diff options
author | Torne (Richard Coles) <torne@google.com> | 2013-05-09 18:35:53 +0100 |
---|---|---|
committer | Torne (Richard Coles) <torne@google.com> | 2013-05-13 13:57:14 +0100 |
commit | c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d (patch) | |
tree | 1dbdbb0624cc869ab25ee7f46971984c6fee3e7a /sandbox | |
parent | 2d519ce2457219605d4f472da8d2ffd469796035 (diff) | |
download | chromium_org-c2e0dbddbe15c98d52c4786dac06cb8952a8ae6d.tar.gz |
Merge from Chromium at DEPS revision r198571
This commit was generated by merge_to_master.py.
Change-Id: I951118a03836157090561764dd2627f0add8118f
Diffstat (limited to 'sandbox')
37 files changed, 1375 insertions, 162 deletions
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi index f9cef2bf6d..f5dd1222e1 100644 --- a/sandbox/linux/sandbox_linux.gypi +++ b/sandbox/linux/sandbox_linux.gypi @@ -47,15 +47,7 @@ 'suid_sandbox_client', ], }], - # Only compile in the seccomp mode 1 code for the flag combination - # where we support it. - [ 'OS=="linux" and (target_arch=="ia32" or target_arch=="x64") ' - 'and toolkit_views==0 and selinux==0', { - 'dependencies': [ - 'linux/seccomp-legacy/seccomp.gyp:seccomp_sandbox', - ], - }], - # Similarly, compile seccomp BPF when we support it + # Compile seccomp BPF when we support it. [ 'compile_seccomp_bpf==1', { 'dependencies': [ 'seccomp_bpf', diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h index 680ece601f..71574d5294 100644 --- a/sandbox/linux/seccomp-bpf/bpf_tests.h +++ b/sandbox/linux/seccomp-bpf/bpf_tests.h @@ -9,6 +9,8 @@ #include <sys/stat.h> #include <sys/types.h> +#include "base/third_party/valgrind/valgrind.h" +#include "build/build_config.h" #include "sandbox/linux/tests/unit_tests.h" #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" @@ -92,6 +94,13 @@ class BpfTests : public UnitTests { arg->test()(arg->aux_); } else { + // Only Android should be in the case where kernel support is not always + // available. Valgrind instrumentation will also prevent our tests from + // working. +#if !defined(OS_ANDROID) && !defined(RUNNING_ON_VALGRIND) + const bool seccomp_bpf_is_supported = false; + BPF_ASSERT(seccomp_bpf_is_supported); +#endif // !defined(OS_ANDROID) && !defined(RUNNING_ON_VALGRIND) // Call the compiler and verify the policy. That's the least we can do, // if we don't have kernel support. playground2::Sandbox sandbox; diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc index 2d775f4cc7..b60cc14a12 100644 --- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc @@ -693,6 +693,9 @@ intptr_t BrokerOpenTrapHandler(const struct arch_seccomp_data& args, BPF_ASSERT(aux); BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux); switch(args.nr) { + case __NR_access: + return broker_process->Access(reinterpret_cast<const char*>(args.args[0]), + static_cast<int>(args.args[1])); case __NR_open: return broker_process->Open(reinterpret_cast<const char*>(args.args[0]), static_cast<int>(args.args[1])); @@ -715,6 +718,7 @@ ErrorCode DenyOpenPolicy(Sandbox *sandbox, int sysno, void *aux) { } switch (sysno) { + case __NR_access: case __NR_open: case __NR_openat: // We get a InitializedOpenBroker class, but our trap handler wants @@ -736,7 +740,9 @@ BPF_TEST(SandboxBpf, UseOpenBroker, DenyOpenPolicy, // First, use the broker "manually" BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM); + BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM); BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT); + BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT); // Now use glibc's open() as an external library would. BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1); @@ -753,8 +759,16 @@ BPF_TEST(SandboxBpf, UseOpenBroker, DenyOpenPolicy, BPF_ASSERT(openat(AT_FDCWD, "/proc/allowed", O_RDONLY) == -1); BPF_ASSERT(errno == ENOENT); + // And test glibc's access(). + BPF_ASSERT(access("/proc/denied", R_OK) == -1); + BPF_ASSERT(errno == EPERM); + + BPF_ASSERT(access("/proc/allowed", R_OK) == -1); + BPF_ASSERT(errno == ENOENT); // This is also white listed and does exist. + int cpu_info_access = access("/proc/cpuinfo", R_OK); + BPF_ASSERT(cpu_info_access == 0); int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY); BPF_ASSERT(cpu_info_fd >= 0); char buf[1024]; diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc index ea71b8fd4d..d2302ea098 100644 --- a/sandbox/linux/services/broker_process.cc +++ b/sandbox/linux/services/broker_process.cc @@ -7,6 +7,7 @@ #include <fcntl.h> #include <sys/socket.h> #include <sys/stat.h> +#include <sys/syscall.h> #include <sys/types.h> #include <unistd.h> @@ -19,20 +20,36 @@ #include "base/pickle.h" #include "base/posix/eintr_wrapper.h" #include "base/posix/unix_domain_socket_linux.h" +#include "build/build_config.h" +#include "sandbox/linux/services/linux_syscalls.h" + +#if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) +#define MSG_CMSG_CLOEXEC 0x40000000 +#endif namespace { -static const int kCommandOpen = 'O'; static const size_t kMaxMessageLength = 4096; -// Some flags will need special treatment on the client side and are not -// supported for now. -int ForCurrentProcessFlagsMask() { - return O_CLOEXEC | O_NONBLOCK; -} +// Some flags are local to the current process and cannot be sent over a Unix +// socket. They need special treatment from the client. +// O_CLOEXEC is tricky because in theory another thread could call execve() +// before special treatment is made on the client, so a client needs to call +// recvmsg(2) with MSG_CMSG_CLOEXEC. +// To make things worse, there are two CLOEXEC related flags, FD_CLOEXEC (see +// F_GETFD in fcntl(2)) and O_CLOEXEC (see F_GETFL in fcntl(2)). O_CLOEXEC +// doesn't affect the semantics on execve(), it's merely a note that the +// descriptor was originally opened with O_CLOEXEC as a flag. And it is sent +// over unix sockets just fine, so a receiver that would (incorrectly) look at +// O_CLOEXEC instead of FD_CLOEXEC may be tricked in thinking that the file +// descriptor will or won't be closed on execve(). +// Since we have to account for buggy userland (see crbug.com/237283), we will +// open(2) the file with O_CLOEXEC in the broker process if necessary, in +// addition to calling recvmsg(2) with MSG_CMSG_CLOEXEC. +static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC; // Check whether |requested_filename| is in |allowed_file_names|. -// See GetFileNameIfAllowedAccess() for an explaination of |file_to_open|. +// See GetFileNameIfAllowedToOpen() for an explanation of |file_to_open|. // async signal safe if |file_to_open| is NULL. // TODO(jln): assert signal safety. bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names, @@ -74,8 +91,12 @@ bool IsAllowedOpenFlags(int flags) { // Some flags affect the behavior of the current process. We don't support // them and don't allow them for now. - if (flags & ForCurrentProcessFlagsMask()) { - return false; + if (flags & kCurrentProcessOpenFlagsMask) { + // We make an exception for O_CLOEXEC. Buggy userland could check for + // O_CLOEXEC and the only way to set it is to originally open with this + // flag. See the comment around kCurrentProcessOpenFlagsMask. + if (!