[arch-commits] Commit in chromium/repos/extra-x86_64 (13 files)
Evangelos Foutras
foutrelis at gemini.archlinux.org
Tue Aug 3 06:24:32 UTC 2021
Date: Tuesday, August 3, 2021 @ 06:24:32
Author: foutrelis
Revision: 421098
archrelease: copy trunk to extra-x86_64
Added:
chromium/repos/extra-x86_64/PKGBUILD
(from rev 421097, chromium/trunk/PKGBUILD)
chromium/repos/extra-x86_64/extend-enable-accelerated-video-decode-flag.patch
(from rev 421097, chromium/trunk/extend-enable-accelerated-video-decode-flag.patch)
chromium/repos/extra-x86_64/linux-sandbox-fix-fstatat-crash.patch
(from rev 421097, chromium/trunk/linux-sandbox-fix-fstatat-crash.patch)
chromium/repos/extra-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
(from rev 421097, chromium/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
chromium/repos/extra-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
(from rev 421097, chromium/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
chromium/repos/extra-x86_64/use-oauth2-client-switches-as-default.patch
(from rev 421097, chromium/trunk/use-oauth2-client-switches-as-default.patch)
Deleted:
chromium/repos/extra-x86_64/PKGBUILD
chromium/repos/extra-x86_64/extend-enable-accelerated-video-decode-flag.patch
chromium/repos/extra-x86_64/linux-sandbox-fix-fstatat-crash.patch
chromium/repos/extra-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
chromium/repos/extra-x86_64/make-GetUsableSize-handle-nullptr-gracefully.patch
chromium/repos/extra-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
chromium/repos/extra-x86_64/use-oauth2-client-switches-as-default.patch
-----------------------------------------------------------+
PKGBUILD | 491 +-
extend-enable-accelerated-video-decode-flag.patch | 70
linux-sandbox-fix-fstatat-crash.patch | 696 +--
linux-sandbox-syscall-broker-use-struct-kernel_stat.patch | 2768 ++++++------
make-GetUsableSize-handle-nullptr-gracefully.patch | 49
sql-make-VirtualCursor-standard-layout-type.patch | 476 +-
use-oauth2-client-switches-as-default.patch | 34
7 files changed, 2266 insertions(+), 2318 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2021-08-03 06:24:22 UTC (rev 421097)
+++ PKGBUILD 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,247 +0,0 @@
-# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
-# Contributor: Pierre Schmitz <pierre at archlinux.de>
-# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
-# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
-
-pkgname=chromium
-pkgver=92.0.4515.107
-pkgrel=3
-_launcher_ver=7
-_gcc_patchset=7
-pkgdesc="A web browser built for speed, simplicity, and security"
-arch=('x86_64')
-url="https://www.chromium.org/Home"
-license=('BSD')
-depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
- 'ttf-liberation' 'systemd' 'dbus' 'libpulse' 'pciutils' 'libva'
- 'desktop-file-utils' 'hicolor-icon-theme')
-makedepends=('python' 'gn' 'ninja' 'clang' 'lld' 'gperf' 'nodejs' 'pipewire'
- 'java-runtime-headless' 'python2')
-optdepends=('pipewire: WebRTC desktop sharing under Wayland'
- 'kdialog: support for native dialogs in Plasma'
- 'org.freedesktop.secrets: password storage backend on GNOME / Xfce'
- 'kwallet: support for storing passwords in KWallet on Plasma')
-source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
- https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz
- https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz
- extend-enable-accelerated-video-decode-flag.patch
- linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
- linux-sandbox-fix-fstatat-crash.patch
- make-GetUsableSize-handle-nullptr-gracefully.patch
- sql-make-VirtualCursor-standard-layout-type.patch
- use-oauth2-client-switches-as-default.patch)
-sha256sums=('6e51ac6512a4e95018eefc9fef1d2e7597f28a1c45c763b3a8eb7dde5f557012'
- '86859c11cfc8ba106a3826479c0bc759324a62150b271dd35d1a0f96e890f52f'
- '53a2cbb1b58d652d5424ff9040b6a51b9dc6348ce3edc68344cd0d25f1f4beb2'
- '66db9132d6f5e06aa26e5de0924f814224a76a9bdf4b61afce161fb1d7643b22'
- '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
- '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
- '4489e5e7854a7dcd9464133eb4664250ce7149ac1714a0bf10ca0d82d8806568'
- 'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
- 'e393174d7695d0bafed69e868c5fbfecf07aa6969f3b64596d0bae8b067e1711')
-
-# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
-# Keys are the names in the above script; values are the dependencies in Arch
-declare -gA _system_libs=(
- [ffmpeg]=ffmpeg
- [flac]=flac
- [fontconfig]=fontconfig
- [freetype]=freetype2
- [harfbuzz-ng]=harfbuzz
- [icu]=icu
- [libdrm]=
- [libjpeg]=libjpeg
- [libpng]=libpng
- #[libvpx]=libvpx
- [libwebp]=libwebp
- [libxml]=libxml2
- [libxslt]=libxslt
- [opus]=opus
- [re2]=re2
- [snappy]=snappy
- [zlib]=minizip
-)
-_unwanted_bundled_libs=(
- $(printf "%s\n" ${!_system_libs[@]} | sed 's/^libjpeg$/&_turbo/')
-)
-depends+=(${_system_libs[@]})
-
-# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
-# Note: These are for Arch Linux use ONLY. For your own distribution, please
-# get your own set of keys.
-#
-# Starting with Chromium 89 (2021-03-02) the OAuth2 credentials have been left
-# out: https://archlinux.org/news/chromium-losing-sync-support-in-early-march/
-_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver"
-
- # Allow building against system libraries in official builds
- sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
- tools/generate_shim_headers/generate_shim_headers.py
-
- # https://crbug.com/893950
- sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
- third_party/blink/renderer/core/xml/*.cc \
- third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
- third_party/libxml/chromium/*.cc
-
- # Use the --oauth2-client-id= and --oauth2-client-secret= switches for
- # setting GOOGLE_DEFAULT_CLIENT_ID and GOOGLE_DEFAULT_CLIENT_SECRET at
- # runtime -- this allows signing into Chromium without baked-in values
- patch -Np1 -i ../use-oauth2-client-switches-as-default.patch
-
- # Upstream fixes
- patch -Np1 -i ../extend-enable-accelerated-video-decode-flag.patch
- patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
- patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
- patch -Np1 -i ../make-GetUsableSize-handle-nullptr-gracefully.patch
-
- # https://chromium-review.googlesource.com/c/chromium/src/+/2862724
- patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
-
- # Fixes for building with libstdc++ instead of libc++
- patch -Np1 -i ../patches/chromium-90-ruy-include.patch
-
- # Link to system tools required by the build
- mkdir -p third_party/node/linux/node-linux-x64/bin
- ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
- ln -s /usr/bin/java third_party/jdk/current/bin/
-
- # Remove bundled libraries for which we will use the system copies; this
- # *should* do what the remove_bundled_libraries.py script does, with the
- # added benefit of not having to list all the remaining libraries
- local _lib
- for _lib in ${_unwanted_bundled_libs[@]}; do
- find "third_party/$_lib" -type f \
- \! -path "third_party/$_lib/chromium/*" \
- \! -path "third_party/$_lib/google/*" \
- \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \
- \! -regex '.*\.\(gn\|gni\|isolate\)' \
- -delete
- done
-
- ./build/linux/unbundle/replace_gn_files.py \
- --system-libraries "${!_system_libs[@]}"
-}
-
-build() {
- make -C chromium-launcher-$_launcher_ver
-
- cd "$srcdir/$pkgname-$pkgver"
-
- export CC=clang
- export CXX=clang++
- export AR=ar
- export NM=nm
-
- local _flags=(
- 'custom_toolchain="//build/toolchain/linux/unbundle:default"'
- 'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'clang_use_chrome_plugins=false'
- 'is_official_build=true' # implies is_cfi=true on x86_64
- 'treat_warnings_as_errors=false'
- 'fieldtrial_testing_like_official_build=true'
- 'ffmpeg_branding="Chrome"'
- 'proprietary_codecs=true'
- 'rtc_use_pipewire=true'
- 'link_pulseaudio=true'
- 'use_gnome_keyring=false'
- 'use_sysroot=false'
- 'use_custom_libcxx=false'
- 'enable_hangout_services_extension=true'
- 'enable_widevine=true'
- 'enable_nacl=false'
- "google_api_key=\"$_google_api_key\""
- )
-
- if [[ -n ${_system_libs[icu]+set} ]]; then
- _flags+=('icu_use_data_file=false')
- fi
-
- if check_option strip y; then
- _flags+=('symbol_level=0')
- fi
-
- # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
- CFLAGS+=' -Wno-builtin-macro-redefined'
- CXXFLAGS+=' -Wno-builtin-macro-redefined'
- CPPFLAGS+=' -D__DATE__= -D__TIME__= -D__TIMESTAMP__='
-
- # Do not warn about unknown warning options
- CFLAGS+=' -Wno-unknown-warning-option'
- CXXFLAGS+=' -Wno-unknown-warning-option'
-
- gn gen out/Release --args="${_flags[*]}"
- ninja -C out/Release chrome chrome_sandbox chromedriver
-}
-
-package() {
- cd chromium-launcher-$_launcher_ver
- make PREFIX=/usr DESTDIR="$pkgdir" install
- install -Dm644 LICENSE \
- "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
-
- cd "$srcdir/$pkgname-$pkgver"
-
- install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
- install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
- ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
-
- install -Dm644 chrome/installer/linux/common/desktop.template \
- "$pkgdir/usr/share/applications/chromium.desktop"
- install -Dm644 chrome/app/resources/manpage.1.in \
- "$pkgdir/usr/share/man/man1/chromium.1"
- sed -i \
- -e 's/@@MENUNAME@@/Chromium/g' \
- -e 's/@@PACKAGE@@/chromium/g' \
- -e 's/@@USR_BIN_SYMLINK_NAME@@/chromium/g' \
- "$pkgdir/usr/share/applications/chromium.desktop" \
- "$pkgdir/usr/share/man/man1/chromium.1"
-
- install -Dm644 chrome/installer/linux/common/chromium-browser/chromium-browser.appdata.xml \
- "$pkgdir/usr/share/metainfo/chromium.appdata.xml"
- sed -ni \
- -e 's/chromium-browser\.desktop/chromium.desktop/' \
- -e '/<update_contact>/d' \
- -e '/<p>/N;/<p>\n.*\(We invite\|Chromium supports Vorbis\)/,/<\/p>/d' \
- -e '/^<?xml/,$p' \
- "$pkgdir/usr/share/metainfo/chromium.appdata.xml"
-
- local toplevel_files=(
- chrome_100_percent.pak
- chrome_200_percent.pak
- resources.pak
- v8_context_snapshot.bin
-
- # ANGLE
- libEGL.so
- libGLESv2.so
-
- chromedriver
- crashpad_handler
- )
-
- if [[ -z ${_system_libs[icu]+set} ]]; then
- toplevel_files+=(icudtl.dat)
- fi
-
- cp "${toplevel_files[@]/#/out/Release/}" "$pkgdir/usr/lib/chromium/"
- install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
- install -Dm755 -t "$pkgdir/usr/lib/chromium/swiftshader" out/Release/swiftshader/*.so
-
- for size in 24 48 64 128 256; do
- install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
- "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
- done
-
- for size in 16 32; do
- install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
- "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
- done
-
- install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: chromium/repos/extra-x86_64/PKGBUILD (from rev 421097, chromium/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,244 @@
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Pierre Schmitz <pierre at archlinux.de>
+# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
+# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
+
+pkgname=chromium
+pkgver=92.0.4515.131
+pkgrel=1
+_launcher_ver=8
+_gcc_patchset=7
+pkgdesc="A web browser built for speed, simplicity, and security"
+arch=('x86_64')
+url="https://www.chromium.org/Home"
+license=('BSD')
+depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
+ 'ttf-liberation' 'systemd' 'dbus' 'libpulse' 'pciutils' 'libva'
+ 'desktop-file-utils' 'hicolor-icon-theme')
+makedepends=('python' 'gn' 'ninja' 'clang' 'lld' 'gperf' 'nodejs' 'pipewire'
+ 'java-runtime-headless' 'python2')
+optdepends=('pipewire: WebRTC desktop sharing under Wayland'
+ 'kdialog: support for native dialogs in Plasma'
+ 'org.freedesktop.secrets: password storage backend on GNOME / Xfce'
+ 'kwallet: support for storing passwords in KWallet on Plasma')
+source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
+ https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz
+ https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz
+ extend-enable-accelerated-video-decode-flag.patch
+ linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
+ linux-sandbox-fix-fstatat-crash.patch
+ sql-make-VirtualCursor-standard-layout-type.patch
+ use-oauth2-client-switches-as-default.patch)
+sha256sums=('b6ac840ed5390de69f962e922649bf1df895ff0f5db8e5f656b5191e0cf4ce3a'
+ '213e50f48b67feb4441078d50b0fd431df34323be15be97c55302d3fdac4483a'
+ '53a2cbb1b58d652d5424ff9040b6a51b9dc6348ce3edc68344cd0d25f1f4beb2'
+ '66db9132d6f5e06aa26e5de0924f814224a76a9bdf4b61afce161fb1d7643b22'
+ '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
+ '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
+ 'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
+ 'e393174d7695d0bafed69e868c5fbfecf07aa6969f3b64596d0bae8b067e1711')
+
+# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
+# Keys are the names in the above script; values are the dependencies in Arch
+declare -gA _system_libs=(
+ [ffmpeg]=ffmpeg
+ [flac]=flac
+ [fontconfig]=fontconfig
+ [freetype]=freetype2
+ [harfbuzz-ng]=harfbuzz
+ [icu]=icu
+ [libdrm]=
+ [libjpeg]=libjpeg
+ [libpng]=libpng
+ #[libvpx]=libvpx
+ [libwebp]=libwebp
+ [libxml]=libxml2
+ [libxslt]=libxslt
+ [opus]=opus
+ [re2]=re2
+ [snappy]=snappy
+ [zlib]=minizip
+)
+_unwanted_bundled_libs=(
+ $(printf "%s\n" ${!_system_libs[@]} | sed 's/^libjpeg$/&_turbo/')
+)
+depends+=(${_system_libs[@]})
+
+# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
+# Note: These are for Arch Linux use ONLY. For your own distribution, please
+# get your own set of keys.
+#
+# Starting with Chromium 89 (2021-03-02) the OAuth2 credentials have been left
+# out: https://archlinux.org/news/chromium-losing-sync-support-in-early-march/
+_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # Allow building against system libraries in official builds
+ sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
+ tools/generate_shim_headers/generate_shim_headers.py
+
+ # https://crbug.com/893950
+ sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
+ third_party/blink/renderer/core/xml/*.cc \
+ third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
+ third_party/libxml/chromium/*.cc
+
+ # Use the --oauth2-client-id= and --oauth2-client-secret= switches for
+ # setting GOOGLE_DEFAULT_CLIENT_ID and GOOGLE_DEFAULT_CLIENT_SECRET at
+ # runtime -- this allows signing into Chromium without baked-in values
+ patch -Np1 -i ../use-oauth2-client-switches-as-default.patch
+
+ # Upstream fixes
+ patch -Np1 -i ../extend-enable-accelerated-video-decode-flag.patch
+ patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
+ patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
+
+ # https://chromium-review.googlesource.com/c/chromium/src/+/2862724
+ patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
+
+ # Fixes for building with libstdc++ instead of libc++
+ patch -Np1 -i ../patches/chromium-90-ruy-include.patch
+
+ # Link to system tools required by the build
+ mkdir -p third_party/node/linux/node-linux-x64/bin
+ ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
+ ln -s /usr/bin/java third_party/jdk/current/bin/
+
+ # Remove bundled libraries for which we will use the system copies; this
+ # *should* do what the remove_bundled_libraries.py script does, with the
+ # added benefit of not having to list all the remaining libraries
+ local _lib
+ for _lib in ${_unwanted_bundled_libs[@]}; do
+ find "third_party/$_lib" -type f \
+ \! -path "third_party/$_lib/chromium/*" \
+ \! -path "third_party/$_lib/google/*" \
+ \! -path "third_party/harfbuzz-ng/utils/hb_scoped.h" \
+ \! -regex '.*\.\(gn\|gni\|isolate\)' \
+ -delete
+ done
+
+ ./build/linux/unbundle/replace_gn_files.py \
+ --system-libraries "${!_system_libs[@]}"
+}
+
+build() {
+ make -C chromium-launcher-$_launcher_ver
+
+ cd "$srcdir/$pkgname-$pkgver"
+
+ export CC=clang
+ export CXX=clang++
+ export AR=ar
+ export NM=nm
+
+ local _flags=(
+ 'custom_toolchain="//build/toolchain/linux/unbundle:default"'
+ 'host_toolchain="//build/toolchain/linux/unbundle:default"'
+ 'clang_use_chrome_plugins=false'
+ 'is_official_build=true' # implies is_cfi=true on x86_64
+ 'treat_warnings_as_errors=false'
+ 'fieldtrial_testing_like_official_build=true'
+ 'ffmpeg_branding="Chrome"'
+ 'proprietary_codecs=true'
+ 'rtc_use_pipewire=true'
+ 'link_pulseaudio=true'
+ 'use_gnome_keyring=false'
+ 'use_sysroot=false'
+ 'use_custom_libcxx=false'
+ 'enable_hangout_services_extension=true'
+ 'enable_widevine=true'
+ 'enable_nacl=false'
+ "google_api_key=\"$_google_api_key\""
+ )
+
+ if [[ -n ${_system_libs[icu]+set} ]]; then
+ _flags+=('icu_use_data_file=false')
+ fi
+
+ if check_option strip y; then
+ _flags+=('symbol_level=0')
+ fi
+
+ # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
+ CFLAGS+=' -Wno-builtin-macro-redefined'
+ CXXFLAGS+=' -Wno-builtin-macro-redefined'
+ CPPFLAGS+=' -D__DATE__= -D__TIME__= -D__TIMESTAMP__='
+
+ # Do not warn about unknown warning options
+ CFLAGS+=' -Wno-unknown-warning-option'
+ CXXFLAGS+=' -Wno-unknown-warning-option'
+
+ gn gen out/Release --args="${_flags[*]}"
+ ninja -C out/Release chrome chrome_sandbox chromedriver
+}
+
+package() {
+ cd chromium-launcher-$_launcher_ver
+ make PREFIX=/usr DESTDIR="$pkgdir" install
+ install -Dm644 LICENSE \
+ "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
+
+ cd "$srcdir/$pkgname-$pkgver"
+
+ install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
+ install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
+ ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
+
+ install -Dm644 chrome/installer/linux/common/desktop.template \
+ "$pkgdir/usr/share/applications/chromium.desktop"
+ install -Dm644 chrome/app/resources/manpage.1.in \
+ "$pkgdir/usr/share/man/man1/chromium.1"
+ sed -i \
+ -e 's/@@MENUNAME@@/Chromium/g' \
+ -e 's/@@PACKAGE@@/chromium/g' \
+ -e 's/@@USR_BIN_SYMLINK_NAME@@/chromium/g' \
+ "$pkgdir/usr/share/applications/chromium.desktop" \
+ "$pkgdir/usr/share/man/man1/chromium.1"
+
+ install -Dm644 chrome/installer/linux/common/chromium-browser/chromium-browser.appdata.xml \
+ "$pkgdir/usr/share/metainfo/chromium.appdata.xml"
+ sed -ni \
+ -e 's/chromium-browser\.desktop/chromium.desktop/' \
+ -e '/<update_contact>/d' \
+ -e '/<p>/N;/<p>\n.*\(We invite\|Chromium supports Vorbis\)/,/<\/p>/d' \
+ -e '/^<?xml/,$p' \
+ "$pkgdir/usr/share/metainfo/chromium.appdata.xml"
+
+ local toplevel_files=(
+ chrome_100_percent.pak
+ chrome_200_percent.pak
+ resources.pak
+ v8_context_snapshot.bin
+
+ # ANGLE
+ libEGL.so
+ libGLESv2.so
+
+ chromedriver
+ crashpad_handler
+ )
+
+ if [[ -z ${_system_libs[icu]+set} ]]; then
+ toplevel_files+=(icudtl.dat)
+ fi
+
+ cp "${toplevel_files[@]/#/out/Release/}" "$pkgdir/usr/lib/chromium/"
+ install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
+ install -Dm755 -t "$pkgdir/usr/lib/chromium/swiftshader" out/Release/swiftshader/*.so
+
+ for size in 24 48 64 128 256; do
+ install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
+ "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+ done
+
+ for size in 16 32; do
+ install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
+ "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+ done
+
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: extend-enable-accelerated-video-decode-flag.patch
===================================================================
--- extend-enable-accelerated-video-decode-flag.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ extend-enable-accelerated-video-decode-flag.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,35 +0,0 @@
-From e48f18eba0eae199ba7bc8a6a09ebf39799447c1 Mon Sep 17 00:00:00 2001
-From: Ted Meyer <tmathmeyer at chromium.org>
-Date: Wed, 2 Jun 2021 05:35:22 +0000
-Subject: [PATCH] Extend enable-accelerated-video-decode flag for linux to m93
-
-It appears that there is insistence that the flag be totally removed or
-have its end-milestone increased, I can't just let it wait until the
-feature is working again and then re-enable it. So i've moved it to 93.
-
-R=dalecurtis
-
-Fixed: 1207478
-Change-Id: I26a5e790cd390825516b4a4b6af88e89b2d4f4eb
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2918478
-Reviewed-by: Dale Curtis <dalecurtis at chromium.org>
-Reviewed-by: Ted Meyer <tmathmeyer at chromium.org>
-Commit-Queue: Ted Meyer <tmathmeyer at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#888312}
----
- chrome/browser/flag-metadata.json | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
-index 67e0330436..34542671f2 100644
---- a/chrome/browser/flag-metadata.json
-+++ b/chrome/browser/flag-metadata.json
-@@ -1193,7 +1193,7 @@
- {
- "name": "enable-accelerated-video-decode",
- "owners": [ "media-dev at chromium.org" ],
-- "expiry_milestone": 90
-+ "expiry_milestone": 93
- },
- {
- "name": "enable-accessibility-live-caption",
Copied: chromium/repos/extra-x86_64/extend-enable-accelerated-video-decode-flag.patch (from rev 421097, chromium/trunk/extend-enable-accelerated-video-decode-flag.patch)
===================================================================
--- extend-enable-accelerated-video-decode-flag.patch (rev 0)
+++ extend-enable-accelerated-video-decode-flag.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,35 @@
+From e48f18eba0eae199ba7bc8a6a09ebf39799447c1 Mon Sep 17 00:00:00 2001
+From: Ted Meyer <tmathmeyer at chromium.org>
+Date: Wed, 2 Jun 2021 05:35:22 +0000
+Subject: [PATCH] Extend enable-accelerated-video-decode flag for linux to m93
+
+It appears that there is insistence that the flag be totally removed or
+have its end-milestone increased, I can't just let it wait until the
+feature is working again and then re-enable it. So i've moved it to 93.
+
+R=dalecurtis
+
+Fixed: 1207478
+Change-Id: I26a5e790cd390825516b4a4b6af88e89b2d4f4eb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2918478
+Reviewed-by: Dale Curtis <dalecurtis at chromium.org>
+Reviewed-by: Ted Meyer <tmathmeyer at chromium.org>
+Commit-Queue: Ted Meyer <tmathmeyer at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#888312}
+---
+ chrome/browser/flag-metadata.json | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
+index 67e0330436..34542671f2 100644
+--- a/chrome/browser/flag-metadata.json
++++ b/chrome/browser/flag-metadata.json
+@@ -1193,7 +1193,7 @@
+ {
+ "name": "enable-accelerated-video-decode",
+ "owners": [ "media-dev at chromium.org" ],
+- "expiry_milestone": 90
++ "expiry_milestone": 93
+ },
+ {
+ "name": "enable-accessibility-live-caption",
Deleted: linux-sandbox-fix-fstatat-crash.patch
===================================================================
--- linux-sandbox-fix-fstatat-crash.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ linux-sandbox-fix-fstatat-crash.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,348 +0,0 @@
-From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton at chromium.org>
-Date: Wed, 21 Jul 2021 12:55:11 +0000
-Subject: [PATCH] Linux sandbox: fix fstatat() crash
-
-This is a reland of https://crrev.com/c/2801873.
-
-Glibc has started rewriting fstat(fd, stat_buf) to
-fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
-AT_EMPTY_PATH is specified, and the second argument is an empty string,
-then fstatat just performs an fstat on fd like normal.
-
-Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
-with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
-The baseline policy needs to prevent this usage of fstatat() since it
-doesn't allow access to arbitrary pathnames.
-
-Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
-simply ignored by current kernels.
-
-This means fstatat() is completely unsandboxable with seccomp, since
-we *need* to verify that the second argument is the empty string, but
-we can't dereference pointers in seccomp (due to limitations of BPF,
-and the difficulty of addressing these limitations due to TOCTOU
-issues).
-
-So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
-The signal handler, which runs in the sandboxed process, checks for
-AT_EMPTY_PATH and the empty string, and then rewrites any applicable
-fstatat() back into the old-style fstat().
-
-Bug: 1164975
-Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
-Reviewed-by: Robert Sesek <rsesek at chromium.org>
-Commit-Queue: Matthew Denton <mpdenton at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#903873}
----
- .../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++
- .../baseline_policy_unittest.cc | 17 ++++++++++++-
- .../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++
- .../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++
- .../linux/syscall_broker/broker_process.cc | 21 ++++++++++------
- .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
- sandbox/linux/system_headers/linux_stat.h | 4 +++
- 7 files changed, 89 insertions(+), 18 deletions(-)
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-index f2a60bb4d7..9df0d2dbd3 100644
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-@@ -20,6 +20,7 @@
- #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
- #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
- #include "sandbox/linux/services/syscall_wrappers.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
-
- #if !defined(SO_PEEK_OFF)
-@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
- return Allow();
- }
-
-+ // The fstatat syscalls are file system syscalls, which will be denied below
-+ // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
-+ // libc implementations to fstatat syscalls, and we need to rewrite them back.
-+ if (sysno == __NR_fstatat_default) {
-+ return RewriteFstatatSIGSYS(fs_denied_errno);
-+ }
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-index 68c29b564b..57d307e09d 100644
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-@@ -51,7 +51,8 @@ namespace sandbox {
-
- namespace {
-
--// This also tests that read(), write() and fstat() are allowed.
-+// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
-+// AT_EMPTY_PATH) are allowed.
- void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
- BPF_ASSERT_LE(0, read_end.get());
- BPF_ASSERT_LE(0, write_end.get());
-@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
- BPF_ASSERT_EQ(0, sys_ret);
- BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
-
-+ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
-+ BPF_ASSERT_EQ(0, sys_ret);
-+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
-+
-+ // Make sure fstatat with anything other than an empty string is denied.
-+ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
-+ BPF_ASSERT_EQ(sys_ret, -1);
-+ BPF_ASSERT_EQ(EPERM, errno);
-+
-+ // Make sure fstatat without AT_EMPTY_PATH is denied.
