Merge from Chromium at DEPS revision r198571
This commit was generated by merge_to_master.py.
Change-Id: I951118a03836157090561764dd2627f0add8118f
diff --git a/sandbox/linux/sandbox_linux.gypi b/sandbox/linux/sandbox_linux.gypi
index f9cef2b..f5dd122 100644
--- a/sandbox/linux/sandbox_linux.gypi
+++ b/sandbox/linux/sandbox_linux.gypi
@@ -47,15 +47,7 @@
'suid_sandbox_client',
],
}],
- # Only compile in the seccomp mode 1 code for the flag combination
- # where we support it.
- [ 'OS=="linux" and (target_arch=="ia32" or target_arch=="x64") '
- 'and toolkit_views==0 and selinux==0', {
- 'dependencies': [
- 'linux/seccomp-legacy/seccomp.gyp:seccomp_sandbox',
- ],
- }],
- # Similarly, compile seccomp BPF when we support it
+ # Compile seccomp BPF when we support it.
[ 'compile_seccomp_bpf==1', {
'dependencies': [
'seccomp_bpf',
diff --git a/sandbox/linux/seccomp-bpf/bpf_tests.h b/sandbox/linux/seccomp-bpf/bpf_tests.h
index 680ece6..71574d5 100644
--- a/sandbox/linux/seccomp-bpf/bpf_tests.h
+++ b/sandbox/linux/seccomp-bpf/bpf_tests.h
@@ -9,6 +9,8 @@
#include <sys/stat.h>
#include <sys/types.h>
+#include "base/third_party/valgrind/valgrind.h"
+#include "build/build_config.h"
#include "sandbox/linux/tests/unit_tests.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
@@ -92,6 +94,13 @@
arg->test()(arg->aux_);
} else {
+ // Only Android should be in the case where kernel support is not always
+ // available. Valgrind instrumentation will also prevent our tests from
+ // working.
+#if !defined(OS_ANDROID) && !defined(RUNNING_ON_VALGRIND)
+ const bool seccomp_bpf_is_supported = false;
+ BPF_ASSERT(seccomp_bpf_is_supported);
+#endif // !defined(OS_ANDROID) && !defined(RUNNING_ON_VALGRIND)
// Call the compiler and verify the policy. That's the least we can do,
// if we don't have kernel support.
playground2::Sandbox sandbox;
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
index 2d775f4..b60cc14 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_unittest.cc
@@ -693,6 +693,9 @@
BPF_ASSERT(aux);
BrokerProcess* broker_process = static_cast<BrokerProcess*>(aux);
switch(args.nr) {
+ case __NR_access:
+ return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
+ static_cast<int>(args.args[1]));
case __NR_open:
return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
static_cast<int>(args.args[1]));
@@ -715,6 +718,7 @@
}
switch (sysno) {
+ case __NR_access:
case __NR_open:
case __NR_openat:
// We get a InitializedOpenBroker class, but our trap handler wants
@@ -736,7 +740,9 @@
// First, use the broker "manually"
BPF_ASSERT(broker_process->Open("/proc/denied", O_RDONLY) == -EPERM);
+ BPF_ASSERT(broker_process->Access("/proc/denied", R_OK) == -EPERM);
BPF_ASSERT(broker_process->Open("/proc/allowed", O_RDONLY) == -ENOENT);
+ BPF_ASSERT(broker_process->Access("/proc/allowed", R_OK) == -ENOENT);
// Now use glibc's open() as an external library would.
BPF_ASSERT(open("/proc/denied", O_RDONLY) == -1);
@@ -753,8 +759,16 @@
BPF_ASSERT(openat(AT_FDCWD, "/proc/allowed", O_RDONLY) == -1);
BPF_ASSERT(errno == ENOENT);
+ // And test glibc's access().
+ BPF_ASSERT(access("/proc/denied", R_OK) == -1);
+ BPF_ASSERT(errno == EPERM);
+
+ BPF_ASSERT(access("/proc/allowed", R_OK) == -1);
+ BPF_ASSERT(errno == ENOENT);
// This is also white listed and does exist.
+ int cpu_info_access = access("/proc/cpuinfo", R_OK);
+ BPF_ASSERT(cpu_info_access == 0);
int cpu_info_fd = open("/proc/cpuinfo", O_RDONLY);
BPF_ASSERT(cpu_info_fd >= 0);
char buf[1024];
diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc
index ea71b8f..d2302ea 100644
--- a/sandbox/linux/services/broker_process.cc
+++ b/sandbox/linux/services/broker_process.cc
@@ -7,6 +7,7 @@
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
@@ -19,20 +20,36 @@
#include "base/pickle.h"
#include "base/posix/eintr_wrapper.h"
#include "base/posix/unix_domain_socket_linux.h"
+#include "build/build_config.h"
+#include "sandbox/linux/services/linux_syscalls.h"
+
+#if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC)
+#define MSG_CMSG_CLOEXEC 0x40000000
+#endif
namespace {
-static const int kCommandOpen = 'O';
static const size_t kMaxMessageLength = 4096;
-// Some flags will need special treatment on the client side and are not
-// supported for now.
-int ForCurrentProcessFlagsMask() {
- return O_CLOEXEC | O_NONBLOCK;
-}
+// Some flags are local to the current process and cannot be sent over a Unix
+// socket. They need special treatment from the client.
+// O_CLOEXEC is tricky because in theory another thread could call execve()
+// before special treatment is made on the client, so a client needs to call
+// recvmsg(2) with MSG_CMSG_CLOEXEC.
+// To make things worse, there are two CLOEXEC related flags, FD_CLOEXEC (see
+// F_GETFD in fcntl(2)) and O_CLOEXEC (see F_GETFL in fcntl(2)). O_CLOEXEC
+// doesn't affect the semantics on execve(), it's merely a note that the
+// descriptor was originally opened with O_CLOEXEC as a flag. And it is sent
+// over unix sockets just fine, so a receiver that would (incorrectly) look at
+// O_CLOEXEC instead of FD_CLOEXEC may be tricked in thinking that the file
+// descriptor will or won't be closed on execve().
+// Since we have to account for buggy userland (see crbug.com/237283), we will
+// open(2) the file with O_CLOEXEC in the broker process if necessary, in
+// addition to calling recvmsg(2) with MSG_CMSG_CLOEXEC.
+static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC;
// Check whether |requested_filename| is in |allowed_file_names|.
-// See GetFileNameIfAllowedAccess() for an explaination of |file_to_open|.
+// See GetFileNameIfAllowedToOpen() for an explanation of |file_to_open|.
// async signal safe if |file_to_open| is NULL.
// TODO(jln): assert signal safety.
bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names,
@@ -74,8 +91,12 @@
// Some flags affect the behavior of the current process. We don't support
// them and don't allow them for now.
- if (flags & ForCurrentProcessFlagsMask()) {
- return false;
+ if (flags & kCurrentProcessOpenFlagsMask) {
+ // We make an exception for O_CLOEXEC. Buggy userland could check for
+ // O_CLOEXEC and the only way to set it is to originally open with this
+ // flag. See the comment around kCurrentProcessOpenFlagsMask.
+ if (!(flags & O_CLOEXEC))
+ return false;
}
// Now check that all the flags are known to us.
@@ -164,37 +185,69 @@
NOTREACHED();
}
-// This function needs to be async signal safe.
+int BrokerProcess::Access(const char* pathname, int mode) const {
+ return PathAndFlagsSyscall(kCommandAccess, pathname, mode);
+}
+
int BrokerProcess::Open(const char* pathname, int flags) const {
+ return PathAndFlagsSyscall(kCommandOpen, pathname, flags);
+}
+
+// Make a remote system call over IPC for syscalls that take a path and flags
+// as arguments, currently open() and access().
+// Will return -errno like a real system call.
+// This function needs to be async signal safe.
+int BrokerProcess::PathAndFlagsSyscall(enum IPCCommands syscall_type,
+ const char* pathname, int flags) const {
+ int recvmsg_flags = 0;
RAW_CHECK(initialized_); // async signal safe CHECK().
+ RAW_CHECK(syscall_type == kCommandOpen || syscall_type == kCommandAccess);
if (!pathname)
return -EFAULT;
+
+ // For this "remote system call" to work, we need to handle any flag that
+ // cannot be sent over a Unix socket in a special way.
+ // See the comments around kCurrentProcessOpenFlagsMask.
+ if (syscall_type == kCommandOpen && (flags & kCurrentProcessOpenFlagsMask)) {
+ // This implementation only knows about O_CLOEXEC, someone needs to look at
+ // this code if other flags are added.
+ RAW_CHECK(kCurrentProcessOpenFlagsMask == O_CLOEXEC);
+ recvmsg_flags |= MSG_CMSG_CLOEXEC;
+ }
+
// There is no point in forwarding a request that we know will be denied.
// Of course, the real security check needs to be on the other side of the
// IPC.
if (fast_check_in_client_) {
- if (!GetFileNameIfAllowedAccess(pathname, flags, NULL))
+ if (syscall_type == kCommandOpen &&
+ !GetFileNameIfAllowedToOpen(pathname, flags, NULL)) {
return -EPERM;
+ }
+ if (syscall_type == kCommandAccess &&
+ !GetFileNameIfAllowedToAccess(pathname, flags, NULL)) {
+ return -EPERM;
+ }
}
Pickle write_pickle;
- write_pickle.WriteInt(kCommandOpen);
+ write_pickle.WriteInt(syscall_type);
write_pickle.WriteString(pathname);
write_pickle.WriteInt(flags);
RAW_CHECK(write_pickle.size() <= kMaxMessageLength);
int returned_fd = -1;
uint8_t reply_buf[kMaxMessageLength];
+
// Send a request (in write_pickle) as well that will include a new
// temporary socketpair (created internally by SendRecvMsg()).
// Then read the reply on this new socketpair in reply_buf and put an
// eventual attached file descriptor in |returned_fd|.
- // TODO(jln): this API needs some rewriting and documentation.
- ssize_t msg_len = UnixDomainSocket::SendRecvMsg(ipc_socketpair_,
- reply_buf,
- sizeof(reply_buf),
- &returned_fd,
- write_pickle);
+ ssize_t msg_len = UnixDomainSocket::SendRecvMsgWithFlags(ipc_socketpair_,
+ reply_buf,
+ sizeof(reply_buf),
+ recvmsg_flags,
+ &returned_fd,
+ write_pickle);
if (msg_len <= 0) {
if (!quiet_failures_for_tests_)
RAW_LOG(ERROR, "Could not make request to broker process");
@@ -207,17 +260,28 @@
// Now deserialize the return value and eventually return the file
// descriptor.
if (read_pickle.ReadInt(&iter, &return_value)) {
- if (return_value < 0) {
- RAW_CHECK(returned_fd == -1);
- return return_value;
- } else {
- // We have a real file descriptor to return.
- RAW_CHECK(returned_fd >= 0);
- return returned_fd;
+ switch (syscall_type) {
+ case kCommandAccess:
+ // We should never have a fd to return.
+ RAW_CHECK(returned_fd == -1);
+ return return_value;
+ case kCommandOpen:
+ if (return_value < 0) {
+ RAW_CHECK(returned_fd == -1);
+ return return_value;
+ } else {
+ // We have a real file descriptor to return.
+ RAW_CHECK(returned_fd >= 0);
+ return returned_fd;
+ }
+ default:
+ RAW_LOG(ERROR, "Unsupported command");
+ return -ENOSYS;
}
} else {
RAW_LOG(ERROR, "Could not read pickle");
- return -1;
+ NOTREACHED();
+ return -EPERM;
}
}
@@ -254,26 +318,33 @@
bool r = false;
// Go through all the possible IPC messages.
switch (command_type) {
+ case kCommandAccess:
case kCommandOpen:
// We reply on the file descriptor sent to us via the IPC channel.
- r = HandleOpenRequest(temporary_ipc, pickle, iter);
- (void) HANDLE_EINTR(close(temporary_ipc));
- return r;
+ r = HandleRemoteCommand(static_cast<IPCCommands>(command_type),
+ temporary_ipc, pickle, iter);
+ break;
default:
NOTREACHED();
- return false;
+ r = false;
+ break;
}
+ int ret = HANDLE_EINTR(close(temporary_ipc));
+ DCHECK(!ret) << "Could not close temporary IPC channel";
+ return r;
}
LOG(ERROR) << "Error parsing IPC request";
return false;
}
-// Handle an open request contained in |read_pickle| and send the reply
+// Handle a |command_type| request contained in |read_pickle| and send the reply
// on |reply_ipc|.
-bool BrokerProcess::HandleOpenRequest(int reply_ipc,
- const Pickle& read_pickle,
- PickleIterator iter) const {
+// Currently kCommandOpen and kCommandAccess are supported.
+bool BrokerProcess::HandleRemoteCommand(IPCCommands command_type, int reply_ipc,
+ const Pickle& read_pickle,
+ PickleIterator iter) const {
+ // Currently all commands have two arguments: filename and flags.
std::string requested_filename;
int flags = 0;
if (!read_pickle.ReadString(&iter, &requested_filename) ||
@@ -284,27 +355,16 @@
Pickle write_pickle;
std::vector<int> opened_files;
- const char* file_to_open = NULL;
- const bool safe_to_open_file = GetFileNameIfAllowedAccess(
- requested_filename.c_str(), flags, &file_to_open);
-
- if (safe_to_open_file) {
- CHECK(file_to_open);
- // O_CLOEXEC doesn't hurt (even though we won't execve()), and this
- // property won't be passed to the client.
- // We may want to think about O_NONBLOCK as well.
- // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't
- // hurt to always pass a third argument though.
- int opened_fd = open(file_to_open, flags | O_CLOEXEC, 0);
- if (opened_fd < 0) {
- write_pickle.WriteInt(-errno);
- } else {
- // Success.
- opened_files.push_back(opened_fd);
- write_pickle.WriteInt(0);
- }
- } else {
- write_pickle.WriteInt(-EPERM);
+ switch (command_type) {
+ case kCommandAccess:
+ AccessFileForIPC(requested_filename, flags, &write_pickle);
+ break;
+ case kCommandOpen:
+ OpenFileForIPC(requested_filename, flags, &write_pickle, &opened_files);
+ break;
+ default:
+ LOG(ERROR) << "Invalid IPC command";
+ break;
}
CHECK_LE(write_pickle.size(), kMaxMessageLength);
@@ -314,7 +374,8 @@
// Close anything we have opened in this process.
for (std::vector<int>::iterator it = opened_files.begin();
it < opened_files.end(); ++it) {
- (void) HANDLE_EINTR(close(*it));
+ int ret = HANDLE_EINTR(close(*it));
+ DCHECK(!ret) << "Could not close file descriptor";
}
if (sent <= 0) {
@@ -324,13 +385,111 @@
return true;
}
-// For paranoia, if |file_to_open| is not NULL, we will return the matching
-// string from the white list.
-// Async signal safe only if |file_to_open| is NULL.
-// Even if an attacker managed to fool the string comparison mechanism, we
-// would not open an attacker-controlled file name.
-// Return true if access should be allowed, false otherwise.
-bool BrokerProcess::GetFileNameIfAllowedAccess(const char* requested_filename,
+// Perform access(2) on |requested_filename| with mode |mode| if allowed by our
+// policy. Write the syscall return value (-errno) to |write_pickle|.
