From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:47:29 +0200 Subject: Adding upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- security/sandbox/chromium/LICENSE | 27 + security/sandbox/chromium/base/at_exit.cc | 114 + security/sandbox/chromium/base/at_exit.h | 87 + security/sandbox/chromium/base/atomic_ref_count.h | 69 + .../sandbox/chromium/base/atomic_sequence_num.h | 33 + security/sandbox/chromium/base/atomicops.h | 150 + .../chromium/base/atomicops_internals_portable.h | 219 + .../chromium/base/atomicops_internals_x86_msvc.h | 179 + security/sandbox/chromium/base/base_export.h | 29 + security/sandbox/chromium/base/base_paths.h | 55 + security/sandbox/chromium/base/base_paths_win.h | 53 + security/sandbox/chromium/base/base_switches.cc | 149 + security/sandbox/chromium/base/base_switches.h | 60 + security/sandbox/chromium/base/bind.h | 470 ++ security/sandbox/chromium/base/bind_helpers.h | 69 + security/sandbox/chromium/base/bind_internal.h | 1050 +++++ security/sandbox/chromium/base/bit_cast.h | 77 + security/sandbox/chromium/base/bits.h | 209 + security/sandbox/chromium/base/callback.h | 149 + security/sandbox/chromium/base/callback_forward.h | 28 + .../sandbox/chromium/base/callback_internal.cc | 101 + security/sandbox/chromium/base/callback_internal.h | 194 + security/sandbox/chromium/base/compiler_specific.h | 298 ++ .../sandbox/chromium/base/containers/adapters.h | 55 + .../chromium/base/containers/buffer_iterator.h | 145 + .../chromium/base/containers/checked_iterators.h | 205 + .../chromium/base/containers/circular_deque.h | 1112 +++++ security/sandbox/chromium/base/containers/span.h | 530 +++ security/sandbox/chromium/base/containers/stack.h | 23 + security/sandbox/chromium/base/containers/util.h | 21 + .../chromium/base/containers/vector_buffer.h | 188 + security/sandbox/chromium/base/cpu.cc | 312 ++ security/sandbox/chromium/base/cpu.h | 104 + security/sandbox/chromium/base/debug/alias.cc | 16 + security/sandbox/chromium/base/debug/alias.h | 44 + .../sandbox/chromium/base/debug/crash_logging.h | 104 + security/sandbox/chromium/base/debug/debugger.h | 50 + .../sandbox/chromium/base/debug/leak_annotations.h | 46 + security/sandbox/chromium/base/debug/profiler.cc | 180 + security/sandbox/chromium/base/debug/profiler.h | 76 + security/sandbox/chromium/base/environment.cc | 123 + security/sandbox/chromium/base/environment.h | 61 + .../sandbox/chromium/base/file_descriptor_posix.h | 61 + security/sandbox/chromium/base/files/file_path.h | 484 ++ .../chromium/base/files/file_path_constants.cc | 25 + security/sandbox/chromium/base/format_macros.h | 97 + security/sandbox/chromium/base/guid.h | 46 + security/sandbox/chromium/base/hash/hash.cc | 167 + security/sandbox/chromium/base/hash/hash.h | 86 + security/sandbox/chromium/base/immediate_crash.h | 168 + security/sandbox/chromium/base/lazy_instance.h | 210 + .../sandbox/chromium/base/lazy_instance_helpers.cc | 64 + .../sandbox/chromium/base/lazy_instance_helpers.h | 101 + security/sandbox/chromium/base/location.cc | 96 + security/sandbox/chromium/base/location.h | 142 + security/sandbox/chromium/base/logging.h | 1077 +++++ security/sandbox/chromium/base/macros.h | 48 + .../sandbox/chromium/base/memory/aligned_memory.h | 60 + .../sandbox/chromium/base/memory/free_deleter.h | 25 + .../base/memory/platform_shared_memory_region.cc | 62 + .../base/memory/platform_shared_memory_region.h | 301 ++ .../memory/platform_shared_memory_region_win.cc | 343 ++ security/sandbox/chromium/base/memory/ptr_util.h | 23 + .../memory/raw_scoped_refptr_mismatch_checker.h | 52 + .../sandbox/chromium/base/memory/ref_counted.cc | 105 + .../sandbox/chromium/base/memory/ref_counted.h | 463 ++ .../sandbox/chromium/base/memory/scoped_refptr.h | 375 ++ .../chromium/base/memory/shared_memory_mapping.cc | 115 + .../chromium/base/memory/shared_memory_mapping.h | 252 + security/sandbox/chromium/base/memory/singleton.h | 279 ++ .../base/memory/unsafe_shared_memory_region.cc | 80 + .../base/memory/unsafe_shared_memory_region.h | 127 + security/sandbox/chromium/base/memory/weak_ptr.h | 395 ++ security/sandbox/chromium/base/no_destructor.h | 98 + .../sandbox/chromium/base/numerics/checked_math.h | 393 ++ .../chromium/base/numerics/checked_math_impl.h | 567 +++ .../sandbox/chromium/base/numerics/clamped_math.h | 264 ++ .../chromium/base/numerics/clamped_math_impl.h | 341 ++ .../chromium/base/numerics/safe_conversions.h | 358 ++ .../base/numerics/safe_conversions_arm_impl.h | 51 + .../chromium/base/numerics/safe_conversions_impl.h | 851 ++++ .../sandbox/chromium/base/numerics/safe_math.h | 12 + .../chromium/base/numerics/safe_math_arm_impl.h | 122 + .../base/numerics/safe_math_clang_gcc_impl.h | 157 + .../chromium/base/numerics/safe_math_shared_impl.h | 240 + security/sandbox/chromium/base/optional.h | 937 ++++ security/sandbox/chromium/base/os_compat_android.h | 21 + security/sandbox/chromium/base/path_service.h | 94 + .../chromium/base/posix/can_lower_nice_to.cc | 60 + .../chromium/base/posix/can_lower_nice_to.h | 19 + .../sandbox/chromium/base/posix/eintr_wrapper.h | 68 + .../sandbox/chromium/base/posix/safe_strerror.cc | 128 + .../sandbox/chromium/base/posix/safe_strerror.h | 44 + .../chromium/base/process/environment_internal.cc | 128 + .../chromium/base/process/environment_internal.h | 52 + security/sandbox/chromium/base/process/kill.h | 162 + security/sandbox/chromium/base/process/memory.h | 89 + security/sandbox/chromium/base/process/process.h | 223 + .../sandbox/chromium/base/process/process_handle.h | 142 + .../chromium/base/process/process_handle_win.cc | 52 + security/sandbox/chromium/base/rand_util.h | 78 + security/sandbox/chromium/base/rand_util_win.cc | 38 + .../chromium/base/scoped_clear_last_error.h | 58 + .../chromium/base/scoped_clear_last_error_win.cc | 22 + security/sandbox/chromium/base/sequence_checker.h | 143 + .../sandbox/chromium/base/sequence_checker_impl.h | 63 + security/sandbox/chromium/base/sequence_token.h | 115 + .../sandbox/chromium/base/sequenced_task_runner.h | 201 + .../chromium/base/sequenced_task_runner_helpers.h | 42 + .../chromium/base/single_thread_task_runner.h | 36 + security/sandbox/chromium/base/stl_util.h | 681 +++ .../sandbox/chromium/base/strings/char_traits.h | 92 + .../chromium/base/strings/nullable_string16.cc | 33 + .../chromium/base/strings/nullable_string16.h | 55 + .../sandbox/chromium/base/strings/safe_sprintf.cc | 682 +++ .../sandbox/chromium/base/strings/safe_sprintf.h | 246 + .../chromium/base/strings/safe_sprintf_unittest.cc | 765 ++++ security/sandbox/chromium/base/strings/string16.cc | 87 + security/sandbox/chromium/base/strings/string16.h | 229 + .../base/strings/string_number_conversions.cc | 545 +++ .../base/strings/string_number_conversions.h | 157 + .../sandbox/chromium/base/strings/string_piece.cc | 426 ++ .../sandbox/chromium/base/strings/string_piece.h | 513 +++ .../chromium/base/strings/string_piece_forward.h | 24 + .../sandbox/chromium/base/strings/string_split.cc | 254 ++ .../sandbox/chromium/base/strings/string_split.h | 169 + .../sandbox/chromium/base/strings/string_util.cc | 1157 +++++ .../sandbox/chromium/base/strings/string_util.h | 568 +++ .../chromium/base/strings/string_util_constants.cc | 54 + .../chromium/base/strings/string_util_posix.h | 37 + .../chromium/base/strings/string_util_win.h | 44 + .../sandbox/chromium/base/strings/stringprintf.cc | 225 + .../sandbox/chromium/base/strings/stringprintf.h | 74 + .../base/strings/utf_string_conversion_utils.cc | 155 + .../base/strings/utf_string_conversion_utils.h | 103 + .../base/strings/utf_string_conversions.cc | 342 ++ .../chromium/base/strings/utf_string_conversions.h | 54 + .../chromium/base/synchronization/atomic_flag.h | 50 + .../base/synchronization/condition_variable.h | 135 + .../synchronization/condition_variable_posix.cc | 149 + .../sandbox/chromium/base/synchronization/lock.cc | 38 + .../sandbox/chromium/base/synchronization/lock.h | 133 + .../chromium/base/synchronization/lock_impl.h | 175 + .../base/synchronization/lock_impl_posix.cc | 133 + .../chromium/base/synchronization/lock_impl_win.cc | 40 + .../chromium/base/synchronization/waitable_event.h | 291 ++ .../base/synchronization/waitable_event_posix.cc | 445 ++ security/sandbox/chromium/base/task_runner.h | 136 + security/sandbox/chromium/base/template_util.h | 188 + .../chromium/base/third_party/cityhash/COPYING | 19 + .../chromium/base/third_party/cityhash/city.cc | 532 +++ .../chromium/base/third_party/cityhash/city.h | 129 + .../base/third_party/double_conversion/LICENSE | 26 + .../double-conversion/bignum-dtoa.cc | 641 +++ .../double-conversion/bignum-dtoa.h | 84 + .../double_conversion/double-conversion/bignum.cc | 796 ++++ .../double_conversion/double-conversion/bignum.h | 152 + .../double-conversion/cached-powers.cc | 175 + .../double-conversion/cached-powers.h | 64 + .../double_conversion/double-conversion/diy-fp.h | 137 + .../double-conversion/double-conversion.h | 34 + .../double-conversion/double-to-string.cc | 428 ++ .../double-conversion/double-to-string.h | 396 ++ .../double-conversion/fast-dtoa.cc | 665 +++ .../double-conversion/fast-dtoa.h | 88 + .../double-conversion/fixed-dtoa.cc | 405 ++ .../double-conversion/fixed-dtoa.h | 56 + .../double_conversion/double-conversion/ieee.h | 402 ++ .../double-conversion/string-to-double.cc | 764 ++++ .../double-conversion/string-to-double.h | 226 + .../double_conversion/double-conversion/strtod.cc | 588 +++ .../double_conversion/double-conversion/strtod.h | 50 + .../double_conversion/double-conversion/utils.h | 364 ++ .../base/third_party/dynamic_annotations/LICENSE | 28 + .../dynamic_annotations/dynamic_annotations.h | 595 +++ .../sandbox/chromium/base/third_party/icu/LICENSE | 76 + .../chromium/base/third_party/icu/icu_utf.cc | 131 + .../chromium/base/third_party/icu/icu_utf.h | 442 ++ .../base/third_party/superfasthash/LICENSE | 27 + .../base/third_party/superfasthash/README.chromium | 29 + .../base/third_party/superfasthash/superfasthash.c | 84 + .../chromium/base/third_party/valgrind/LICENSE | 39 + .../chromium/base/third_party/valgrind/valgrind.h | 4792 ++++++++++++++++++++ .../sandbox/chromium/base/thread_annotations.h | 264 ++ .../chromium/base/threading/platform_thread.cc | 51 + .../chromium/base/threading/platform_thread.h | 259 ++ .../threading/platform_thread_internal_posix.cc | 39 + .../threading/platform_thread_internal_posix.h | 62 + .../base/threading/platform_thread_posix.cc | 361 ++ .../chromium/base/threading/platform_thread_win.cc | 463 ++ .../chromium/base/threading/platform_thread_win.h | 23 + .../chromium/base/threading/thread_checker_impl.h | 74 + .../base/threading/thread_collision_warner.cc | 64 + .../base/threading/thread_collision_warner.h | 252 + .../base/threading/thread_id_name_manager.cc | 147 + .../base/threading/thread_id_name_manager.h | 94 + .../sandbox/chromium/base/threading/thread_local.h | 136 + .../base/threading/thread_local_internal.h | 80 + .../base/threading/thread_local_storage.cc | 461 ++ .../chromium/base/threading/thread_local_storage.h | 175 + .../base/threading/thread_local_storage_posix.cc | 30 + .../base/threading/thread_local_storage_win.cc | 107 + .../chromium/base/threading/thread_restrictions.cc | 258 ++ .../chromium/base/threading/thread_restrictions.h | 680 +++ security/sandbox/chromium/base/time/time.cc | 433 ++ security/sandbox/chromium/base/time/time.h | 1077 +++++ .../chromium/base/time/time_exploded_posix.cc | 287 ++ .../sandbox/chromium/base/time/time_now_posix.cc | 122 + .../sandbox/chromium/base/time/time_override.h | 74 + security/sandbox/chromium/base/time/time_win.cc | 810 ++++ .../chromium/base/time/time_win_features.cc | 14 + .../sandbox/chromium/base/time/time_win_features.h | 20 + security/sandbox/chromium/base/token.cc | 28 + security/sandbox/chromium/base/token.h | 72 + security/sandbox/chromium/base/tuple.h | 112 + .../sandbox/chromium/base/unguessable_token.cc | 39 + security/sandbox/chromium/base/unguessable_token.h | 120 + security/sandbox/chromium/base/version.cc | 194 + security/sandbox/chromium/base/version.h | 77 + .../sandbox/chromium/base/win/current_module.h | 17 + security/sandbox/chromium/base/win/pe_image.cc | 652 +++ security/sandbox/chromium/base/win/pe_image.h | 308 ++ .../sandbox/chromium/base/win/scoped_handle.cc | 44 + security/sandbox/chromium/base/win/scoped_handle.h | 184 + .../chromium/base/win/scoped_handle_verifier.cc | 238 + .../chromium/base/win/scoped_handle_verifier.h | 88 + .../base/win/scoped_process_information.cc | 107 + .../chromium/base/win/scoped_process_information.h | 75 + .../chromium/base/win/startup_information.cc | 59 + .../chromium/base/win/startup_information.h | 53 + .../sandbox/chromium/base/win/static_constants.cc | 13 + .../sandbox/chromium/base/win/static_constants.h | 21 + security/sandbox/chromium/base/win/windows_types.h | 278 ++ .../sandbox/chromium/base/win/windows_version.cc | 313 ++ .../sandbox/chromium/base/win/windows_version.h | 187 + security/sandbox/chromium/build/build_config.h | 205 + security/sandbox/chromium/build/buildflag.h | 47 + .../chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc | 343 ++ .../chromium/sandbox/linux/bpf_dsl/bpf_dsl.h | 338 ++ .../sandbox/linux/bpf_dsl/bpf_dsl_forward.h | 37 + .../chromium/sandbox/linux/bpf_dsl/bpf_dsl_impl.h | 67 + .../chromium/sandbox/linux/bpf_dsl/codegen.cc | 147 + .../chromium/sandbox/linux/bpf_dsl/codegen.h | 119 + .../sandbox/chromium/sandbox/linux/bpf_dsl/cons.h | 137 + .../chromium/sandbox/linux/bpf_dsl/dump_bpf.cc | 159 + .../chromium/sandbox/linux/bpf_dsl/dump_bpf.h | 29 + .../chromium/sandbox/linux/bpf_dsl/errorcode.h | 37 + .../sandbox/linux/bpf_dsl/linux_syscall_ranges.h | 63 + .../chromium/sandbox/linux/bpf_dsl/policy.cc | 19 + .../chromium/sandbox/linux/bpf_dsl/policy.h | 37 + .../sandbox/linux/bpf_dsl/policy_compiler.cc | 481 ++ .../sandbox/linux/bpf_dsl/policy_compiler.h | 155 + .../sandbox/linux/bpf_dsl/seccomp_macros.h | 354 ++ .../chromium/sandbox/linux/bpf_dsl/syscall_set.cc | 150 + .../chromium/sandbox/linux/bpf_dsl/syscall_set.h | 103 + .../chromium/sandbox/linux/bpf_dsl/trap_registry.h | 