Fix Mac sandbox meta data access

Sandbox::AllowMetadataForPath() currently allow all metadata access due to https://codereview.chromium.org/10539009/ made the for loop comparison in Sandbox::AllowMetadataForPath() always false, when we actually only want to allow access to the path and all its parent path until root. Turn the for loop to a do/while loop instead as it's a better fit, also add a test case for Sandbox::AllowMetadataForPath(). It should only affect component builds on OS X 10.6 and utility process as no other process is using this mechanism. Review URL: https://codereview.chromium.org/472513002 Cr-Commit-Position: refs/heads/master@{#289526} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289526 0039d316-1c4b-4281-b951-d872f2087c98

Fix Mac sandbox meta data access
Sandbox::AllowMetadataForPath() currently allow all metadata access due to https://codereview.chromium.org/10539009/ made the for loop comparison in Sandbox::AllowMetadataForPath() always false, when we actually only want to allow access to the path and all its parent path until root. Turn the for loop to a do/while loop instead as it's a better fit, also add a test case for Sandbox::AllowMetadataForPath(). It should only affect component builds on OS X 10.6 and utility process as no other process is using this mechanism. Review URL: https://codereview.chromium.org/472513002 Cr-Commit-Position: refs/heads/master@{#289526} git-svn-id: svn://svn.chromium.org/chrome/trunk/src@289526 0039d316-1c4b-4281-b951-d872f2087c98
b6f8840e · jiangj@opera.com · d286aed5 · b6f8840e · b6f8840e · b6f8840e
Commit b6f8840e authored Aug 14, 2014 by jiangj@opera.com
3 changed files
--- a/content/common/sandbox_mac.h
+++ b/content/common/sandbox_mac.h
@@ -160,6 +160,7 @@ class CONTENT_EXPORT Sandbox {
  FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, StringEscape);
  FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, RegexEscape);
  FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, SandboxAccess);
+  FRIEND_TEST_ALL_PREFIXES(MacDirAccessSandboxTest, AllowMetadataForPath);

  DISALLOW_IMPLICIT_CONSTRUCTORS(Sandbox);
 };

--- a/content/common/sandbox_mac.mm
+++ b/content/common/sandbox_mac.mm
@@ -114,12 +114,14 @@ NSString* Sandbox::AllowMetadataForPath(const base::FilePath& allowed_path) {
  // Collect a list of all parent directories.
  base::FilePath last_path = allowed_path;
  std::vector<base::FilePath> subpaths;
-  for (base::FilePath path = allowed_path;
-       path.value() != last_path.value();
-       path = path.DirName()) {
+
+  base::FilePath path = allowed_path;
+  do {
    subpaths.push_back(path);
+
    last_path = path;
-  }
+    path = path.DirName();
+  } while (path.value() != last_path.value());

  // Iterate through all parents and allow stat() on them explicitly.
  NSString* sandbox_command = @"(allow file-read-metadata ";

--- a/content/common/sandbox_mac_diraccess_unittest.mm
+++ b/content/common/sandbox_mac_diraccess_unittest.mm
@@ -127,7 +127,6 @@ TEST_F(MacDirAccessSandboxTest, RegexEscape) {
    std::string out;
    EXPECT_TRUE(Sandbox::QuoteStringForRegex(in_utf8, &out));
    EXPECT_EQ(expected, out);
-
  }
 }

@@ -178,6 +177,18 @@ TEST_F(MacDirAccessSandboxTest, SandboxAccess) {
  }
 }

+TEST_F(MacDirAccessSandboxTest, AllowMetadataForPath) {
+  {
+    std::string expected(
+        "(allow file-read-metadata (literal \"/\")(literal \"/System\")"
+        "(literal \"/System/Library\")"
+        "(literal \"/System/Library/Frameworks\"))");
+    NSString* sandbox_command = Sandbox::AllowMetadataForPath(
+        base::FilePath("/System/Library/Frameworks"));
+    EXPECT_EQ(base::SysNSStringToUTF8(sandbox_command), expected);
+  }
+}
+
 MULTIPROCESS_TEST_MAIN(mac_sandbox_path_access) {
  char *sandbox_allowed_dir = getenv(kSandboxAccessPathKey);
  if (!sandbox_allowed_dir)