-
Alex Gough authored
Adds sandbox mitigation flag to disable CET. As these currently crash in v8 we apply this for renderer processes. For the default build this will have no effect as CET is not yet enabled for any binaries. However, for builds with `enable_cet_shadow_stack = true` or where users have configured CET by setting an appropriate `Image File Execution Option` in the registry it should be possible to run Chrome on CET capable hardware. A sandbox integration test is added which checks this policy works. On hardware without CET support the test exits early. Both browser_tests and content_browser_tests pass at least the same set of tests that pass with CET disabled on test hardware. Manual tests confirm chrome works with and without cetcompat, and with and without IFEO to force strict checks. Bug: 1131225 Change-Id: Icaf8d3f039c924e937973b6c01239c1635d43790 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2542726 Commit-Queue: Alex Gough <ajgo@chromium.org> Reviewed-by:
Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#836692}
c249254e