-+ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
-+ BPF_ASSERT_EQ(sys_ret, -1);
-+ BPF_ASSERT_EQ(EPERM, errno);
-+
- const ssize_t kTestTransferSize = 4;
- static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
- ssize_t transfered = 0;
-diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-index 64edbd68bd..71068a0452 100644
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-@@ -6,6 +6,7 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -22,6 +23,7 @@
- #include "sandbox/linux/seccomp-bpf/syscall.h"
- #include "sandbox/linux/services/syscall_wrappers.h"
- #include "sandbox/linux/system_headers/linux_seccomp.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
-
- #if defined(__mips__)
-@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* fs_denied_errno) {
-+ if (args.nr == __NR_fstatat_default) {
-+ if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
-+ args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
-+ reinterpret_cast<default_stat_struct*>(args.args[2]));
-+ }
-+ return -reinterpret_cast<intptr_t>(fs_denied_errno);
-+ }
-+
-+ CrashSIGSYS_Handler(args, fs_denied_errno);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler,
-+ reinterpret_cast<void*>(fs_denied_errno));
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-index 7a958b93b2..8cd735ce15 100644
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
-+// then rewrite the syscall to the equivalent fstat() syscall which can be
-+// adequately sandboxed.
-+// If the fstatat() is not functionally equivalent to an fstat() syscall, we
-+// fail with -fs_denied_errno.
-+// If the syscall is not an fstatat() at all, crash in the same way as
-+// CrashSIGSYS_Handler.
-+// This is necessary because glibc and musl have started rewriting fstat(fd,
-+// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
-+// back to the former, which is actually sandboxable.
-+SANDBOX_EXPORT intptr_t
-+SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* fs_denied_errno);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
-index c2176eb785..e9dad37485 100644
---- a/sandbox/linux/syscall_broker/broker_process.cc
-+++ b/sandbox/linux/syscall_broker/broker_process.cc
-@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
- }
-
- bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
-+ // The syscalls unavailable on aarch64 are all blocked by Android's default
-+ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
-+ // with a corresponding XXat() versions are typically unavailable in aarch64
-+ // and are default disabled in Android. So, we should refuse to broker them
-+ // to be consistent with the platform's restrictions.
- switch (sysno) {
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_access:
- #endif
- case __NR_faccessat:
- return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_mkdir:
- #endif
- case __NR_mkdirat:
- return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_open:
- #endif
- case __NR_openat:
- return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_readlink:
- #endif
- case __NR_readlinkat:
- return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_rename:
- #endif
- case __NR_renameat:
- case __NR_renameat2:
- return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_rmdir:
- return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
- #endif
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_stat:
- case __NR_lstat:
- #endif
-@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
- return !fast_check || allowed_command_set_.test(COMMAND_STAT);
- #endif
-
--#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
- case __NR_unlink:
- return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
- #endif
-diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-index c65f25a78a..f0db08d84e 100644
---- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
-+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
- const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
- {COMMAND_ACCESS,
- {__NR_faccessat,
--#if defined(__NR_access)
-+#if defined(__NR_access) && !defined(OS_ANDROID)
- __NR_access
- #endif
- }},
- {COMMAND_MKDIR,
- {__NR_mkdirat,
--#if defined(__NR_mkdir)
-+#if defined(__NR_mkdir) && !defined(OS_ANDROID)
- __NR_mkdir
- #endif
- }},
- {COMMAND_OPEN,
- {__NR_openat,
--#if defined(__NR_open)
-+#if defined(__NR_open) && !defined(OS_ANDROID)
- __NR_open
- #endif
- }},
- {COMMAND_READLINK,
- {__NR_readlinkat,
--#if defined(__NR_readlink)
-+#if defined(__NR_readlink) && !defined(OS_ANDROID)
- __NR_readlink
- #endif
- }},
- {COMMAND_RENAME,
- {__NR_renameat,
--#if defined(__NR_rename)
-+#if defined(__NR_rename) && !defined(OS_ANDROID)
- __NR_rename
- #endif
- }},
- {COMMAND_UNLINK,
- {__NR_unlinkat,
--#if defined(__NR_unlink)
-+#if defined(__NR_unlink) && !defined(OS_ANDROID)
- __NR_unlink
- #endif
- }},
- {COMMAND_RMDIR,
- {__NR_unlinkat,
--#if defined(__NR_rmdir)
-+#if defined(__NR_rmdir) && !defined(OS_ANDROID)
- __NR_rmdir
- #endif
- }},
- {COMMAND_STAT,
- {
--#if defined(__NR_stat)
-+#if defined(__NR_stat) && !defined(OS_ANDROID)
- __NR_stat,
- #endif
--#if defined(__NR_lstat)
-+#if defined(__NR_lstat) && !defined(OS_ANDROID)
- __NR_lstat,
- #endif
- #if defined(__NR_fstatat)
-diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
-index 35788eb22a..83b89efc75 100644
---- a/sandbox/linux/system_headers/linux_stat.h
-+++ b/sandbox/linux/system_headers/linux_stat.h
-@@ -157,6 +157,10 @@ struct kernel_stat {
- };
- #endif
-
-+#if !defined(AT_EMPTY_PATH)
-+#define AT_EMPTY_PATH 0x1000
-+#endif
-+
- // On 32-bit systems, we default to the 64-bit stat struct like libc
- // implementations do. Otherwise we default to the normal stat struct which is
- // already 64-bit.
Copied: chromium/repos/extra-x86_64/linux-sandbox-fix-fstatat-crash.patch (from rev 421097, chromium/trunk/linux-sandbox-fix-fstatat-crash.patch)
===================================================================
--- linux-sandbox-fix-fstatat-crash.patch (rev 0)
+++ linux-sandbox-fix-fstatat-crash.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,348 @@
+From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 21 Jul 2021 12:55:11 +0000
+Subject: [PATCH] Linux sandbox: fix fstatat() crash
+
+This is a reland of https://crrev.com/c/2801873.
+
+Glibc has started rewriting fstat(fd, stat_buf) to
+fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
+AT_EMPTY_PATH is specified, and the second argument is an empty string,
+then fstatat just performs an fstat on fd like normal.
+
+Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
+with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
+The baseline policy needs to prevent this usage of fstatat() since it
+doesn't allow access to arbitrary pathnames.
+
+Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
+simply ignored by current kernels.
+
+This means fstatat() is completely unsandboxable with seccomp, since
+we *need* to verify that the second argument is the empty string, but
+we can't dereference pointers in seccomp (due to limitations of BPF,
+and the difficulty of addressing these limitations due to TOCTOU
+issues).
+
+So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
+The signal handler, which runs in the sandboxed process, checks for
+AT_EMPTY_PATH and the empty string, and then rewrites any applicable
+fstatat() back into the old-style fstat().
+
+Bug: 1164975
+Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#903873}
+---
+ .../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++
+ .../baseline_policy_unittest.cc | 17 ++++++++++++-
+ .../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++
+ .../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++
+ .../linux/syscall_broker/broker_process.cc | 21 ++++++++++------
+ .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
+ sandbox/linux/system_headers/linux_stat.h | 4 +++
+ 7 files changed, 89 insertions(+), 18 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index f2a60bb4d7..9df0d2dbd3 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -20,6 +20,7 @@
+ #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
+ #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if !defined(SO_PEEK_OFF)
+@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+ return Allow();
+ }
+
++ // The fstatat syscalls are file system syscalls, which will be denied below
++ // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
++ // libc implementations to fstatat syscalls, and we need to rewrite them back.
++ if (sysno == __NR_fstatat_default) {
++ return RewriteFstatatSIGSYS(fs_denied_errno);
++ }
++
+ if (SyscallSets::IsFileSystem(sysno) ||
+ SyscallSets::IsCurrentDirectory(sysno)) {
+ return Error(fs_denied_errno);
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index 68c29b564b..57d307e09d 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -51,7 +51,8 @@ namespace sandbox {
+
+ namespace {
+
+-// This also tests that read(), write() and fstat() are allowed.
++// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
++// AT_EMPTY_PATH) are allowed.
+ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+ BPF_ASSERT_LE(0, read_end.get());
+ BPF_ASSERT_LE(0, write_end.get());
+@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+ BPF_ASSERT_EQ(0, sys_ret);
+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(0, sys_ret);
++ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
++
++ // Make sure fstatat with anything other than an empty string is denied.
++ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
++ // Make sure fstatat without AT_EMPTY_PATH is denied.
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
+ const ssize_t kTestTransferSize = 4;
+ static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
+ ssize_t transfered = 0;
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+index 64edbd68bd..71068a0452 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+@@ -6,6 +6,7 @@
+
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -22,6 +23,7 @@
+ #include "sandbox/linux/seccomp-bpf/syscall.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if defined(__mips__)
+@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
+ return -ENOSYS;
+ }
+
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno) {
++ if (args.nr == __NR_fstatat_default) {
++ if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
++ args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++ return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
++ reinterpret_cast<default_stat_struct*>(args.args[2]));
++ }
++ return -reinterpret_cast<intptr_t>(fs_denied_errno);
++ }
++
++ CrashSIGSYS_Handler(args, fs_denied_errno);
++
++ // Should never be reached.
++ RAW_CHECK(false);
++ return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+ return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
++ return bpf_dsl::Trap(SIGSYSFstatatHandler,
++ reinterpret_cast<void*>(fs_denied_errno));
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+ if (seccomp_crash_key)
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+index 7a958b93b2..8cd735ce15 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
+ void* aux);
++// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
++// then rewrite the syscall to the equivalent fstat() syscall which can be
++// adequately sandboxed.
++// If the fstatat() is not functionally equivalent to an fstat() syscall, we
++// fail with -fs_denied_errno.
++// If the syscall is not an fstatat() at all, crash in the same way as
++// CrashSIGSYS_Handler.
++// This is necessary because glibc and musl have started rewriting fstat(fd,
++// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
++// back to the former, which is actually sandboxable.
++SANDBOX_EXPORT intptr_t
++SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno);
+
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
+
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
+index c2176eb785..e9dad37485 100644
+--- a/sandbox/linux/syscall_broker/broker_process.cc
++++ b/sandbox/linux/syscall_broker/broker_process.cc
+@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
+ }
+
+ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
++ // The syscalls unavailable on aarch64 are all blocked by Android's default
++ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
++ // with a corresponding XXat() versions are typically unavailable in aarch64
++ // and are default disabled in Android. So, we should refuse to broker them
++ // to be consistent with the platform's restrictions.
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_access:
+ #endif
+ case __NR_faccessat:
+ return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_mkdir:
+ #endif
+ case __NR_mkdirat:
+ return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_open:
+ #endif
+ case __NR_openat:
+ return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_readlink:
+ #endif
+ case __NR_readlinkat:
+ return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rename:
+ #endif
+ case __NR_renameat:
+ case __NR_renameat2:
+ return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rmdir:
+ return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_stat:
+ case __NR_lstat:
+ #endif
+@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
+ return !fast_check || allowed_command_set_.test(COMMAND_STAT);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_unlink:
+ return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
+ #endif
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index c65f25a78a..f0db08d84e 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
+ const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
+ {COMMAND_ACCESS,
+ {__NR_faccessat,
+-#if defined(__NR_access)
++#if defined(__NR_access) && !defined(OS_ANDROID)
+ __NR_access
+ #endif
+ }},
+ {COMMAND_MKDIR,
+ {__NR_mkdirat,
+-#if defined(__NR_mkdir)
++#if defined(__NR_mkdir) && !defined(OS_ANDROID)
+ __NR_mkdir
+ #endif
+ }},
+ {COMMAND_OPEN,
+ {__NR_openat,
+-#if defined(__NR_open)
++#if defined(__NR_open) && !defined(OS_ANDROID)
+ __NR_open
+ #endif
+ }},
+ {COMMAND_READLINK,
+ {__NR_readlinkat,
+-#if defined(__NR_readlink)
++#if defined(__NR_readlink) && !defined(OS_ANDROID)
+ __NR_readlink
+ #endif
+ }},
+ {COMMAND_RENAME,
+ {__NR_renameat,
+-#if defined(__NR_rename)
++#if defined(__NR_rename) && !defined(OS_ANDROID)
+ __NR_rename
+ #endif
+ }},
+ {COMMAND_UNLINK,
+ {__NR_unlinkat,
+-#if defined(__NR_unlink)
++#if defined(__NR_unlink) && !defined(OS_ANDROID)
+ __NR_unlink
+ #endif
+ }},
+ {COMMAND_RMDIR,
+ {__NR_unlinkat,
+-#if defined(__NR_rmdir)
++#if defined(__NR_rmdir) && !defined(OS_ANDROID)
+ __NR_rmdir
+ #endif
+ }},
+ {COMMAND_STAT,
+ {
+-#if defined(__NR_stat)
++#if defined(__NR_stat) && !defined(OS_ANDROID)
+ __NR_stat,
+ #endif
+-#if defined(__NR_lstat)
++#if defined(__NR_lstat) && !defined(OS_ANDROID)
+ __NR_lstat,
+ #endif
+ #if defined(__NR_fstatat)
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+index 35788eb22a..83b89efc75 100644
+--- a/sandbox/linux/system_headers/linux_stat.h
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -157,6 +157,10 @@ struct kernel_stat {
+ };
+ #endif
+
++#if !defined(AT_EMPTY_PATH)
++#define AT_EMPTY_PATH 0x1000
++#endif
++
+ // On 32-bit systems, we default to the 64-bit stat struct like libc
+ // implementations do. Otherwise we default to the normal stat struct which is
+ // already 64-bit.
Deleted: linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
===================================================================
--- linux-sandbox-syscall-broker-use-struct-kernel_stat.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ linux-sandbox-syscall-broker-use-struct-kernel_stat.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,1384 +0,0 @@
-From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton at chromium.org>
-Date: Mon, 19 Jul 2021 14:03:13 +0000
-Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
- kernel_stat""
-
-This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
-
-Reason for revert: reland
-
-The fix included in the reland is that fstatat64() needs to be
-allowed in the broker process's seccomp policy.
