Skip to content

GitLab

T
tangled
Commit 92abd732 authored by rsesek@chromium.org's avatar rsesek@chromium.org
Browse files
Options

[ChromeOS] Don't set NO_NEW_PRIVS for ProcessProxy processes (e.g. Crosh) when in dev-mode. 

BUG=358713
TEST=Put system in dev mode, open Crosh, type `shell`, and run sudo.

Review URL: https://codereview.chromium.org/228783005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@263092 0039d316-1c4b-4281-b951-d872f2087c98
parent a4915150
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 0 deletions
chrome/browser/chromeos/login/chrome_restart_request.cc
View file @ 92abd732
...@@ -35,6 +35,7 @@ ...@@ -35,6 +35,7 @@
#include "content/public/common/content_switches.h" #include "content/public/common/content_switches.h"
#include "gpu/command_buffer/service/gpu_switches.h" #include "gpu/command_buffer/service/gpu_switches.h"
#include "media/base/media_switches.h" #include "media/base/media_switches.h"
#include "third_party/cros_system_api/switches/chrome_switches.h"
#include "ui/app_list/app_list_switches.h" #include "ui/app_list/app_list_switches.h"
#include "ui/base/ui_base_switches.h" #include "ui/base/ui_base_switches.h"
#include "ui/compositor/compositor_switches.h" #include "ui/compositor/compositor_switches.h"
...@@ -205,6 +206,7 @@ std::string DeriveCommandLine(const GURL& start_url, ...@@ -205,6 +206,7 @@ std::string DeriveCommandLine(const GURL& start_url,
chromeos::switches::kHasChromeOSKeyboard, chromeos::switches::kHasChromeOSKeyboard,
chromeos::switches::kLoginProfile, chromeos::switches::kLoginProfile,
chromeos::switches::kNaturalScrollDefault, chromeos::switches::kNaturalScrollDefault,
chromeos::switches::kSystemInDevMode,
::switches::kEnableBrowserTextSubpixelPositioning, ::switches::kEnableBrowserTextSubpixelPositioning,
::switches::kEnableWebkitTextSubpixelPositioning, ::switches::kEnableWebkitTextSubpixelPositioning,
policy::switches::kDeviceManagementUrl, policy::switches::kDeviceManagementUrl,
......
chromeos/process_proxy/process_proxy.cc
View file @ 92abd732
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#include "base/process/launch.h" #include "base/process/launch.h"
#include "base/threading/thread.h" #include "base/threading/thread.h"
#include "chromeos/process_proxy/process_output_watcher.h" #include "chromeos/process_proxy/process_output_watcher.h"
#include "third_party/cros_system_api/switches/chrome_switches.h"
namespace { namespace {
...@@ -223,6 +224,10 @@ bool ProcessProxy::LaunchProcess(const std::string& command, int slave_fd, ...@@ -223,6 +224,10 @@ bool ProcessProxy::LaunchProcess(const std::string& command, int slave_fd,
fds_mapping.push_back(std::make_pair(slave_fd, STDOUT_FILENO)); fds_mapping.push_back(std::make_pair(slave_fd, STDOUT_FILENO));
fds_mapping.push_back(std::make_pair(slave_fd, STDERR_FILENO)); fds_mapping.push_back(std::make_pair(slave_fd, STDERR_FILENO));
base::LaunchOptions options; base::LaunchOptions options;
// Do not set NO_NEW_PRIVS on processes if the system is in dev-mode. This
// permits sudo in the crosh shell when in developer mode.
options.allow_new_privs = base::CommandLine::ForCurrentProcess()->
HasSwitch(chromeos::switches::kSystemInDevMode);
options.fds_to_remap = &fds_mapping; options.fds_to_remap = &fds_mapping;
options.ctrl_terminal_fd = slave_fd; options.ctrl_terminal_fd = slave_fd;
options.environ["TERM"] = "xterm"; options.environ["TERM"] = "xterm";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment