longer set on chrome_sandbox anyway.

[1] https://chromium.googlesource.com/chromium/src.git/+/f002a96e9b788fe71fd1c773a4bc891940c409d8
[2] https://chromium.googlesource.com/chromiumos/chromite.git/+/de3a6f421ec7e32c45fd4131f50d2c0a98fcdd56

Original change's description:
> Stop removing rpath_for_built_shared_libraries from chrome_sandbox
>
> For instrumented builds like tsan, this causes chrome_sandbox to reference the
> wrong libc++.so due to a missing RPATH.
>
> Since all configurations we ship don't set RPATH, we don't have to worry about
> security vulnerabilities introduced by RPATH=$ORIGIN.  There's also a check to
> enforce this in chrome/installer/linux/common/installer.include.
>
> BUG=850682
>
> Change-Id: I25307bd9de388009acffdbb8de6717210873655b
> Reviewed-on: https://chromium-review.googlesource.com/1092077
> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> Reviewed-by: Dirk Pranke <dpranke@chromium.org>
> Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#566099}

Bug: 850682
Change-Id: I82fda0bd5b8f0222d64dcf6c4b7d1199c7e5e585
Reviewed-on: https://chromium-review.googlesource.com/1150254
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578346}
---
 build/config/gcc/BUILD.gn |  4 ----
 sandbox/linux/BUILD.gn    | 19 -------------------
 2 files changed, 23 deletions(-)

diff --git a/build/config/gcc/BUILD.gn b/build/config/gcc/BUILD.gn
index 2fe0f4ea87f2f..14a2ec9ff325c 100644
--- a/build/config/gcc/BUILD.gn
+++ b/build/config/gcc/BUILD.gn
@@ -98,10 +98,6 @@ config("rpath_for_built_shared_libraries") {
 
 # Settings for executables.
 config("executable_ldconfig") {
-  # WARNING! //sandbox/linux:chrome_sandbox will not pick up this
-  # config, because it is a setuid binary that needs special flags.
-  # If you add things to this config, make sure you check to see
-  # if they should be added to that target as well.
   ldflags = []
   if (is_android) {
     ldflags += [
diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
index 6f43c6cb60b7c..754fe5a50b322 100644
--- a/sandbox/linux/BUILD.gn
+++ b/sandbox/linux/BUILD.gn
@@ -319,25 +319,6 @@ if (is_linux) {
       # TODO fix this and re-enable this warning.
       "-Wno-sign-compare",
     ]
-
-    import("//build/config/compiler/compiler.gni")
-    import("//build/config/sanitizers/sanitizers.gni")
-    if (is_component_build || using_sanitizer) {
-      # WARNING! We remove this config so that we don't accidentally
-      # pick up the //build/config:rpath_for_built_shared_libraries
-      # sub-config. However, this means that we need to duplicate any
-      # other flags that executable_config might have.
-      configs -= [ "//build/config:executable_config" ]
-      if (!use_gold) {
-        ldflags = [ "-Wl,--disable-new-dtags" ]
-      }
-    }
-
-    # We also do not want to pick up any of the other sanitizer
-    # flags (i.e. we do not want to build w/ the sanitizers at all).
-    # This is safe to delete unconditionally, because it is part of the
-    # default configs and empty when not using the sanitizers.
-    configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
   }
 }