-
-This CL also includes some extra tests that the kernel_stat structures
-match the layout the kernel expects.
-
-Bug: 1164975, 1199431
-Test: trogdor Chromebook successfully boots and allows login.
-
-Original change's description:
-> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
->
-> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
->
-> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
->
-> Original change's description:
-> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
-> >
-> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
-> >
-> > Original change's description:
-> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
-> > >
-> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
-> > >
-> > > Reason for revert: Causing failure in
-> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
-> > > See crbug.com/1198480
-> > >
-> > > Original change's description:
-> > > > Linux sandbox syscall broker: use struct kernel_stat
-> > > >
-> > > > The struct stat used in libc is different (in size and field ordering)
-> > > > from the structure assumed by the Linux kernel. So, when emulating
-> > > > system calls, we need to use the struct definition the kernel expects.
-> > > >
-> > > > This CL adds linux_stat.h that includes definitions of the different
-> > > > kernel structs.
-> > > >
-> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
-> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
-> > > > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
-> > > > Reviewed-by: Robert Sesek <rsesek at chromium.org>
-> > > > Cr-Commit-Position: refs/heads/master@{#871767}
-> > >
-> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
-> > > No-Presubmit: true
-> > > No-Tree-Checks: true
-> > > No-Try: true
-> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
-> > > Auto-Submit: Victor Vianna <victorvianna at google.com>
-> > > Owners-Override: Victor Vianna <victorvianna at google.com>
-> > > Commit-Queue: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
-> > > Bot-Commit: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
-> > > Cr-Commit-Position: refs/heads/master@{#871882}
-> >
-> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
-> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
-> > Auto-Submit: Matthew Denton <mpdenton at chromium.org>
-> > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
-> > Reviewed-by: Robert Sesek <rsesek at chromium.org>
-> > Cr-Commit-Position: refs/heads/master@{#872812}
->
-> Fixed: 1199431
-> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
-> No-Presubmit: true
-> No-Tree-Checks: true
-> No-Try: true
-> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
-> Auto-Submit: Kyle Horimoto <khorimoto at chromium.org>
-> Commit-Queue: Matthew Denton <mpdenton at chromium.org>
-> Commit-Queue: Kinuko Yasuda <kinuko at chromium.org>
-> Reviewed-by: Matthew Denton <mpdenton at chromium.org>
-> Reviewed-by: Kinuko Yasuda <kinuko at chromium.org>
-> Owners-Override: Kinuko Yasuda <kinuko at chromium.org>
-> Cr-Commit-Position: refs/heads/master@{#873173}
-
-Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
-Reviewed-by: Robert Sesek <rsesek at chromium.org>
-Commit-Queue: Matthew Denton <mpdenton at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#902981}
----
- sandbox/linux/BUILD.gn | 1 +
- .../seccomp_broker_process_unittest.cc | 40 +++-
- sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
- ...scall_parameters_restrictions_unittests.cc | 4 -
- sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
- sandbox/linux/services/syscall_wrappers.h | 15 ++
- .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
- sandbox/linux/syscall_broker/DEPS | 3 +-
- sandbox/linux/syscall_broker/broker_client.cc | 4 +-
- sandbox/linux/syscall_broker/broker_client.h | 4 +-
- sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
- .../syscall_broker/broker_process_unittest.cc | 74 +++----
- .../remote_syscall_arg_handler_unittest.cc | 36 ++--
- .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
- .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
- sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
- sandbox/linux/system_headers/linux_time.h | 26 +++
- sandbox/linux/tests/test_utils.cc | 15 ++
- sandbox/linux/tests/test_utils.h | 2 +
- .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
- 20 files changed, 595 insertions(+), 118 deletions(-)
- create mode 100644 sandbox/linux/system_headers/linux_stat.h
-
-diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
-index 2f778dd0bc..ccbbc91716 100644
---- a/sandbox/linux/BUILD.gn
-+++ b/sandbox/linux/BUILD.gn
-@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
- "system_headers/linux_ptrace.h",
- "system_headers/linux_seccomp.h",
- "system_headers/linux_signal.h",
-+ "system_headers/linux_stat.h",
- "system_headers/linux_syscalls.h",
- "system_headers/linux_time.h",
- "system_headers/linux_ucontext.h",
-diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
-index 9da9c68911..8a941983b1 100644
---- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
-+++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
-@@ -34,6 +34,7 @@
- #include "sandbox/linux/syscall_broker/broker_file_permission.h"
- #include "sandbox/linux/syscall_broker/broker_process.h"
- #include "sandbox/linux/system_headers/linux_seccomp.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
- #include "sandbox/linux/tests/scoped_temporary_file.h"
- #include "sandbox/linux/tests/test_utils.h"
-@@ -202,6 +203,26 @@ namespace {
- // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
- // and musl up to 4096.
- const int kFakeErrnoSentinel = 254;
-+
-+void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
-+ struct stat& out_stat) {
-+ out_stat.st_dev = in_stat.st_dev;
-+ out_stat.st_ino = in_stat.st_ino;
-+ out_stat.st_mode = in_stat.st_mode;
-+ out_stat.st_nlink = in_stat.st_nlink;
-+ out_stat.st_uid = in_stat.st_uid;
-+ out_stat.st_gid = in_stat.st_gid;
-+ out_stat.st_rdev = in_stat.st_rdev;
-+ out_stat.st_size = in_stat.st_size;
-+ out_stat.st_blksize = in_stat.st_blksize;
-+ out_stat.st_blocks = in_stat.st_blocks;
-+ out_stat.st_atim.tv_sec = in_stat.st_atime_;
-+ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
-+ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
-+ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
-+ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
-+ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
-+}
- } // namespace
-
- // There are a variety of ways to make syscalls in a sandboxed process. One is
-@@ -217,6 +238,10 @@ class Syscaller {
-
- virtual int Open(const char* filepath, int flags) = 0;
- virtual int Access(const char* filepath, int mode) = 0;
-+ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
-+ // syscaller simpler. Copying from default_stat_struct (the structure returned
-+ // from a stat sycall) to struct stat (the structure exposed by a libc to its
-+ // users) is simpler than going in the opposite direction.
- virtual int Stat(const char* filepath,
- bool follow_links,
- struct stat* statbuf) = 0;
-@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
- int Stat(const char* filepath,
- bool follow_links,
- struct stat* statbuf) override {
-- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
-- statbuf);
-+ default_stat_struct buf;
-+ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ filepath, follow_links, &buf);
-+ if (ret >= 0)
-+ ConvertKernelStatToLibcStat(buf, *statbuf);
-+ return ret;
- }
-
- int Rename(const char* oldpath, const char* newpath) override {
-@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
- int Stat(const char* filepath,
- bool follow_links,
- struct stat* statbuf) override {
-- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
-- : syscall(__NR_lstat, filepath, statbuf);
-+ struct kernel_stat buf;
-+ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
-+ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
- if (ret < 0)
- return -errno;
-+
-+ ConvertKernelStatToLibcStat(buf, *statbuf);
- return ret;
- }
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
-index 4419fd1da3..95d1bb6cbb 100644
---- a/sandbox/linux/seccomp-bpf-helpers/DEPS
-+++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
-@@ -3,5 +3,4 @@ include_rules = [
- "+sandbox/linux/seccomp-bpf",
- "+sandbox/linux/services",
- "+sandbox/linux/system_headers",
-- "+third_party/lss/linux_syscall_support.h",
- ]
-diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
-index 903e702eab..76c393032c 100644
---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
-@@ -37,10 +37,6 @@
- #include "sandbox/linux/system_headers/linux_time.h"
- #include "sandbox/linux/tests/unit_tests.h"
-
--#if !defined(OS_ANDROID)
--#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
--#endif
--
- namespace sandbox {
-
- namespace {
-diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
-index fcfd2aa129..3bec18a14e 100644
---- a/sandbox/linux/services/syscall_wrappers.cc
-+++ b/sandbox/linux/services/syscall_wrappers.cc
-@@ -4,6 +4,7 @@
-
- #include "sandbox/linux/services/syscall_wrappers.h"
-
-+#include <fcntl.h>
- #include <pthread.h>
- #include <sched.h>
- #include <setjmp.h>
-@@ -14,11 +15,13 @@
- #include <unistd.h>
- #include <cstring>
-
-+#include "base/check.h"
- #include "base/compiler_specific.h"
- #include "base/logging.h"
- #include "build/build_config.h"
- #include "sandbox/linux/system_headers/capability.h"
- #include "sandbox/linux/system_headers/linux_signal.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
-
- namespace sandbox {
-@@ -217,7 +220,7 @@ asm(
- #undef STR
- #undef XSTR
-
--#endif
-+#endif // defined(ARCH_CPU_X86_FAMILY)
-
- int sys_sigaction(int signum,
- const struct sigaction* act,
-@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
- #error "Unsupported architecture."
- #endif
- }
--#endif
-+#endif // defined(ARCH_CPU_X86_FAMILY)
- }
-
- LinuxSigAction linux_oldact = {};
-@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
- return result;
- }
-
--#endif // defined(MEMORY_SANITIZER)
-+#endif // !defined(OS_NACL_NONSFI)
-+
-+int sys_stat(const char* path, struct kernel_stat* stat_buf) {
-+ int res;
-+#if !defined(__NR_stat)
-+ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
-+#else
-+ res = syscall(__NR_stat, path, stat_buf);
-+#endif
-+ if (res == 0)
-+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
-+ return res;
-+}
-+
-+int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
-+ int res;
-+#if !defined(__NR_lstat)
-+ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
-+#else
-+ res = syscall(__NR_lstat, path, stat_buf);
-+#endif
-+ if (res == 0)
-+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
-+ return res;
-+}
-+
-+int sys_fstatat64(int dirfd,
-+ const char* pathname,
-+ struct kernel_stat64* stat_buf,
-+ int flags) {
-+#if defined(__NR_fstatat64)
-+ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
-+ if (res == 0)
-+ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
-+ return res;
-+#else // defined(__NR_fstatat64)
-+ // We should not reach here on 64-bit systems, as the *stat*64() are only
-+ // necessary on 32-bit.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+#endif
-+}
-
- } // namespace sandbox
-diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
-index 1975bfbd88..b55340e4a2 100644
---- a/sandbox/linux/services/syscall_wrappers.h
-+++ b/sandbox/linux/services/syscall_wrappers.h
-@@ -17,6 +17,8 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct kernel_stat;
-+struct kernel_stat64;
-
- namespace sandbox {
-
-@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Some architectures do not have stat() and lstat() syscalls. In that case,
-+// these wrappers will use newfstatat(), which is available on all other
-+// architectures, with the same capabilities as stat() and lstat().
-+SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
-+SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
-+
-+// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
-+// not a supported syscall on the current platform.
-+SANDBOX_EXPORT int sys_fstatat64(int dirfd,
-+ const char* pathname,
-+ struct kernel_stat64* stat_buf,
-+ int flags);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
-diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
-index 32820f60a8..64b9cea80f 100644
---- a/sandbox/linux/services/syscall_wrappers_unittest.cc
-+++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
-@@ -5,15 +5,19 @@
- #include "sandbox/linux/services/syscall_wrappers.h"
-
- #include <stdint.h>
-+#include <string.h>
- #include <sys/syscall.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <unistd.h>
--#include <cstring>
-
-+#include "base/logging.h"
-+#include "base/memory/page_size.h"
- #include "base/posix/eintr_wrapper.h"
- #include "build/build_config.h"
- #include "sandbox/linux/system_headers/linux_signal.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
-+#include "sandbox/linux/tests/scoped_temporary_file.h"
- #include "sandbox/linux/tests/test_utils.h"
- #include "sandbox/linux/tests/unit_tests.h"
- #include "testing/gtest/include/gtest/gtest.h"
-@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
- linux_sigset);
- }
-
-+TEST(SyscallWrappers, Stat) {
-+ // Create a file to stat, with 12 bytes of data.
-+ ScopedTemporaryFile tmp_file;
-+ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
-+
-+ // To test we have the correct stat structures for each kernel/platform, we
-+ // will right-align them on a page, with a guard page after.
-+ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
-+ TestUtils::MprotectLastPageOrDie(two_pages, 2);
-+ char* page1_end = two_pages + base::GetPageSize();
-+
-+ // First, check that calling stat with |stat_buf| pointing to the last byte on
-+ // a page causes EFAULT.
-+ int res = sys_stat(tmp_file.full_file_name(),
-+ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
-+ ASSERT_EQ(res, -1);
-+ ASSERT_EQ(errno, EFAULT);
-+
-+ // Now, check that we have the correctly sized stat structure.
-+ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
-+ page1_end - sizeof(struct kernel_stat));
-+ // Memset to c's so we can check the kernel zero'd the padding...
-+ memset(sb, 'c', sizeof(struct kernel_stat));
-+ res = sys_stat(tmp_file.full_file_name(), sb);
-+ ASSERT_EQ(res, 0);
-+
-+ // Following fields may never be consistent but should be non-zero.
-+ // Don't trust the platform to define fields with any particular sign.
-+ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
-+ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
-+ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
-+ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
-+ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
-+
-+// We are the ones that made the file.
-+// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
-+// and we end up with dummy uids and gids in place here.
-+#if defined(ARCH_CPU_64_BITS)
-+ EXPECT_EQ(geteuid(), sb->st_uid);
-+ EXPECT_EQ(getegid(), sb->st_gid);
-+#endif
-+
-+ // Wrote 12 bytes above which should fit in one block.
-+ EXPECT_EQ(12u, sb->st_size);
-+
-+ // Can't go backwards in time, 1500000000 was some time ago.
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
-+
-+ // Checking the padding for good measure.
