From 55d109d8891da7fe0f456bb1246b9da8fa9d1ac2 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Wed, 22 Sep 2021 13:03:41 +0000 Subject: [PATCH] extra/chromium to 94.0.4606.54-1 --- .../0001-widevine-support-for-arm.patch | 6 +- ...-bindings-generation-single-threaded.patch | 4 +- ...003-Fix-eu-strip-build-for-newer-GCC.patch | 6 +- extra/chromium/PKGBUILD | 61 +- ...dd-a-TODO-about-a-missing-pnacl-flag.patch | 28 + extra/chromium/chromium-94-ffmpeg-roll.patch | 49 + extra/chromium/chromium-harfbuzz-3.0.0.patch | 20 - .../linux-sandbox-fix-fstatat-crash.patch | 348 ----- ...yscall-broker-use-struct-kernel_stat.patch | 1384 ----------------- extra/chromium/skia-harfbuzz-3.0.0.patch | 100 -- ...expire-accelerated-video-decode-flag.patch | 11 + .../chromium/use-ffile-compilation-dir.patch | 65 + 12 files changed, 192 insertions(+), 1890 deletions(-) create mode 100644 extra/chromium/add-a-TODO-about-a-missing-pnacl-flag.patch create mode 100644 extra/chromium/chromium-94-ffmpeg-roll.patch delete mode 100644 extra/chromium/chromium-harfbuzz-3.0.0.patch delete mode 100644 extra/chromium/linux-sandbox-fix-fstatat-crash.patch delete mode 100644 extra/chromium/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch delete mode 100644 extra/chromium/skia-harfbuzz-3.0.0.patch create mode 100644 extra/chromium/unexpire-accelerated-video-decode-flag.patch create mode 100644 extra/chromium/use-ffile-compilation-dir.patch diff --git a/extra/chromium/0001-widevine-support-for-arm.patch b/extra/chromium/0001-widevine-support-for-arm.patch index 8871b2bb1..fc0d16179 100644 --- a/extra/chromium/0001-widevine-support-for-arm.patch +++ b/extra/chromium/0001-widevine-support-for-arm.patch @@ -1,4 +1,4 @@ -From 0ef073143173be99aba48602e78dcb8a602a665f Mon Sep 17 00:00:00 2001 +From bf98ba5c122134948dd5da3bb18cdc7e7761023d Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Thu, 18 Feb 2021 19:35:58 -0700 Subject: [PATCH 1/3] widevine support for arm @@ -8,10 +8,10 @@ Subject: [PATCH 1/3] widevine support for arm 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni -index 21fdc870cecf..67aa6c2d2754 100644 +index 1a833ae57589c..42164ca5416eb 100644 --- a/third_party/widevine/cdm/widevine.gni +++ b/third_party/widevine/cdm/widevine.gni -@@ -26,7 +26,7 @@ if (is_chromeos_ash && !is_chromeos_device) { +@@ -26,7 +26,7 @@ if (is_chromeos && !is_chromeos_device) { library_widevine_cdm_available = (is_chromeos_ash && (target_cpu == "x64" || target_cpu == "arm")) || ((target_os == "linux" || is_chromeos_lacros) && diff --git a/extra/chromium/0002-Run-blink-bindings-generation-single-threaded.patch b/extra/chromium/0002-Run-blink-bindings-generation-single-threaded.patch index dff7c1c23..5a543730e 100644 --- a/extra/chromium/0002-Run-blink-bindings-generation-single-threaded.patch +++ b/extra/chromium/0002-Run-blink-bindings-generation-single-threaded.patch @@ -1,4 +1,4 @@ -From bc1c3e2b3b429d09bc3170b7ee06c599373d6270 Mon Sep 17 00:00:00 2001 +From 4165b45646bca0977b80e0aa7b7645fbb70e654f Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Tue, 2 Feb 2021 13:58:59 -0700 Subject: [PATCH 2/3] Run blink bindings generation single threaded @@ -9,7 +9,7 @@ When not single threaded this process will eat all the RAM. 1 file changed, 1 insertion(+) diff --git a/third_party/blink/renderer/bindings/BUILD.gn b/third_party/blink/renderer/bindings/BUILD.gn -index 30017570a139..f88e5906f23f 100644 +index 30017570a1391..f88e5906f23f4 100644 --- a/third_party/blink/renderer/bindings/BUILD.gn +++ b/third_party/blink/renderer/bindings/BUILD.gn @@ -148,6 +148,7 @@ template("generate_bindings") { diff --git a/extra/chromium/0003-Fix-eu-strip-build-for-newer-GCC.patch b/extra/chromium/0003-Fix-eu-strip-build-for-newer-GCC.patch index 29ea1eb7d..3da2badea 100644 --- a/extra/chromium/0003-Fix-eu-strip-build-for-newer-GCC.patch +++ b/extra/chromium/0003-Fix-eu-strip-build-for-newer-GCC.patch @@ -1,4 +1,4 @@ -From 662671bbc3173ff64baf8d9e84b2c28f3978ad78 Mon Sep 17 00:00:00 2001 +From 7e18463de3934080ab42a764b453cca010fb929f Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Wed, 21 Jul 2021 21:37:31 -0600 Subject: [PATCH 3/3] Fix eu-strip build for newer GCC @@ -10,7 +10,7 @@ Subject: [PATCH 3/3] Fix eu-strip build for newer GCC create mode 100644 buildtools/third_party/eu-strip/gcc-fixes.patch diff --git a/buildtools/third_party/eu-strip/build.sh b/buildtools/third_party/eu-strip/build.sh -index 86f2b67f6bbd..722ebcf46f06 100755 +index 86f2b67f6bbd1..722ebcf46f061 100755 --- a/buildtools/third_party/eu-strip/build.sh +++ b/buildtools/third_party/eu-strip/build.sh @@ -1,7 +1,7 @@ @@ -32,7 +32,7 @@ index 86f2b67f6bbd..722ebcf46f06 100755 ../configure --enable-maintainer-mode diff --git a/buildtools/third_party/eu-strip/gcc-fixes.patch b/buildtools/third_party/eu-strip/gcc-fixes.patch new file mode 100644 -index 000000000000..fdb84dffd936 +index 0000000000000..fdb84dffd9364 --- /dev/null +++ b/buildtools/third_party/eu-strip/gcc-fixes.patch @@ -0,0 +1,171 @@ diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD index f0874694a..b5591e1b7 100644 --- a/extra/chromium/PKGBUILD +++ b/extra/chromium/PKGBUILD @@ -16,10 +16,10 @@ buildarch=12 highmem=1 pkgname=chromium -pkgver=93.0.4577.82 -pkgrel=2 +pkgver=94.0.4606.54 +pkgrel=1 _launcher_ver=8 -_gcc_patchset=6 +_gcc_patchset=3 pkgdesc="A web browser built for speed, simplicity, and security" arch=('x86_64') url="https://www.chromium.org/Home" @@ -36,31 +36,31 @@ optdepends=('pipewire: WebRTC desktop sharing under Wayland' source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz - linux-sandbox-syscall-broker-use-struct-kernel_stat.patch - linux-sandbox-fix-fstatat-crash.patch replace-blacklist-with-ignorelist.patch + add-a-TODO-about-a-missing-pnacl-flag.patch + use-ffile-compilation-dir.patch sql-make-VirtualCursor-standard-layout-type.patch chromium-93-ffmpeg-4.4.patch - chromium-harfbuzz-3.0.0.patch - skia-harfbuzz-3.0.0.patch + chromium-94-ffmpeg-roll.patch + unexpire-accelerated-video-decode-flag.patch use-oauth2-client-switches-as-default.patch 0001-widevine-support-for-arm.patch 0002-Run-blink-bindings-generation-single-threaded.patch 0003-Fix-eu-strip-build-for-newer-GCC.patch) -sha256sums=('5d66214858fcba11a8f733d7a6fab61ed10e13e7df4ed37e63b66a0370fb2853' +sha256sums=('033d9461e24251b790da17e64471eb22e3dfb09090744d3d0b7b4d0fbd75135d' '213e50f48b67feb4441078d50b0fd431df34323be15be97c55302d3fdac4483a' - 'a44ffd9e25fcbd8b3cc778871890e4da6fe12600ad549c807e1d03f61f0cdf73' - '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3' - '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5' + '22692bddaf2761c6ddf9ff0bc4722972bca4d4c5b2fd3e5dbdac7eb60d914320' 'd3344ba39b8c6ed202334ba7f441c70d81ddf8cdb15af1aa8c16e9a3a75fbb35' + 'd53da216538f2e741a6e048ed103964a91a98e9a3c10c27fdfa34d4692fdc455' + '921010cd8fab5f30be76c68b68c9b39fac9e21f4c4133bb709879592bbdf606e' 'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150' '1a9e074f417f8ffd78bcd6874d8e2e74a239905bf662f76a7755fa40dc476b57' - '7ce947944a139e66774dfc7249bf7c3069f07f83a0f1b2c1a1b14287a7e15928' - 'dae11dec5088eb1b14045d8c9862801a342609c15701d7c371e1caccf46e1ffd' + '56acb6e743d2ab1ed9f3eb01700ade02521769978d03ac43226dec94659b3ace' + '2a97b26c3d6821b15ef4ef1369905c6fa3e9c8da4877eb9af4361452a425290b' 'e393174d7695d0bafed69e868c5fbfecf07aa6969f3b64596d0bae8b067e1711' - '88bece386073d5a2e970eefcd910010bdc5be2107bdad57bbfc005a4091112f6' - '9b385876b5da4e639a1a016213858a514c016cea657a24825223563683dba27f' - 'f574f1d703baf4e39a70bed96aec0e9ebe04a304a3ba355ecaa8a93639c104e9') + 'fa20edc66efbb4d172a028a1851bcbb635372ce56c81c0b434bf4e211a6ca728' + '85c7fd0fc70d3bce1a6949fd1062c6d5bc62507636e50200432cfb7b22cbef47' + '30f670b9ca3e5783aa5029f4d0407cec5f6d5bef7c41303b50b6fb312559bc65') # Possible replacements are listed in build/linux/unbundle/replace_gn_files.py # Keys are the names in the above script; values are the dependencies in Arch @@ -129,28 +129,29 @@ prepare() { # Fix build with older ffmpeg patch -Np1 -i ../chromium-93-ffmpeg-4.4.patch - # Fix build with harfbuzz 3.0.0 - patch -Np1 -i ../chromium-harfbuzz-3.0.0.patch - patch -Np1 -d third_party/skia <../skia-harfbuzz-3.0.0.patch + # Revert change to custom function av_stream_get_first_dts; will need to + # switch to bundled ffmpeg when we're no longer using ffmpeg 4.4 in Arch + # Upstream commit that made first_dts internal causing Chromium to add a + # custom function: https://github.com/FFmpeg/FFmpeg/commit/591b88e6787c4 + # https://crbug.com/1251779 + patch -Rp1 -i ../chromium-94-ffmpeg-roll.patch + + # https://crbug.com/1207478 + patch -Np0 -i ../unexpire-accelerated-video-decode-flag.patch # Revert transition to -fsanitize-ignorelist (needs newer clang) patch -Rp1 -i ../replace-blacklist-with-ignorelist.patch - # Upstream fixes - patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch - patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch + # Revert addition of -ffile-compilation-dir= (needs newer clang) + patch -Rp1 -i ../add-a-TODO-about-a-missing-pnacl-flag.patch + patch -Rp1 -i ../use-ffile-compilation-dir.patch # https://chromium-review.googlesource.com/c/chromium/src/+/2862724 patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch # Fixes for building with libstdc++ instead of libc++ - patch -Np1 -i ../patches/chromium-93-pdfium-include.patch patch -Np1 -i ../patches/chromium-90-ruy-include.patch - patch -Np1 -i ../patches/chromium-93-HashPasswordManager-include.patch - patch -Np1 -i ../patches/chromium-93-BluetoothLowEnergyScanFilter-include.patch - patch -Np1 -i ../patches/chromium-93-ClassProperty-include.patch - patch -Np1 -i ../patches/chromium-93-DevToolsEmbedderMessageDispatcher-include.patch - patch -Np1 -i ../patches/chromium-93-ScopedTestDialogAutoConfirm-include.patch + patch -Np1 -i ../patches/chromium-94-CustomSpaces-include.patch # Link to system tools required by the build mkdir -p third_party/node/linux/node-linux-x64/bin @@ -199,7 +200,7 @@ build() { 'is_cfi=false' 'chrome_pgo_phase=0' 'treat_warnings_as_errors=false' - 'fieldtrial_testing_like_official_build=true' + 'disable_fieldtrial_testing_config=true' 'blink_enable_generated_code_formatting=false' 'ffmpeg_branding="Chrome"' 'proprietary_codecs=true' @@ -279,7 +280,7 @@ package() { libGLESv2.so chromedriver - crashpad_handler + chrome_crashpad_handler ) if [[ -z ${_system_libs[icu]+set} ]]; then diff --git a/extra/chromium/add-a-TODO-about-a-missing-pnacl-flag.patch b/extra/chromium/add-a-TODO-about-a-missing-pnacl-flag.patch new file mode 100644 index 000000000..bfeafeef8 --- /dev/null +++ b/extra/chromium/add-a-TODO-about-a-missing-pnacl-flag.patch @@ -0,0 +1,28 @@ +From 7a23987acb698c2934958cb42a5e7b1cd73fe142 Mon Sep 17 00:00:00 2001 +From: Nico Weber +Date: Tue, 20 Jul 2021 21:54:09 +0000 +Subject: [PATCH] build: Add a TODO about a missing pnacl flag + +Change-Id: I1700d185a23afe4120e14c755782450b1bf89289 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041785 +Commit-Queue: Nico Weber +Commit-Queue: Hans Wennborg +Auto-Submit: Nico Weber +Reviewed-by: Hans Wennborg +Cr-Commit-Position: refs/heads/master@{#903659} +--- + build/config/compiler/BUILD.gn | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index b6e095b705..ef6d1dfc12 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -1217,6 +1217,7 @@ config("compiler_deterministic") { + # we build same files with same compile flag. + # Other paths are already given in relative, no need to normalize them. + if (is_nacl) { ++ # TODO(https://crbug.com/1231236): Use -ffile-compilation-dir= here. + cflags += [ + "-Xclang", + "-fdebug-compilation-dir", diff --git a/extra/chromium/chromium-94-ffmpeg-roll.patch b/extra/chromium/chromium-94-ffmpeg-roll.patch new file mode 100644 index 000000000..68f26364e --- /dev/null +++ b/extra/chromium/chromium-94-ffmpeg-roll.patch @@ -0,0 +1,49 @@ +From b94755e4633045be96ab5e0bdde0db7e16a804bd Mon Sep 17 00:00:00 2001 +From: "liberato@chromium.org" +Date: Fri, 6 Aug 2021 04:25:31 +0000 +Subject: [PATCH] FFmpeg M94 roll. + +Contains DEPS update + chromium-side fixes. + +Bug: 1227259 +Change-Id: I61c5eaa789ea12c17d0cbcbf837435b9cf32479b +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3011889 +Reviewed-by: Thomas Guilbert +Commit-Queue: Frank Liberato +Cr-Commit-Position: refs/heads/master@{#909174} +--- + media/ffmpeg/ffmpeg_common.h | 1 + + media/filters/ffmpeg_demuxer.cc | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/media/ffmpeg/ffmpeg_common.h b/media/ffmpeg/ffmpeg_common.h +index cede8ac5a7..97d6307e28 100644 +--- a/media/ffmpeg/ffmpeg_common.h ++++ b/media/ffmpeg/ffmpeg_common.h +@@ -29,6 +29,7 @@ extern "C" { + #include + #include + #include ++#include + #include + #include + #include +diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc +index ac4713b072..605001d935 100644 +--- a/media/filters/ffmpeg_demuxer.cc ++++ b/media/filters/ffmpeg_demuxer.cc +@@ -106,12 +106,12 @@ static base::TimeDelta ExtractStartTime(AVStream* stream) { + + // Next try to use the first DTS value, for codecs where we know PTS == DTS + // (excludes all H26x codecs). The start time must be returned in PTS. +- if (stream->first_dts != kNoFFmpegTimestamp && ++ if (av_stream_get_first_dts(stream) != kNoFFmpegTimestamp && + stream->codecpar->codec_id != AV_CODEC_ID_HEVC && + stream->codecpar->codec_id != AV_CODEC_ID_H264 && + stream->codecpar->codec_id != AV_CODEC_ID_MPEG4) { + const base::TimeDelta first_pts = +- ConvertFromTimeBase(stream->time_base, stream->first_dts); ++ ConvertFromTimeBase(stream->time_base, av_stream_get_first_dts(stream)); + if (first_pts < start_time) + start_time = first_pts; + } diff --git a/extra/chromium/chromium-harfbuzz-3.0.0.patch b/extra/chromium/chromium-harfbuzz-3.0.0.patch deleted file mode 100644 index c7724336b..000000000 --- a/extra/chromium/chromium-harfbuzz-3.0.0.patch +++ /dev/null @@ -1,20 +0,0 @@ -# https://github.com/chromium/chromium/commit/b289f6f3fcbc - -diff --git a/components/paint_preview/common/subset_font.cc b/components/paint_preview/common/subset_font.cc -index 8ff0540d9a..20a7d37474 100644 ---- a/components/paint_preview/common/subset_font.cc -+++ b/components/paint_preview/common/subset_font.cc -@@ -72,9 +72,11 @@ sk_sp SubsetFont(SkTypeface* typeface, const GlyphUsage& usage) { - hb_set_t* glyphs = - hb_subset_input_glyph_set(input.get()); // Owned by |input|. - usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs))); -- hb_subset_input_set_retain_gids(input.get(), true); -+ hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS); - -- HbScoped subset_face(hb_subset(face.get(), input.get())); -+ HbScoped subset_face(hb_subset_or_fail(face.get(), input.get())); -+ if (!subset_face) -+ return nullptr; - HbScoped subset_blob(hb_face_reference_blob(subset_face.get())); - if (!subset_blob) - return nullptr; diff --git a/extra/chromium/linux-sandbox-fix-fstatat-crash.patch b/extra/chromium/linux-sandbox-fix-fstatat-crash.patch deleted file mode 100644 index 899e48e69..000000000 --- a/extra/chromium/linux-sandbox-fix-fstatat-crash.patch +++ /dev/null @@ -1,348 +0,0 @@ -From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001 -From: Matthew Denton -Date: Wed, 21 Jul 2021 12:55:11 +0000 -Subject: [PATCH] Linux sandbox: fix fstatat() crash - -This is a reland of https://crrev.com/c/2801873. - -Glibc has started rewriting fstat(fd, stat_buf) to -fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when -AT_EMPTY_PATH is specified, and the second argument is an empty string, -then fstatat just performs an fstat on fd like normal. - -Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like -with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0); -The baseline policy needs to prevent this usage of fstatat() since it -doesn't allow access to arbitrary pathnames. - -Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is -simply ignored by current kernels. - -This means fstatat() is completely unsandboxable with seccomp, since -we *need* to verify that the second argument is the empty string, but -we can't dereference pointers in seccomp (due to limitations of BPF, -and the difficulty of addressing these limitations due to TOCTOU -issues). - -So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall. -The signal handler, which runs in the sandboxed process, checks for -AT_EMPTY_PATH and the empty string, and then rewrites any applicable -fstatat() back into the old-style fstat(). - -Bug: 1164975 -Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291 -Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179 -Reviewed-by: Robert Sesek -Commit-Queue: Matthew Denton -Cr-Commit-Position: refs/heads/master@{#903873} ---- - .../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++ - .../baseline_policy_unittest.cc | 17 ++++++++++++- - .../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++ - .../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++ - .../linux/syscall_broker/broker_process.cc | 21 ++++++++++------ - .../syscall_broker/broker_process_unittest.cc | 18 ++++++------- - sandbox/linux/system_headers/linux_stat.h | 4 +++ - 7 files changed, 89 insertions(+), 18 deletions(-) - -diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -index f2a60bb4d7..9df0d2dbd3 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -@@ -20,6 +20,7 @@ - #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" - #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" - #include "sandbox/linux/services/syscall_wrappers.h" -+#include "sandbox/linux/system_headers/linux_stat.h" - #include "sandbox/linux/system_headers/linux_syscalls.h" - - #if !defined(SO_PEEK_OFF) -@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, - return Allow(); - } - -+ // The fstatat syscalls are file system syscalls, which will be denied below -+ // with fs_denied_errno. However some allowed fstat syscalls are rewritten by -+ // libc implementations to fstatat syscalls, and we need to rewrite them back. -+ if (sysno == __NR_fstatat_default) { -+ return RewriteFstatatSIGSYS(fs_denied_errno); -+ } -+ - if (SyscallSets::IsFileSystem(sysno) || - SyscallSets::IsCurrentDirectory(sysno)) { - return Error(fs_denied_errno); -diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -index 68c29b564b..57d307e09d 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -@@ -51,7 +51,8 @@ namespace sandbox { - - namespace { - --// This also tests that read(), write() and fstat() are allowed. -+// This also tests that read(), write(), fstat(), and fstatat(.., "", .., -+// AT_EMPTY_PATH) are allowed. - void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) { - BPF_ASSERT_LE(0, read_end.get()); - BPF_ASSERT_LE(0, write_end.get()); -@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) { - BPF_ASSERT_EQ(0, sys_ret); - BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode)); - -+ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH); -+ BPF_ASSERT_EQ(0, sys_ret); -+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode)); -+ -+ // Make sure fstatat with anything other than an empty string is denied. -+ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH); -+ BPF_ASSERT_EQ(sys_ret, -1); -+ BPF_ASSERT_EQ(EPERM, errno); -+ -+ // Make sure fstatat without AT_EMPTY_PATH is denied. -+ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0); -+ BPF_ASSERT_EQ(sys_ret, -1); -+ BPF_ASSERT_EQ(EPERM, errno); -+ - const ssize_t kTestTransferSize = 4; - static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'}; - ssize_t transfered = 0; -diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc -index 64edbd68bd..71068a0452 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc -@@ -6,6 +6,7 @@ - - #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" - -+#include - #include - #include - #include -@@ -22,6 +23,7 @@ - #include "sandbox/linux/seccomp-bpf/syscall.h" - #include "sandbox/linux/services/syscall_wrappers.h" - #include "sandbox/linux/system_headers/linux_seccomp.h" -+#include "sandbox/linux/system_headers/linux_stat.h" - #include "sandbox/linux/system_headers/linux_syscalls.h" - - #if defined(__mips__) -@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args, - return -ENOSYS; - } - -+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, -+ void* fs_denied_errno) { -+ if (args.nr == __NR_fstatat_default) { -+ if (*reinterpret_cast(args.args[1]) == '\0' && -+ args.args[3] == static_cast(AT_EMPTY_PATH)) { -+ return syscall(__NR_fstat_default, static_cast(args.args[0]), -+ reinterpret_cast(args.args[2])); -+ } -+ return -reinterpret_cast(fs_denied_errno); -+ } -+ -+ CrashSIGSYS_Handler(args, fs_denied_errno); -+ -+ // Should never be reached. -+ RAW_CHECK(false); -+ return -ENOSYS; -+} -+ - bpf_dsl::ResultExpr CrashSIGSYS() { - return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); - } -@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() { - return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); - } - -+bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) { -+ return bpf_dsl::Trap(SIGSYSFstatatHandler, -+ reinterpret_cast(fs_denied_errno)); -+} -+ - void AllocateCrashKeys() { - #if !defined(OS_NACL_NONSFI) - if (seccomp_crash_key) -diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h -index 7a958b93b2..8cd735ce15 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h -+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h -@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args, - // sched_setparam(), sched_setscheduler() - SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args, - void* aux); -+// If the fstatat() syscall is functionally equivalent to an fstat() syscall, -+// then rewrite the syscall to the equivalent fstat() syscall which can be -+// adequately sandboxed. -+// If the fstatat() is not functionally equivalent to an fstat() syscall, we -+// fail with -fs_denied_errno. -+// If the syscall is not an fstatat() at all, crash in the same way as -+// CrashSIGSYS_Handler. -+// This is necessary because glibc and musl have started rewriting fstat(fd, -+// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter -+// back to the former, which is actually sandboxable. -+SANDBOX_EXPORT intptr_t -+SIGSYSFstatatHandler(const struct arch_seccomp_data& args, -+ void* fs_denied_errno); - - // Variants of the above functions for use with bpf_dsl. - SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS(); -@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill(); - SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex(); - SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace(); - SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS(); -+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno); - - // Allocates a crash key so that Seccomp information can be recorded. - void AllocateCrashKeys(); -diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc -index c2176eb785..e9dad37485 100644 ---- a/sandbox/linux/syscall_broker/broker_process.cc -+++ b/sandbox/linux/syscall_broker/broker_process.cc -@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const { - } - - bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const { -+ // The syscalls unavailable on aarch64 are all blocked by Android's default -+ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX() -+ // with a corresponding XXat() versions are typically unavailable in aarch64 -+ // and are default disabled in Android. So, we should refuse to broker them -+ // to be consistent with the platform's restrictions. - switch (sysno) { --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_access: - #endif - case __NR_faccessat: - return !fast_check || allowed_command_set_.test(COMMAND_ACCESS); - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_mkdir: - #endif - case __NR_mkdirat: - return !fast_check || allowed_command_set_.test(COMMAND_MKDIR); - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_open: - #endif - case __NR_openat: - return !fast_check || allowed_command_set_.test(COMMAND_OPEN); - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_readlink: - #endif - case __NR_readlinkat: - return !fast_check || allowed_command_set_.test(COMMAND_READLINK); - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_rename: - #endif - case __NR_renameat: - case __NR_renameat2: - return !fast_check || allowed_command_set_.test(COMMAND_RENAME); - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_rmdir: - return !fast_check || allowed_command_set_.test(COMMAND_RMDIR); - #endif - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_stat: - case __NR_lstat: - #endif -@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const { - return !fast_check || allowed_command_set_.test(COMMAND_STAT); - #endif - --#if !defined(__aarch64__) -+#if !defined(__aarch64__) && !defined(OS_ANDROID) - case __NR_unlink: - return !fast_check || allowed_command_set_.test(COMMAND_UNLINK); - #endif -diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc -index c65f25a78a..f0db08d84e 100644 ---- a/sandbox/linux/syscall_broker/broker_process_unittest.cc -+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc -@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) { - const base::flat_map> kSysnosForCommand = { - {COMMAND_ACCESS, - {__NR_faccessat, --#if defined(__NR_access) -+#if defined(__NR_access) && !defined(OS_ANDROID) - __NR_access - #endif - }}, - {COMMAND_MKDIR, - {__NR_mkdirat, --#if defined(__NR_mkdir) -+#if defined(__NR_mkdir) && !defined(OS_ANDROID) - __NR_mkdir - #endif - }}, - {COMMAND_OPEN, - {__NR_openat, --#if defined(__NR_open) -+#if defined(__NR_open) && !defined(OS_ANDROID) - __NR_open - #endif - }}, - {COMMAND_READLINK, - {__NR_readlinkat, --#if defined(__NR_readlink) -+#if defined(__NR_readlink) && !defined(OS_ANDROID) - __NR_readlink - #endif - }}, - {COMMAND_RENAME, - {__NR_renameat, --#if defined(__NR_rename) -+#if defined(__NR_rename) && !defined(OS_ANDROID) - __NR_rename - #endif - }}, - {COMMAND_UNLINK, - {__NR_unlinkat, --#if defined(__NR_unlink) -+#if defined(__NR_unlink) && !defined(OS_ANDROID) - __NR_unlink - #endif - }}, - {COMMAND_RMDIR, - {__NR_unlinkat, --#if defined(__NR_rmdir) -+#if defined(__NR_rmdir) && !defined(OS_ANDROID) - __NR_rmdir - #endif - }}, - {COMMAND_STAT, - { --#if defined(__NR_stat) -+#if defined(__NR_stat) && !defined(OS_ANDROID) - __NR_stat, - #endif --#if defined(__NR_lstat) -+#if defined(__NR_lstat) && !defined(OS_ANDROID) - __NR_lstat, - #endif - #if defined(__NR_fstatat) -diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h -index 35788eb22a..83b89efc75 100644 ---- a/sandbox/linux/system_headers/linux_stat.h -+++ b/sandbox/linux/system_headers/linux_stat.h -@@ -157,6 +157,10 @@ struct kernel_stat { - }; - #endif - -+#if !defined(AT_EMPTY_PATH) -+#define AT_EMPTY_PATH 0x1000 -+#endif -+ - // On 32-bit systems, we default to the 64-bit stat struct like libc - // implementations do. Otherwise we default to the normal stat struct which is - // already 64-bit. diff --git a/extra/chromium/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch b/extra/chromium/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch deleted file mode 100644 index 7aa43a7aa..000000000 --- a/extra/chromium/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch +++ /dev/null @@ -1,1384 +0,0 @@ -From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001 -From: Matthew Denton -Date: Mon, 19 Jul 2021 14:03:13 +0000 -Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct - kernel_stat"" - -This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9. - -Reason for revert: reland - -The fix included in the reland is that fstatat64() needs to be -allowed in the broker process's seccomp policy. - -This CL also includes some extra tests that the kernel_stat structures -match the layout the kernel expects. - -Bug: 1164975, 1199431 -Test: trogdor Chromebook successfully boots and allows login. - -Original change's description: -> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat"" -> -> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64. -> -> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431 -> -> Original change's description: -> > Reland "Linux sandbox syscall broker: use struct kernel_stat" -> > -> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c. -> > -> > Original change's description: -> > > Revert "Linux sandbox syscall broker: use struct kernel_stat" -> > > -> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789. -> > > -> > > Reason for revert: Causing failure in -> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests" -> > > See crbug.com/1198480 -> > > -> > > Original change's description: -> > > > Linux sandbox syscall broker: use struct kernel_stat -> > > > -> > > > The struct stat used in libc is different (in size and field ordering) -> > > > from the structure assumed by the Linux kernel. So, when emulating -> > > > system calls, we need to use the struct definition the kernel expects. -> > > > -> > > > This CL adds linux_stat.h that includes definitions of the different -> > > > kernel structs. -> > > > -> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a -> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876 -> > > > Commit-Queue: Matthew Denton -> > > > Reviewed-by: Robert Sesek -> > > > Cr-Commit-Position: refs/heads/master@{#871767} -> > > -> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361 -> > > No-Presubmit: true -> > > No-Tree-Checks: true -> > > No-Try: true -> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812 -> > > Auto-Submit: Victor