(flags & O_CLOEXEC)) + return false; } // Now check that all the flags are known to us. @@ -164,37 +185,69 @@ bool BrokerProcess::Init(bool (*sandbox_callback)(void)) { NOTREACHED(); } -// This function needs to be async signal safe. +int BrokerProcess::Access(const char* pathname, int mode) const { + return PathAndFlagsSyscall(kCommandAccess, pathname, mode); +} + int BrokerProcess::Open(const char* pathname, int flags) const { + return PathAndFlagsSyscall(kCommandOpen, pathname, flags); +} + +// Make a remote system call over IPC for syscalls that take a path and flags +// as arguments, currently open() and access(). +// Will return -errno like a real system call. +// This function needs to be async signal safe. +int BrokerProcess::PathAndFlagsSyscall(enum IPCCommands syscall_type, + const char* pathname, int flags) const { + int recvmsg_flags = 0; RAW_CHECK(initialized_); // async signal safe CHECK(). + RAW_CHECK(syscall_type == kCommandOpen || syscall_type == kCommandAccess); if (!pathname) return -EFAULT; + + // For this "remote system call" to work, we need to handle any flag that + // cannot be sent over a Unix socket in a special way. + // See the comments around kCurrentProcessOpenFlagsMask. + if (syscall_type == kCommandOpen && (flags & kCurrentProcessOpenFlagsMask)) { + // This implementation only knows about O_CLOEXEC, someone needs to look at + // this code if other flags are added. + RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC); + recvmsg_flags |= MSG_CMSG_CLOEXEC; + } + // There is no point in forwarding a request that we know will be denied. // Of course, the real security check needs to be on the other side of the // IPC. if (fast_check_in_client_) { - if (!GetFileNameIfAllowedAccess(pathname, flags, NULL)) + if (syscall_type == kCommandOpen && + !GetFileNameIfAllowedToOpen(pathname, flags, NULL)) { return -EPERM; + } + if (syscall_type == kCommandAccess && + !GetFileNameIfAllowedToAccess(pathname, flags, NULL)) { + return -EPERM; + } } Pickle write_pickle; - write_pickle.WriteInt(kCommandOpen); + write_pickle.WriteInt(syscall_type); write_pickle.WriteString(pathname); write_pickle.WriteInt(flags); RAW_CHECK(write_pickle.size() <= kMaxMessageLength); int returned_fd = -1; uint8_t reply_buf[kMaxMessageLength]; + // Send a request (in write_pickle) as well that will include a new // temporary socketpair (created internally by SendRecvMsg()). // Then read the reply on this new socketpair in reply_buf and put an // eventual attached file descriptor in |returned_fd|. - // TODO(jln): this API needs some rewriting and documentation. - ssize_t msg_len = UnixDomainSocket::SendRecvMsg(ipc_socketpair_, - reply_buf, - sizeof(reply_buf), - &returned_fd, - write_pickle); + ssize_t msg_len = UnixDomainSocket::SendRecvMsgWithFlags(ipc_socketpair_, + reply_buf, + sizeof(reply_buf), + recvmsg_flags, + &returned_fd, + write_pickle); if (msg_len <= 0) { if (!quiet_failures_for_tests_) RAW_LOG(ERROR, "Could not make request to broker process"); @@ -207,17 +260,28 @@ int BrokerProcess::Open(const char* pathname, int flags) const { // Now deserialize the return value and eventually return the file // descriptor. if (read_pickle.ReadInt(&iter, &return_value)) { - if (return_value < 0) { - RAW_CHECK(returned_fd == -1); - return return_value; - } else { - // We have a real file descriptor to return. - RAW_CHECK(returned_fd >= 0); - return returned_fd; + switch (syscall_type) { + case kCommandAccess: + // We should never have a fd to return. + RAW_CHECK(returned_fd == -1); + return return_value; + case kCommandOpen: + if (return_value < 0) { + RAW_CHECK(returned_fd == -1); + return return_value; + } else { + // We have a real file descriptor to return. + RAW_CHECK(returned_fd >= 0); + return returned_fd; + } + default: + RAW_LOG(ERROR, "Unsupported command"); + return -ENOSYS; } } else { RAW_LOG(ERROR, "Could not read pickle"); - return -1; + NOTREACHED(); + return -EPERM; } } @@ -254,26 +318,33 @@ bool BrokerProcess::HandleRequest() const { bool r = false; // Go through all the possible IPC messages. switch (command_type) { + case kCommandAccess: case kCommandOpen: // We reply on the file descriptor sent to us via the IPC channel. - r = HandleOpenRequest(temporary_ipc, pickle, iter); - (void) HANDLE_EINTR(close(temporary_ipc)); - return r; + r = HandleRemoteCommand(static_cast<IPCCommands>(command_type), + temporary_ipc, pickle, iter); + break; default: NOTREACHED(); - return false; + r = false; + break; } + int ret = HANDLE_EINTR(close(temporary_ipc)); + DCHECK(!ret) << "Could not close temporary IPC channel"; + return r; } LOG(ERROR) << "Error parsing IPC request"; return false; } -// Handle an open request contained in |read_pickle| and send the reply +// Handle a |command_type| request contained in |read_pickle| and send the reply // on |reply_ipc|. -bool BrokerProcess::HandleOpenRequest(int reply_ipc, - const Pickle& read_pickle, - PickleIterator iter) const { +// Currently kCommandOpen and kCommandAccess are supported. +bool BrokerProcess::HandleRemoteCommand(IPCCommands command_type, int reply_ipc, + const Pickle& read_pickle, + PickleIterator iter) const { + // Currently all commands have two arguments: filename and flags. std::string requested_filename; int flags = 0; if (!read_pickle.ReadString(&iter, &requested_filename) || @@ -284,53 +355,141 @@ bool BrokerProcess::HandleOpenRequest(int reply_ipc, Pickle write_pickle; std::vector<int> opened_files; + switch (command_type) { + case kCommandAccess: + AccessFileForIPC(requested_filename, flags, &write_pickle); + break; + case kCommandOpen: + OpenFileForIPC(requested_filename, flags, &write_pickle, &opened_files); + break; + default: + LOG(ERROR) << "Invalid IPC command"; + break; + } + + CHECK_LE(write_pickle.size(), kMaxMessageLength); + ssize_t sent = UnixDomainSocket::SendMsg(reply_ipc, write_pickle.data(), + write_pickle.size(), opened_files); + + // Close anything we have opened in this process. + for (std::vector<int>::iterator it = opened_files.begin(); + it < opened_files.end(); ++it) { + int ret = HANDLE_EINTR(close(*it)); + DCHECK(!ret) << "Could not close file descriptor"; + } + + if (sent <= 0) { + LOG(ERROR) << "Could not send IPC reply"; + return false; + } + return true; +} + +// Perform access(2) on |requested_filename| with mode |mode| if allowed by our +// policy. Write the syscall return value (-errno) to |write_pickle|. +void BrokerProcess::AccessFileForIPC(const std::string& requested_filename, + int mode, Pickle* write_pickle) const { + DCHECK(write_pickle); + const char* file_to_access = NULL; + const bool safe_to_access_file = GetFileNameIfAllowedToAccess( + requested_filename.c_str(), mode, &file_to_access); + if (safe_to_access_file) { + CHECK(file_to_access); + int access_ret = access(file_to_access, mode); + int access_errno = errno; + if (!access_ret) + write_pickle->WriteInt(0); + else + write_pickle->WriteInt(-access_errno); + } else { + write_pickle->WriteInt(-EPERM); + } +} + +// Open |requested_filename| with |flags| if allowed by our policy. +// Write the syscall return value (-errno) to |write_pickle| and append +// a file descriptor to |opened_files| if relevant. +void BrokerProcess::OpenFileForIPC(const std::string& requested_filename, + int flags, Pickle* write_pickle, + std::vector<int>* opened_files) const { + DCHECK(write_pickle); + DCHECK(opened_files); const char* file_to_open = NULL; - const bool safe_to_open_file = GetFileNameIfAllowedAccess( + const bool safe_to_open_file = GetFileNameIfAllowedToOpen( requested_filename.c_str(), flags, &file_to_open); if (safe_to_open_file) { CHECK(file_to_open); - // O_CLOEXEC doesn't hurt (even though we won't execve()), and this - // property won't be passed to the client. - // We may want to think about O_NONBLOCK as well. // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't // hurt to always pass a third argument though. - int opened_fd = open(file_to_open, flags | O_CLOEXEC, 0); + int opened_fd = syscall(__NR_open, file_to_open, flags, 0); if (opened_fd < 0) { - write_pickle.WriteInt(-errno); + write_pickle->WriteInt(-errno); } else { // Success. - opened_files.push_back(opened_fd); - write_pickle.WriteInt(0); + opened_files->push_back(opened_fd); + write_pickle->WriteInt(0); } } else { - write_pickle.WriteInt(-EPERM); + write_pickle->WriteInt(-EPERM); } +} - CHECK_LE(write_pickle.size(), kMaxMessageLength); - ssize_t sent = UnixDomainSocket::SendMsg(reply_ipc, write_pickle.data(), - write_pickle.size(), opened_files); - - // Close anything we have opened in this process. - for (std::vector<int>::iterator it = opened_files.begin(); - it < opened_files.end(); ++it) { - (void) HANDLE_EINTR(close(*it)); - } - if (sent <= 0) { - LOG(ERROR) << "Could not send IPC reply"; +// Check if calling access() should be allowed on |requested_filename| with +// mode |requested_mode|. +// Note: access() being a system call to check permissions, this can get a bit +// confusing. We're checking if calling access() should even be allowed with +// the same policy we would use for open(). +// If |file_to_access| is not NULL, we will return the matching pointer from +// the whitelist. For paranoia a caller should then use |file_to_access|. See +// GetFileNameIfAllowedToOpen() fore more explanation. +// return true if calling access() on this file should be allowed, false +// otherwise. +// Async signal safe if and only if |file_to_access| is NULL. +bool BrokerProcess::GetFileNameIfAllowedToAccess(const char* requested_filename, + int requested_mode, const char** file_to_access) const { + // First, check if |requested_mode| is existence, ability to read or ability + // to write. We do not support X_OK. + if (requested_mode != F_OK && + requested_mode & ~(R_OK | W_OK)) { return false; } - return true; + switch (requested_mode) { + case F_OK: + // We allow to check for file existence if we can either read or write. + return GetFileNameInWhitelist(allowed_r_files_, requested_filename, + file_to_access) || + GetFileNameInWhitelist(allowed_w_files_, requested_filename, + file_to_access); + case R_OK: + return GetFileNameInWhitelist(allowed_r_files_, requested_filename, + file_to_access); + case W_OK: + return GetFileNameInWhitelist(allowed_w_files_, requested_filename, + file_to_access); + case R_OK | W_OK: + { + bool allowed_for_read_and_write = + GetFileNameInWhitelist(allowed_r_files_, requested_filename, NULL) && + GetFileNameInWhitelist(allowed_w_files_, requested_filename, + file_to_access); + return allowed_for_read_and_write; + } + default: + return false; + } } -// For paranoia, if |file_to_open| is not NULL, we will return the matching -// string from the white list. -// Async signal safe only if |file_to_open| is NULL. -// Even if an attacker managed to fool the string comparison mechanism, we -// would not open an attacker-controlled file name. -// Return true if access should be allowed, false otherwise. -bool BrokerProcess::GetFileNameIfAllowedAccess(const char* requested_filename, +// Check if |requested_filename| can be opened with flags |requested_flags|. +// If |file_to_open| is not NULL, we will return the matching pointer from the +// whitelist. For paranoia, a caller should then use |file_to_open| rather +// than |requested_filename|, so that it never attempts to open an +// attacker-controlled file name, even if an attacker managed to fool the +// string comparison mechanism. +// Return true if opening should be allowed, false otherwise. +// Async signal safe if and only if |file_to_open| is NULL. +bool BrokerProcess::GetFileNameIfAllowedToOpen(const char* requested_filename, int requested_flags, const char** file_to_open) const { if (!IsAllowedOpenFlags(requested_flags)) { return false; diff --git a/sandbox/linux/services/broker_process.h b/sandbox/linux/services/broker_process.h index d04f703191..b7bb2396f4 100644 --- a/sandbox/linux/services/broker_process.h +++ b/sandbox/linux/services/broker_process.h @@ -41,6 +41,11 @@ class BrokerProcess { // sandbox in the broker. bool Init(bool (*sandbox_callback)(void)); + // Can be used in place of access(). Will be async signal safe. + // X_OK will always EPERM in practice since the broker process doesn't support + // execute permissions. + // It's similar to the access() system call and will return -errno on errors. + int Access(const char* pathname, int mode) const; // Can be used in place of open(). Will be async signal safe. // The implementation only supports certain white listed flags and will // return -EPERM on other flags. @@ -50,10 +55,24 @@ class BrokerProcess { int broker_pid() const { return broker_pid_; } private: + enum IPCCommands { + kCommandInvalid = 0, + kCommandOpen, + kCommandAccess, + }; + int PathAndFlagsSyscall(enum IPCCommands command_type, + const char* pathname, int flags) const; bool HandleRequest() const; - bool HandleOpenRequest(int reply_ipc, const Pickle& read_pickle, - PickleIterator iter) const; - bool GetFileNameIfAllowedAccess(const char*, int, const char**) const; + bool HandleRemoteCommand(IPCCommands command_type, int reply_ipc, + const Pickle& read_pickle, PickleIterator iter) const; + + void AccessFileForIPC(const std::string& requested_filename, + int mode, Pickle* write_pickle) const; + void OpenFileForIPC(const std::string& requested_filename, + int flags, Pickle* write_pickle, + std::vector<int>* opened_files) const; + bool GetFileNameIfAllowedToAccess(const char*, int, const char**) const; + bool GetFileNameIfAllowedToOpen(const char*, int, const char**) const; bool initialized_; // Whether we've been through Init() yet. bool is_child_; // Whether we're the child (broker process). bool fast_check_in_client_; // Whether to forward a request that we know diff --git a/sandbox/linux/services/broker_process_unittest.cc b/sandbox/linux/services/broker_process_unittest.cc index ab570351aa..b6589ef9ec 100644 --- a/sandbox/linux/services/broker_process_unittest.cc +++ b/sandbox/linux/services/broker_process_unittest.cc @@ -45,23 +45,30 @@ TEST(BrokerProcess, CreateAndDestroy) { ASSERT_EQ(WEXITSTATUS(status), 0); } -TEST(BrokerProcess, TestOpenNull) { +TEST(BrokerProcess, TestOpenAccessNull) { const std::vector<std::string> empty; BrokerProcess open_broker(empty, empty); ASSERT_TRUE(open_broker.Init(NULL)); int fd = open_broker.Open(NULL, O_RDONLY); ASSERT_EQ(fd, -EFAULT); + + int ret = open_broker.Access(NULL, F_OK); + ASSERT_EQ(ret, -EFAULT); } void TestOpenFilePerms(bool fast_check_in_client) { const char kR_WhiteListed[] = "/proc/DOESNOTEXIST1"; + // We can't debug the init process, and shouldn't be able to access + // its auxv file. + const char kR_WhiteListedButDenied[] = "/proc/1/auxv"; const char kW_WhiteListed[] = "/proc/DOESNOTEXIST2"; const char kRW_WhiteListed[] = "/proc/DOESNOTEXIST3"; const char k_NotWhitelisted[] = "/proc/DOESNOTEXIST4"; std::vector<std::string> read_whitelist; read_whitelist.push_back(kR_WhiteListed); + read_whitelist.push_back(kR_WhiteListedButDenied); read_whitelist.push_back(kRW_WhiteListed); std::vector<std::string> write_whitelist; @@ -80,6 +87,41 @@ void TestOpenFilePerms(bool fast_check_in_client) { ASSERT_EQ(fd, -EPERM); fd = open_broker.Open(kR_WhiteListed, O_RDWR); ASSERT_EQ(fd, -EPERM); + int ret = -1; + ret = open_broker.Access(kR_WhiteListed, F_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kR_WhiteListed, R_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kR_WhiteListed, W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListed, R_OK | W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListed, X_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListed, R_OK | X_OK); + ASSERT_EQ(ret, -EPERM); + + fd = open_broker.Open(kR_WhiteListedButDenied, O_RDONLY); + // The broker