-+#if defined(__x86_64__)
-+ EXPECT_EQ(0u, sb->__pad0);
-+ EXPECT_EQ(0u, sb->__unused4[0]);
-+ EXPECT_EQ(0u, sb->__unused4[1]);
-+ EXPECT_EQ(0u, sb->__unused4[2]);
-+#elif defined(__aarch64__)
-+ EXPECT_EQ(0u, sb->__pad1);
-+ EXPECT_EQ(0, sb->__pad2);
-+ EXPECT_EQ(0u, sb->__unused4);
-+ EXPECT_EQ(0u, sb->__unused5);
-+#endif
-+}
-+
-+TEST(SyscallWrappers, LStat) {
-+ // Create a file to stat, with 12 bytes of data.
-+ ScopedTemporaryFile tmp_file;
-+ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
-+
-+ // Also create a symlink.
-+ std::string symlink_name;
-+ {
-+ ScopedTemporaryFile tmp_file2;
-+ symlink_name = tmp_file2.full_file_name();
-+ }
-+ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
-+ if (rc != 0) {
-+ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
-+ << tmp_file.full_file_name();
-+ GTEST_FAIL();
-+ }
-+
-+ struct kernel_stat lstat_info;
-+ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
-+ if (rc < 0 && errno == EOVERFLOW) {
-+ GTEST_SKIP();
-+ }
-+ if (rc != 0) {
-+ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
-+ GTEST_FAIL();
-+ }
-+
-+ struct kernel_stat stat_info;
-+ rc = sys_stat(symlink_name.c_str(), &stat_info);
-+ if (rc < 0 && errno == EOVERFLOW) {
-+ GTEST_SKIP();
-+ }
-+ if (rc != 0) {
-+ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
-+ GTEST_FAIL();
-+ }
-+
-+ struct kernel_stat tmp_file_stat_info;
-+ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
-+ if (rc < 0 && errno == EOVERFLOW) {
-+ GTEST_SKIP();
-+ }
-+ if (rc != 0) {
-+ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
-+ GTEST_FAIL();
-+ }
-+
-+ // lstat should produce information about a symlink.
-+ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
-+
-+ // stat-ing symlink_name and tmp_file should produce the same inode.
-+ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
-+
-+ // lstat-ing symlink_name should give a different inode than stat-ing
-+ // symlink_name.
-+ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
-+}
-+
- } // namespace
-
- } // namespace sandbox
-diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
-index c477f7d363..149c463b06 100644
---- a/sandbox/linux/syscall_broker/DEPS
-+++ b/sandbox/linux/syscall_broker/DEPS
-@@ -1,4 +1,5 @@
- include_rules = [
-- "+sandbox/linux/system_headers",
- "+sandbox/linux/bpf_dsl",
-+ "+sandbox/linux/services",
-+ "+sandbox/linux/system_headers",
- ]
-diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
-index 6b1b5be433..e24f659fcf 100644
---- a/sandbox/linux/syscall_broker/broker_client.cc
-+++ b/sandbox/linux/syscall_broker/broker_client.cc
-@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
-
- int BrokerClient::Stat(const char* pathname,
- bool follow_links,
-- struct stat* sb) const {
-+ struct kernel_stat* sb) const {
- if (!pathname || !sb)
- return -EFAULT;
-
-@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
-
- int BrokerClient::Stat64(const char* pathname,
- bool follow_links,
-- struct stat64* sb) const {
-+ struct kernel_stat64* sb) const {
- if (!pathname || !sb)
- return -EFAULT;
-
-diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
-index 05e14c83f2..26ca78101c 100644
---- a/sandbox/linux/syscall_broker/broker_client.h
-+++ b/sandbox/linux/syscall_broker/broker_client.h
-@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
- int Rmdir(const char* path) const override;
- int Stat(const char* pathname,
- bool follow_links,
-- struct stat* sb) const override;
-+ struct kernel_stat* sb) const override;
- int Stat64(const char* pathname,
- bool follow_links,
-- struct stat64* sb) const override;
-+ struct kernel_stat64* sb) const override;
- int Unlink(const char* unlink) const override;
-
- private:
-diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
-index 1cd03a18df..1cdc01a888 100644
---- a/sandbox/linux/syscall_broker/broker_host.cc
-+++ b/sandbox/linux/syscall_broker/broker_host.cc
-@@ -20,9 +20,11 @@
- #include "base/files/scoped_file.h"
- #include "base/logging.h"
- #include "base/posix/eintr_wrapper.h"
-+#include "sandbox/linux/services/syscall_wrappers.h"
- #include "sandbox/linux/syscall_broker/broker_command.h"
- #include "sandbox/linux/syscall_broker/broker_permission_list.h"
- #include "sandbox/linux/syscall_broker/broker_simple_message.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
-
- namespace sandbox {
-@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
- RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
- return;
- }
-+
- if (command_type == COMMAND_STAT) {
-- struct stat sb;
-- int sts =
-- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
-+ struct kernel_stat sb;
-+
-+ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
-+ : sandbox::sys_lstat(file_to_access, &sb);
- if (sts < 0) {
- RAW_CHECK(reply->AddIntToMessage(-errno));
- return;
-@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
- RAW_CHECK(
- reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
- } else {
-+#if defined(__NR_fstatat64)
- DCHECK(command_type == COMMAND_STAT64);
-- struct stat64 sb;
-- int sts = follow_links ? stat64(file_to_access, &sb)
-- : lstat64(file_to_access, &sb);
-+ struct kernel_stat64 sb;
-+
-+ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
-+ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
- if (sts < 0) {
- RAW_CHECK(reply->AddIntToMessage(-errno));
- return;
-@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
- RAW_CHECK(reply->AddIntToMessage(0));
- RAW_CHECK(
- reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
-+#else // defined(__NR_fstatat64)
-+ // We should not reach here on 64-bit systems, as the *stat*64() are only
-+ // necessary on 32-bit.
-+ RAW_CHECK(false);
-+#endif
- }
- }
-
-diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-index 55ba6bccb2..c65f25a78a 100644
---- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
-+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
- const char* bad_leading_path5 = "/mbogo/fictitioux";
- const char* bad_leading_path6 = "/mbogo/fictitiousa";
-
-- struct stat sb;
-+ default_stat_struct sb;
-
- {
- // Actual file with permissions to see file but command not allowed.
-@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
-
- memset(&sb, 0, sizeof(sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- tempfile_name, follow_links, &sb));
- }
-
-@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
-
- memset(&sb, 0, sizeof(sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- nonesuch_name, follow_links, &sb));
- }
- {
-@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
-
- memset(&sb, 0, sizeof(sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- tempfile_name, follow_links, &sb));
- }
- {
-@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
- ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
-
- memset(&sb, 0, sizeof(sb));
-- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
-- nonesuch_name, follow_links, &sb));
-+ EXPECT_EQ(-ENOENT,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ nonesuch_name, follow_links, &sb));
-
- // Gets denied all the way back to root since no create permission.
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- leading_path1, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- leading_path2, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- leading_path3, follow_links, &sb));
-
- // Not fooled by substrings.
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path1, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path2, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path3, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path4, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path5, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path6, follow_links, &sb));
- }
- {
-@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
- ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
-
- memset(&sb, 0, sizeof(sb));
-- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
-- nonesuch_name, follow_links, &sb));
-+ EXPECT_EQ(-ENOENT,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ nonesuch_name, follow_links, &sb));
-
- // Gets ENOENT all the way back to root since it has create permission.
-- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
-- leading_path1, follow_links, &sb));
-- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
-- leading_path2, follow_links, &sb));
-+ EXPECT_EQ(-ENOENT,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ leading_path1, follow_links, &sb));
-+ EXPECT_EQ(-ENOENT,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ leading_path2, follow_links, &sb));
-
- // But can always get the root.
-- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
-- leading_path3, follow_links, &sb));
-+ EXPECT_EQ(0,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ leading_path3, follow_links, &sb));
-
- // Not fooled by substrings.
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path1, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path2, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path3, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path4, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path5, follow_links, &sb));
- EXPECT_EQ(-kFakeErrnoSentinel,
-- open_broker.GetBrokerClientSignalBased()->Stat(
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
- bad_leading_path6, follow_links, &sb));
- }
- {
-@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
- ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
-
- memset(&sb, 0, sizeof(sb));
-- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
-- tempfile_name, follow_links, &sb));
-+ EXPECT_EQ(0,
-+ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
-+ tempfile_name, follow_links, &sb));
-
- // Following fields may never be consistent but should be non-zero.
- // Don't trust the platform to define fields with any particular sign.
-@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
- EXPECT_EQ(12, sb.st_size);
-
- // Can't go backwards in time, 1500000000 was some time ago.
-- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
-- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
-- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
-+ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
- }
- }
-
-diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
-index fffa9bb708..f517a9867c 100644
---- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
-+++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
-@@ -16,6 +16,7 @@
- #include "base/memory/page_size.h"
- #include "base/posix/unix_domain_socket.h"
- #include "base/test/bind.h"
-+#include "sandbox/linux/tests/test_utils.h"
- #include "sandbox/linux/tests/unit_tests.h"
- #include "testing/gtest/include/gtest/gtest.h"
-
-@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
- }
- }
-
--void* MapPagesOrDie(size_t num_pages) {
-- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
-- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-- PCHECK(addr);
-- return addr;
--}
--
--void MprotectLastPageOrDie(char* addr, size_t num_pages) {
-- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
-- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
-- 0);
--}
--
- pid_t ForkWaitingChild(base::OnceCallback<void(int)>
- after_parent_signals_callback = base::DoNothing(),
- base::ScopedFD* parent_sync_fd = nullptr) {
-@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
- size_t total_pages = (test_config.start_at + test_config.total_size +
- base::GetPageSize() - 1) /
- base::GetPageSize();
-- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
-+ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
- char* addr = mmap_addr + test_config.start_at;
- FillBufferWithPath(addr, test_config.total_size,
- test_config.include_null_byte);
-
- if (test_config.last_page_inaccessible)
-- MprotectLastPageOrDie(mmap_addr, total_pages);
-+ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
-
- pid_t pid = ForkWaitingChild();
- munmap(mmap_addr, base::GetPageSize() * total_pages);
-@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
- }
-
- SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
-- void* addr = MapPagesOrDie(1);
-+ void* addr = TestUtils::MapPagesOrDie(1);
- FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
-
- base::ScopedFD parent_sync, child_sync;
-@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
- }
-
- SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
-- void* read_from = MapPagesOrDie(1);
-+ void* read_from = TestUtils::MapPagesOrDie(1);
- const size_t write_size = base::GetPageSize();
- FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
-- char* write_to = static_cast<char*>(MapPagesOrDie(1));
-+ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
- base::ScopedFD parent_signal_fd;
- const std::vector<int> empty_fd_vec;
-
-@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
- }
-
- SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
-- char* write_to = static_cast<char*>(MapPagesOrDie(1));
-- MprotectLastPageOrDie(write_to, 1);
-+ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
-+ TestUtils::MprotectLastPageOrDie(write_to, 1);
- base::ScopedFD parent_signal_fd;
- const std::vector<int> empty_fd_vec;
-
-@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
- }
-
- SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
-- char* read_from = static_cast<char*>(MapPagesOrDie(2));
-+ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
- const size_t write_size = base::GetPageSize();
- FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
-- char* write_to = static_cast<char*>(MapPagesOrDie(2));
-- MprotectLastPageOrDie(write_to, 2);
-+ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
-+ TestUtils::MprotectLastPageOrDie(write_to, 2);
- write_to += base::GetPageSize() / 2;
- base::ScopedFD parent_signal_fd;
- const std::vector<int> empty_fd_vec;
-@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
- }
-
- SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
-- char* addr = static_cast<char*>(MapPagesOrDie(1));
-+ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
- FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
-
- base::ScopedFD parent_sync, child_sync;
-diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
-index b9ee93c14a..8a42397ef8 100644
---- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
-+++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
-@@ -19,8 +19,18 @@ namespace syscall_broker {
- #define BROKER_UNPOISON_STRING(x)
- #endif
-
-+int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
-+ bool follow_links,
-+ default_stat_struct* sb) {
-+#if defined(__NR_fstatat64)
-+ return Stat64(pathname, follow_links, sb);
-+#elif defined(__NR_newfstatat)
-+ return Stat(pathname, follow_links, sb);
-+#endif
-+}
-+
- int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
-- bool arch64) {
-+ bool stat64) {
- if (static_cast<int>(args.args[0]) != AT_FDCWD)
- return -EPERM;
- // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
-@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
-
- const bool follow_links =
- !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
-- if (arch64) {
-+ if (stat64) {
- return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
-- reinterpret_cast<struct stat64*>(args.args[2]));
-+ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
- }
-
- return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
-- reinterpret_cast<struct stat*>(args.args[2]));
-+ reinterpret_cast<struct kernel_stat*>(args.args[2]));
-+}
-+
-+int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
-+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
-+ return -EPERM;
-+
-+ int flags = static_cast<int>(args.args[2]);
-+
-+ if (flags == AT_REMOVEDIR) {
-+ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
-+ }
-+
-+ if (flags != 0)
-+ return -EPERM;
-+
-+ return Unlink(reinterpret_cast<const char*>(args.args[1]));
- }
-
- int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
-@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
- #if defined(__NR_stat)
- case __NR_stat:
- return Stat(reinterpret_cast<const char*>(args.args[0]), true,
-- reinterpret_cast<struct stat*>(args.args[1]));
-+ reinterpret_cast<struct kernel_stat*>(args.args[1]));
- #endif
- #if defined(__NR_stat64)
- case __NR_stat64:
- return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
-- reinterpret_cast<struct stat64*>(args.args[1]));
-+ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
- #endif
- #if defined(__NR_lstat)
- case __NR_lstat:
- // See https://crbug.com/847096
- BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
- return Stat(reinterpret_cast<const char*>(args.args[0]), false,
-- reinterpret_cast<struct stat*>(args.args[1]));
-+ reinterpret_cast<struct kernel_stat*>(args.args[1]));
- #endif
- #if defined(__NR_lstat64)
- case __NR_lstat64:
- // See https://crbug.com/847096
- BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
- return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
-- reinterpret_cast<struct stat64*>(args.args[1]));
--#endif
--#if defined(__NR_fstatat)
-- case __NR_fstatat:
-- return PerformStatat(args, /*arch64=*/false);
-+ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
- #endif
- #if defined(__NR_fstatat64)
- case __NR_fstatat64:
-- return PerformStatat(args, /*arch64=*/true);
-+ return PerformStatat(args, /*stat64=*/true);
- #endif
- #if defined(__NR_newfstatat)
- case __NR_newfstatat:
-- return PerformStatat(args, /*arch64=*/false);
-+ return PerformStatat(args, /*stat64=*/false);
- #endif
- #if defined(__NR_unlink)
- case __NR_unlink:
- return Unlink(reinterpret_cast<const char*>(args.args[0]));
- #endif
- #if defined(__NR_unlinkat)
-- case __NR_unlinkat: {
-- if (static_cast<int>(args.args[0]) != AT_FDCWD)
-- return -EPERM;
--
-- int flags = static_cast<int>(args.args[2]);
--
-- if (flags == AT_REMOVEDIR) {
-- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
-- }
--
-- if (flags != 0)
-- return -EPERM;
--
-- return Unlink(reinterpret_cast<const char*>(args.args[1]));
-- }
-+ case __NR_unlinkat:
-+ return PerformUnlinkat(args);
- #endif // defined(__NR_unlinkat)
- default:
- RAW_CHECK(false);
-diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
-index d8b8874ad9..1d6653caf3 100644
---- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
-+++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
-@@ -9,13 +9,15 @@
- #include <cstddef>
-
- #include "sandbox/linux/system_headers/linux_seccomp.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
-+#include "sandbox/sandbox_export.h"
-
- namespace sandbox {
- namespace syscall_broker {
-
- // An abstract class that defines all the system calls we perform for the
- // sandboxed process.