Vianna -> > > Owners-Override: Victor Vianna -> > > Commit-Queue: Rubber Stamper -> > > Bot-Commit: Rubber Stamper -> > > Cr-Commit-Position: refs/heads/master@{#871882} -> > -> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4 -> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115 -> > Auto-Submit: Matthew Denton -> > Commit-Queue: Matthew Denton -> > Reviewed-by: Robert Sesek -> > Cr-Commit-Position: refs/heads/master@{#872812} -> -> Fixed: 1199431 -> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098 -> No-Presubmit: true -> No-Tree-Checks: true -> No-Try: true -> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459 -> Auto-Submit: Kyle Horimoto -> Commit-Queue: Matthew Denton -> Commit-Queue: Kinuko Yasuda -> Reviewed-by: Matthew Denton -> Reviewed-by: Kinuko Yasuda -> Owners-Override: Kinuko Yasuda -> Cr-Commit-Position: refs/heads/master@{#873173} - -Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7 -Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936 -Reviewed-by: Robert Sesek -Commit-Queue: Matthew Denton -Cr-Commit-Position: refs/heads/master@{#902981} ---- - sandbox/linux/BUILD.gn | 1 + - .../seccomp_broker_process_unittest.cc | 40 +++- - sandbox/linux/seccomp-bpf-helpers/DEPS | 1 - - ...scall_parameters_restrictions_unittests.cc | 4 - - sandbox/linux/services/syscall_wrappers.cc | 50 ++++- - sandbox/linux/services/syscall_wrappers.h | 15 ++ - .../services/syscall_wrappers_unittest.cc | 129 +++++++++++- - sandbox/linux/syscall_broker/DEPS | 3 +- - sandbox/linux/syscall_broker/broker_client.cc | 4 +- - sandbox/linux/syscall_broker/broker_client.h | 4 +- - sandbox/linux/syscall_broker/broker_host.cc | 23 ++- - .../syscall_broker/broker_process_unittest.cc | 74 +++---- - .../remote_syscall_arg_handler_unittest.cc | 36 ++-- - .../syscall_broker/syscall_dispatcher.cc | 67 ++++--- - .../linux/syscall_broker/syscall_dispatcher.h | 27 ++- - sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++ - sandbox/linux/system_headers/linux_time.h | 26 +++ - sandbox/linux/tests/test_utils.cc | 15 ++ - sandbox/linux/tests/test_utils.h | 2 + - .../policy/linux/bpf_broker_policy_linux.cc | 4 +- - 20 files changed, 595 insertions(+), 118 deletions(-) - create mode 100644 sandbox/linux/system_headers/linux_stat.h - -diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn -index 2f778dd0bc..ccbbc91716 100644 ---- a/sandbox/linux/BUILD.gn -+++ b/sandbox/linux/BUILD.gn -@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") { - "system_headers/linux_ptrace.h", - "system_headers/linux_seccomp.h", - "system_headers/linux_signal.h", -+ "system_headers/linux_stat.h", - "system_headers/linux_syscalls.h", - "system_headers/linux_time.h", - "system_headers/linux_ucontext.h", -diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc -index 9da9c68911..8a941983b1 100644 ---- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc -+++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc -@@ -34,6 +34,7 @@ - #include "sandbox/linux/syscall_broker/broker_file_permission.h" - #include "sandbox/linux/syscall_broker/broker_process.h" - #include "sandbox/linux/system_headers/linux_seccomp.h" -+#include "sandbox/linux/system_headers/linux_stat.h" - #include "sandbox/linux/system_headers/linux_syscalls.h" - #include "sandbox/linux/tests/scoped_temporary_file.h" - #include "sandbox/linux/tests/test_utils.h" -@@ -202,6 +203,26 @@ namespace { - // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc - // and musl up to 4096. - const int kFakeErrnoSentinel = 254; -+ -+void ConvertKernelStatToLibcStat(default_stat_struct& in_stat, -+ struct stat& out_stat) { -+ out_stat.st_dev = in_stat.st_dev; -+ out_stat.st_ino = in_stat.st_ino; -+ out_stat.st_mode = in_stat.st_mode; -+ out_stat.st_nlink = in_stat.st_nlink; -+ out_stat.st_uid = in_stat.st_uid; -+ out_stat.st_gid = in_stat.st_gid; -+ out_stat.st_rdev = in_stat.st_rdev; -+ out_stat.st_size = in_stat.st_size; -+ out_stat.st_blksize = in_stat.st_blksize; -+ out_stat.st_blocks = in_stat.st_blocks; -+ out_stat.st_atim.tv_sec = in_stat.st_atime_; -+ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_; -+ out_stat.st_mtim.tv_sec = in_stat.st_mtime_; -+ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_; -+ out_stat.st_ctim.tv_sec = in_stat.st_ctime_; -+ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_; -+} - } // namespace - - // There are a variety of ways to make syscalls in a sandboxed process. One is -@@ -217,6 +238,10 @@ class Syscaller { - - virtual int Open(const char* filepath, int flags) = 0; - virtual int Access(const char* filepath, int mode) = 0; -+ // NOTE: we use struct stat instead of default_stat_struct, to make the libc -+ // syscaller simpler. Copying from default_stat_struct (the structure returned -+ // from a stat sycall) to struct stat (the structure exposed by a libc to its -+ // users) is simpler than going in the opposite direction. - virtual int Stat(const char* filepath, - bool follow_links, - struct stat* statbuf) = 0; -@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller { - int Stat(const char* filepath, - bool follow_links, - struct stat* statbuf) override { -- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links, -- statbuf); -+ default_stat_struct buf; -+ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting( -+ filepath, follow_links, &buf); -+ if (ret >= 0) -+ ConvertKernelStatToLibcStat(buf, *statbuf); -+ return ret; - } - - int Rename(const char* oldpath, const char* newpath) override { -@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller { - int Stat(const char* filepath, - bool follow_links, - struct stat* statbuf) override { -- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf) -- : syscall(__NR_lstat, filepath, statbuf); -+ struct kernel_stat buf; -+ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf, -+ follow_links ? 0 : AT_SYMLINK_NOFOLLOW); - if (ret < 0) - return -errno; -+ -+ ConvertKernelStatToLibcStat(buf, *statbuf); - return ret; - } - -diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS -index 4419fd1da3..95d1bb6cbb 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/DEPS -+++ b/sandbox/linux/seccomp-bpf-helpers/DEPS -@@ -3,5 +3,4 @@ include_rules = [ - "+sandbox/linux/seccomp-bpf", - "+sandbox/linux/services", - "+sandbox/linux/system_headers", -- "+third_party/lss/linux_syscall_support.h", - ] -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc -index 903e702eab..76c393032c 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc -@@ -37,10 +37,6 @@ - #include "sandbox/linux/system_headers/linux_time.h" - #include "sandbox/linux/tests/unit_tests.h" - --#if !defined(OS_ANDROID) --#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK --#endif -- - namespace sandbox { - - namespace { -diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc -index fcfd2aa129..3bec18a14e 100644 ---- a/sandbox/linux/services/syscall_wrappers.cc -+++ b/sandbox/linux/services/syscall_wrappers.cc -@@ -4,6 +4,7 @@ - - #include "sandbox/linux/services/syscall_wrappers.h" - -+#include - #include - #include - #include -@@ -14,11 +15,13 @@ - #include - #include - -+#include "base/check.h" - #include "base/compiler_specific.h" - #include "base/logging.h" - #include "build/build_config.h" - #include "sandbox/linux/system_headers/capability.h" - #include "sandbox/linux/system_headers/linux_signal.h" -+#include "sandbox/linux/system_headers/linux_stat.h" - #include "sandbox/linux/system_headers/linux_syscalls.h" - - namespace sandbox { -@@ -217,7 +220,7 @@ asm( - #undef STR - #undef XSTR - --#endif -+#endif // defined(ARCH_CPU_X86_FAMILY) - - int sys_sigaction(int signum, - const struct sigaction* act, -@@ -241,7 +244,7 @@ int sys_sigaction(int signum, - #error "Unsupported architecture." - #endif - } --#endif -+#endif // defined(ARCH_CPU_X86_FAMILY) - } - - LinuxSigAction linux_oldact = {}; -@@ -259,6 +262,47 @@ int sys_sigaction(int signum, - return result; - } - --#endif // defined(MEMORY_SANITIZER) -+#endif // !defined(OS_NACL_NONSFI) -+ -+int sys_stat(const char* path, struct kernel_stat* stat_buf) { -+ int res; -+#if !defined(__NR_stat) -+ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0); -+#else -+ res = syscall(__NR_stat, path, stat_buf); -+#endif -+ if (res == 0) -+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf)); -+ return res; -+} -+ -+int sys_lstat(const char* path, struct kernel_stat* stat_buf) { -+ int res; -+#if !defined(__NR_lstat) -+ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW); -+#else -+ res = syscall(__NR_lstat, path, stat_buf); -+#endif -+ if (res == 0) -+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf)); -+ return res; -+} -+ -+int sys_fstatat64(int dirfd, -+ const char* pathname, -+ struct kernel_stat64* stat_buf, -+ int flags) { -+#if defined(__NR_fstatat64) -+ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags); -+ if (res == 0) -+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf)); -+ return res; -+#else // defined(__NR_fstatat64) -+ // We should not reach here on 64-bit systems, as the *stat*64() are only -+ // necessary on 32-bit. -+ RAW_CHECK(false); -+ return -ENOSYS; -+#endif -+} - - } // namespace sandbox -diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h -index 1975bfbd88..b55340e4a2 100644 ---- a/sandbox/linux/services/syscall_wrappers.h -+++ b/sandbox/linux/services/syscall_wrappers.h -@@ -17,6 +17,8 @@ struct sock_fprog; - struct rlimit64; - struct cap_hdr; - struct cap_data; -+struct kernel_stat; -+struct kernel_stat64; - - namespace sandbox { - -@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum, - const struct sigaction* act, - struct sigaction* oldact); - -+// Some architectures do not have stat() and lstat() syscalls. In that case, -+// these wrappers will use newfstatat(), which is available on all other -+// architectures, with the same capabilities as stat() and lstat(). -+SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf); -+SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf); -+ -+// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is -+// not a supported syscall on the current platform. -+SANDBOX_EXPORT int sys_fstatat64(int dirfd, -+ const char* pathname, -+ struct kernel_stat64* stat_buf, -+ int flags); -+ - } // namespace sandbox - - #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ -diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc -index 32820f60a8..64b9cea80f 100644 ---- a/sandbox/linux/services/syscall_wrappers_unittest.cc -+++ b/sandbox/linux/services/syscall_wrappers_unittest.cc -@@ -5,15 +5,19 @@ - #include "sandbox/linux/services/syscall_wrappers.h" - - #include -+#include - #include - #include - #include - #include --#include - -+#include "base/logging.h" -+#include "base/memory/page_size.h" - #include "base/posix/eintr_wrapper.h" - #include "build/build_config.h" - #include "sandbox/linux/system_headers/linux_signal.h" -+#include "sandbox/linux/system_headers/linux_stat.h" -+#include "sandbox/linux/tests/scoped_temporary_file.h" - #include "sandbox/linux/tests/test_utils.h" - #include "sandbox/linux/tests/unit_tests.h" - #include "testing/gtest/include/gtest/gtest.h" -@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) { - linux_sigset); - } - -+TEST(SyscallWrappers, Stat) { -+ // Create a file to stat, with 12 bytes of data. -+ ScopedTemporaryFile tmp_file; -+ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12)); -+ -+ // To test we have the correct stat structures for each kernel/platform, we -+ // will right-align them on a page, with a guard page after. -+ char* two_pages = static_cast(TestUtils::MapPagesOrDie(2)); -+ TestUtils::MprotectLastPageOrDie(two_pages, 2); -+ char* page1_end = two_pages + base::GetPageSize(); -+ -+ // First, check that calling stat with |stat_buf| pointing to the last byte on -+ // a page causes EFAULT. -+ int res = sys_stat(tmp_file.full_file_name(), -+ reinterpret_cast(page1_end - 1)); -+ ASSERT_EQ(res, -1); -+ ASSERT_EQ(errno, EFAULT); -+ -+ // Now, check that we have the correctly sized stat structure. -+ struct kernel_stat* sb = reinterpret_cast( -+ page1_end - sizeof(struct kernel_stat)); -+ // Memset to c's so we can check the kernel zero'd the padding... -+ memset(sb, 'c', sizeof(struct kernel_stat)); -+ res = sys_stat(tmp_file.full_file_name(), sb); -+ ASSERT_EQ(res, 0); -+ -+ // Following fields may never be consistent but should be non-zero. -+ // Don't trust the platform to define fields with any particular sign. -+ EXPECT_NE(0u, static_cast(sb->st_dev)); -+ EXPECT_NE(0u, static_cast(sb->st_ino)); -+ EXPECT_NE(0u, static_cast(sb->st_mode)); -+ EXPECT_NE(0u, static_cast(sb->st_blksize)); -+ EXPECT_NE(0u, static_cast(sb->st_blocks)); -+ -+// We are the ones that made the file. -+// Note: normally gid and uid overflow on backwards-compatible 32-bit systems -+// and we end up with dummy uids and gids in place here. -+#if defined(ARCH_CPU_64_BITS) -+ EXPECT_EQ(geteuid(), sb->st_uid); -+ EXPECT_EQ(getegid(), sb->st_gid); -+#endif -+ -+ // Wrote 12 bytes above which should fit in one block. -+ EXPECT_EQ(12u, sb->st_size); -+ -+ // Can't go backwards in time, 1500000000 was some time ago. -+ EXPECT_LT(1500000000u, static_cast(sb->st_atime_)); -+ EXPECT_LT(1500000000u, static_cast(sb->st_mtime_)); -+ EXPECT_LT(1500000000u, static_cast(sb->st_ctime_)); -+ -+ // Checking the padding for good measure. -+#if defined(__x86_64__) -+ EXPECT_EQ(0u, sb->__pad0); -+ EXPECT_EQ(0u, sb->__unused4[0]); -+ EXPECT_EQ(0u, sb->__unused4[1]); -+ EXPECT_EQ(0u, sb->__unused4[2]); -+#elif defined(__aarch64__) -+ EXPECT_EQ(0u, sb->__pad1); -+ EXPECT_EQ(0, sb->__pad2); -+ EXPECT_EQ(0u, sb->__unused4); -+ EXPECT_EQ(0u, sb->__unused5); -+#endif -+} -+ -+TEST(SyscallWrappers, LStat) { -+ // Create a file to stat, with 12 bytes of data. -+ ScopedTemporaryFile tmp_file; -+ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12)); -+ -+ // Also create a symlink. -+ std::string symlink_name; -+ { -+ ScopedTemporaryFile tmp_file2; -+ symlink_name = tmp_file2.full_file_name(); -+ } -+ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str()); -+ if (rc != 0) { -+ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target " -+ << tmp_file.full_file_name(); -+ GTEST_FAIL(); -+ } -+ -+ struct kernel_stat lstat_info; -+ rc = sys_lstat(symlink_name.c_str(), &lstat_info); -+ if (rc < 0 && errno == EOVERFLOW) { -+ GTEST_SKIP(); -+ } -+ if (rc != 0) { -+ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name; -+ GTEST_FAIL(); -+ } -+ -+ struct kernel_stat stat_info; -+ rc = sys_stat(symlink_name.c_str(), &stat_info); -+ if (rc < 0 && errno == EOVERFLOW) { -+ GTEST_SKIP(); -+ } -+ if (rc != 0) { -+ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name; -+ GTEST_FAIL(); -+ } -+ -+ struct kernel_stat tmp_file_stat_info; -+ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info); -+ if (rc < 0 && errno == EOVERFLOW) { -+ GTEST_SKIP(); -+ } -+ if (rc != 0) { -+ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name(); -+ GTEST_FAIL(); -+ } -+ -+ // lstat should produce information about a symlink. -+ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode)); -+ -+ // stat-ing symlink_name and tmp_file should produce the same inode. -+ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino); -+ -+ // lstat-ing symlink_name should give a different inode than stat-ing -+ // symlink_name. -+ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino); -+} -+ - } // namespace - - } // namespace sandbox -diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS -index c477f7d363..149c463b06 100644 ---- a/sandbox/linux/syscall_broker/DEPS -+++ b/sandbox/linux/syscall_broker/DEPS -@@ -1,4 +1,5 @@ - include_rules = [ -- "+sandbox/linux/system_headers", - "+sandbox/linux/bpf_dsl", -+ "+sandbox/linux/services", -+ "+sandbox/linux/system_headers", - ] -diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc -index 6b1b5be433..e24f659fcf 100644 ---- a/sandbox/linux/syscall_broker/broker_client.cc -+++ b/sandbox/linux/syscall_broker/broker_client.cc -@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const { - - int BrokerClient::Stat(const char* pathname, - bool follow_links, -- struct stat* sb) const { -+ struct kernel_stat* sb) const { - if (!pathname || !sb) - return -EFAULT; - -@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname, - - int BrokerClient::Stat64(const char* pathname, - bool follow_links, -- struct stat64* sb) const { -+ struct kernel_stat64* sb) const { - if (!pathname || !sb) - return -EFAULT; - -diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h -index 05e14c83f2..26ca78101c 100644 ---- a/sandbox/linux/syscall_broker/broker_client.h -+++ b/sandbox/linux/syscall_broker/broker_client.h -@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher { - int Rmdir(const char* path) const override; - int Stat(const char* pathname, - bool follow_links, -- struct stat* sb) const override; -+ struct kernel_stat* sb) const override; - int Stat64(const char* pathname, - bool follow_links, -- struct stat64* sb) const override; -+ struct kernel_stat64* sb) const override; - int Unlink(const char* unlink) const override; - - private: -diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc -index 1cd03a18df..1cdc01a888 100644 ---- a/sandbox/linux/syscall_broker/broker_host.cc -+++ b/sandbox/linux/syscall_broker/broker_host.cc -@@ -20,9 +20,11 @@ - #include "base/files/scoped_file.h" - #include "base/logging.h" - #include "base/posix/eintr_wrapper.h" -+#include "sandbox/linux/services/syscall_wrappers.h" - #include "sandbox/linux/syscall_broker/broker_command.h" - #include "sandbox/linux/syscall_broker/broker_permission_list.h" - #include "sandbox/linux/syscall_broker/broker_simple_message.h" -+#include "sandbox/linux/system_headers/linux_stat.h" - #include "sandbox/linux/system_headers/linux_syscalls.h" - - namespace sandbox { -@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set, - RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno())); - return; - } -+ - if (command_type == COMMAND_STAT) { -- struct stat sb; -- int sts = -- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb); -+ struct kernel_stat sb; -+ -+ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb) -+ : sandbox::sys_lstat(file_to_access, &sb); - if (sts < 0) { - RAW_CHECK(reply->AddIntToMessage(-errno)); - return; -@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set, - RAW_CHECK( - reply->AddDataToMessage(reinterpret_cast(&sb), sizeof(sb))); - } else { -+#if defined(__NR_fstatat64) - DCHECK(command_type == COMMAND_STAT64); -- struct stat64 sb; -- int sts = follow_links ? stat64(file_to_access, &sb) -- : lstat64(file_to_access, &sb); -+ struct kernel_stat64 sb; -+ -+ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb, -+ follow_links ? 