process will allow this, but the normal permission system + // won't. + ASSERT_EQ(fd, -EACCES); + fd = open_broker.Open(kR_WhiteListedButDenied, O_WRONLY); + ASSERT_EQ(fd, -EPERM); + fd = open_broker.Open(kR_WhiteListedButDenied, O_RDWR); + ASSERT_EQ(fd, -EPERM); + ret = open_broker.Access(kR_WhiteListedButDenied, F_OK); + // The normal permission system will let us check that the file exist. + ASSERT_EQ(ret, 0); + ret = open_broker.Access(kR_WhiteListedButDenied, R_OK); + ASSERT_EQ(ret, -EACCES); + ret = open_broker.Access(kR_WhiteListedButDenied, W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListedButDenied, R_OK | W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListedButDenied, X_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kR_WhiteListedButDenied, R_OK | X_OK); + ASSERT_EQ(ret, -EPERM); fd = open_broker.Open(kW_WhiteListed, O_RDONLY); ASSERT_EQ(fd, -EPERM); @@ -87,6 +129,18 @@ void TestOpenFilePerms(bool fast_check_in_client) { ASSERT_EQ(fd, -ENOENT); fd = open_broker.Open(kW_WhiteListed, O_RDWR); ASSERT_EQ(fd, -EPERM); + ret = open_broker.Access(kW_WhiteListed, F_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kW_WhiteListed, R_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kW_WhiteListed, W_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kW_WhiteListed, R_OK | W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kW_WhiteListed, X_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kW_WhiteListed, R_OK | X_OK); + ASSERT_EQ(ret, -EPERM); fd = open_broker.Open(kRW_WhiteListed, O_RDONLY); ASSERT_EQ(fd, -ENOENT); @@ -94,6 +148,18 @@ void TestOpenFilePerms(bool fast_check_in_client) { ASSERT_EQ(fd, -ENOENT); fd = open_broker.Open(kRW_WhiteListed, O_RDWR); ASSERT_EQ(fd, -ENOENT); + ret = open_broker.Access(kRW_WhiteListed, F_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kRW_WhiteListed, R_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kRW_WhiteListed, W_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kRW_WhiteListed, R_OK | W_OK); + ASSERT_EQ(ret, -ENOENT); + ret = open_broker.Access(kRW_WhiteListed, X_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(kRW_WhiteListed, R_OK | X_OK); + ASSERT_EQ(ret, -EPERM); fd = open_broker.Open(k_NotWhitelisted, O_RDONLY); ASSERT_EQ(fd, -EPERM); @@ -101,6 +167,19 @@ void TestOpenFilePerms(bool fast_check_in_client) { ASSERT_EQ(fd, -EPERM); fd = open_broker.Open(k_NotWhitelisted, O_RDWR); ASSERT_EQ(fd, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, F_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, R_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, R_OK | W_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, X_OK); + ASSERT_EQ(ret, -EPERM); + ret = open_broker.Access(k_NotWhitelisted, R_OK | X_OK); + ASSERT_EQ(ret, -EPERM); + // We have some extra sanity check for clearly wrong values. fd = open_broker.Open(kRW_WhiteListed, O_RDONLY|O_WRONLY|O_RDWR); @@ -142,6 +221,13 @@ void TestOpenCpuinfo(bool fast_check_in_client) { fd = open_broker->Open(kFileCpuInfo, O_RDWR); ASSERT_EQ(fd, -EPERM); + // Check we can read /proc/cpuinfo. + int can_access = open_broker->Access(kFileCpuInfo, R_OK); + ASSERT_EQ(can_access, 0); + can_access = open_broker->Access(kFileCpuInfo, W_OK); + ASSERT_EQ(can_access, -EPERM); + // Check we can not write /proc/cpuinfo. + // Open cpuinfo via the broker. int cpuinfo_fd = open_broker->Open(kFileCpuInfo, O_RDONLY); ASSERT_GE(cpuinfo_fd, 0); @@ -194,21 +280,13 @@ TEST(BrokerProcess, OpenCpuinfoNoClientCheck) { // expected. } -// Disabled until we implement a mkstemp that doesn't require JNI. -TEST(BrokerProcess, DISABLE_ON_ANDROID(OpenFileRW)) { +TEST(BrokerProcess, OpenFileRW) { const char basename[] = "BrokerProcessXXXXXX"; char template_name[2048]; -#if defined(OS_ANDROID) - base::FilePath cache_directory; - ASSERT_TRUE(base::android::GetCacheDirectory(&cache_directory)); - ssize_t length = snprintf(template_name, sizeof(template_name), - "%s%s", - cache_directory.value().c_str(), basename); - ASSERT_LT(length, static_cast<ssize_t>(sizeof(template_name))); -#else + // On Android, this file will end up in + // /data/local/tmp/BrokerProcessXXXXXX, which is OK. strncpy(template_name, basename, sizeof(basename) - 1); template_name[sizeof(basename) - 1] = '\0'; -#endif int tempfile = mkstemp(template_name); ASSERT_GE(tempfile, 0); char tempfile_name[2048]; @@ -222,6 +300,10 @@ TEST(BrokerProcess, DISABLE_ON_ANDROID(OpenFileRW)) { BrokerProcess open_broker(whitelist, whitelist); ASSERT_TRUE(open_broker.Init(NULL)); + // Check we can access that file with read or write. + int can_access = open_broker.Access(tempfile_name, R_OK | W_OK); + ASSERT_EQ(can_access, 0); + int tempfile2 = -1; tempfile2 = open_broker.Open(tempfile_name, O_RDWR); ASSERT_GE(tempfile2, 0); @@ -274,36 +356,62 @@ SANDBOX_TEST(BrokerProcess, BrokerDied) { SANDBOX_ASSERT(WTERMSIG(status) == SIGKILL); // Hopefully doing Open with a dead broker won't SIGPIPE us. SANDBOX_ASSERT(open_broker.Open("/proc/cpuinfo", O_RDONLY) == -ENOMEM); + SANDBOX_ASSERT(open_broker.Access("/proc/cpuinfo", O_RDONLY) == -ENOMEM); } -void TestComplexFlags(bool fast_check_in_client) { +void TestOpenComplexFlags(bool fast_check_in_client) { + const char kCpuInfo[] = "/proc/cpuinfo"; std::vector<std::string> whitelist; - whitelist.push_back("/proc/cpuinfo"); + whitelist.push_back(kCpuInfo); BrokerProcess open_broker(whitelist, whitelist, fast_check_in_client); ASSERT_TRUE(open_broker.Init(NULL)); // Test that we do the right thing for O_CLOEXEC and O_NONBLOCK. - // Presently, the right thing is to always deny them since they are not - // supported. int fd = -1; - fd = open_broker.Open("/proc/cpuinfo", O_RDONLY); + int ret = 0; + fd = open_broker.Open(kCpuInfo, O_RDONLY); ASSERT_GE(fd, 0); - ASSERT_EQ(close(fd), 0); + ret = fcntl(fd, F_GETFL); + ASSERT_NE(-1, ret); + // The descriptor shouldn't have the O_CLOEXEC attribute, nor O_NONBLOCK. + ASSERT_EQ(0, ret & (O_CLOEXEC | O_NONBLOCK)); + ASSERT_EQ(0, close(fd)); - ASSERT_EQ(open_broker.Open("/proc/cpuinfo", O_RDONLY | O_CLOEXEC), -EPERM); - ASSERT_EQ(open_broker.Open("/proc/cpuinfo", O_RDONLY | O_NONBLOCK), -EPERM); + fd = open_broker.Open(kCpuInfo, O_RDONLY | O_CLOEXEC); + ASSERT_GE(fd, 0); + ret = fcntl(fd, F_GETFD); + ASSERT_NE(-1, ret); + // Important: use F_GETFD, not F_GETFL. The O_CLOEXEC flag in F_GETFL + // is actually not used by the kernel. + ASSERT_TRUE(FD_CLOEXEC & ret); + + // There is buggy userland code that can check for O_CLOEXEC with fcntl(2) + // even though it doesn't mean anything. We need to support this case. + // See crbug.com/237283. + ret = fcntl(fd, F_GETFL); + ASSERT_NE(-1, ret); + ASSERT_TRUE(O_CLOEXEC & ret); + + ASSERT_EQ(0, close(fd)); + + fd = open_broker.Open(kCpuInfo, O_RDONLY | O_NONBLOCK); + ASSERT_GE(fd, 0); + ret = fcntl(fd, F_GETFL); + ASSERT_NE(-1, ret); + ASSERT_TRUE(O_NONBLOCK & ret); + ASSERT_EQ(0, close(fd)); } -TEST(BrokerProcess, ComplexFlagsWithClientCheck) { - TestComplexFlags(true /* fast_check_in_client */); +TEST(BrokerProcess, OpenComplexFlagsWithClientCheck) { + TestOpenComplexFlags(true /* fast_check_in_client */); // Don't do anything here, so that ASSERT works in the subfunction as // expected. } -TEST(BrokerProcess, ComplexFlagsNoClientCheck) { - TestComplexFlags(false /* fast_check_in_client */); +TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) { + TestOpenComplexFlags(false /* fast_check_in_client */); // Don't do anything here, so that ASSERT works in the subfunction as // expected. } diff --git a/sandbox/linux/suid/common/suid_unsafe_environment_variables.h b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h index ee4db76c29..1132a7a716 100644 --- a/sandbox/linux/suid/common/suid_unsafe_environment_variables.h +++ b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h @@ -16,11 +16,7 @@ #ifndef SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ #define SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ -#if defined(__cplusplus) -#include <limits> -#define SIZE_MAX std::numeric_limits<size_t>::max() -#endif - +#include <stdint.h> #include <stdlib.h> // malloc #include <string.h> // memcpy @@ -56,8 +52,9 @@ static const char* kSUIDUnsafeEnvironmentVariables[] = { // name for a given environment variable. static inline char* SandboxSavedEnvironmentVariable(const char* envvar) { const size_t envvar_len = strlen(envvar); + const size_t kMaxSizeT = (size_t) -1; - if (envvar_len > SIZE_MAX - 1 -8) + if (envvar_len > kMaxSizeT - 1 -8) return NULL; const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ + @@ -73,8 +70,4 @@ static inline char* SandboxSavedEnvironmentVariable(const char* envvar) { return saved_envvar; } -#if defined(__cplusplus) -#undef SIZE_MAX -#endif - #endif // SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ diff --git a/sandbox/linux/tests/unit_tests.cc b/sandbox/linux/tests/unit_tests.cc index 3d049ab80c..5d6cf30f21 100644 --- a/sandbox/linux/tests/unit_tests.cc +++ b/sandbox/linux/tests/unit_tests.cc @@ -16,7 +16,7 @@ namespace { std::string TestFailedMessage(const std::string& msg) { - return msg.empty() ? "" : "Actual test failure: " + msg; + return msg.empty() ? std::string() : "Actual test failure: " + msg; } int GetSubProcessTimeoutTimeInSeconds() { @@ -83,13 +83,11 @@ static void SetProcessTimeout(int time_in_seconds) { // insecure manner. void UnitTests::RunTestInProcess(UnitTests::Test test, void *arg, DeathCheck death, const void *death_aux) { - if (CountThreads() != 1) { - // We need to use fork(), so we can't be multi-threaded. - // TODO(jln): change this to a fatal error once we can launch - // Android tests with --exe. - fprintf(stderr, "WARNING: running sandbox tests with multiple threads" - " is not supported and will make the tests flaky.\n"); - } + // We need to fork(), so we can't be multi-threaded, as threads could hold + // locks. + ASSERT_EQ(1, CountThreads()) << "Running sandbox tests with multiple threads " + << "is not supported and will make the tests " + << "flaky.\n"; int fds[2]; ASSERT_EQ(0, pipe(fds)); // Check that our pipe is not on one of the standard file descriptor. diff --git a/sandbox/sandbox.target.darwin-arm.mk b/sandbox/sandbox.target.darwin-arm.mk new file mode 100644 index 0000000000..05ff0094ec --- /dev/null +++ b/sandbox/sandbox.target.darwin-arm.mk @@ -0,0 +1,40 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := GYP +LOCAL_MODULE := sandbox_sandbox_gyp +LOCAL_MODULE_STEM := sandbox +LOCAL_MODULE_SUFFIX := .stamp +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := \ + $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \ + $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +### Rules for final target. +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_gyp + +# Alias gyp target name. +.PHONY: sandbox +sandbox: sandbox_sandbox_gyp + +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp +LOCAL_UNINSTALLABLE_MODULE := true + +include $(BUILD_SYSTEM)/base_rules.mk + +$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES) + $(hide) echo "Gyp timestamp: $@" + $(hide) mkdir -p $(dir $@) + $(hide) touch $@ diff --git a/sandbox/sandbox.target.darwin-x86.mk b/sandbox/sandbox.target.darwin-x86.mk new file mode 100644 index 0000000000..05ff0094ec --- /dev/null +++ b/sandbox/sandbox.target.darwin-x86.mk @@ -0,0 +1,40 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := GYP +LOCAL_MODULE := sandbox_sandbox_gyp +LOCAL_MODULE_STEM := sandbox +LOCAL_MODULE_SUFFIX := .stamp +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := \ + $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \ + $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +### Rules for final target. +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_gyp + +# Alias gyp target name. +.PHONY: sandbox +sandbox: sandbox_sandbox_gyp + +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp +LOCAL_UNINSTALLABLE_MODULE := true + +include $(BUILD_SYSTEM)/base_rules.mk + +$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES) + $(hide) echo "Gyp timestamp: $@" + $(hide) mkdir -p $(dir $@) + $(hide) touch $@ diff --git a/sandbox/sandbox_services.target.darwin-arm.mk b/sandbox/sandbox_services.target.darwin-arm.mk new file mode 100644 index 0000000000..fd6e67a2f1 --- /dev/null +++ b/sandbox/sandbox_services.target.darwin-arm.mk @@ -0,0 +1,147 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := STATIC_LIBRARIES +LOCAL_MODULE := sandbox_sandbox_services_gyp +LOCAL_MODULE_SUFFIX := .a +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_CPP_EXTENSION := .cc +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := \ + sandbox/linux/services/broker_process.cc + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + -fstack-protector \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -fno-tree-sra \ + -fuse-ld=gold \ + -Wno-psabi \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fstack-protector \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/sandbox \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ + $(LOCAL_PATH) \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-abi \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. + +LOCAL_LDFLAGS := \ + -Wl,-z,now \ + -Wl,-z,relro \ + -Wl,-z,noexecstack \ + -fPIC \ + -Wl,-z,relro \ + -Wl,-z,now \ + -fuse-ld=gold \ + -nostdlib \ + -Wl,--no-undefined \ + -Wl,--exclude-libs=ALL \ + -Wl,--icf=safe \ + -Wl,--gc-sections \ + -Wl,-O1 \ + -Wl,--as-needed + + +LOCAL_STATIC_LIBRARIES := + +# Enable grouping to fix circular references +LOCAL_GROUP_STATIC_LIBRARIES := true + +LOCAL_SHARED_LIBRARIES := \ + libstlport \ + libdl + +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_services_gyp + +# Alias gyp target name. +.PHONY: sandbox_services +sandbox_services: sandbox_sandbox_services_gyp + +include $(BUILD_STATIC_LIBRARY) diff --git a/sandbox/sandbox_services.target.darwin-x86.mk b/sandbox/sandbox_services.target.darwin-x86.mk new file mode 100644 index 0000000000..42973fe4d6 --- /dev/null +++ b/sandbox/sandbox_services.target.darwin-x86.mk @@ -0,0 +1,146 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := STATIC_LIBRARIES +LOCAL_MODULE := sandbox_sandbox_services_gyp +LOCAL_MODULE_SUFFIX := .a +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_CPP_EXTENSION := .cc +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := \ + sandbox/linux/services/broker_process.cc + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -m32 \ + -mmmx \ + -march=pentium4 \ + -msse2 \ + -mfpmath=sse \ + -fuse-ld=gold \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -fno-stack-protector \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/sandbox \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ + $(LOCAL_PATH) \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. + +LOCAL_LDFLAGS := \ + -Wl,-z,now \ + -Wl,-z,relro \ + -Wl,-z,noexecstack \ + -fPIC \ + -m32 \ + -fuse-ld=gold \ + -nostdlib \ + -Wl,--no-undefined \ + -Wl,--exclude-libs=ALL \ + -Wl,--gc-sections \ + -Wl,-O1 \ + -Wl,--as-needed + + +LOCAL_STATIC_LIBRARIES := + +# Enable grouping to fix circular references +LOCAL_GROUP_STATIC_LIBRARIES := true + +LOCAL_SHARED_LIBRARIES := \ + libstlport \ + libdl + +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_services_gyp + +# Alias gyp target name. +.PHONY: sandbox_services +sandbox_services: sandbox_sandbox_services_gyp + +include $(BUILD_STATIC_LIBRARY) diff --git a/sandbox/sandbox_services.target.linux-arm.mk b/sandbox/sandbox_services.target.linux-arm.mk index 92e5cdaa76..fd6e67a2f1 100644 --- a/sandbox/sandbox_services.target.linux-arm.mk +++ b/sandbox/sandbox_services.target.linux-arm.mk @@ -62,7 +62,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -70,7 +69,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ @@ -90,8 +88,8 @@ LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) # Include paths placed before CFLAGS/CPPFLAGS LOCAL_C_INCLUDES := \ - $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \ $(LOCAL_PATH)/sandbox \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ $(LOCAL_PATH) \ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ @@ -124,9 +122,9 @@ LOCAL_LDFLAGS := \ -Wl,--no-undefined \ -Wl,--exclude-libs=ALL \ -Wl,--icf=safe \ + -Wl,--gc-sections \ -Wl,-O1 \ - -Wl,--as-needed \ - -Wl,--gc-sections + -Wl,--as-needed LOCAL_STATIC_LIBRARIES := diff --git a/sandbox/sandbox_services.target.linux-x86.mk b/sandbox/sandbox_services.target.linux-x86.mk index 85a9124972..42973fe4d6 100644 --- a/sandbox/sandbox_services.target.linux-x86.mk +++ b/sandbox/sandbox_services.target.linux-x86.mk @@ -43,6 +43,7 @@ MY_CFLAGS := \ -march=pentium4 \ -msse2 \ -mfpmath=sse \ + -fuse-ld=gold \ -ffunction-sections \ -funwind-tables \ -g \ @@ -63,7 +64,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -71,7 +71,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ @@ -91,8 +90,8 @@ LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) # Include paths placed before CFLAGS/CPPFLAGS LOCAL_C_INCLUDES := \ - $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \ $(LOCAL_PATH)/sandbox \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ $(LOCAL_PATH) \ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ @@ -118,12 +117,13 @@ LOCAL_LDFLAGS := \ -Wl,-z,noexecstack \ -fPIC \ -m32 \ + -fuse-ld=gold \ -nostdlib \ -Wl,--no-undefined \ -Wl,--exclude-libs=ALL \ + -Wl,--gc-sections \ -Wl,-O1 \ - -Wl,--as-needed \ - -Wl,--gc-sections + -Wl,--as-needed LOCAL_STATIC_LIBRARIES := diff --git a/sandbox/sandbox_services_headers.target.darwin-arm.mk b/sandbox/sandbox_services_headers.target.darwin-arm.mk new file mode 100644 index 0000000000..c4cb2b54c7 --- /dev/null +++ b/sandbox/sandbox_services_headers.target.darwin-arm.mk @@ -0,0 +1,125 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := GYP +LOCAL_MODULE := sandbox_sandbox_services_headers_gyp +LOCAL_MODULE_STEM := sandbox_services_headers +LOCAL_MODULE_SUFFIX := .stamp +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + -fstack-protector \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -fno-tree-sra \ + -fuse-ld=gold \ + -Wno-psabi \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fstack-protector \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/sandbox \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-abi \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_services_headers_gyp + +# Alias gyp target name. +.PHONY: sandbox_services_headers +sandbox_services_headers: sandbox_sandbox_services_headers_gyp + +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp +LOCAL_UNINSTALLABLE_MODULE := true + +include $(BUILD_SYSTEM)/base_rules.mk + +$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES) + $(hide) echo "Gyp timestamp: $@" + $(hide) mkdir -p $(dir $@) + $(hide) touch $@ diff --git a/sandbox/sandbox_services_headers.target.darwin-x86.mk b/sandbox/sandbox_services_headers.target.darwin-x86.mk new file mode 100644 index 0000000000..eb03ce2789 --- /dev/null +++ b/sandbox/sandbox_services_headers.target.darwin-x86.mk @@ -0,0 +1,126 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := GYP +LOCAL_MODULE := sandbox_sandbox_services_headers_gyp +LOCAL_MODULE_STEM := sandbox_services_headers +LOCAL_MODULE_SUFFIX := .stamp +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -m32 \ + -mmmx \ + -march=pentium4 \ + -msse2 \ + -mfpmath=sse \ + -fuse-ld=gold \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -fno-stack-protector \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/sandbox \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_sandbox_services_headers_gyp + +# Alias gyp target name. +.PHONY: sandbox_services_headers +sandbox_services_headers: sandbox_sandbox_services_headers_gyp + +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp +LOCAL_UNINSTALLABLE_MODULE := true + +include $(BUILD_SYSTEM)/base_rules.mk + +$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES) + $(hide) echo "Gyp timestamp: $@" + $(hide) mkdir -p $(dir $@) + $(hide) touch $@ diff --git a/sandbox/sandbox_services_headers.target.linux-arm.mk b/sandbox/sandbox_services_headers.target.linux-arm.mk index 7190aa5bb2..c4cb2b54c7 100644 --- a/sandbox/sandbox_services_headers.target.linux-arm.mk +++ b/sandbox/sandbox_services_headers.target.linux-arm.mk @@ -61,7 +61,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -69,7 +68,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ diff --git a/sandbox/sandbox_services_headers.target.linux-x86.mk b/sandbox/sandbox_services_headers.target.linux-x86.mk index 32f132d288..eb03ce2789 100644 --- a/sandbox/sandbox_services_headers.target.linux-x86.mk +++ b/sandbox/sandbox_services_headers.target.linux-x86.mk @@ -42,6 +42,7 @@ MY_CFLAGS := \ -march=pentium4 \ -msse2 \ -mfpmath=sse \ + -fuse-ld=gold \ -ffunction-sections \ -funwind-tables \ -g \ @@ -62,7 +63,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -70,7 +70,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ diff --git a/sandbox/seccomp_bpf.target.darwin-arm.mk b/sandbox/seccomp_bpf.target.darwin-arm.mk new file mode 100644 index 0000000000..2924094cf2 --- /dev/null +++ b/sandbox/seccomp_bpf.target.darwin-arm.mk @@ -0,0 +1,155 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := STATIC_LIBRARIES +LOCAL_MODULE := sandbox_seccomp_bpf_gyp +LOCAL_MODULE_SUFFIX := .a +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := \ + $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_CPP_EXTENSION := .cc +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := \ + sandbox/linux/seccomp-bpf/basicblock.cc \ + sandbox/linux/seccomp-bpf/codegen.cc \ + sandbox/linux/seccomp-bpf/die.cc \ + sandbox/linux/seccomp-bpf/errorcode.cc \ + sandbox/linux/seccomp-bpf/sandbox_bpf.cc \ + sandbox/linux/seccomp-bpf/syscall.cc \ + sandbox/linux/seccomp-bpf/syscall_iterator.cc \ + sandbox/linux/seccomp-bpf/trap.cc \ + sandbox/linux/seccomp-bpf/verifier.cc + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + -fstack-protector \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -fno-tree-sra \ + -fuse-ld=gold \ + -Wno-psabi \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fstack-protector \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH) \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-abi \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. + +LOCAL_LDFLAGS := \ + -Wl,-z,now \ + -Wl,-z,relro \ + -Wl,-z,noexecstack \ + -fPIC \ + -Wl,-z,relro \ + -Wl,-z,now \ + -fuse-ld=gold \ + -nostdlib \ + -Wl,--no-undefined \ + -Wl,--exclude-libs=ALL \ + -Wl,--icf=safe \ + -Wl,--gc-sections \ + -Wl,-O1 \ + -Wl,--as-needed + + +LOCAL_STATIC_LIBRARIES := + +# Enable grouping to fix circular references +LOCAL_GROUP_STATIC_LIBRARIES := true + +LOCAL_SHARED_LIBRARIES := \ + libstlport \ + libdl + +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_seccomp_bpf_gyp + +# Alias gyp target name. +.PHONY: seccomp_bpf +seccomp_bpf: sandbox_seccomp_bpf_gyp + +include $(BUILD_STATIC_LIBRARY) diff --git a/sandbox/seccomp_bpf.target.darwin-x86.mk b/sandbox/seccomp_bpf.target.darwin-x86.mk new file mode 100644 index 0000000000..f61f6e2f74 --- /dev/null +++ b/sandbox/seccomp_bpf.target.darwin-x86.mk @@ -0,0 +1,154 @@ +# This file is generated by gyp; do not edit. + +include $(CLEAR_VARS) + +LOCAL_MODULE_CLASS := STATIC_LIBRARIES +LOCAL_MODULE := sandbox_seccomp_bpf_gyp +LOCAL_MODULE_SUFFIX := .a +LOCAL_MODULE_TAGS := optional +gyp_intermediate_dir := $(call local-intermediates-dir) +gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared) + +# Make sure our deps are built first. +GYP_TARGET_DEPENDENCIES := \ + $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp + +GYP_GENERATED_OUTPUTS := + +# Make sure our deps and generated files are built first. +LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS) + +LOCAL_CPP_EXTENSION := .cc +LOCAL_GENERATED_SOURCES := + +GYP_COPIED_SOURCE_ORIGIN_DIRS := + +LOCAL_SRC_FILES := \ + sandbox/linux/seccomp-bpf/basicblock.cc \ + sandbox/linux/seccomp-bpf/codegen.cc \ + sandbox/linux/seccomp-bpf/die.cc \ + sandbox/linux/seccomp-bpf/errorcode.cc \ + sandbox/linux/seccomp-bpf/sandbox_bpf.cc \ + sandbox/linux/seccomp-bpf/syscall.cc \ + sandbox/linux/seccomp-bpf/syscall_iterator.cc \ + sandbox/linux/seccomp-bpf/trap.cc \ + sandbox/linux/seccomp-bpf/verifier.cc + + +# Flags passed to both C and C++ files. +MY_CFLAGS := \ + --param=ssp-buffer-size=4 \ + -Werror \ + -fno-exceptions \ + -fno-strict-aliasing \ + -Wall \ + -Wno-unused-parameter \ + -Wno-missing-field-initializers \ + -fvisibility=hidden \ + -pipe \ + -fPIC \ + -m32 \ + -mmmx \ + -march=pentium4 \ + -msse2 \ + -mfpmath=sse \ + -fuse-ld=gold \ + -ffunction-sections \ + -funwind-tables \ + -g \ + -fno-short-enums \ + -finline-limit=64 \ + -Wa,--noexecstack \ + -U_FORTIFY_SOURCE \ + -Wno-extra \ + -Wno-ignored-qualifiers \ + -Wno-type-limits \ + -fno-stack-protector \ + -Os \ + -g \ + -fomit-frame-pointer \ + -fdata-sections \ + -ffunction-sections + +MY_CFLAGS_C := + +MY_DEFS := \ + '-D_FILE_OFFSET_BITS=64' \ + '-DUSE_LINUX_BREAKPAD' \ + '-DNO_TCMALLOC' \ + '-DDISABLE_NACL' \ + '-DCHROMIUM_BUILD' \ + '-DUSE_LIBJPEG_TURBO=1' \ + '-DUSE_PROPRIETARY_CODECS' \ + '-DENABLE_GPU=1' \ + '-DUSE_OPENSSL=1' \ + '-DENABLE_EGLIMAGE=1' \ + '-DENABLE_LANGUAGE_DETECTION=1' \ + '-D__STDC_CONSTANT_MACROS' \ + '-D__STDC_FORMAT_MACROS' \ + '-DANDROID' \ + '-D__GNU_SOURCE=1' \ + '-DUSE_STLPORT=1' \ + '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \ + '-DCHROME_BUILD_ID=""' \ + '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \ + '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \ + '-D_DEBUG' + +LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) + +# Include paths placed before CFLAGS/CPPFLAGS +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH) \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ + $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ + $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ + $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport + +LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES) + +# Flags passed to only C++ (and not C) files. +LOCAL_CPPFLAGS := \ + -fno-rtti \ + -fno-threadsafe-statics \ + -fvisibility-inlines-hidden \ + -Wsign-compare \ + -Wno-error=c++0x-compat \ + -Wno-non-virtual-dtor \ + -Wno-sign-promo + +### Rules for final target. + +LOCAL_LDFLAGS := \ + -Wl,-z,now \ + -Wl,-z,relro \ + -Wl,-z,noexecstack \ + -fPIC \ + -m32 \ + -fuse-ld=gold \ + -nostdlib \ + -Wl,--no-undefined \ + -Wl,--exclude-libs=ALL \ + -Wl,--gc-sections \ + -Wl,-O1 \ + -Wl,--as-needed + + +LOCAL_STATIC_LIBRARIES := + +# Enable grouping to fix circular references +LOCAL_GROUP_STATIC_LIBRARIES := true + +LOCAL_SHARED_LIBRARIES := \ + libstlport \ + libdl + +# Add target alias to "gyp_all_modules" target. +.PHONY: gyp_all_modules +gyp_all_modules: sandbox_seccomp_bpf_gyp + +# Alias gyp target name. +.PHONY: seccomp_bpf +seccomp_bpf: sandbox_seccomp_bpf_gyp + +include $(BUILD_STATIC_LIBRARY) diff --git a/sandbox/seccomp_bpf.target.linux-arm.mk b/sandbox/seccomp_bpf.target.linux-arm.mk index a5fda7046f..2924094cf2 100644 --- a/sandbox/seccomp_bpf.target.linux-arm.mk +++ b/sandbox/seccomp_bpf.target.linux-arm.mk @@ -71,7 +71,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -79,7 +78,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ @@ -99,8 +97,8 @@ LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) # Include paths placed before CFLAGS/CPPFLAGS LOCAL_C_INCLUDES := \ - $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \ $(LOCAL_PATH) \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport @@ -132,9 +130,9 @@ LOCAL_LDFLAGS := \ -Wl,--no-undefined \ -Wl,--exclude-libs=ALL \ -Wl,--icf=safe \ + -Wl,--gc-sections \ -Wl,-O1 \ - -Wl,--as-needed \ - -Wl,--gc-sections + -Wl,--as-needed LOCAL_STATIC_LIBRARIES := diff --git a/sandbox/seccomp_bpf.target.linux-x86.mk b/sandbox/seccomp_bpf.target.linux-x86.mk index 56af63de8a..f61f6e2f74 100644 --- a/sandbox/seccomp_bpf.target.linux-x86.mk +++ b/sandbox/seccomp_bpf.target.linux-x86.mk @@ -52,6 +52,7 @@ MY_CFLAGS := \ -march=pentium4 \ -msse2 \ -mfpmath=sse \ + -fuse-ld=gold \ -ffunction-sections \ -funwind-tables \ -g \ @@ -72,7 +73,6 @@ MY_CFLAGS := \ MY_CFLAGS_C := MY_DEFS := \ - '-DUSE_SKIA' \ '-D_FILE_OFFSET_BITS=64' \ '-DUSE_LINUX_BREAKPAD' \ '-DNO_TCMALLOC' \ @@ -80,7 +80,6 @@ MY_DEFS := \ '-DCHROMIUM_BUILD' \ '-DUSE_LIBJPEG_TURBO=1' \ '-DUSE_PROPRIETARY_CODECS' \ - '-DENABLE_PEPPER_THREADING' \ '-DENABLE_GPU=1' \ '-DUSE_OPENSSL=1' \ '-DENABLE_EGLIMAGE=1' \ @@ -100,8 +99,8 @@ LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS) # Include paths placed before CFLAGS/CPPFLAGS LOCAL_C_INCLUDES := \ - $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \ $(LOCAL_PATH) \ + $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport @@ -126,12 +125,13 @@ LOCAL_LDFLAGS := \ -Wl,-z,noexecstack \ -fPIC \ -m32 \ + -fuse-ld=gold \ -nostdlib \ -Wl,--no-undefined \ -Wl,--exclude-libs=ALL \ + -Wl,--gc-sections \ -Wl,-O1 \ - -Wl,--as-needed \ - -Wl,--gc-sections + -Wl,--as-needed LOCAL_STATIC_LIBRARIES := diff --git a/sandbox/win/src/filesystem_policy.cc b/sandbox/win/src/filesystem_policy.cc index b3eddab09f..02707b0a84 100644 --- a/sandbox/win/src/filesystem_policy.cc +++ b/sandbox/win/src/filesystem_policy.cc @@ -49,7 +49,6 @@ NTSTATUS NtCreateFileInTarget(HANDLE* target_file_handle, if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, target_process, target_file_handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(local_handle); return STATUS_ACCESS_DENIED; } return STATUS_SUCCESS; diff --git a/sandbox/win/src/handle_closer.cc b/sandbox/win/src/handle_closer.cc index fc72835cdc..a47bf6564c 100644 --- a/sandbox/win/src/handle_closer.cc +++ b/sandbox/win/src/handle_closer.cc @@ -81,7 +81,7 @@ bool HandleCloser::InitializeTargetHandles(TargetProcess* target) { return true; size_t bytes_needed = GetBufferSize(); - scoped_array<size_t> local_buffer( + scoped_ptr<size_t[]> local_buffer( new size_t[bytes_needed / sizeof(size_t)]); if (!SetupHandleList(local_buffer.get(), bytes_needed)) diff --git a/sandbox/win/src/interception.cc b/sandbox/win/src/interception.cc index 8def6e8daa..8c897a1a97 100644 --- a/sandbox/win/src/interception.cc +++ b/sandbox/win/src/interception.cc @@ -120,7 +120,7 @@ bool InterceptionManager::InitializeInterceptions() { return true; // Nothing to do here size_t buffer_bytes = GetBufferSize(); - scoped_array<char> local_buffer(new char[buffer_bytes]); + scoped_ptr<char[]> local_buffer(new char[buffer_bytes]); if (!SetupConfigBuffer(local_buffer.get(), buffer_bytes)) return false; diff --git a/sandbox/win/src/interception_unittest.cc