+void BrokerProcess::AccessFileForIPC(const std::string& requested_filename,
+ int mode, Pickle* write_pickle) const {
+ DCHECK(write_pickle);
+ const char* file_to_access = NULL;
+ const bool safe_to_access_file = GetFileNameIfAllowedToAccess(
+ requested_filename.c_str(), mode, &file_to_access);
+ if (safe_to_access_file) {
+ CHECK(file_to_access);
+ int access_ret = access(file_to_access, mode);
+ int access_errno = errno;
+ if (!access_ret)
+ write_pickle->WriteInt(0);
+ else
+ write_pickle->WriteInt(-access_errno);
+ } else {
+ write_pickle->WriteInt(-EPERM);
+ }
+}
+
+// Open |requested_filename| with |flags| if allowed by our policy.
+// Write the syscall return value (-errno) to |write_pickle| and append
+// a file descriptor to |opened_files| if relevant.
+void BrokerProcess::OpenFileForIPC(const std::string& requested_filename,
+ int flags, Pickle* write_pickle,
+ std::vector<int>* opened_files) const {
+ DCHECK(write_pickle);
+ DCHECK(opened_files);
+ const char* file_to_open = NULL;
+ const bool safe_to_open_file = GetFileNameIfAllowedToOpen(
+ requested_filename.c_str(), flags, &file_to_open);
+
+ if (safe_to_open_file) {
+ CHECK(file_to_open);
+ // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't
+ // hurt to always pass a third argument though.
+ int opened_fd = syscall(__NR_open, file_to_open, flags, 0);
+ if (opened_fd < 0) {
+ write_pickle->WriteInt(-errno);
+ } else {
+ // Success.
+ opened_files->push_back(opened_fd);
+ write_pickle->WriteInt(0);
+ }
+ } else {
+ write_pickle->WriteInt(-EPERM);
+ }
+}
+
+
+// Check if calling access() should be allowed on |requested_filename| with
+// mode |requested_mode|.
+// Note: access() being a system call to check permissions, this can get a bit
+// confusing. We're checking if calling access() should even be allowed with
+// the same policy we would use for open().
+// If |file_to_access| is not NULL, we will return the matching pointer from
+// the whitelist. For paranoia a caller should then use |file_to_access|. See
+// GetFileNameIfAllowedToOpen() fore more explanation.
+// return true if calling access() on this file should be allowed, false
+// otherwise.
+// Async signal safe if and only if |file_to_access| is NULL.
+bool BrokerProcess::GetFileNameIfAllowedToAccess(const char* requested_filename,
+ int requested_mode, const char** file_to_access) const {
+ // First, check if |requested_mode| is existence, ability to read or ability
+ // to write. We do not support X_OK.
+ if (requested_mode != F_OK &&
+ requested_mode & ~(R_OK | W_OK)) {
+ return false;
+ }
+ switch (requested_mode) {
+ case F_OK:
+ // We allow to check for file existence if we can either read or write.
+ return GetFileNameInWhitelist(allowed_r_files_, requested_filename,
+ file_to_access) ||
+ GetFileNameInWhitelist(allowed_w_files_, requested_filename,
+ file_to_access);
+ case R_OK:
+ return GetFileNameInWhitelist(allowed_r_files_, requested_filename,
+ file_to_access);
+ case W_OK:
+ return GetFileNameInWhitelist(allowed_w_files_, requested_filename,
+ file_to_access);
+ case R_OK | W_OK:
+ {
+ bool allowed_for_read_and_write =
+ GetFileNameInWhitelist(allowed_r_files_, requested_filename, NULL) &&
+ GetFileNameInWhitelist(allowed_w_files_, requested_filename,
+ file_to_access);
+ return allowed_for_read_and_write;
+ }
+ default:
+ return false;
+ }
+}
+
+// Check if |requested_filename| can be opened with flags |requested_flags|.
+// If |file_to_open| is not NULL, we will return the matching pointer from the
+// whitelist. For paranoia, a caller should then use |file_to_open| rather
+// than |requested_filename|, so that it never attempts to open an
+// attacker-controlled file name, even if an attacker managed to fool the
+// string comparison mechanism.
+// Return true if opening should be allowed, false otherwise.
+// Async signal safe if and only if |file_to_open| is NULL.
+bool BrokerProcess::GetFileNameIfAllowedToOpen(const char* requested_filename,
int requested_flags, const char** file_to_open) const {
if (!IsAllowedOpenFlags(requested_flags)) {
return false;
diff --git a/sandbox/linux/services/broker_process.h b/sandbox/linux/services/broker_process.h
index d04f703..b7bb239 100644
--- a/sandbox/linux/services/broker_process.h
+++ b/sandbox/linux/services/broker_process.h
@@ -41,6 +41,11 @@
// sandbox in the broker.
bool Init(bool (*sandbox_callback)(void));
+ // Can be used in place of access(). Will be async signal safe.
+ // X_OK will always EPERM in practice since the broker process doesn't support
+ // execute permissions.
+ // It's similar to the access() system call and will return -errno on errors.
+ int Access(const char* pathname, int mode) const;
// Can be used in place of open(). Will be async signal safe.
// The implementation only supports certain white listed flags and will
// return -EPERM on other flags.
@@ -50,10 +55,24 @@
int broker_pid() const { return broker_pid_; }
private:
+ enum IPCCommands {
+ kCommandInvalid = 0,
+ kCommandOpen,
+ kCommandAccess,
+ };
+ int PathAndFlagsSyscall(enum IPCCommands command_type,
+ const char* pathname, int flags) const;
bool HandleRequest() const;
- bool HandleOpenRequest(int reply_ipc, const Pickle& read_pickle,
- PickleIterator iter) const;
- bool GetFileNameIfAllowedAccess(const char*, int, const char**) const;
+ bool HandleRemoteCommand(IPCCommands command_type, int reply_ipc,
+ const Pickle& read_pickle, PickleIterator iter) const;
+
+ void AccessFileForIPC(const std::string& requested_filename,
+ int mode, Pickle* write_pickle) const;
+ void OpenFileForIPC(const std::string& requested_filename,
+ int flags, Pickle* write_pickle,
+ std::vector<int>* opened_files) const;
+ bool GetFileNameIfAllowedToAccess(const char*, int, const char**) const;
+ bool GetFileNameIfAllowedToOpen(const char*, int, const char**) const;
bool initialized_; // Whether we've been through Init() yet.
bool is_child_; // Whether we're the child (broker process).
bool fast_check_in_client_; // Whether to forward a request that we know
diff --git a/sandbox/linux/services/broker_process_unittest.cc b/sandbox/linux/services/broker_process_unittest.cc
index ab57035..b6589ef 100644
--- a/sandbox/linux/services/broker_process_unittest.cc
+++ b/sandbox/linux/services/broker_process_unittest.cc
@@ -45,23 +45,30 @@
ASSERT_EQ(WEXITSTATUS(status), 0);
}
-TEST(BrokerProcess, TestOpenNull) {
+TEST(BrokerProcess, TestOpenAccessNull) {
const std::vector<std::string> empty;
BrokerProcess open_broker(empty, empty);
ASSERT_TRUE(open_broker.Init(NULL));
int fd = open_broker.Open(NULL, O_RDONLY);
ASSERT_EQ(fd, -EFAULT);
+
+ int ret = open_broker.Access(NULL, F_OK);
+ ASSERT_EQ(ret, -EFAULT);
}
void TestOpenFilePerms(bool fast_check_in_client) {
const char kR_WhiteListed[] = "/proc/DOESNOTEXIST1";
+ // We can't debug the init process, and shouldn't be able to access
+ // its auxv file.
