Mac sandbox: don't use protobuf for policy serialization
This change replaces protobuf with a custom serialization routine.
Some of the utilities for encoding ints and blobs are lifted from
IndexedDB code.
The change also:
- deletes CompileAndApplyProfile, which was only used in unit tests.
The tests are updated to verify production code instead, so test
coverage is better.
- Renames SandboxCompiler to SandboxSerializer. This is more
accurate as "compiling" is a separate step provided by Mac system
utilities.
- Co-locates all serialization and de-serialization code in
SandboxSerializer, making it easier to understand and, if
desired, modify. Previously, these steps were spread across
SandboxCompiler and sandbox_exec.cc.
Bug: 328417294
Change-Id: I41bdffdb5331a0bfd979942b079fe5dd3670fe53
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6208630
Reviewed-by: Alex Moshchuk <[email protected]>
Commit-Queue: Evan Stade <[email protected]>
Reviewed-by: Mark Mentovai <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1414452}
diff --git a/content/renderer/sandbox_mac_v2_unittest.mm b/content/renderer/sandbox_mac_v2_unittest.mm
index 7bdf7e6..7734a5ec 100644
--- a/content/renderer/sandbox_mac_v2_unittest.mm
+++ b/content/renderer/sandbox_mac_v2_unittest.mm
@@ -4,7 +4,6 @@
#import <Foundation/Foundation.h>
#import <IOSurface/IOSurface.h>
-
#include <ifaddrs.h>
#include <servers/bootstrap.h>
#include <sys/socket.h>
@@ -24,7 +23,7 @@
#include "base/test/multiprocess_test.h"
#include "base/test/test_timeouts.h"
#include "content/test/test_content_client.h"
-#include "sandbox/mac/sandbox_compiler.h"
+#include "sandbox/mac/sandbox_serializer.h"
#include "sandbox/mac/seatbelt_exec.h"
#include "sandbox/policy/mac/common.sb.h"
#include "sandbox/policy/mac/params.h"
@@ -35,47 +34,50 @@
namespace content {
+using sandbox::SandboxSerializer;
+
namespace {
-void SetParametersForTest(sandbox::SandboxCompiler* compiler,
+void SetParametersForTest(SandboxSerializer* serializer,
const base::FilePath& logging_path,
const base::FilePath& executable_path,
bool use_syscall_filter) {
bool enable_logging = true;
- CHECK(compiler->SetBooleanParameter(sandbox::policy::kParamEnableLogging,
- enable_logging));
- CHECK(compiler->SetBooleanParameter(
+ CHECK(serializer->SetBooleanParameter(sandbox::policy::kParamEnableLogging,
+ enable_logging));
+ CHECK(serializer->SetBooleanParameter(
sandbox::policy::kParamDisableSandboxDenialLogging, !enable_logging));
std::string homedir =
sandbox::policy::GetCanonicalPath(base::GetHomeDir()).value();
- CHECK(
- compiler->SetParameter(sandbox::policy::kParamHomedirAsLiteral, homedir));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamHomedirAsLiteral,
+ homedir));
int32_t major_version, minor_version, bugfix_version;
base::SysInfo::OperatingSystemVersionNumbers(&major_version, &minor_version,
&bugfix_version);
int32_t os_version = (major_version * 100) + minor_version;
- CHECK(compiler->SetParameter(sandbox::policy::kParamOsVersion,
- base::NumberToString(os_version)));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamOsVersion,
+ base::NumberToString(os_version)));
std::string bundle_path =
sandbox::policy::GetCanonicalPath(base::apple::MainBundlePath()).value();
- CHECK(compiler->SetParameter(sandbox::policy::kParamBundlePath, bundle_path));
+ CHECK(
+ serializer->SetParameter(sandbox::policy::kParamBundlePath, bundle_path));
- CHECK(compiler->SetParameter(sandbox::policy::kParamBundleId,
- "com.google.Chrome.test.sandbox"));
- CHECK(compiler->SetParameter(sandbox::policy::kParamBrowserPid,
- base::NumberToString(getpid())));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamBundleId,
+ "com.google.Chrome.test.sandbox"));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamBrowserPid,
+ base::NumberToString(getpid())));
- CHECK(compiler->SetParameter(sandbox::policy::kParamLogFilePath,
- logging_path.value()));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamLogFilePath,
+ logging_path.value()));
- CHECK(compiler->SetParameter(sandbox::policy::kParamExecutablePath,
- executable_path.value()));
+ CHECK(serializer->SetParameter(sandbox::policy::kParamExecutablePath,
+ executable_path.value()));
- CHECK(compiler->SetBooleanParameter(sandbox::policy::kParamFilterSyscalls,
- use_syscall_filter));
+ CHECK(serializer->SetBooleanParameter(sandbox::policy::kParamFilterSyscalls,
+ use_syscall_filter));
}
} // namespace
@@ -93,8 +95,8 @@
const std::string profile =
std::string(sandbox::policy::kSeatbeltPolicyString_common) +
sandbox::policy::kSeatbeltPolicyString_renderer;
- sandbox::SandboxCompiler compiler;
- compiler.SetProfile(profile);
+ SandboxSerializer serializer(SandboxSerializer::Target::kSource);
+ serializer.SetProfile(profile);
// Create the logging file and pass /bin/ls as the executable path.
base::ScopedTempDir temp_dir;
@@ -108,12 +110,12 @@
// TODO(crbug.com/40273168): re-enable syscall filter for this test.
// SandboxV2Test.SandboxProfileTest uses system() which uses a denied syscall,
// which should cause the test to fail.
- SetParametersForTest(&compiler, log_file, exec_file,
+ SetParametersForTest(&serializer, log_file, exec_file,
/*use_syscall_filter=*/false);
- std::string error;
- bool result = compiler.CompileAndApplyProfile(error);
- CHECK(result) << error;
+ std::string error, serialized;
+ CHECK(serializer.SerializePolicy(serialized, error)) << error;
+ CHECK(serializer.ApplySerializedPolicy(serialized));
// Test the properties of the sandbox profile.
constexpr std::string_view log_msg = "logged";