--class SyscallDispatcher {
-+class SANDBOX_EXPORT SyscallDispatcher {
- public:
- // Emulates access()/faccessat().
- // X_OK will always return an error in practice since the broker process
-@@ -40,19 +42,34 @@ class SyscallDispatcher {
- virtual int Rmdir(const char* path) const = 0;
-
- // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
-+ // Stat64 is only available on 32-bit systems.
- virtual int Stat(const char* pathname,
- bool follow_links,
-- struct stat* sb) const = 0;
-+ struct kernel_stat* sb) const = 0;
- virtual int Stat64(const char* pathname,
- bool follow_links,
-- struct stat64* sb) const = 0;
-+ struct kernel_stat64* sb) const = 0;
-
- // Emulates unlink()/unlinkat().
- virtual int Unlink(const char* unlink) const = 0;
-
-+ // Different architectures use a different syscall from the stat family by
-+ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
-+ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
-+ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
-+ // should be using the default stat in order to test against glibc.
-+ int DefaultStatForTesting(const char* pathname,
-+ bool follow_links,
-+ default_stat_struct* sb);
-+
- // Validates the args passed to a *statat*() syscall and performs the syscall
-- // using Stat() or Stat64().
-- int PerformStatat(const arch_seccomp_data& args, bool arch64);
-+ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
-+ // syscalls.
-+ int PerformStatat(const arch_seccomp_data& args, bool stat64);
-+
-+ // Validates the args passed to an unlinkat() syscall and performs the syscall
-+ // using either Unlink() or Rmdir().
-+ int PerformUnlinkat(const arch_seccomp_data& args);
-
- // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
- // system calls must only allow AT_FDCWD as the first argument), and
-diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
-new file mode 100644
-index 0000000000..35788eb22a
---- /dev/null
-+++ b/sandbox/linux/system_headers/linux_stat.h
-@@ -0,0 +1,188 @@
-+// Copyright 2021 The Chromium Authors. All rights reserved.
-+// Use of this source code is governed by a BSD-style license that can be
-+// found in the LICENSE file.
-+
-+#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
-+#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
-+
-+#include <stdint.h>
-+
-+#include "build/build_config.h"
-+#include "sandbox/linux/system_headers/linux_syscalls.h"
-+
-+#if defined(ARCH_CPU_MIPS_FAMILY)
-+#if defined(ARCH_CPU_64_BITS)
-+struct kernel_stat {
-+#else
-+struct kernel_stat64 {
-+#endif
-+ unsigned st_dev;
-+ unsigned __pad0[3];
-+ unsigned long long st_ino;
-+ unsigned st_mode;
-+ unsigned st_nlink;
-+ unsigned st_uid;
-+ unsigned st_gid;
-+ unsigned st_rdev;
-+ unsigned __pad1[3];
-+ long long st_size;
-+ unsigned st_atime_;
-+ unsigned st_atime_nsec_;
-+ unsigned st_mtime_;
-+ unsigned st_mtime_nsec_;
-+ unsigned st_ctime_;
-+ unsigned st_ctime_nsec_;
-+ unsigned st_blksize;
-+ unsigned __pad2;
-+ unsigned long long st_blocks;
-+};
-+#else
-+struct kernel_stat64 {
-+ unsigned long long st_dev;
-+ unsigned char __pad0[4];
-+ unsigned __st_ino;
-+ unsigned st_mode;
-+ unsigned st_nlink;
-+ unsigned st_uid;
-+ unsigned st_gid;
-+ unsigned long long st_rdev;
-+ unsigned char __pad3[4];
-+ long long st_size;
-+ unsigned st_blksize;
-+ unsigned long long st_blocks;
-+ unsigned st_atime_;
-+ unsigned st_atime_nsec_;
-+ unsigned st_mtime_;
-+ unsigned st_mtime_nsec_;
-+ unsigned st_ctime_;
-+ unsigned st_ctime_nsec_;
-+ unsigned long long st_ino;
-+};
-+#endif
-+
-+#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
-+struct kernel_stat {
-+ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
-+ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
-+ * format. In reality, we do not see useful data in the top bits. So,
-+ * we'll leave the padding in here, until we find a better solution.
-+ */
-+ unsigned short st_dev;
-+ short pad1;
-+ unsigned st_ino;
-+ unsigned short st_mode;
-+ unsigned short st_nlink;
-+ unsigned short st_uid;
-+ unsigned short st_gid;
-+ unsigned short st_rdev;
-+ short pad2;
-+ unsigned st_size;
-+ unsigned st_blksize;
-+ unsigned st_blocks;
-+ unsigned st_atime_;
-+ unsigned st_atime_nsec_;
-+ unsigned st_mtime_;
-+ unsigned st_mtime_nsec_;
-+ unsigned st_ctime_;
-+ unsigned st_ctime_nsec_;
-+ unsigned __unused4;
-+ unsigned __unused5;
-+};
-+#elif defined(__x86_64__)
-+struct kernel_stat {
-+ uint64_t st_dev;
-+ uint64_t st_ino;
-+ uint64_t st_nlink;
-+ unsigned st_mode;
-+ unsigned st_uid;
-+ unsigned st_gid;
-+ unsigned __pad0;
-+ uint64_t st_rdev;
-+ int64_t st_size;
-+ int64_t st_blksize;
-+ int64_t st_blocks;
-+ uint64_t st_atime_;
-+ uint64_t st_atime_nsec_;
-+ uint64_t st_mtime_;
-+ uint64_t st_mtime_nsec_;
-+ uint64_t st_ctime_;
-+ uint64_t st_ctime_nsec_;
-+ int64_t __unused4[3];
-+};
-+#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
-+struct kernel_stat {
-+ unsigned st_dev;
-+ int st_pad1[3];
-+ unsigned st_ino;
-+ unsigned st_mode;
-+ unsigned st_nlink;
-+ unsigned st_uid;
-+ unsigned st_gid;
-+ unsigned st_rdev;
-+ int st_pad2[2];
-+ long st_size;
-+ int st_pad3;
-+ long st_atime_;
-+ long st_atime_nsec_;
-+ long st_mtime_;
-+ long st_mtime_nsec_;
-+ long st_ctime_;
-+ long st_ctime_nsec_;
-+ int st_blksize;
-+ int st_blocks;
-+ int st_pad4[14];
-+};
-+#elif defined(__aarch64__)
-+struct kernel_stat {
-+ unsigned long st_dev;
-+ unsigned long st_ino;
-+ unsigned int st_mode;
-+ unsigned int st_nlink;
-+ unsigned int st_uid;
-+ unsigned int st_gid;
-+ unsigned long st_rdev;
-+ unsigned long __pad1;
-+ long st_size;
-+ int st_blksize;
-+ int __pad2;
-+ long st_blocks;
-+ long st_atime_;
-+ unsigned long st_atime_nsec_;
-+ long st_mtime_;
-+ unsigned long st_mtime_nsec_;
-+ long st_ctime_;
-+ unsigned long st_ctime_nsec_;
-+ unsigned int __unused4;
-+ unsigned int __unused5;
-+};
-+#endif
-+
-+// On 32-bit systems, we default to the 64-bit stat struct like libc
-+// implementations do. Otherwise we default to the normal stat struct which is
-+// already 64-bit.
-+// These defines make it easy to call the right syscall to fill out a 64-bit
-+// stat struct, which is the default in libc implementations but requires
-+// different syscall names on 32 and 64-bit platforms.
-+#if defined(__NR_fstatat64)
-+
-+namespace sandbox {
-+using default_stat_struct = struct kernel_stat64;
-+} // namespace sandbox
-+
-+#define __NR_fstatat_default __NR_fstatat64
-+#define __NR_fstat_default __NR_fstat64
-+
-+#elif defined(__NR_newfstatat)
-+
-+namespace sandbox {
-+using default_stat_struct = struct kernel_stat;
-+} // namespace sandbox
-+
-+#define __NR_fstatat_default __NR_newfstatat
-+#define __NR_fstat_default __NR_fstat
-+
-+#else
-+#error "one of fstatat64 and newfstatat must be defined"
-+#endif
-+
-+#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
-diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
-index 780f24dddd..f18c806611 100644
---- a/sandbox/linux/system_headers/linux_time.h
-+++ b/sandbox/linux/system_headers/linux_time.h
-@@ -11,6 +11,32 @@
- #define CPUCLOCK_CLOCK_MASK 3
- #endif
-
-+#if !defined(CPUCLOCK_PROF)
-+#define CPUCLOCK_PROF 0
-+#endif
-+
-+#if !defined(CPUCLOCK_VIRT)
-+#define CPUCLOCK_VIRT 1
-+#endif
-+
-+#if !defined(CPUCLOCK_SCHED)
-+#define CPUCLOCK_SCHED 2
-+#endif
-+
-+#if !defined(CPUCLOCK_PERTHREAD_MASK)
-+#define CPUCLOCK_PERTHREAD_MASK 4
-+#endif
-+
-+#if !defined(MAKE_PROCESS_CPUCLOCK)
-+#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
-+ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
-+#endif
-+
-+#if !defined(MAKE_THREAD_CPUCLOCK)
-+#define MAKE_THREAD_CPUCLOCK(tid, clock) \
-+ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
-+#endif
-+
- #if !defined(CLOCKFD)
- #define CLOCKFD 3
- #endif
-diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
-index 847c20b20c..cf6041a4b4 100644
---- a/sandbox/linux/tests/test_utils.cc
-+++ b/sandbox/linux/tests/test_utils.cc
-@@ -5,12 +5,14 @@
- #include "sandbox/linux/tests/test_utils.h"
-
- #include <errno.h>
-+#include <sys/mman.h>
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <unistd.h>
-
- #include "base/check_op.h"
-+#include "base/memory/page_size.h"
- #include "base/posix/eintr_wrapper.h"
-
- namespace sandbox {
-@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
- }
- }
-
-+void* TestUtils::MapPagesOrDie(size_t num_pages) {
-+ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
-+ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-+ PCHECK(addr);
-+ return addr;
-+}
-+
-+void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
-+ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
-+ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
-+ 0);
-+}
-+
- } // namespace sandbox
-diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
-index 7cf9749fe4..43b028b1e3 100644
---- a/sandbox/linux/tests/test_utils.h
-+++ b/sandbox/linux/tests/test_utils.h
-@@ -19,6 +19,8 @@ class TestUtils {
- // makes sure that if fork() succeeded the child exits
- // and the parent waits for it.
- static void HandlePostForkReturn(pid_t pid);
-+ static void* MapPagesOrDie(size_t num_pages);
-+ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
-
- private:
- DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
-diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
-index 2963bb9ca8..6dc8c0581b 100644
---- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
-+++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
-@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
- return Allow();
- break;
- #endif
--#if defined(__NR_fstatat)
-- case __NR_fstatat:
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
- if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
- return Allow();
- break;
Copied: chromium/repos/extra-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch (from rev 421097, chromium/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
===================================================================
--- linux-sandbox-syscall-broker-use-struct-kernel_stat.patch (rev 0)
+++ linux-sandbox-syscall-broker-use-struct-kernel_stat.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna at google.com>
+> > > Owners-Override: Victor Vianna <victorvianna at google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton at chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto at chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko at chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton at chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko at chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko at chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bc..ccbbc91716 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911..8a941983b1 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da3..95d1bb6cbb 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab..76c393032c 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129..3bec18a14e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88..b55340e4a2 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8..64b9cea80f 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d363..149c463b06 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433..e24f659fcf 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2..26ca78101c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df..1cdc01a888 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb2..c65f25a78a 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb708..f517a9867c 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14a..8a42397ef8 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9..1d6653caf3 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000..35788eb22a
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd..f18c806611 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c..cf6041a4b4 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4..43b028b1e3 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8..6dc8c0581b 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
Deleted: make-GetUsableSize-handle-nullptr-gracefully.patch
===================================================================
--- make-GetUsableSize-handle-nullptr-gracefully.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ make-GetUsableSize-handle-nullptr-gracefully.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,49 +0,0 @@
-From 61e16c92ff24bb71b9b7309a9d6d470ee91738bc Mon Sep 17 00:00:00 2001
-From: Bartek Nowierski <bartekn at chromium.org>
-Date: Wed, 21 Jul 2021 15:01:38 +0000
-Subject: [PATCH] [PA] Make GetUsableSize() handle nullptr gracefully
-
-malloc_usable_size() is expected to not crush on NULL and return 0.