b/sandbox/win/src/interception_unittest.cc index cc76767d7f..0fc9b7cbe2 100644 --- a/sandbox/win/src/interception_unittest.cc +++ b/sandbox/win/src/interception_unittest.cc @@ -135,7 +135,7 @@ TEST(InterceptionManagerTest, BufferLayout1) { ASSERT_EQ(18, interceptions.interceptions_.size()); size_t buffer_size = interceptions.GetBufferSize(); - scoped_array<BYTE> local_buffer(new BYTE[buffer_size]); + scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]); ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), buffer_size)); @@ -188,7 +188,7 @@ TEST(InterceptionManagerTest, BufferLayout2) { ASSERT_EQ(5, interceptions.interceptions_.size()); size_t buffer_size = interceptions.GetBufferSize(); - scoped_array<BYTE> local_buffer(new BYTE[buffer_size]); + scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]); ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), buffer_size)); diff --git a/sandbox/win/src/named_pipe_policy.cc b/sandbox/win/src/named_pipe_policy.cc index 470e823f07..0f620b1811 100644 --- a/sandbox/win/src/named_pipe_policy.cc +++ b/sandbox/win/src/named_pipe_policy.cc @@ -28,10 +28,10 @@ HANDLE CreateNamedPipeHelper(HANDLE target_process, LPCWSTR pipe_name, return pipe; HANDLE new_pipe; - if (!::DuplicateHandle(::GetCurrentProcess(), pipe, target_process, &new_pipe, - 0, FALSE, DUPLICATE_CLOSE_SOURCE | - DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(pipe); + if (!::DuplicateHandle(::GetCurrentProcess(), pipe, + target_process, &new_pipe, + 0, FALSE, + DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { return INVALID_HANDLE_VALUE; } diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc index 937cbc8d39..7e3d4603c3 100644 --- a/sandbox/win/src/process_policy_test.cc +++ b/sandbox/win/src/process_policy_test.cc @@ -6,13 +6,13 @@ #include <string> #include "base/string16.h" -#include "base/sys_string_conversions.h" +#include "base/strings/sys_string_conversions.h" #include "base/win/scoped_handle.h" #include "base/win/scoped_process_information.h" #include "base/win/windows_version.h" #include "sandbox/win/src/sandbox.h" -#include "sandbox/win/src/sandbox_policy.h" #include "sandbox/win/src/sandbox_factory.h" +#include "sandbox/win/src/sandbox_policy.h" #include "sandbox/win/tests/common/controller.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/sandbox/win/src/registry_policy.cc b/sandbox/win/src/registry_policy.cc index 55f3bcd067..37e6ddbebd 100644 --- a/sandbox/win/src/registry_policy.cc +++ b/sandbox/win/src/registry_policy.cc @@ -78,7 +78,6 @@ NTSTATUS NtCreateKeyInTarget(HANDLE* target_key_handle, if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, target_process, target_key_handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(local_handle); return STATUS_ACCESS_DENIED; } return STATUS_SUCCESS; @@ -106,7 +105,6 @@ NTSTATUS NtOpenKeyInTarget(HANDLE* target_key_handle, if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, target_process, target_key_handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(local_handle); return STATUS_ACCESS_DENIED; } return STATUS_SUCCESS; diff --git a/sandbox/win/src/service_resolver_32.cc b/sandbox/win/src/service_resolver_32.cc index 349751653e..2e69dbc9e7 100644 --- a/sandbox/win/src/service_resolver_32.cc +++ b/sandbox/win/src/service_resolver_32.cc @@ -159,7 +159,7 @@ NTSTATUS ServiceResolverThunk::Setup(const void* target_module, relative_jump_ = 0; size_t thunk_bytes = GetThunkSize(); - scoped_array<char> thunk_buffer(new char[thunk_bytes]); + scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]); ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>( thunk_buffer.get()); diff --git a/sandbox/win/src/service_resolver_64.cc b/sandbox/win/src/service_resolver_64.cc index b69d4d85fc..32de53a43f 100644 --- a/sandbox/win/src/service_resolver_64.cc +++ b/sandbox/win/src/service_resolver_64.cc @@ -97,7 +97,7 @@ NTSTATUS ServiceResolverThunk::Setup(const void* target_module, return ret; size_t thunk_bytes = GetThunkSize(); - scoped_array<char> thunk_buffer(new char[thunk_bytes]); + scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]); ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>( thunk_buffer.get()); diff --git a/sandbox/win/src/service_resolver_unittest.cc b/sandbox/win/src/service_resolver_unittest.cc index 8c44202d14..59105cc49d 100644 --- a/sandbox/win/src/service_resolver_unittest.cc +++ b/sandbox/win/src/service_resolver_unittest.cc @@ -105,7 +105,7 @@ NTSTATUS PatchNtdllWithResolver(const char* function, bool relaxed, // Any pointer will do as an interception_entry_point void* function_entry = resolver; size_t thunk_size = resolver->GetThunkSize(); - scoped_array<char> thunk(new char[thunk_size]); + scoped_ptr<char[]> thunk(new char[thunk_size]); size_t used; NTSTATUS ret = resolver->Setup(ntdll_base, NULL, function, NULL, diff --git a/sandbox/win/src/sync_policy.cc b/sandbox/win/src/sync_policy.cc index 926fc52791..87ef0bdd15 100644 --- a/sandbox/win/src/sync_policy.cc +++ b/sandbox/win/src/sync_policy.cc @@ -80,7 +80,6 @@ DWORD SyncPolicy::CreateEventAction(EvalResult eval_result, if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, client_info.process, handle, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(local_handle); return ERROR_ACCESS_DENIED; } return ERROR_SUCCESS; @@ -105,7 +104,6 @@ DWORD SyncPolicy::OpenEventAction(EvalResult eval_result, if (!::DuplicateHandle(::GetCurrentProcess(), local_handle, client_info.process, handle, 0, inherit_handle, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) { - ::CloseHandle(local_handle); return ERROR_ACCESS_DENIED; } return ERROR_SUCCESS; diff --git a/sandbox/win/src/win_utils.cc b/sandbox/win/src/win_utils.cc index 8e63ac7ea0..f5c479a35a 100644 --- a/sandbox/win/src/win_utils.cc +++ b/sandbox/win/src/win_utils.cc @@ -191,7 +191,7 @@ bool ConvertToLongPath(const std::wstring& short_path, } DWORD size = MAX_PATH; - scoped_array<wchar_t> long_path_buf(new wchar_t[size]); + scoped_ptr<wchar_t[]> long_path_buf(new wchar_t[size]); DWORD return_value = ::GetLongPathName(path.c_str(), long_path_buf.get(), size); diff --git a/sandbox/win/src/window.cc b/sandbox/win/src/window.cc index 445cb177d7..d8de967272 100644 --- a/sandbox/win/src/window.cc +++ b/sandbox/win/src/window.cc @@ -111,7 +111,7 @@ std::wstring GetWindowObjectName(HANDLE handle) { } // Create the buffer that will hold the name. - scoped_array<wchar_t> name_buffer(new wchar_t[size]); + scoped_ptr<wchar_t[]> name_buffer(new wchar_t[size]); // Query the name of the object. if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, diff --git a/sandbox/win/tests/common/controller.cc b/sandbox/win/tests/common/controller.cc index b66a6c850a..47ce776d7e 100644 --- a/sandbox/win/tests/common/controller.cc +++ b/sandbox/win/tests/common/controller.cc @@ -8,7 +8,7 @@ #include "base/process.h" #include "base/process_util.h" -#include "base/sys_string_conversions.h" +#include "base/strings/sys_string_conversions.h" #include "base/win/windows_version.h" #include "sandbox/win/src/sandbox_factory.h" diff --git a/sandbox/win/wow_helper/service64_resolver.cc b/sandbox/win/wow_helper/service64_resolver.cc index fe8a210abb..033b9d771e 100644 --- a/sandbox/win/wow_helper/service64_resolver.cc +++ b/sandbox/win/wow_helper/service64_resolver.cc @@ -210,7 +210,7 @@ NTSTATUS Service64ResolverThunk::Setup(const void* target_module, return ret; size_t thunk_bytes = GetThunkSize(); - scoped_array<char> thunk_buffer(new char[thunk_bytes]); + scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]); ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>( thunk_buffer.get()); |