+ const char kR_WhiteListedButDenied[] = "/proc/1/auxv";
const char kW_WhiteListed[] = "/proc/DOESNOTEXIST2";
const char kRW_WhiteListed[] = "/proc/DOESNOTEXIST3";
const char k_NotWhitelisted[] = "/proc/DOESNOTEXIST4";
std::vector<std::string> read_whitelist;
read_whitelist.push_back(kR_WhiteListed);
+ read_whitelist.push_back(kR_WhiteListedButDenied);
read_whitelist.push_back(kRW_WhiteListed);
std::vector<std::string> write_whitelist;
@@ -80,6 +87,41 @@
ASSERT_EQ(fd, -EPERM);
fd = open_broker.Open(kR_WhiteListed, O_RDWR);
ASSERT_EQ(fd, -EPERM);
+ int ret = -1;
+ ret = open_broker.Access(kR_WhiteListed, F_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kR_WhiteListed, R_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kR_WhiteListed, W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListed, R_OK | W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListed, X_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListed, R_OK | X_OK);
+ ASSERT_EQ(ret, -EPERM);
+
+ fd = open_broker.Open(kR_WhiteListedButDenied, O_RDONLY);
+ // The broker process will allow this, but the normal permission system
+ // won't.
+ ASSERT_EQ(fd, -EACCES);
+ fd = open_broker.Open(kR_WhiteListedButDenied, O_WRONLY);
+ ASSERT_EQ(fd, -EPERM);
+ fd = open_broker.Open(kR_WhiteListedButDenied, O_RDWR);
+ ASSERT_EQ(fd, -EPERM);
+ ret = open_broker.Access(kR_WhiteListedButDenied, F_OK);
+ // The normal permission system will let us check that the file exist.
+ ASSERT_EQ(ret, 0);
+ ret = open_broker.Access(kR_WhiteListedButDenied, R_OK);
+ ASSERT_EQ(ret, -EACCES);
+ ret = open_broker.Access(kR_WhiteListedButDenied, W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListedButDenied, R_OK | W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListedButDenied, X_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kR_WhiteListedButDenied, R_OK | X_OK);
+ ASSERT_EQ(ret, -EPERM);
fd = open_broker.Open(kW_WhiteListed, O_RDONLY);
ASSERT_EQ(fd, -EPERM);
@@ -87,6 +129,18 @@
ASSERT_EQ(fd, -ENOENT);
fd = open_broker.Open(kW_WhiteListed, O_RDWR);
ASSERT_EQ(fd, -EPERM);
+ ret = open_broker.Access(kW_WhiteListed, F_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kW_WhiteListed, R_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kW_WhiteListed, W_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kW_WhiteListed, R_OK | W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kW_WhiteListed, X_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kW_WhiteListed, R_OK | X_OK);
+ ASSERT_EQ(ret, -EPERM);
fd = open_broker.Open(kRW_WhiteListed, O_RDONLY);
ASSERT_EQ(fd, -ENOENT);
@@ -94,6 +148,18 @@
ASSERT_EQ(fd, -ENOENT);
fd = open_broker.Open(kRW_WhiteListed, O_RDWR);
ASSERT_EQ(fd, -ENOENT);
+ ret = open_broker.Access(kRW_WhiteListed, F_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kRW_WhiteListed, R_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kRW_WhiteListed, W_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kRW_WhiteListed, R_OK | W_OK);
+ ASSERT_EQ(ret, -ENOENT);
+ ret = open_broker.Access(kRW_WhiteListed, X_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(kRW_WhiteListed, R_OK | X_OK);
+ ASSERT_EQ(ret, -EPERM);
fd = open_broker.Open(k_NotWhitelisted, O_RDONLY);
ASSERT_EQ(fd, -EPERM);
@@ -101,6 +167,19 @@
ASSERT_EQ(fd, -EPERM);
fd = open_broker.Open(k_NotWhitelisted, O_RDWR);
ASSERT_EQ(fd, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, F_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, R_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, R_OK | W_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, X_OK);
+ ASSERT_EQ(ret, -EPERM);
+ ret = open_broker.Access(k_NotWhitelisted, R_OK | X_OK);
+ ASSERT_EQ(ret, -EPERM);
+
// We have some extra sanity check for clearly wrong values.
fd = open_broker.Open(kRW_WhiteListed, O_RDONLY|O_WRONLY|O_RDWR);
@@ -142,6 +221,13 @@
fd = open_broker->Open(kFileCpuInfo, O_RDWR);
ASSERT_EQ(fd, -EPERM);
+ // Check we can read /proc/cpuinfo.
+ int can_access = open_broker->Access(kFileCpuInfo, R_OK);
+ ASSERT_EQ(can_access, 0);
+ can_access = open_broker->Access(kFileCpuInfo, W_OK);
+ ASSERT_EQ(can_access, -EPERM);
+ // Check we can not write /proc/cpuinfo.
+
// Open cpuinfo via the broker.
int cpuinfo_fd = open_broker->Open(kFileCpuInfo, O_RDONLY);
ASSERT_GE(cpuinfo_fd, 0);
@@ -194,21 +280,13 @@
// expected.
}
-// Disabled until we implement a mkstemp that doesn't require JNI.
-TEST(BrokerProcess, DISABLE_ON_ANDROID(OpenFileRW)) {
+TEST(BrokerProcess, OpenFileRW) {
const char basename[] = "BrokerProcessXXXXXX";
char template_name[2048];
-#if defined(OS_ANDROID)
- base::FilePath cache_directory;
- ASSERT_TRUE(base::android::GetCacheDirectory(&cache_directory));
- ssize_t length = snprintf(template_name, sizeof(template_name),
- "%s%s",
- cache_directory.value().c_str(), basename);
- ASSERT_LT(length, static_cast<ssize_t>(sizeof(template_name)));
-#else
+ // On Android, this file will end up in
+ // /data/local/tmp/BrokerProcessXXXXXX, which is OK.
strncpy(template_name, basename, sizeof(basename) - 1);
template_name[sizeof(basename) - 1] = '\0';
-#endif
int tempfile = mkstemp(template_name);
ASSERT_GE(tempfile, 0);
char tempfile_name[2048];
@@ -222,6 +300,10 @@
BrokerProcess open_broker(whitelist, whitelist);
ASSERT_TRUE(open_broker.Init(NULL));
+ // Check we can access that file with read or write.
+ int can_access = open_broker.Access(tempfile_name, R_OK | W_OK);
+ ASSERT_EQ(can_access, 0);
+
int tempfile2 = -1;
tempfile2 = open_broker.Open(tempfile_name, O_RDWR);
ASSERT_GE(tempfile2, 0);
@@ -274,36 +356,62 @@
SANDBOX_ASSERT(WTERMSIG(status) == SIGKILL);
// Hopefully doing Open with a dead broker won't SIGPIPE us.
SANDBOX_ASSERT(open_broker.Open("/proc/cpuinfo", O_RDONLY) == -ENOMEM);
+ SANDBOX_ASSERT(open_broker.Access("/proc/cpuinfo", O_RDONLY) == -ENOMEM);
}
-void TestComplexFlags(bool fast_check_in_client) {
+void TestOpenComplexFlags(bool fast_check_in_client) {
+ const char kCpuInfo[] = "/proc/cpuinfo";
std::vector<std::string> whitelist;
- whitelist.push_back("/proc/cpuinfo");
+ whitelist.push_back(kCpuInfo);
BrokerProcess open_broker(whitelist,
whitelist,
fast_check_in_client);
ASSERT_TRUE(open_broker.Init(NULL));
// Test that we do the right thing for O_CLOEXEC and O_NONBLOCK.