-
-Bug: 1221442
-Change-Id: I6a3b90dcf3a8ad18114c206d87b98f60d5f50eb1
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042177
-Commit-Queue: Bartek Nowierski <bartekn at chromium.org>
-Commit-Queue: Kentaro Hara <haraken at chromium.org>
-Auto-Submit: Bartek Nowierski <bartekn at chromium.org>
-Reviewed-by: Kentaro Hara <haraken at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#903900}
----
- .../allocator/partition_allocator/partition_alloc_unittest.cc | 4 ++++
- base/allocator/partition_allocator/partition_root.h | 3 +++
- 2 files changed, 7 insertions(+)
-
-diff --git a/base/allocator/partition_allocator/partition_alloc_unittest.cc b/base/allocator/partition_allocator/partition_alloc_unittest.cc
-index c12120114aa7..8863984cd805 100644
---- a/base/allocator/partition_allocator/partition_alloc_unittest.cc
-+++ b/base/allocator/partition_allocator/partition_alloc_unittest.cc
-@@ -2838,6 +2838,10 @@ TEST_F(PartitionAllocTest, OptimizedGetSlotNumber) {
- }
- }
-
-+TEST_F(PartitionAllocTest, GetUsableSizeNull) {
-+ EXPECT_EQ(0ULL, PartitionRoot<ThreadSafe>::GetUsableSize(nullptr));
-+}
-+
- TEST_F(PartitionAllocTest, GetUsableSize) {
- size_t delta = SystemPageSize() + 1;
- for (size_t size = 1; size <= kMinDirectMappedDownsize; size += delta) {
-diff --git a/base/allocator/partition_allocator/partition_root.h b/base/allocator/partition_allocator/partition_root.h
-index b72a1d94a4e4..baac952597d1 100644
---- a/base/allocator/partition_allocator/partition_root.h
-+++ b/base/allocator/partition_allocator/partition_root.h
-@@ -1220,6 +1220,9 @@ ALWAYS_INLINE bool PartitionRoot<thread_safe>::TryRecommitSystemPagesForData(
- // PartitionAlloc's internal data. Used as malloc_usable_size.
- template <bool thread_safe>
- ALWAYS_INLINE size_t PartitionRoot<thread_safe>::GetUsableSize(void* ptr) {
-+ // malloc_usable_size() is expected to handle NULL gracefully and return 0.
-+ if (!ptr)
-+ return 0;
- auto* slot_span = SlotSpan::FromSlotInnerPtr(ptr);
- auto* root = FromSlotSpan(slot_span);
- return slot_span->GetUsableSize(root);
Deleted: sql-make-VirtualCursor-standard-layout-type.patch
===================================================================
--- sql-make-VirtualCursor-standard-layout-type.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ sql-make-VirtualCursor-standard-layout-type.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,238 +0,0 @@
-From 80368f8ba7a8bab13440463a254888311efe3986 Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09 at googlemail.com>
-Date: Tue, 4 May 2021 15:00:19 +0000
-Subject: [PATCH] sql: make VirtualCursor standard layout type
-
-sql::recover::VirtualCursor needs to be a standard layout type, but
-has members of type std::unique_ptr. However, std::unique_ptr is not
-guaranteed to be standard layout. Compiling with clang combined with
-gcc-11 libstdc++ fails because of this. Replace std::unique_ptr with
-raw pointers.
-
-Bug: 1189788
-Change-Id: Ia6dc388cc5ef1c0f2afc75f8ca45b9f12687ca9c
----
- sql/recover_module/btree.cc | 21 +++++++++++++++------
- sql/recover_module/btree.h | 17 +++++++++++++----
- sql/recover_module/cursor.cc | 24 ++++++++++++------------
- sql/recover_module/cursor.h | 2 +-
- sql/recover_module/pager.cc | 7 +++----
- sql/recover_module/pager.h | 5 +++--
- 6 files changed, 47 insertions(+), 29 deletions(-)
-
-diff --git a/sql/recover_module/btree.cc b/sql/recover_module/btree.cc
-index 9ecaafe8a3..839318abf9 100644
---- a/sql/recover_module/btree.cc
-+++ b/sql/recover_module/btree.cc
-@@ -135,16 +135,25 @@ static_assert(std::is_trivially_destructible<LeafPageDecoder>::value,
- "Move the destructor to the .cc file if it's non-trival");
- #endif // !DCHECK_IS_ON()
-
--LeafPageDecoder::LeafPageDecoder(DatabasePageReader* db_reader) noexcept
-- : page_id_(db_reader->page_id()),
-- db_reader_(db_reader),
-- cell_count_(ComputeCellCount(db_reader)),
-- next_read_index_(0),
-- last_record_size_(0) {
-+void LeafPageDecoder::Initialize(DatabasePageReader* db_reader) {
-+ DCHECK(db_reader);
- DCHECK(IsOnValidPage(db_reader));
-+ page_id_ = db_reader->page_id();
-+ db_reader_ = db_reader;
-+ cell_count_ = ComputeCellCount(db_reader);
-+ next_read_index_ = 0;
-+ last_record_size_ = 0;
- DCHECK(DatabasePageReader::IsValidPageId(page_id_));
- }
-
-+void LeafPageDecoder::Reset() {
-+ db_reader_ = nullptr;
-+ page_id_ = 0;
-+ cell_count_ = 0;
-+ next_read_index_ = 0;
-+ last_record_size_ = 0;
-+}
-+
- bool LeafPageDecoder::TryAdvance() {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- DCHECK(CanAdvance());
-diff --git a/sql/recover_module/btree.h b/sql/recover_module/btree.h
-index d76d076bf6..33114b01fa 100644
---- a/sql/recover_module/btree.h
-+++ b/sql/recover_module/btree.h
-@@ -102,7 +102,7 @@ class LeafPageDecoder {
- //
- // |db_reader| must have been used to read an inner page of a table B-tree.
- // |db_reader| must outlive this instance.
-- explicit LeafPageDecoder(DatabasePageReader* db_reader) noexcept;
-+ explicit LeafPageDecoder() noexcept = default;
- ~LeafPageDecoder() noexcept = default;
-
- LeafPageDecoder(const LeafPageDecoder&) = delete;
-@@ -150,6 +150,15 @@ class LeafPageDecoder {
- // read as long as CanAdvance() returns true.
- bool TryAdvance();
-
-+ // Initialize with DatabasePageReader
-+ void Initialize(DatabasePageReader* db_reader);
-+
-+ // Reset internal DatabasePageReader
-+ void Reset();
-+
-+ // True if DatabasePageReader is valid
-+ bool IsValid() { return (db_reader_ != nullptr); }
-+
- // True if the given reader may point to an inner page in a table B-tree.
- //
- // The last ReadPage() call on |db_reader| must have succeeded.
-@@ -163,14 +172,14 @@ class LeafPageDecoder {
- static int ComputeCellCount(DatabasePageReader* db_reader);
-
- // The number of the B-tree page this reader is reading.
-- const int64_t page_id_;
-+ int64_t page_id_;
- // Used to read the tree page.
- //
- // Raw pointer usage is acceptable because this instance's owner is expected
- // to ensure that the DatabasePageReader outlives this.
-- DatabasePageReader* const db_reader_;
-+ DatabasePageReader* db_reader_;
- // Caches the ComputeCellCount() value for this reader's page.
-- const int cell_count_ = ComputeCellCount(db_reader_);
-+ int cell_count_;
-
- // The reader's cursor state.
- //
-diff --git a/sql/recover_module/cursor.cc b/sql/recover_module/cursor.cc
-index 0029ff9295..42548bc4b5 100644
---- a/sql/recover_module/cursor.cc
-+++ b/sql/recover_module/cursor.cc
-@@ -26,7 +26,7 @@ VirtualCursor::~VirtualCursor() {
- int VirtualCursor::First() {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- inner_decoders_.clear();
-- leaf_decoder_ = nullptr;
-+ leaf_decoder_.Reset();
-
- AppendPageDecoder(table_->root_page_id());
- return Next();
-@@ -36,18 +36,18 @@ int VirtualCursor::Next() {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- record_reader_.Reset();
-
-- while (!inner_decoders_.empty() || leaf_decoder_.get()) {
-- if (leaf_decoder_.get()) {
-- if (!leaf_decoder_->CanAdvance()) {
-+ while (!inner_decoders_.empty() || leaf_decoder_.IsValid()) {
-+ if (leaf_decoder_.IsValid()) {
-+ if (!leaf_decoder_.CanAdvance()) {
- // The leaf has been exhausted. Remove it from the DFS stack.
-- leaf_decoder_ = nullptr;
-+ leaf_decoder_.Reset();
- continue;
- }
-- if (!leaf_decoder_->TryAdvance())
-+ if (!leaf_decoder_.TryAdvance())
- continue;
-
-- if (!payload_reader_.Initialize(leaf_decoder_->last_record_size(),
-- leaf_decoder_->last_record_offset())) {
-+ if (!payload_reader_.Initialize(leaf_decoder_.last_record_size(),
-+ leaf_decoder_.last_record_offset())) {
- continue;
- }
- if (!record_reader_.Initialize())
-@@ -99,13 +99,13 @@ int VirtualCursor::ReadColumn(int column_index,
- int64_t VirtualCursor::RowId() {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- DCHECK(record_reader_.IsInitialized());
-- DCHECK(leaf_decoder_.get());
-- return leaf_decoder_->last_record_rowid();
-+ DCHECK(leaf_decoder_.IsValid());
-+ return leaf_decoder_.last_record_rowid();
- }
-
- void VirtualCursor::AppendPageDecoder(int page_id) {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
-- DCHECK(leaf_decoder_.get() == nullptr)
-+ DCHECK(!leaf_decoder_.IsValid())
- << __func__
- << " must only be called when the current path has no leaf decoder";
-
-@@ -113,7 +113,7 @@ void VirtualCursor::AppendPageDecoder(int page_id) {
- return;
-
- if (LeafPageDecoder::IsOnValidPage(&db_reader_)) {
-- leaf_decoder_ = std::make_unique<LeafPageDecoder>(&db_reader_);
-+ leaf_decoder_.Initialize(&db_reader_);
- return;
- }
-
-diff --git a/sql/recover_module/cursor.h b/sql/recover_module/cursor.h
-index afcd6900e1..b15c31d425 100644
---- a/sql/recover_module/cursor.h
-+++ b/sql/recover_module/cursor.h
-@@ -129,7 +129,7 @@ class VirtualCursor {
- std::vector<std::unique_ptr<InnerPageDecoder>> inner_decoders_;
-
- // Decodes the leaf page containing records.
-- std::unique_ptr<LeafPageDecoder> leaf_decoder_;
-+ LeafPageDecoder leaf_decoder_;
-
- SEQUENCE_CHECKER(sequence_checker_);
- };
-diff --git a/sql/recover_module/pager.cc b/sql/recover_module/pager.cc
-index 58e75de270..5fe96204e5 100644
---- a/sql/recover_module/pager.cc
-+++ b/sql/recover_module/pager.cc
-@@ -23,8 +23,7 @@ static_assert(DatabasePageReader::kMaxPageId <= std::numeric_limits<int>::max(),
- "ints are not appropriate for representing page IDs");
-
- DatabasePageReader::DatabasePageReader(VirtualTable* table)
-- : page_data_(std::make_unique<uint8_t[]>(table->page_size())),
-- table_(table) {
-+ : page_data_(), table_(table) {
- DCHECK(table != nullptr);
- DCHECK(IsValidPageSize(table->page_size()));
- }
-@@ -57,8 +56,8 @@ int DatabasePageReader::ReadPage(int page_id) {
- std::numeric_limits<int64_t>::max(),
- "The |read_offset| computation above may overflow");
-
-- int sqlite_status =
-- RawRead(sqlite_file, read_size, read_offset, page_data_.get());
-+ int sqlite_status = RawRead(sqlite_file, read_size, read_offset,
-+ const_cast<uint8_t*>(page_data_.data()));
-
- // |page_id_| needs to be set to kInvalidPageId if the read failed.
- // Otherwise, future ReadPage() calls with the previous |page_id_| value
-diff --git a/sql/recover_module/pager.h b/sql/recover_module/pager.h
-index 0e388ddc3b..99314e30ff 100644
---- a/sql/recover_module/pager.h
-+++ b/sql/recover_module/pager.h
-@@ -5,6 +5,7 @@
- #ifndef SQL_RECOVER_MODULE_PAGER_H_
- #define SQL_RECOVER_MODULE_PAGER_H_
-
-+#include <array>
- #include <cstdint>
- #include <memory>
-
-@@ -70,7 +71,7 @@ class DatabasePageReader {
- DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- DCHECK_NE(page_id_, kInvalidPageId)
- << "Successful ReadPage() required before accessing pager state";
-- return page_data_.get();
-+ return page_data_.data();
- }
-
- // The number of bytes in the page read by the last ReadPage() call.
-@@ -137,7 +138,7 @@ class DatabasePageReader {
- int page_id_ = kInvalidPageId;
- // Stores the bytes of the last page successfully read by ReadPage().
- // The content is undefined if the last call to ReadPage() did not succeed.
-- const std::unique_ptr<uint8_t[]> page_data_;
-+ const std::array<uint8_t, kMaxPageSize> page_data_;
- // Raw pointer usage is acceptable because this instance's owner is expected
- // to ensure that the VirtualTable outlives this.