0 : AT_SYMLINK_NOFOLLOW); - if (sts < 0) { - RAW_CHECK(reply->AddIntToMessage(-errno)); - return; -@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set, - RAW_CHECK(reply->AddIntToMessage(0)); - RAW_CHECK( - reply->AddDataToMessage(reinterpret_cast(&sb), sizeof(sb))); -+#else // defined(__NR_fstatat64) -+ // We should not reach here on 64-bit systems, as the *stat*64() are only -+ // necessary on 32-bit. -+ RAW_CHECK(false); -+#endif - } - } - -diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc -index 55ba6bccb2..c65f25a78a 100644 ---- a/sandbox/linux/syscall_broker/broker_process_unittest.cc -+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc -@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - const char* bad_leading_path5 = "/mbogo/fictitioux"; - const char* bad_leading_path6 = "/mbogo/fictitiousa"; - -- struct stat sb; -+ default_stat_struct sb; - - { - // Actual file with permissions to see file but command not allowed. -@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - - memset(&sb, 0, sizeof(sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - tempfile_name, follow_links, &sb)); - } - -@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - - memset(&sb, 0, sizeof(sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - nonesuch_name, follow_links, &sb)); - } - { -@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - - memset(&sb, 0, sizeof(sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - tempfile_name, follow_links, &sb)); - } - { -@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback))); - - memset(&sb, 0, sizeof(sb)); -- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat( -- nonesuch_name, follow_links, &sb)); -+ EXPECT_EQ(-ENOENT, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ nonesuch_name, follow_links, &sb)); - - // Gets denied all the way back to root since no create permission. - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - leading_path1, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - leading_path2, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - leading_path3, follow_links, &sb)); - - // Not fooled by substrings. - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path1, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path2, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path3, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path4, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path5, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path6, follow_links, &sb)); - } - { -@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback))); - - memset(&sb, 0, sizeof(sb)); -- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat( -- nonesuch_name, follow_links, &sb)); -+ EXPECT_EQ(-ENOENT, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ nonesuch_name, follow_links, &sb)); - - // Gets ENOENT all the way back to root since it has create permission. -- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat( -- leading_path1, follow_links, &sb)); -- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat( -- leading_path2, follow_links, &sb)); -+ EXPECT_EQ(-ENOENT, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ leading_path1, follow_links, &sb)); -+ EXPECT_EQ(-ENOENT, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ leading_path2, follow_links, &sb)); - - // But can always get the root. -- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat( -- leading_path3, follow_links, &sb)); -+ EXPECT_EQ(0, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ leading_path3, follow_links, &sb)); - - // Not fooled by substrings. - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path1, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path2, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path3, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path4, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path5, follow_links, &sb)); - EXPECT_EQ(-kFakeErrnoSentinel, -- open_broker.GetBrokerClientSignalBased()->Stat( -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( - bad_leading_path6, follow_links, &sb)); - } - { -@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback))); - - memset(&sb, 0, sizeof(sb)); -- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat( -- tempfile_name, follow_links, &sb)); -+ EXPECT_EQ(0, -+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting( -+ tempfile_name, follow_links, &sb)); - - // Following fields may never be consistent but should be non-zero. - // Don't trust the platform to define fields with any particular sign. -@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) { - EXPECT_EQ(12, sb.st_size); - - // Can't go backwards in time, 1500000000 was some time ago. -- EXPECT_LT(1500000000u, static_cast(sb.st_atime)); -- EXPECT_LT(1500000000u, static_cast(sb.st_mtime)); -- EXPECT_LT(1500000000u, static_cast(sb.st_ctime)); -+ EXPECT_LT(1500000000u, static_cast(sb.st_atime_)); -+ EXPECT_LT(1500000000u, static_cast(sb.st_mtime_)); -+ EXPECT_LT(1500000000u, static_cast(sb.st_ctime_)); - } - } - -diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc -index fffa9bb708..f517a9867c 100644 ---- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc -+++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc -@@ -16,6 +16,7 @@ - #include "base/memory/page_size.h" - #include "base/posix/unix_domain_socket.h" - #include "base/test/bind.h" -+#include "sandbox/linux/tests/test_utils.h" - #include "sandbox/linux/tests/unit_tests.h" - #include "testing/gtest/include/gtest/gtest.h" - -@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) { - } - } - --void* MapPagesOrDie(size_t num_pages) { -- void* addr = mmap(nullptr, num_pages * base::GetPageSize(), -- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); -- PCHECK(addr); -- return addr; --} -- --void MprotectLastPageOrDie(char* addr, size_t num_pages) { -- size_t last_page_offset = (num_pages - 1) * base::GetPageSize(); -- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >= -- 0); --} -- - pid_t ForkWaitingChild(base::OnceCallback - after_parent_signals_callback = base::DoNothing(), - base::ScopedFD* parent_sync_fd = nullptr) { -@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) { - size_t total_pages = (test_config.start_at + test_config.total_size + - base::GetPageSize() - 1) / - base::GetPageSize(); -- char* mmap_addr = static_cast(MapPagesOrDie(total_pages)); -+ char* mmap_addr = static_cast(TestUtils::MapPagesOrDie(total_pages)); - char* addr = mmap_addr + test_config.start_at; - FillBufferWithPath(addr, test_config.total_size, - test_config.include_null_byte); - - if (test_config.last_page_inaccessible) -- MprotectLastPageOrDie(mmap_addr, total_pages); -+ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages); - - pid_t pid = ForkWaitingChild(); - munmap(mmap_addr, base::GetPageSize() * total_pages); -@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) { - } - - SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) { -- void* addr = MapPagesOrDie(1); -+ void* addr = TestUtils::MapPagesOrDie(1); - FillBufferWithPath(static_cast(addr), strlen(kPathPart) + 1, true); - - base::ScopedFD parent_sync, child_sync; -@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) { - } - - SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) { -- void* read_from = MapPagesOrDie(1); -+ void* read_from = TestUtils::MapPagesOrDie(1); - const size_t write_size = base::GetPageSize(); - FillBufferWithPath(static_cast(read_from), write_size, false); -- char* write_to = static_cast(MapPagesOrDie(1)); -+ char* write_to = static_cast(TestUtils::MapPagesOrDie(1)); - base::ScopedFD parent_signal_fd; - const std::vector empty_fd_vec; - -@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) { - } - - SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) { -- char* write_to = static_cast(MapPagesOrDie(1)); -- MprotectLastPageOrDie(write_to, 1); -+ char* write_to = static_cast(TestUtils::MapPagesOrDie(1)); -+ TestUtils::MprotectLastPageOrDie(write_to, 1); - base::ScopedFD parent_signal_fd; - const std::vector empty_fd_vec; - -@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) { - } - - SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) { -- char* read_from = static_cast(MapPagesOrDie(2)); -+ char* read_from = static_cast(TestUtils::MapPagesOrDie(2)); - const size_t write_size = base::GetPageSize(); - FillBufferWithPath(static_cast(read_from), write_size, false); -- char* write_to = static_cast(MapPagesOrDie(2)); -- MprotectLastPageOrDie(write_to, 2); -+ char* write_to = static_cast(TestUtils::MapPagesOrDie(2)); -+ TestUtils::MprotectLastPageOrDie(write_to, 2); - write_to += base::GetPageSize() / 2; - base::ScopedFD parent_signal_fd; - const std::vector empty_fd_vec; -@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) { - } - - SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) { -- char* addr = static_cast(MapPagesOrDie(1)); -+ char* addr = static_cast(TestUtils::MapPagesOrDie(1)); - FillBufferWithPath(static_cast(addr), strlen(kPathPart) + 1, true); - - base::ScopedFD parent_sync, child_sync; -diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc -index b9ee93c14a..8a42397ef8 100644 ---- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc -+++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc -@@ -19,8 +19,18 @@ namespace syscall_broker { - #define BROKER_UNPOISON_STRING(x) - #endif - -+int SyscallDispatcher::DefaultStatForTesting(const char* pathname, -+ bool follow_links, -+ default_stat_struct* sb) { -+#if defined(__NR_fstatat64) -+ return Stat64(pathname, follow_links, sb); -+#elif defined(__NR_newfstatat) -+ return Stat(pathname, follow_links, sb); -+#endif -+} -+ - int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args, -- bool arch64) { -+ bool stat64) { - if (static_cast(args.args[0]) != AT_FDCWD) - return -EPERM; - // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc -@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args, - - const bool follow_links = - !