- // Presently, the right thing is to always deny them since they are not
- // supported.
int fd = -1;
- fd = open_broker.Open("/proc/cpuinfo", O_RDONLY);
+ int ret = 0;
+ fd = open_broker.Open(kCpuInfo, O_RDONLY);
ASSERT_GE(fd, 0);
- ASSERT_EQ(close(fd), 0);
+ ret = fcntl(fd, F_GETFL);
+ ASSERT_NE(-1, ret);
+ // The descriptor shouldn't have the O_CLOEXEC attribute, nor O_NONBLOCK.
+ ASSERT_EQ(0, ret & (O_CLOEXEC | O_NONBLOCK));
+ ASSERT_EQ(0, close(fd));
- ASSERT_EQ(open_broker.Open("/proc/cpuinfo", O_RDONLY | O_CLOEXEC), -EPERM);
- ASSERT_EQ(open_broker.Open("/proc/cpuinfo", O_RDONLY | O_NONBLOCK), -EPERM);
+ fd = open_broker.Open(kCpuInfo, O_RDONLY | O_CLOEXEC);
+ ASSERT_GE(fd, 0);
+ ret = fcntl(fd, F_GETFD);
+ ASSERT_NE(-1, ret);
+ // Important: use F_GETFD, not F_GETFL. The O_CLOEXEC flag in F_GETFL
+ // is actually not used by the kernel.
+ ASSERT_TRUE(FD_CLOEXEC & ret);
+
+ // There is buggy userland code that can check for O_CLOEXEC with fcntl(2)
+ // even though it doesn't mean anything. We need to support this case.
+ // See crbug.com/237283.
+ ret = fcntl(fd, F_GETFL);
+ ASSERT_NE(-1, ret);
+ ASSERT_TRUE(O_CLOEXEC & ret);
+
+ ASSERT_EQ(0, close(fd));
+
+ fd = open_broker.Open(kCpuInfo, O_RDONLY | O_NONBLOCK);
+ ASSERT_GE(fd, 0);
+ ret = fcntl(fd, F_GETFL);
+ ASSERT_NE(-1, ret);
+ ASSERT_TRUE(O_NONBLOCK & ret);
+ ASSERT_EQ(0, close(fd));
}
-TEST(BrokerProcess, ComplexFlagsWithClientCheck) {
- TestComplexFlags(true /* fast_check_in_client */);
+TEST(BrokerProcess, OpenComplexFlagsWithClientCheck) {
+ TestOpenComplexFlags(true /* fast_check_in_client */);
// Don't do anything here, so that ASSERT works in the subfunction as
// expected.
}
-TEST(BrokerProcess, ComplexFlagsNoClientCheck) {
- TestComplexFlags(false /* fast_check_in_client */);
+TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) {
+ TestOpenComplexFlags(false /* fast_check_in_client */);
// Don't do anything here, so that ASSERT works in the subfunction as
// expected.
}
diff --git a/sandbox/linux/suid/common/suid_unsafe_environment_variables.h b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h
index ee4db76..1132a7a 100644
--- a/sandbox/linux/suid/common/suid_unsafe_environment_variables.h
+++ b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h
@@ -16,11 +16,7 @@
#ifndef SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
#define SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
-#if defined(__cplusplus)
-#include <limits>
-#define SIZE_MAX std::numeric_limits<size_t>::max()
-#endif
-
+#include <stdint.h>
#include <stdlib.h> // malloc
#include <string.h> // memcpy
@@ -56,8 +52,9 @@
// name for a given environment variable.
static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
const size_t envvar_len = strlen(envvar);
+ const size_t kMaxSizeT = (size_t) -1;
- if (envvar_len > SIZE_MAX - 1 -8)
+ if (envvar_len > kMaxSizeT - 1 -8)
return NULL;
const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
@@ -73,8 +70,4 @@
return saved_envvar;
}
-#if defined(__cplusplus)
-#undef SIZE_MAX
-#endif
-
#endif // SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
diff --git a/sandbox/linux/tests/unit_tests.cc b/sandbox/linux/tests/unit_tests.cc
index 3d049ab..5d6cf30 100644
--- a/sandbox/linux/tests/unit_tests.cc
+++ b/sandbox/linux/tests/unit_tests.cc
@@ -16,7 +16,7 @@
namespace {
std::string TestFailedMessage(const std::string& msg) {
- return msg.empty() ? "" : "Actual test failure: " + msg;
+ return msg.empty() ? std::string() : "Actual test failure: " + msg;
}
int GetSubProcessTimeoutTimeInSeconds() {
@@ -83,13 +83,11 @@
// insecure manner.
void UnitTests::RunTestInProcess(UnitTests::Test test, void *arg,
DeathCheck death, const void *death_aux) {
- if (CountThreads() != 1) {
- // We need to use fork(), so we can't be multi-threaded.
- // TODO(jln): change this to a fatal error once we can launch
- // Android tests with --exe.
- fprintf(stderr, "WARNING: running sandbox tests with multiple threads"
- " is not supported and will make the tests flaky.\n");
- }
+ // We need to fork(), so we can't be multi-threaded, as threads could hold
+ // locks.
+ ASSERT_EQ(1, CountThreads()) << "Running sandbox tests with multiple threads "
+ << "is not supported and will make the tests "
+ << "flaky.\n";
int fds[2];
ASSERT_EQ(0, pipe(fds));
// Check that our pipe is not on one of the standard file descriptor.
diff --git a/sandbox/sandbox.target.darwin-arm.mk b/sandbox/sandbox.target.darwin-arm.mk
new file mode 100644
index 0000000..05ff009
--- /dev/null
+++ b/sandbox/sandbox.target.darwin-arm.mk
@@ -0,0 +1,40 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_gyp
+LOCAL_MODULE_STEM := sandbox
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox
+sandbox: sandbox_sandbox_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox.target.darwin-x86.mk b/sandbox/sandbox.target.darwin-x86.mk
new file mode 100644
index 0000000..05ff009
--- /dev/null
+++ b/sandbox/sandbox.target.darwin-x86.mk
@@ -0,0 +1,40 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_gyp
+LOCAL_MODULE_STEM := sandbox
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_sandbox_services_gyp)/sandbox_sandbox_services_gyp.a \
+ $(call intermediates-dir-for,STATIC_LIBRARIES,sandbox_seccomp_bpf_gyp)/sandbox_seccomp_bpf_gyp.a
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox
+sandbox: sandbox_sandbox_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox_services.target.darwin-arm.mk b/sandbox/sandbox_services.target.darwin-arm.mk
new file mode 100644
index 0000000..fd6e67a
--- /dev/null
+++ b/sandbox/sandbox_services.target.darwin-arm.mk
@@ -0,0 +1,147 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_sandbox_services_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/services/broker_process.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -fno-tree-sra \
+ -fuse-ld=gold \
+ -Wno-psabi \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH)/sandbox \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-abi \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+
+LOCAL_LDFLAGS := \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -Wl,-z,relro \
+ -Wl,-z,now \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--icf=safe \
+ -Wl,--gc-sections \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services
+sandbox_services: sandbox_sandbox_services_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/sandbox_services.target.darwin-x86.mk b/sandbox/sandbox_services.target.darwin-x86.mk
new file mode 100644
index 0000000..42973fe
--- /dev/null
+++ b/sandbox/sandbox_services.target.darwin-x86.mk
@@ -0,0 +1,146 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_sandbox_services_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/services/broker_process.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -m32 \
+ -mmmx \
+ -march=pentium4 \
+ -msse2 \
+ -mfpmath=sse \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -fno-stack-protector \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH)/sandbox \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(LOCAL_PATH) \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+
+LOCAL_LDFLAGS := \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m32 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services
+sandbox_services: sandbox_sandbox_services_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/sandbox_services.target.linux-arm.mk b/sandbox/sandbox_services.target.linux-arm.mk
index 92e5cda..fd6e67a 100644
--- a/sandbox/sandbox_services.target.linux-arm.mk
+++ b/sandbox/sandbox_services.target.linux-arm.mk
@@ -62,7 +62,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -70,7 +69,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
@@ -90,8 +88,8 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES := \
- $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \
$(LOCAL_PATH)/sandbox \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(LOCAL_PATH) \
$(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
$(GYP_ABS_ANDROID_TOP_DIR)/bionic \
@@ -124,9 +122,9 @@
-Wl,--no-undefined \
-Wl,--exclude-libs=ALL \
-Wl,--icf=safe \
+ -Wl,--gc-sections \
-Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections
+ -Wl,--as-needed
LOCAL_STATIC_LIBRARIES :=
diff --git a/sandbox/sandbox_services.target.linux-x86.mk b/sandbox/sandbox_services.target.linux-x86.mk
index 85a9124..42973fe 100644
--- a/sandbox/sandbox_services.target.linux-x86.mk
+++ b/sandbox/sandbox_services.target.linux-x86.mk
@@ -43,6 +43,7 @@
-march=pentium4 \
-msse2 \
-mfpmath=sse \
+ -fuse-ld=gold \
-ffunction-sections \
-funwind-tables \
-g \
@@ -63,7 +64,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -71,7 +71,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
@@ -91,8 +90,8 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES := \
- $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \
$(LOCAL_PATH)/sandbox \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(LOCAL_PATH) \
$(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
$(GYP_ABS_ANDROID_TOP_DIR)/bionic \
@@ -118,12 +117,13 @@
-Wl,-z,noexecstack \
-fPIC \
-m32 \
+ -fuse-ld=gold \
-nostdlib \
-Wl,--no-undefined \
-Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
-Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections
+ -Wl,--as-needed
LOCAL_STATIC_LIBRARIES :=
diff --git a/sandbox/sandbox_services_headers.target.darwin-arm.mk b/sandbox/sandbox_services_headers.target.darwin-arm.mk
new file mode 100644
index 0000000..c4cb2b5
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.darwin-arm.mk
@@ -0,0 +1,125 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -fno-tree-sra \
+ -fuse-ld=gold \
+ -Wno-psabi \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH)/sandbox \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-abi \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox_services_headers.target.darwin-x86.mk b/sandbox/sandbox_services_headers.target.darwin-x86.mk
new file mode 100644
index 0000000..eb03ce2
--- /dev/null
+++ b/sandbox/sandbox_services_headers.target.darwin-x86.mk
@@ -0,0 +1,126 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := GYP
+LOCAL_MODULE := sandbox_sandbox_services_headers_gyp
+LOCAL_MODULE_STEM := sandbox_services_headers
+LOCAL_MODULE_SUFFIX := .stamp
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES :=
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES :=
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -m32 \
+ -mmmx \
+ -march=pentium4 \
+ -msse2 \
+ -mfpmath=sse \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -fno-stack-protector \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH)/sandbox \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_sandbox_services_headers_gyp
+
+# Alias gyp target name.
+.PHONY: sandbox_services_headers
+sandbox_services_headers: sandbox_sandbox_services_headers_gyp
+
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/gyp_stamp
+LOCAL_UNINSTALLABLE_MODULE := true
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(LOCAL_ADDITIONAL_DEPENDENCIES)
+ $(hide) echo "Gyp timestamp: $@"
+ $(hide) mkdir -p $(dir $@)
+ $(hide) touch $@
diff --git a/sandbox/sandbox_services_headers.target.linux-arm.mk b/sandbox/sandbox_services_headers.target.linux-arm.mk
index 7190aa5..c4cb2b5 100644
--- a/sandbox/sandbox_services_headers.target.linux-arm.mk
+++ b/sandbox/sandbox_services_headers.target.linux-arm.mk
@@ -61,7 +61,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -69,7 +68,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
diff --git a/sandbox/sandbox_services_headers.target.linux-x86.mk b/sandbox/sandbox_services_headers.target.linux-x86.mk
index 32f132d..eb03ce2 100644
--- a/sandbox/sandbox_services_headers.target.linux-x86.mk
+++ b/sandbox/sandbox_services_headers.target.linux-x86.mk
@@ -42,6 +42,7 @@
-march=pentium4 \
-msse2 \
-mfpmath=sse \
+ -fuse-ld=gold \
-ffunction-sections \
-funwind-tables \
-g \
@@ -62,7 +63,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -70,7 +70,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
diff --git a/sandbox/seccomp_bpf.target.darwin-arm.mk b/sandbox/seccomp_bpf.target.darwin-arm.mk
new file mode 100644
index 0000000..2924094
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.darwin-arm.mk
@@ -0,0 +1,155 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ -fstack-protector \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -fno-tree-sra \
+ -fuse-ld=gold \
+ -Wno-psabi \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fstack-protector \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH) \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-abi \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+
+LOCAL_LDFLAGS := \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -Wl,-z,relro \
+ -Wl,-z,now \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--icf=safe \
+ -Wl,--gc-sections \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf.target.darwin-x86.mk b/sandbox/seccomp_bpf.target.darwin-x86.mk
new file mode 100644
index 0000000..f61f6e2
--- /dev/null
+++ b/sandbox/seccomp_bpf.target.darwin-x86.mk
@@ -0,0 +1,154 @@
+# This file is generated by gyp; do not edit.
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_CLASS := STATIC_LIBRARIES
+LOCAL_MODULE := sandbox_seccomp_bpf_gyp
+LOCAL_MODULE_SUFFIX := .a
+LOCAL_MODULE_TAGS := optional
+gyp_intermediate_dir := $(call local-intermediates-dir)
+gyp_shared_intermediate_dir := $(call intermediates-dir-for,GYP,shared)
+
+# Make sure our deps are built first.
+GYP_TARGET_DEPENDENCIES := \
+ $(call intermediates-dir-for,GYP,sandbox_sandbox_services_headers_gyp)/sandbox_services_headers.stamp
+
+GYP_GENERATED_OUTPUTS :=
+
+# Make sure our deps and generated files are built first.
+LOCAL_ADDITIONAL_DEPENDENCIES := $(GYP_TARGET_DEPENDENCIES) $(GYP_GENERATED_OUTPUTS)
+
+LOCAL_CPP_EXTENSION := .cc
+LOCAL_GENERATED_SOURCES :=
+
+GYP_COPIED_SOURCE_ORIGIN_DIRS :=
+
+LOCAL_SRC_FILES := \
+ sandbox/linux/seccomp-bpf/basicblock.cc \
+ sandbox/linux/seccomp-bpf/codegen.cc \
+ sandbox/linux/seccomp-bpf/die.cc \
+ sandbox/linux/seccomp-bpf/errorcode.cc \
+ sandbox/linux/seccomp-bpf/sandbox_bpf.cc \
+ sandbox/linux/seccomp-bpf/syscall.cc \
+ sandbox/linux/seccomp-bpf/syscall_iterator.cc \
+ sandbox/linux/seccomp-bpf/trap.cc \
+ sandbox/linux/seccomp-bpf/verifier.cc
+
+
+# Flags passed to both C and C++ files.
+MY_CFLAGS := \
+ --param=ssp-buffer-size=4 \
+ -Werror \
+ -fno-exceptions \
+ -fno-strict-aliasing \
+ -Wall \
+ -Wno-unused-parameter \
+ -Wno-missing-field-initializers \
+ -fvisibility=hidden \
+ -pipe \
+ -fPIC \
+ -m32 \
+ -mmmx \
+ -march=pentium4 \
+ -msse2 \
+ -mfpmath=sse \
+ -fuse-ld=gold \
+ -ffunction-sections \
+ -funwind-tables \
+ -g \
+ -fno-short-enums \
+ -finline-limit=64 \
+ -Wa,--noexecstack \
+ -U_FORTIFY_SOURCE \
+ -Wno-extra \
+ -Wno-ignored-qualifiers \
+ -Wno-type-limits \
+ -fno-stack-protector \
+ -Os \
+ -g \
+ -fomit-frame-pointer \
+ -fdata-sections \
+ -ffunction-sections
+
+MY_CFLAGS_C :=
+
+MY_DEFS := \
+ '-D_FILE_OFFSET_BITS=64' \
+ '-DUSE_LINUX_BREAKPAD' \
+ '-DNO_TCMALLOC' \
+ '-DDISABLE_NACL' \
+ '-DCHROMIUM_BUILD' \
+ '-DUSE_LIBJPEG_TURBO=1' \
+ '-DUSE_PROPRIETARY_CODECS' \
+ '-DENABLE_GPU=1' \
+ '-DUSE_OPENSSL=1' \
+ '-DENABLE_EGLIMAGE=1' \
+ '-DENABLE_LANGUAGE_DETECTION=1' \
+ '-D__STDC_CONSTANT_MACROS' \
+ '-D__STDC_FORMAT_MACROS' \
+ '-DANDROID' \
+ '-D__GNU_SOURCE=1' \
+ '-DUSE_STLPORT=1' \
+ '-D_STLP_USE_PTR_SPECIALIZATIONS=1' \
+ '-DCHROME_BUILD_ID=""' \
+ '-DDYNAMIC_ANNOTATIONS_ENABLED=1' \
+ '-DWTF_USE_DYNAMIC_ANNOTATIONS=1' \
+ '-D_DEBUG'
+
+LOCAL_CFLAGS := $(MY_CFLAGS_C) $(MY_CFLAGS) $(MY_DEFS)
+
+# Include paths placed before CFLAGS/CPPFLAGS
+LOCAL_C_INCLUDES := \
+ $(LOCAL_PATH) \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
+ $(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
+ $(GYP_ABS_ANDROID_TOP_DIR)/bionic \
+ $(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
+
+LOCAL_C_INCLUDES := $(GYP_COPIED_SOURCE_ORIGIN_DIRS) $(LOCAL_C_INCLUDES)
+
+# Flags passed to only C++ (and not C) files.
+LOCAL_CPPFLAGS := \
+ -fno-rtti \
+ -fno-threadsafe-statics \
+ -fvisibility-inlines-hidden \
+ -Wsign-compare \
+ -Wno-error=c++0x-compat \
+ -Wno-non-virtual-dtor \
+ -Wno-sign-promo
+
+### Rules for final target.
+
+LOCAL_LDFLAGS := \
+ -Wl,-z,now \
+ -Wl,-z,relro \
+ -Wl,-z,noexecstack \
+ -fPIC \
+ -m32 \
+ -fuse-ld=gold \
+ -nostdlib \
+ -Wl,--no-undefined \
+ -Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
+ -Wl,-O1 \
+ -Wl,--as-needed
+
+
+LOCAL_STATIC_LIBRARIES :=
+
+# Enable grouping to fix circular references
+LOCAL_GROUP_STATIC_LIBRARIES := true
+
+LOCAL_SHARED_LIBRARIES := \
+ libstlport \
+ libdl
+
+# Add target alias to "gyp_all_modules" target.
+.PHONY: gyp_all_modules
+gyp_all_modules: sandbox_seccomp_bpf_gyp
+
+# Alias gyp target name.
+.PHONY: seccomp_bpf
+seccomp_bpf: sandbox_seccomp_bpf_gyp
+
+include $(BUILD_STATIC_LIBRARY)
diff --git a/sandbox/seccomp_bpf.target.linux-arm.mk b/sandbox/seccomp_bpf.target.linux-arm.mk
index a5fda70..2924094 100644
--- a/sandbox/seccomp_bpf.target.linux-arm.mk
+++ b/sandbox/seccomp_bpf.target.linux-arm.mk
@@ -71,7 +71,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -79,7 +78,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
@@ -99,8 +97,8 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES := \
- $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \
$(LOCAL_PATH) \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
$(GYP_ABS_ANDROID_TOP_DIR)/bionic \
$(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
@@ -132,9 +130,9 @@
-Wl,--no-undefined \
-Wl,--exclude-libs=ALL \
-Wl,--icf=safe \
+ -Wl,--gc-sections \
-Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections
+ -Wl,--as-needed
LOCAL_STATIC_LIBRARIES :=
diff --git a/sandbox/seccomp_bpf.target.linux-x86.mk b/sandbox/seccomp_bpf.target.linux-x86.mk
index 56af63d..f61f6e2 100644
--- a/sandbox/seccomp_bpf.target.linux-x86.mk
+++ b/sandbox/seccomp_bpf.target.linux-x86.mk
@@ -52,6 +52,7 @@
-march=pentium4 \
-msse2 \
-mfpmath=sse \
+ -fuse-ld=gold \
-ffunction-sections \
-funwind-tables \
-g \
@@ -72,7 +73,6 @@
MY_CFLAGS_C :=
MY_DEFS := \
- '-DUSE_SKIA' \
'-D_FILE_OFFSET_BITS=64' \
'-DUSE_LINUX_BREAKPAD' \
'-DNO_TCMALLOC' \
@@ -80,7 +80,6 @@
'-DCHROMIUM_BUILD' \
'-DUSE_LIBJPEG_TURBO=1' \
'-DUSE_PROPRIETARY_CODECS' \
- '-DENABLE_PEPPER_THREADING' \
'-DENABLE_GPU=1' \
'-DUSE_OPENSSL=1' \
'-DENABLE_EGLIMAGE=1' \
@@ -100,8 +99,8 @@
# Include paths placed before CFLAGS/CPPFLAGS
LOCAL_C_INCLUDES := \
- $(gyp_shared_intermediate_dir)/shim_headers/icuuc/target \
$(LOCAL_PATH) \
+ $(gyp_shared_intermediate_dir)/shim_headers/ashmem/target \
$(GYP_ABS_ANDROID_TOP_DIR)/frameworks/wilhelm/include \
$(GYP_ABS_ANDROID_TOP_DIR)/bionic \
$(GYP_ABS_ANDROID_TOP_DIR)/external/stlport/stlport
@@ -126,12 +125,13 @@
-Wl,-z,noexecstack \
-fPIC \
-m32 \
+ -fuse-ld=gold \
-nostdlib \
-Wl,--no-undefined \
-Wl,--exclude-libs=ALL \
+ -Wl,--gc-sections \
-Wl,-O1 \
- -Wl,--as-needed \
- -Wl,--gc-sections
+ -Wl,--as-needed
LOCAL_STATIC_LIBRARIES :=
diff --git a/sandbox/win/src/filesystem_policy.cc b/sandbox/win/src/filesystem_policy.cc
index b3eddab..02707b0 100644
--- a/sandbox/win/src/filesystem_policy.cc
+++ b/sandbox/win/src/filesystem_policy.cc
@@ -49,7 +49,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
target_process, target_file_handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
return STATUS_SUCCESS;
diff --git a/sandbox/win/src/handle_closer.cc b/sandbox/win/src/handle_closer.cc
index fc72835..a47bf65 100644
--- a/sandbox/win/src/handle_closer.cc
+++ b/sandbox/win/src/handle_closer.cc
@@ -81,7 +81,7 @@
return true;
size_t bytes_needed = GetBufferSize();
- scoped_array<size_t> local_buffer(
+ scoped_ptr<size_t[]> local_buffer(
new size_t[bytes_needed / sizeof(size_t)]);
if (!SetupHandleList(local_buffer.get(), bytes_needed))
diff --git a/sandbox/win/src/interception.cc b/sandbox/win/src/interception.cc
index 8def6e8..8c897a1 100644
--- a/sandbox/win/src/interception.cc
+++ b/sandbox/win/src/interception.cc
@@ -120,7 +120,7 @@
return true; // Nothing to do here
size_t buffer_bytes = GetBufferSize();
- scoped_array<char> local_buffer(new char[buffer_bytes]);
+ scoped_ptr<char[]> local_buffer(new char[buffer_bytes]);
if (!SetupConfigBuffer(local_buffer.get(), buffer_bytes))
return false;
diff --git a/sandbox/win/src/interception_unittest.cc b/sandbox/win/src/interception_unittest.cc
index cc76767..0fc9b7c 100644
--- a/sandbox/win/src/interception_unittest.cc
+++ b/sandbox/win/src/interception_unittest.cc
@@ -135,7 +135,7 @@
ASSERT_EQ(18, interceptions.interceptions_.size());
size_t buffer_size = interceptions.GetBufferSize();
- scoped_array<BYTE> local_buffer(new BYTE[buffer_size]);
+ scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
buffer_size));
@@ -188,7 +188,7 @@
ASSERT_EQ(5, interceptions.interceptions_.size());
size_t buffer_size = interceptions.GetBufferSize();
- scoped_array<BYTE> local_buffer(new BYTE[buffer_size]);
+ scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
buffer_size));
diff --git a/sandbox/win/src/named_pipe_policy.cc b/sandbox/win/src/named_pipe_policy.cc
index 470e823..0f620b1 100644
--- a/sandbox/win/src/named_pipe_policy.cc
+++ b/sandbox/win/src/named_pipe_policy.cc
@@ -28,10 +28,10 @@
return pipe;
HANDLE new_pipe;
- if (!::DuplicateHandle(::GetCurrentProcess(), pipe, target_process, &new_pipe,
- 0, FALSE, DUPLICATE_CLOSE_SOURCE |
- DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(pipe);
+ if (!::DuplicateHandle(::GetCurrentProcess(), pipe,
+ target_process, &new_pipe,
+ 0, FALSE,
+ DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
return INVALID_HANDLE_VALUE;
}
diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc
index 937cbc8..7e3d460 100644
--- a/sandbox/win/src/process_policy_test.cc
+++ b/sandbox/win/src/process_policy_test.cc
@@ -6,13 +6,13 @@
#include <string>
#include "base/string16.h"
-#include "base/sys_string_conversions.h"
+#include "base/strings/sys_string_conversions.h"
#include "base/win/scoped_handle.h"
#include "base/win/scoped_process_information.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/sandbox.h"
-#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/src/sandbox_factory.h"
+#include "sandbox/win/src/sandbox_policy.h"
#include "sandbox/win/tests/common/controller.h"
#include "testing/gtest/include/gtest/gtest.h"
diff --git a/sandbox/win/src/registry_policy.cc b/sandbox/win/src/registry_policy.cc
index 55f3bcd..37e6ddb 100644
--- a/sandbox/win/src/registry_policy.cc
+++ b/sandbox/win/src/registry_policy.cc
@@ -78,7 +78,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
target_process, target_key_handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
return STATUS_SUCCESS;
@@ -106,7 +105,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
target_process, target_key_handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return STATUS_ACCESS_DENIED;
}
return STATUS_SUCCESS;
diff --git a/sandbox/win/src/service_resolver_32.cc b/sandbox/win/src/service_resolver_32.cc
index 3497516..2e69dbc 100644
--- a/sandbox/win/src/service_resolver_32.cc
+++ b/sandbox/win/src/service_resolver_32.cc
@@ -159,7 +159,7 @@
relative_jump_ = 0;
size_t thunk_bytes = GetThunkSize();
- scoped_array<char> thunk_buffer(new char[thunk_bytes]);
+ scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]);
ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
thunk_buffer.get());
diff --git a/sandbox/win/src/service_resolver_64.cc b/sandbox/win/src/service_resolver_64.cc
index b69d4d8..32de53a 100644
--- a/sandbox/win/src/service_resolver_64.cc
+++ b/sandbox/win/src/service_resolver_64.cc
@@ -97,7 +97,7 @@
return ret;
size_t thunk_bytes = GetThunkSize();
- scoped_array<char> thunk_buffer(new char[thunk_bytes]);
+ scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]);
ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
thunk_buffer.get());
diff --git a/sandbox/win/src/service_resolver_unittest.cc b/sandbox/win/src/service_resolver_unittest.cc
index 8c44202..59105cc 100644
--- a/sandbox/win/src/service_resolver_unittest.cc
+++ b/sandbox/win/src/service_resolver_unittest.cc
@@ -105,7 +105,7 @@
// Any pointer will do as an interception_entry_point
void* function_entry = resolver;
size_t thunk_size = resolver->GetThunkSize();
- scoped_array<char> thunk(new char[thunk_size]);
+ scoped_ptr<char[]> thunk(new char[thunk_size]);
size_t used;
NTSTATUS ret = resolver->Setup(ntdll_base, NULL, function, NULL,
diff --git a/sandbox/win/src/sync_policy.cc b/sandbox/win/src/sync_policy.cc
index 926fc52..87ef0bd 100644
--- a/sandbox/win/src/sync_policy.cc
+++ b/sandbox/win/src/sync_policy.cc
@@ -80,7 +80,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, FALSE,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return ERROR_ACCESS_DENIED;
}
return ERROR_SUCCESS;
@@ -105,7 +104,6 @@
if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,
client_info.process, handle, 0, inherit_handle,
DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {
- ::CloseHandle(local_handle);
return ERROR_ACCESS_DENIED;
}
return ERROR_SUCCESS;
diff --git a/sandbox/win/src/win_utils.cc b/sandbox/win/src/win_utils.cc
index 8e63ac7..f5c479a 100644
--- a/sandbox/win/src/win_utils.cc
+++ b/sandbox/win/src/win_utils.cc
@@ -191,7 +191,7 @@
}
DWORD size = MAX_PATH;
- scoped_array<wchar_t> long_path_buf(new wchar_t[size]);
+ scoped_ptr<wchar_t[]> long_path_buf(new wchar_t[size]);
DWORD return_value = ::GetLongPathName(path.c_str(), long_path_buf.get(),
size);
diff --git a/sandbox/win/src/window.cc b/sandbox/win/src/window.cc
index 445cb17..d8de967 100644
--- a/sandbox/win/src/window.cc
+++ b/sandbox/win/src/window.cc
@@ -111,7 +111,7 @@
}
// Create the buffer that will hold the name.
- scoped_array<wchar_t> name_buffer(new wchar_t[size]);
+ scoped_ptr<wchar_t[]> name_buffer(new wchar_t[size]);
// Query the name of the object.
if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size,
diff --git a/sandbox/win/tests/common/controller.cc b/sandbox/win/tests/common/controller.cc
index b66a6c8..47ce776 100644
--- a/sandbox/win/tests/common/controller.cc
+++ b/sandbox/win/tests/common/controller.cc
@@ -8,7 +8,7 @@
#include "base/process.h"
#include "base/process_util.h"
-#include "base/sys_string_conversions.h"
+#include "base/strings/sys_string_conversions.h"
#include "base/win/windows_version.h"
#include "sandbox/win/src/sandbox_factory.h"
diff --git a/sandbox/win/wow_helper/service64_resolver.cc b/sandbox/win/wow_helper/service64_resolver.cc
index fe8a210..033b9d7 100644
--- a/sandbox/win/wow_helper/service64_resolver.cc
+++ b/sandbox/win/wow_helper/service64_resolver.cc
@@ -210,7 +210,7 @@
return ret;
size_t thunk_bytes = GetThunkSize();
- scoped_array<char> thunk_buffer(new char[thunk_bytes]);
+ scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]);
ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
thunk_buffer.get());