- VirtualTable* const table_;
Copied: chromium/repos/extra-x86_64/sql-make-VirtualCursor-standard-layout-type.patch (from rev 421097, chromium/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
===================================================================
--- sql-make-VirtualCursor-standard-layout-type.patch (rev 0)
+++ sql-make-VirtualCursor-standard-layout-type.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,238 @@
+From 80368f8ba7a8bab13440463a254888311efe3986 Mon Sep 17 00:00:00 2001
+From: Stephan Hartmann <stha09 at googlemail.com>
+Date: Tue, 4 May 2021 15:00:19 +0000
+Subject: [PATCH] sql: make VirtualCursor standard layout type
+
+sql::recover::VirtualCursor needs to be a standard layout type, but
+has members of type std::unique_ptr. However, std::unique_ptr is not
+guaranteed to be standard layout. Compiling with clang combined with
+gcc-11 libstdc++ fails because of this. Replace std::unique_ptr with
+raw pointers.
+
+Bug: 1189788
+Change-Id: Ia6dc388cc5ef1c0f2afc75f8ca45b9f12687ca9c
+---
+ sql/recover_module/btree.cc | 21 +++++++++++++++------
+ sql/recover_module/btree.h | 17 +++++++++++++----
+ sql/recover_module/cursor.cc | 24 ++++++++++++------------
+ sql/recover_module/cursor.h | 2 +-
+ sql/recover_module/pager.cc | 7 +++----
+ sql/recover_module/pager.h | 5 +++--
+ 6 files changed, 47 insertions(+), 29 deletions(-)
+
+diff --git a/sql/recover_module/btree.cc b/sql/recover_module/btree.cc
+index 9ecaafe8a3..839318abf9 100644
+--- a/sql/recover_module/btree.cc
++++ b/sql/recover_module/btree.cc
+@@ -135,16 +135,25 @@ static_assert(std::is_trivially_destructible<LeafPageDecoder>::value,
+ "Move the destructor to the .cc file if it's non-trival");
+ #endif // !DCHECK_IS_ON()
+
+-LeafPageDecoder::LeafPageDecoder(DatabasePageReader* db_reader) noexcept
+- : page_id_(db_reader->page_id()),
+- db_reader_(db_reader),
+- cell_count_(ComputeCellCount(db_reader)),
+- next_read_index_(0),
+- last_record_size_(0) {
++void LeafPageDecoder::Initialize(DatabasePageReader* db_reader) {
++ DCHECK(db_reader);
+ DCHECK(IsOnValidPage(db_reader));
++ page_id_ = db_reader->page_id();
++ db_reader_ = db_reader;
++ cell_count_ = ComputeCellCount(db_reader);
++ next_read_index_ = 0;
++ last_record_size_ = 0;
+ DCHECK(DatabasePageReader::IsValidPageId(page_id_));
+ }
+
++void LeafPageDecoder::Reset() {
++ db_reader_ = nullptr;
++ page_id_ = 0;
++ cell_count_ = 0;
++ next_read_index_ = 0;
++ last_record_size_ = 0;
++}
++
+ bool LeafPageDecoder::TryAdvance() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK(CanAdvance());
+diff --git a/sql/recover_module/btree.h b/sql/recover_module/btree.h
+index d76d076bf6..33114b01fa 100644
+--- a/sql/recover_module/btree.h
++++ b/sql/recover_module/btree.h
+@@ -102,7 +102,7 @@ class LeafPageDecoder {
+ //
+ // |db_reader| must have been used to read an inner page of a table B-tree.
+ // |db_reader| must outlive this instance.
+- explicit LeafPageDecoder(DatabasePageReader* db_reader) noexcept;
++ explicit LeafPageDecoder() noexcept = default;
+ ~LeafPageDecoder() noexcept = default;
+
+ LeafPageDecoder(const LeafPageDecoder&) = delete;
+@@ -150,6 +150,15 @@ class LeafPageDecoder {
+ // read as long as CanAdvance() returns true.
+ bool TryAdvance();
+
++ // Initialize with DatabasePageReader
++ void Initialize(DatabasePageReader* db_reader);
++
++ // Reset internal DatabasePageReader
++ void Reset();
++
++ // True if DatabasePageReader is valid
++ bool IsValid() { return (db_reader_ != nullptr); }
++
+ // True if the given reader may point to an inner page in a table B-tree.
+ //
+ // The last ReadPage() call on |db_reader| must have succeeded.
+@@ -163,14 +172,14 @@ class LeafPageDecoder {
+ static int ComputeCellCount(DatabasePageReader* db_reader);
+
+ // The number of the B-tree page this reader is reading.
+- const int64_t page_id_;
++ int64_t page_id_;
+ // Used to read the tree page.
+ //
+ // Raw pointer usage is acceptable because this instance's owner is expected
+ // to ensure that the DatabasePageReader outlives this.
+- DatabasePageReader* const db_reader_;
++ DatabasePageReader* db_reader_;
+ // Caches the ComputeCellCount() value for this reader's page.
+- const int cell_count_ = ComputeCellCount(db_reader_);
++ int cell_count_;
+
+ // The reader's cursor state.
+ //
+diff --git a/sql/recover_module/cursor.cc b/sql/recover_module/cursor.cc
+index 0029ff9295..42548bc4b5 100644
+--- a/sql/recover_module/cursor.cc
++++ b/sql/recover_module/cursor.cc
+@@ -26,7 +26,7 @@ VirtualCursor::~VirtualCursor() {
+ int VirtualCursor::First() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ inner_decoders_.clear();
+- leaf_decoder_ = nullptr;
++ leaf_decoder_.Reset();
+
+ AppendPageDecoder(table_->root_page_id());
+ return Next();
+@@ -36,18 +36,18 @@ int VirtualCursor::Next() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ record_reader_.Reset();
+
+- while (!inner_decoders_.empty() || leaf_decoder_.get()) {
+- if (leaf_decoder_.get()) {
+- if (!leaf_decoder_->CanAdvance()) {
++ while (!inner_decoders_.empty() || leaf_decoder_.IsValid()) {
++ if (leaf_decoder_.IsValid()) {
++ if (!leaf_decoder_.CanAdvance()) {
+ // The leaf has been exhausted. Remove it from the DFS stack.
+- leaf_decoder_ = nullptr;
++ leaf_decoder_.Reset();
+ continue;
+ }
+- if (!leaf_decoder_->TryAdvance())
++ if (!leaf_decoder_.TryAdvance())
+ continue;
+
+- if (!payload_reader_.Initialize(leaf_decoder_->last_record_size(),
+- leaf_decoder_->last_record_offset())) {
++ if (!payload_reader_.Initialize(leaf_decoder_.last_record_size(),
++ leaf_decoder_.last_record_offset())) {
+ continue;
+ }
+ if (!record_reader_.Initialize())
+@@ -99,13 +99,13 @@ int VirtualCursor::ReadColumn(int column_index,
+ int64_t VirtualCursor::RowId() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK(record_reader_.IsInitialized());
+- DCHECK(leaf_decoder_.get());
+- return leaf_decoder_->last_record_rowid();
++ DCHECK(leaf_decoder_.IsValid());
++ return leaf_decoder_.last_record_rowid();
+ }
+
+ void VirtualCursor::AppendPageDecoder(int page_id) {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+- DCHECK(leaf_decoder_.get() == nullptr)
++ DCHECK(!leaf_decoder_.IsValid())
+ << __func__
+ << " must only be called when the current path has no leaf decoder";
+
+@@ -113,7 +113,7 @@ void VirtualCursor::AppendPageDecoder(int page_id) {
+ return;
+
+ if (LeafPageDecoder::IsOnValidPage(&db_reader_)) {
+- leaf_decoder_ = std::make_unique<LeafPageDecoder>(&db_reader_);
++ leaf_decoder_.Initialize(&db_reader_);
+ return;
+ }
+
+diff --git a/sql/recover_module/cursor.h b/sql/recover_module/cursor.h
+index afcd6900e1..b15c31d425 100644
+--- a/sql/recover_module/cursor.h
++++ b/sql/recover_module/cursor.h
+@@ -129,7 +129,7 @@ class VirtualCursor {
+ std::vector<std::unique_ptr<InnerPageDecoder>> inner_decoders_;
+
+ // Decodes the leaf page containing records.
+- std::unique_ptr<LeafPageDecoder> leaf_decoder_;
++ LeafPageDecoder leaf_decoder_;
+
+ SEQUENCE_CHECKER(sequence_checker_);
+ };
+diff --git a/sql/recover_module/pager.cc b/sql/recover_module/pager.cc
+index 58e75de270..5fe96204e5 100644
+--- a/sql/recover_module/pager.cc
++++ b/sql/recover_module/pager.cc
+@@ -23,8 +23,7 @@ static_assert(DatabasePageReader::kMaxPageId <= std::numeric_limits<int>::max(),
+ "ints are not appropriate for representing page IDs");
+
+ DatabasePageReader::DatabasePageReader(VirtualTable* table)
+- : page_data_(std::make_unique<uint8_t[]>(table->page_size())),
+- table_(table) {
++ : page_data_(), table_(table) {
+ DCHECK(table != nullptr);
+ DCHECK(IsValidPageSize(table->page_size()));
+ }
+@@ -57,8 +56,8 @@ int DatabasePageReader::ReadPage(int page_id) {
+ std::numeric_limits<int64_t>::max(),
+ "The |read_offset| computation above may overflow");
+
+- int sqlite_status =
+- RawRead(sqlite_file, read_size, read_offset, page_data_.get());
++ int sqlite_status = RawRead(sqlite_file, read_size, read_offset,
++ const_cast<uint8_t*>(page_data_.data()));
+
+ // |page_id_| needs to be set to kInvalidPageId if the read failed.
+ // Otherwise, future ReadPage() calls with the previous |page_id_| value
+diff --git a/sql/recover_module/pager.h b/sql/recover_module/pager.h
+index 0e388ddc3b..99314e30ff 100644
+--- a/sql/recover_module/pager.h
++++ b/sql/recover_module/pager.h
+@@ -5,6 +5,7 @@
+ #ifndef SQL_RECOVER_MODULE_PAGER_H_
+ #define SQL_RECOVER_MODULE_PAGER_H_
+
++#include <array>
+ #include <cstdint>
+ #include <memory>
+
+@@ -70,7 +71,7 @@ class DatabasePageReader {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK_NE(page_id_, kInvalidPageId)
+ << "Successful ReadPage() required before accessing pager state";
+- return page_data_.get();
++ return page_data_.data();
+ }
+
+ // The number of bytes in the page read by the last ReadPage() call.
+@@ -137,7 +138,7 @@ class DatabasePageReader {
+ int page_id_ = kInvalidPageId;
+ // Stores the bytes of the last page successfully read by ReadPage().
+ // The content is undefined if the last call to ReadPage() did not succeed.
+- const std::unique_ptr<uint8_t[]> page_data_;
++ const std::array<uint8_t, kMaxPageSize> page_data_;
+ // Raw pointer usage is acceptable because this instance's owner is expected
+ // to ensure that the VirtualTable outlives this.
+ VirtualTable* const table_;
Deleted: use-oauth2-client-switches-as-default.patch
===================================================================
--- use-oauth2-client-switches-as-default.patch 2021-08-03 06:24:22 UTC (rev 421097)
+++ use-oauth2-client-switches-as-default.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -1,17 +0,0 @@
-diff -upr chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc chromium-89.0.4389.58/google_apis/google_api_keys.cc
---- chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc 2021-02-24 22:37:18.494007649 +0000
-+++ chromium-89.0.4389.58/google_apis/google_api_keys.cc 2021-02-24 22:35:00.865777600 +0000
-@@ -154,11 +154,11 @@ class APIKeyCache {
-
- std::string default_client_id = CalculateKeyValue(
- GOOGLE_DEFAULT_CLIENT_ID,
-- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), nullptr,
-+ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), ::switches::kOAuth2ClientID,
- std::string(), environment.get(), command_line, gaia_config);
- std::string default_client_secret = CalculateKeyValue(
- GOOGLE_DEFAULT_CLIENT_SECRET,
-- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), nullptr,
-+ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), ::switches::kOAuth2ClientSecret,
- std::string(), environment.get(), command_line, gaia_config);
-
- // We currently only allow overriding the baked-in values for the
Copied: chromium/repos/extra-x86_64/use-oauth2-client-switches-as-default.patch (from rev 421097, chromium/trunk/use-oauth2-client-switches-as-default.patch)
===================================================================
--- use-oauth2-client-switches-as-default.patch (rev 0)
+++ use-oauth2-client-switches-as-default.patch 2021-08-03 06:24:32 UTC (rev 421098)
@@ -0,0 +1,17 @@
+diff -upr chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc chromium-89.0.4389.58/google_apis/google_api_keys.cc
+--- chromium-89.0.4389.58.orig/google_apis/google_api_keys.cc 2021-02-24 22:37:18.494007649 +0000
++++ chromium-89.0.4389.58/google_apis/google_api_keys.cc 2021-02-24 22:35:00.865777600 +0000
+@@ -154,11 +154,11 @@ class APIKeyCache {
+
+ std::string default_client_id = CalculateKeyValue(
+ GOOGLE_DEFAULT_CLIENT_ID,
+- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), nullptr,
++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_ID), ::switches::kOAuth2ClientID,
+ std::string(), environment.get(), command_line, gaia_config);
+ std::string default_client_secret = CalculateKeyValue(
+ GOOGLE_DEFAULT_CLIENT_SECRET,
+- STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), nullptr,
++ STRINGIZE_NO_EXPANSION(GOOGLE_DEFAULT_CLIENT_SECRET), ::switches::kOAuth2ClientSecret,
+ std::string(), environment.get(), command_line, gaia_config);
+
+ // We currently only allow overriding the baked-in values for the
More information about the arch-commits
mailing list