(static_cast(args.args[3]) & AT_SYMLINK_NOFOLLOW); -- if (arch64) { -+ if (stat64) { - return Stat64(reinterpret_cast(args.args[1]), follow_links, -- reinterpret_cast(args.args[2])); -+ reinterpret_cast(args.args[2])); - } - - return Stat(reinterpret_cast(args.args[1]), follow_links, -- reinterpret_cast(args.args[2])); -+ reinterpret_cast(args.args[2])); -+} -+ -+int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) { -+ if (static_cast(args.args[0]) != AT_FDCWD) -+ return -EPERM; -+ -+ int flags = static_cast(args.args[2]); -+ -+ if (flags == AT_REMOVEDIR) { -+ return Rmdir(reinterpret_cast(args.args[1])); -+ } -+ -+ if (flags != 0) -+ return -EPERM; -+ -+ return Unlink(reinterpret_cast(args.args[1])); - } - - int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) { -@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) { - #if defined(__NR_stat) - case __NR_stat: - return Stat(reinterpret_cast(args.args[0]), true, -- reinterpret_cast(args.args[1])); -+ reinterpret_cast(args.args[1])); - #endif - #if defined(__NR_stat64) - case __NR_stat64: - return Stat64(reinterpret_cast(args.args[0]), true, -- reinterpret_cast(args.args[1])); -+ reinterpret_cast(args.args[1])); - #endif - #if defined(__NR_lstat) - case __NR_lstat: - // See https://crbug.com/847096 - BROKER_UNPOISON_STRING(reinterpret_cast(args.args[0])); - return Stat(reinterpret_cast(args.args[0]), false, -- reinterpret_cast(args.args[1])); -+ reinterpret_cast(args.args[1])); - #endif - #if defined(__NR_lstat64) - case __NR_lstat64: - // See https://crbug.com/847096 - BROKER_UNPOISON_STRING(reinterpret_cast(args.args[0])); - return Stat64(reinterpret_cast(args.args[0]), false, -- reinterpret_cast(args.args[1])); --#endif --#if defined(__NR_fstatat) -- case __NR_fstatat: -- return PerformStatat(args, /*arch64=*/false); -+ reinterpret_cast(args.args[1])); - #endif - #if defined(__NR_fstatat64) - case __NR_fstatat64: -- return PerformStatat(args, /*arch64=*/true); -+ return PerformStatat(args, /*stat64=*/true); - #endif - #if defined(__NR_newfstatat) - case __NR_newfstatat: -- return PerformStatat(args, /*arch64=*/false); -+ return PerformStatat(args, /*stat64=*/false); - #endif - #if defined(__NR_unlink) - case __NR_unlink: - return Unlink(reinterpret_cast(args.args[0])); - #endif - #if defined(__NR_unlinkat) -- case __NR_unlinkat: { -- if (static_cast(args.args[0]) != AT_FDCWD) -- return -EPERM; -- -- int flags = static_cast(args.args[2]); -- -- if (flags == AT_REMOVEDIR) { -- return Rmdir(reinterpret_cast(args.args[1])); -- } -- -- if (flags != 0) -- return -EPERM; -- -- return Unlink(reinterpret_cast(args.args[1])); -- } -+ case __NR_unlinkat: -+ return PerformUnlinkat(args); - #endif // defined(__NR_unlinkat) - default: - RAW_CHECK(false); -diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h -index d8b8874ad9..1d6653caf3 100644 ---- a/sandbox/linux/syscall_broker/syscall_dispatcher.h -+++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h -@@ -9,13 +9,15 @@ - #include - - #include "sandbox/linux/system_headers/linux_seccomp.h" -+#include "sandbox/linux/system_headers/linux_stat.h" -+#include "sandbox/sandbox_export.h" - - namespace sandbox { - namespace syscall_broker { - - // An abstract class that defines all the system calls we perform for the - // sandboxed process. --class SyscallDispatcher { -+class SANDBOX_EXPORT SyscallDispatcher { - public: - // Emulates access()/faccessat(). - // X_OK will always return an error in practice since the broker process -@@ -40,19 +42,34 @@ class SyscallDispatcher { - virtual int Rmdir(const char* path) const = 0; - - // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat(). -+ // Stat64 is only available on 32-bit systems. - virtual int Stat(const char* pathname, - bool follow_links, -- struct stat* sb) const = 0; -+ struct kernel_stat* sb) const = 0; - virtual int Stat64(const char* pathname, - bool follow_links, -- struct stat64* sb) const = 0; -+ struct kernel_stat64* sb) const = 0; - - // Emulates unlink()/unlinkat(). - virtual int Unlink(const char* unlink) const = 0; - -+ // Different architectures use a different syscall from the stat family by -+ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct -+ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct -+ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and -+ // should be using the default stat in order to test against glibc. -+ int DefaultStatForTesting(const char* pathname, -+ bool follow_links, -+ default_stat_struct* sb); -+ - // Validates the args passed to a *statat*() syscall and performs the syscall -- // using Stat() or Stat64(). -- int PerformStatat(const arch_seccomp_data& args, bool arch64); -+ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64() -+ // syscalls. -+ int PerformStatat(const arch_seccomp_data& args, bool stat64); -+ -+ // Validates the args passed to an unlinkat() syscall and performs the syscall -+ // using either Unlink() or Rmdir(). -+ int PerformUnlinkat(const arch_seccomp_data& args); - - // Reads the syscall number and arguments, imposes some policy (e.g. the *at() - // system calls must only allow AT_FDCWD as the first argument), and -diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h -new file mode 100644 -index 0000000000..35788eb22a ---- /dev/null -+++ b/sandbox/linux/system_headers/linux_stat.h -@@ -0,0 +1,188 @@ -+// Copyright 2021 The Chromium Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style license that can be -+// found in the LICENSE file. -+ -+#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_ -+#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_ -+ -+#include -+ -+#include "build/build_config.h" -+#include "sandbox/linux/system_headers/linux_syscalls.h" -+ -+#if defined(ARCH_CPU_MIPS_FAMILY) -+#if defined(ARCH_CPU_64_BITS) -+struct kernel_stat { -+#else -+struct kernel_stat64 { -+#endif -+ unsigned st_dev; -+ unsigned __pad0[3]; -+ unsigned long long st_ino; -+ unsigned st_mode; -+ unsigned st_nlink; -+ unsigned st_uid; -+ unsigned st_gid; -+ unsigned st_rdev; -+ unsigned __pad1[3]; -+ long long st_size; -+ unsigned st_atime_; -+ unsigned st_atime_nsec_; -+ unsigned st_mtime_; -+ unsigned st_mtime_nsec_; -+ unsigned st_ctime_; -+ unsigned st_ctime_nsec_; -+ unsigned st_blksize; -+ unsigned __pad2; -+ unsigned long long st_blocks; -+}; -+#else -+struct kernel_stat64 { -+ unsigned long long st_dev; -+ unsigned char __pad0[4]; -+ unsigned __st_ino; -+ unsigned st_mode; -+ unsigned st_nlink; -+ unsigned st_uid; -+ unsigned st_gid; -+ unsigned long long st_rdev; -+ unsigned char __pad3[4]; -+ long long st_size; -+ unsigned st_blksize; -+ unsigned long long st_blocks; -+ unsigned st_atime_; -+ unsigned st_atime_nsec_; -+ unsigned st_mtime_; -+ unsigned st_mtime_nsec_; -+ unsigned st_ctime_; -+ unsigned st_ctime_nsec_; -+ unsigned long long st_ino; -+}; -+#endif -+ -+#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__) -+struct kernel_stat { -+ /* The kernel headers suggest that st_dev and st_rdev should be 32bit -+ * quantities encoding 12bit major and 20bit minor numbers in an interleaved -+ * format. In reality, we do not see useful data in the top bits. So, -+ * we'll leave the padding in here, until we find a better solution. -+ */ -+ unsigned short st_dev; -+ short pad1; -+ unsigned st_ino; -+ unsigned short st_mode; -+ unsigned short st_nlink; -+ unsigned short st_uid; -+ unsigned short st_gid; -+ unsigned short st_rdev; -+ short pad2; -+ unsigned st_size; -+ unsigned st_blksize; -+ unsigned st_blocks; -+ unsigned st_atime_; -+ unsigned st_atime_nsec_; -+ unsigned st_mtime_; -+ unsigned st_mtime_nsec_; -+ unsigned st_ctime_; -+ unsigned st_ctime_nsec_; -+ unsigned __unused4; -+ unsigned __unused5; -+}; -+#elif defined(__x86_64__) -+struct kernel_stat { -+ uint64_t st_dev; -+ uint64_t st_ino; -+ uint64_t st_nlink; -+ unsigned st_mode; -+ unsigned st_uid; -+ unsigned st_gid; -+ unsigned __pad0; -+ uint64_t st_rdev; -+ int64_t st_size; -+ int64_t st_blksize; -+ int64_t st_blocks; -+ uint64_t st_atime_; -+ uint64_t st_atime_nsec_; -+ uint64_t st_mtime_; -+ uint64_t st_mtime_nsec_; -+ uint64_t st_ctime_; -+ uint64_t st_ctime_nsec_; -+ int64_t __unused4[3]; -+}; -+#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) -+struct kernel_stat { -+ unsigned st_dev; -+ int st_pad1[3]; -+ unsigned st_ino; -+ unsigned st_mode; -+ unsigned st_nlink; -+ unsigned st_uid; -+ unsigned st_gid; -+ unsigned st_rdev; -+ int st_pad2[2]; -+ long st_size; -+ int st_pad3; -+ long st_atime_; -+ long st_atime_nsec_; -+ long st_mtime_; -+ long st_mtime_nsec_; -+ long st_ctime_; -+ long st_ctime_nsec_; -+ int st_blksize; -+ int st_blocks; -+ int st_pad4[14]; -+}; -+#elif defined(__aarch64__) -+struct kernel_stat { -+ unsigned long st_dev; -+ unsigned long st_ino; -+ unsigned int st_mode; -+ unsigned int st_nlink; -+ unsigned int st_uid; -+ unsigned int st_gid; -+ unsigned long st_rdev; -+ unsigned long __pad1; -+ long st_size; -+ int st_blksize; -+ int __pad2; -+ long st_blocks; -+ long st_atime_; -+ unsigned long st_atime_nsec_; -+ long st_mtime_; -+ unsigned long st_mtime_nsec_; -+ long st_ctime_; -+ unsigned long st_ctime_nsec_; -+ unsigned int __unused4; -+ unsigned int __unused5; -+}; -+#endif -+ -+// On 32-bit systems, we default to the 64-bit stat struct like libc -+// implementations do. Otherwise we default to the normal stat struct which is -+// already 64-bit. -+// These defines make it easy to call the right syscall to fill out a 64-bit -+// stat struct, which is the default in libc implementations but requires -+// different syscall names on 32 and 64-bit platforms. -+#if defined(__NR_fstatat64) -+ -+namespace sandbox { -+using default_stat_struct = struct kernel_stat64; -+} // namespace sandbox -+ -+#define __NR_fstatat_default __NR_fstatat64 -+#define __NR_fstat_default __NR_fstat64 -+ -+#elif defined(__NR_newfstatat) -+ -+namespace sandbox { -+using default_stat_struct = struct kernel_stat; -+} // namespace sandbox -+ -+#define __NR_fstatat_default __NR_newfstatat -+#define __NR_fstat_default __NR_fstat -+ -+#else -+#error "one of fstatat64 and newfstatat must be defined" -+#endif -+ -+#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_ -diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h -index 780f24dddd..f18c806611 100644 ---- a/sandbox/linux/system_headers/linux_time.h -+++ b/sandbox/linux/system_headers/linux_time.h -@@ -11,6 +11,32 @@ - #define CPUCLOCK_CLOCK_MASK 3 - #endif - -+#if !defined(CPUCLOCK_PROF) -+#define CPUCLOCK_PROF 0 -+#endif -+ -+#if !defined(CPUCLOCK_VIRT) -+#define CPUCLOCK_VIRT 1 -+#endif -+ -+#if !defined(CPUCLOCK_SCHED) -+#define CPUCLOCK_SCHED 2 -+#endif -+ -+#if !defined(CPUCLOCK_PERTHREAD_MASK) -+#define CPUCLOCK_PERTHREAD_MASK 4 -+#endif -+ -+#if !defined(MAKE_PROCESS_CPUCLOCK) -+#define MAKE_PROCESS_CPUCLOCK(pid, clock) \ -+ ((int)(~(unsigned)(pid) << 3) | (int)(clock)) -+#endif -+ -+#if !defined(MAKE_THREAD_CPUCLOCK) -+#define MAKE_THREAD_CPUCLOCK(tid, clock) \ -+ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK)) -+#endif -+ - #if !defined(CLOCKFD) - #define CLOCKFD 3 - #endif -diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc -index 847c20b20c..cf6041a4b4 100644 ---- a/sandbox/linux/tests/test_utils.cc -+++ b/sandbox/linux/tests/test_utils.cc -@@ -5,12 +5,14 @@ - #include "sandbox/linux/tests/test_utils.h" - - #include -+#include - #include - #include - #include - #include - - #include "base/check_op.h" -+#include "base/memory/page_size.h" - #include "base/posix/eintr_wrapper.h" - - namespace sandbox { -@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) { - } - } - -+void* TestUtils::MapPagesOrDie(size_t num_pages) { -+ void* addr = mmap(nullptr, num_pages * base::GetPageSize(), -+ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); -+ PCHECK(addr); -+ return addr; -+} -+ -+void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) { -+ size_t last_page_offset = (num_pages - 1) * base::GetPageSize(); -+ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >= -+ 0); -+} -+ - } // namespace sandbox -diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h -index 7cf9749fe4..43b028b1e3 100644 ---- a/sandbox/linux/tests/test_utils.h -+++ b/sandbox/linux/tests/test_utils.h -@@ -19,6 +19,8 @@ class TestUtils { - // makes sure that if fork() succeeded the child exits - // and the parent waits for it. - static void HandlePostForkReturn(pid_t pid); -+ static void* MapPagesOrDie(size_t num_pages); -+ static void MprotectLastPageOrDie(char* addr, size_t num_pages); - - private: - DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils); -diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc -index 2963bb9ca8..6dc8c0581b 100644 ---- a/sandbox/policy/linux/bpf_broker_policy_linux.cc -+++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc -@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const { - return Allow(); - break; - #endif --#if defined(__NR_fstatat) -- case __NR_fstatat: -+#if defined(__NR_fstatat64) -+ case __NR_fstatat64: - if (allowed_command_set_.test(syscall_broker::COMMAND_STAT)) - return Allow(); - break; diff --git a/extra/chromium/skia-harfbuzz-3.0.0.patch b/extra/chromium/skia-harfbuzz-3.0.0.patch deleted file mode 100644 index a217691c1..000000000 --- a/extra/chromium/skia-harfbuzz-3.0.0.patch +++ /dev/null @@ -1,100 +0,0 @@ -# Minimal diff for harfbuzz 3.0.0 support; based on: -# https://github.com/google/skia/commit/66684b17b382 -# https://github.com/google/skia/commit/51d83abcd24a - -diff --git a/gn/skia.gni b/gn/skia.gni -index d98fdc19ee..199335d5c4 100644 ---- a/gn/skia.gni -+++ b/gn/skia.gni -@@ -34,8 +34,6 @@ declare_args() { - skia_include_multiframe_procs = false - skia_lex = false - skia_libgifcodec_path = "third_party/externals/libgifcodec" -- skia_pdf_subset_harfbuzz = -- false # TODO: set skia_pdf_subset_harfbuzz to skia_use_harfbuzz. - skia_qt_path = getenv("QT_PATH") - skia_skqp_global_error_tolerance = 0 - skia_tools_require_resources = false -@@ -99,6 +97,10 @@ declare_args() { - skia_use_libfuzzer_defaults = true - } - -+declare_args() { -+ skia_pdf_subset_harfbuzz = skia_use_harfbuzz -+} -+ - declare_args() { - skia_compile_sksl_tests = skia_compile_processors - skia_enable_fontmgr_android = skia_use_expat && skia_use_freetype -diff --git a/src/pdf/SkPDFSubsetFont.cpp b/src/pdf/SkPDFSubsetFont.cpp -index 81c37eef3a..2340a7937b 100644 ---- a/src/pdf/SkPDFSubsetFont.cpp -+++ b/src/pdf/SkPDFSubsetFont.cpp -@@ -49,6 +49,37 @@ static sk_sp to_data(HBBlob blob) { - blob.release()); - } - -+template using void_t = void; -+template -+struct SkPDFHarfBuzzSubset { -+ // This is the HarfBuzz 3.0 interface. -+ // hb_subset_flags_t does not exist in 2.0. It isn't dependent on T, so inline the value of -+ // HB_SUBSET_FLAGS_RETAIN_GIDS until 2.0 is no longer supported. -+ static HBFace Make(T input, hb_face_t* face) { -+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY. -+ // If it isn't known if a font is 'tricky', retain the hints. -+ hb_subset_input_set_flags(input, 2/*HB_SUBSET_FLAGS_RETAIN_GIDS*/); -+ return HBFace(hb_subset_or_fail(face, input)); -+ } -+}; -+template -+struct SkPDFHarfBuzzSubset(), std::declval())), -+ decltype(hb_subset_input_set_drop_hints(std::declval(), std::declval())), -+ decltype(hb_subset(std::declval(), std::declval())) -+ >> -+{ -+ // This is the HarfBuzz 2.0 (non-public) interface, used if it exists. -+ // This code should be removed as soon as all users are migrated to the newer API. -+ static HBFace Make(T input, hb_face_t* face) { -+ hb_subset_input_set_retain_gids(input, true); -+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY. -+ // If it isn't known if a font is 'tricky', retain the hints. -+ hb_subset_input_set_drop_hints(input, false); -+ return HBFace(hb_subset(face, input)); -+ } -+}; -+ - static sk_sp subset_harfbuzz(sk_sp fontData, - const SkPDFGlyphUse& glyphUsage, - int ttcIndex) { -@@ -71,11 +102,10 @@ static sk_sp subset_harfbuzz(sk_sp fontData, - hb_set_t* glyphs = hb_subset_input_glyph_set(input.get()); - glyphUsage.getSetValues([&glyphs](unsigned gid) { hb_set_add(glyphs, gid);}); - -- hb_subset_input_set_retain_gids(input.get(), true); -- // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY. -- // If it isn't known if a font is 'tricky', retain the hints. -- hb_subset_input_set_drop_hints(input.get(), false); -- HBFace subset(hb_subset(face.get(), input.get())); -+ HBFace subset = SkPDFHarfBuzzSubset::Make(input.get(), face.get()); -+ if (!subset) { -+ return nullptr; -+ } - HBBlob result(hb_face_reference_blob(subset.get())); - return to_data(std::move(result)); - } -diff --git a/third_party/harfbuzz/BUILD.gn b/third_party/harfbuzz/BUILD.gn -index 173830de62..4156607ef9 100644 ---- a/third_party/harfbuzz/BUILD.gn -+++ b/third_party/harfbuzz/BUILD.gn -@@ -14,6 +14,9 @@ if (skia_use_system_harfbuzz) { - system("harfbuzz") { - include_dirs = [ "/usr/include/harfbuzz" ] - libs = [ "harfbuzz" ] -+ if (skia_pdf_subset_harfbuzz) { -+ libs += [ "harfbuzz-subset" ] -+ } - } - } else { - third_party("harfbuzz") { diff --git a/extra/chromium/unexpire-accelerated-video-decode-flag.patch b/extra/chromium/unexpire-accelerated-video-decode-flag.patch new file mode 100644 index 000000000..da3a4a5e9 --- /dev/null +++ b/extra/chromium/unexpire-accelerated-video-decode-flag.patch @@ -0,0 +1,11 @@ +--- chrome/browser/flag-metadata.json.orig 2021-09-21 18:34:38.740426608 +0000 ++++ chrome/browser/flag-metadata.json 2021-09-21 18:35:09.392000797 +0000 +@@ -1285,7 +1285,7 @@ + { + "name": "enable-accelerated-video-decode", + "owners": [ "media-dev@chromium.org" ], +- "expiry_milestone": 93 ++ "expiry_milestone": 99 + }, + { + "name": "enable-accessibility-live-caption", diff --git a/extra/chromium/use-ffile-compilation-dir.patch b/extra/chromium/use-ffile-compilation-dir.patch new file mode 100644 index 000000000..eb14513c9 --- /dev/null +++ b/extra/chromium/use-ffile-compilation-dir.patch @@ -0,0 +1,65 @@ +From 34a955823630096f5b01c2b01d51c1ea59d22763 Mon Sep 17 00:00:00 2001 +From: Zequan Wu +Date: Tue, 20 Jul 2021 14:13:50 +0000 +Subject: [PATCH] Use -ffile-compilation-dir= instead of + -fdebug-compilation-dir= + +Bug: 1010267 +Change-Id: If2b4ead8535a76490eb466a38e3d8fed6ea91079 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2770738 +Auto-Submit: Zequan Wu +Commit-Queue: Nico Weber +Reviewed-by: Nico Weber +Cr-Commit-Position: refs/heads/master@{#903456} +--- + build/config/compiler/BUILD.gn | 18 ++++++++++++------ + build/config/compiler/compiler.gni | 7 ++----- + 2 files changed, 14 insertions(+), 11 deletions(-) + +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index ede07d111c..6db16c1cdd 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -1216,12 +1216,18 @@ config("compiler_deterministic") { + # different build directory like "out/feature_a" and "out/feature_b" if + # we build same files with same compile flag. + # Other paths are already given in relative, no need to normalize them. +- cflags += [ +- "-Xclang", +- "-fdebug-compilation-dir", +- "-Xclang", +- ".", +- ] ++ if (is_nacl) { ++ cflags += [ ++ "-Xclang", ++ "-fdebug-compilation-dir", ++ "-Xclang", ++ ".", ++ ] ++ } else { ++ # -ffile-compilation-dir is an alias for both -fdebug-compilation-dir= ++ # and -fcoverage-compilation-dir=. ++ cflags += [ "-ffile-compilation-dir=." ] ++ } + if (!is_win) { + # We don't use clang -cc1as on Windows (yet? https://crbug.com/762167) + asmflags = [ "-Wa,-fdebug-compilation-dir,." ] +diff --git a/build/config/compiler/compiler.gni b/build/config/compiler/compiler.gni +index 8c259c360a..642319b4f4 100644 +--- a/build/config/compiler/compiler.gni ++++ b/build/config/compiler/compiler.gni +@@ -225,11 +225,8 @@ declare_args() { + # deterministic builds to reduce compile times, so this is less relevant for + # official builders. + strip_absolute_paths_from_debug_symbols_default = +- # TODO(crbug.com/1010267): remove '!use_clang_coverage', coverage build has +- # dependency to absolute path of source files. +- !use_clang_coverage && +- (is_android || is_fuchsia || is_nacl || (is_win && use_lld) || is_linux || +- is_chromeos || (is_apple && !enable_dsyms)) ++ is_android || is_fuchsia || is_nacl || (is_win && use_lld) || is_linux || ++ is_chromeos || (is_apple && !enable_dsyms) + + # If the platform uses stripped absolute paths by default, then we don't expose + # it as a configuration option. If this is causing problems, please file a bug.