[fuchsia] Add ambient-executable feature flag

Adding ambient-executable feature flag to component sandboxes as a preflight for restricting the use of replace_as_executable with an invalid handle. Bug: SEC-354 Change-Id: If23482218720e8024f054a7dafc3f4366d1db7f9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1687945 Commit-Queue: Oliver Hunt <ojh@google.com> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Reviewed-by: Fabrice de Gans-Riberi <fdegans@chromium.org> Cr-Commit-Position: refs/heads/master@{#675848}

[fuchsia] Add ambient-executable feature flag
Adding ambient-executable feature flag to component sandboxes as a preflight for restricting the use of replace_as_executable with an invalid handle. Bug: SEC-354 Change-Id: If23482218720e8024f054a7dafc3f4366d1db7f9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1687945 Commit-Queue: Oliver Hunt <ojh@google.com> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Reviewed-by: Fabrice de Gans-Riberi <fdegans@chromium.org> Cr-Commit-Position: refs/heads/master@{#675848}
9628153e · Oliver Hunt · Commit Bot · ea214ea2 · 9628153e · 9628153e
Commit 9628153e authored Jul 09, 2019 by Oliver Hunt Committed by Commit Bot Jul 09, 2019
7 changed files
--- a/build/config/fuchsia/tests.cmx
+++ b/build/config/fuchsia/tests.cmx
@@ -4,7 +4,8 @@
      "isolated-persistent-storage",
      "root-ssl-certificates",
      "system-temp",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
    ],
    "dev": [
      "null",

--- a/chromecast/cast_shell.cmx
+++ b/chromecast/cast_shell.cmx
@@ -4,7 +4,8 @@
      "isolated-persistent-storage",
      "root-ssl-certificates",
      "system-temp",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
    ],
    "dev": [
      "null",

--- a/fuchsia/engine/web_engine.cmx
+++ b/fuchsia/engine/web_engine.cmx
@@ -2,7 +2,8 @@
  "sandbox": {
    "features": [
      "root-ssl-certificates",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
    ],
    "services": [
      "fuchsia.logger.LogSink",

--- a/fuchsia/engine/web_engine_integration_tests.cmx
+++ b/fuchsia/engine/web_engine_integration_tests.cmx
@@ -3,7 +3,8 @@
    "features": [
      "isolated-persistent-storage",
      "deprecated-shell",
-      "system-temp"
+      "system-temp",
+      "deprecated-ambient-replace-as-executable"
    ],
    "services": [
      "fuchsia.device.NameProvider",

--- a/fuchsia/http/http.cmx
+++ b/fuchsia/http/http.cmx
 {
  "sandbox": {
    "features": [
-      "root-ssl-certificates"
+      "root-ssl-certificates",
+      "deprecated-ambient-replace-as-executable"
    ],
    "services": [
      "fuchsia.device.NameProvider",

--- a/fuchsia/runners/cast/cast_runner.cmx
+++ b/fuchsia/runners/cast/cast_runner.cmx
 {
  "sandbox": {
-    "features": [],
+    "features": [
+      "deprecated-ambient-replace-as-executable"
+    ],
    "services": [
      "chromium.cast.ApplicationConfigManager",
      "fuchsia.device.NameProvider",

--- a/fuchsia/runners/web/web_runner.cmx
+++ b/fuchsia/runners/web/web_runner.cmx
 {
  "sandbox": {
    "features": [
-      "isolated-persistent-storage"
+      "isolated-persistent-storage",
+      "deprecated-ambient-replace-as-executable"
    ],
    "services": [
      "fuchsia.device.NameProvider",