73 + .../bpf_tester_compatibility_delegate.h | 56 + .../chromium/sandbox/linux/seccomp-bpf/bpf_tests.h | 124 + .../linux/seccomp-bpf/bpf_tests_unittest.cc | 155 + .../chromium/sandbox/linux/seccomp-bpf/die.cc | 93 + .../chromium/sandbox/linux/seccomp-bpf/die.h | 68 + .../sandbox/linux/seccomp-bpf/sandbox_bpf.cc | 259 ++ .../sandbox/linux/seccomp-bpf/sandbox_bpf.h | 113 + .../linux/seccomp-bpf/sandbox_bpf_test_runner.cc | 66 + .../linux/seccomp-bpf/sandbox_bpf_test_runner.h | 62 + .../chromium/sandbox/linux/seccomp-bpf/syscall.cc | 481 ++ .../chromium/sandbox/linux/seccomp-bpf/syscall.h | 166 + .../sandbox/linux/seccomp-bpf/syscall_unittest.cc | 249 + .../chromium/sandbox/linux/seccomp-bpf/trap.cc | 394 ++ .../chromium/sandbox/linux/seccomp-bpf/trap.h | 86 + .../sandbox/linux/services/syscall_wrappers.cc | 264 ++ .../sandbox/linux/services/syscall_wrappers.h | 89 + .../linux/system_headers/arm64_linux_syscalls.h | 1197 +++++ .../linux/system_headers/arm_linux_syscalls.h | 1623 +++++++ .../linux/system_headers/arm_linux_ucontext.h | 60 + .../sandbox/linux/system_headers/capability.h | 42 + .../linux/system_headers/i386_linux_ucontext.h | 85 + .../sandbox/linux/system_headers/linux_filter.h | 140 + .../sandbox/linux/system_headers/linux_futex.h | 84 + .../sandbox/linux/system_headers/linux_seccomp.h | 110 + .../sandbox/linux/system_headers/linux_signal.h | 150 + .../sandbox/linux/system_headers/linux_syscalls.h | 39 + .../sandbox/linux/system_headers/linux_ucontext.h | 22 + .../linux/system_headers/x86_32_linux_syscalls.h | 1731 +++++++ .../linux/system_headers/x86_64_linux_syscalls.h | 1418 ++++++ security/sandbox/chromium/sandbox/sandbox_export.h | 26 + security/sandbox/chromium/sandbox/win/src/acl.cc | 171 + security/sandbox/chromium/sandbox/win/src/acl.h | 64 + .../sandbox/win/src/app_container_profile.h | 74 + .../sandbox/win/src/app_container_profile_base.cc | 337 ++ .../sandbox/win/src/app_container_profile_base.h | 94 + .../chromium/sandbox/win/src/app_container_test.cc | 342 ++ .../chromium/sandbox/win/src/broker_services.cc | 745 +++ .../chromium/sandbox/win/src/broker_services.h | 105 + .../chromium/sandbox/win/src/crosscall_client.h | 509 +++ .../chromium/sandbox/win/src/crosscall_params.h | 315 ++ .../chromium/sandbox/win/src/crosscall_server.cc | 345 ++ .../chromium/sandbox/win/src/crosscall_server.h | 261 ++ .../chromium/sandbox/win/src/eat_resolver.cc | 88 + .../chromium/sandbox/win/src/eat_resolver.h | 49 + .../chromium/sandbox/win/src/file_policy_test.cc | 705 +++ .../sandbox/win/src/filesystem_dispatcher.cc | 302 ++ .../sandbox/win/src/filesystem_dispatcher.h | 76 + .../sandbox/win/src/filesystem_interception.cc | 412 ++ .../sandbox/win/src/filesystem_interception.h | 67 + .../chromium/sandbox/win/src/filesystem_policy.cc | 443 ++ .../chromium/sandbox/win/src/filesystem_policy.h | 112 + .../chromium/sandbox/win/src/handle_closer.cc | 185 + .../chromium/sandbox/win/src/handle_closer.h | 76 + .../sandbox/win/src/handle_closer_agent.cc | 239 + .../chromium/sandbox/win/src/handle_closer_agent.h | 46 + .../chromium/sandbox/win/src/handle_closer_test.cc | 297 ++ .../chromium/sandbox/win/src/handle_dispatcher.cc | 93 + .../chromium/sandbox/win/src/handle_dispatcher.h | 41 + .../sandbox/win/src/handle_inheritance_test.cc | 49 + .../sandbox/win/src/handle_interception.cc | 48 + .../chromium/sandbox/win/src/handle_interception.h | 24 + .../chromium/sandbox/win/src/handle_policy.cc | 93 + .../chromium/sandbox/win/src/handle_policy.h | 39 + .../chromium/sandbox/win/src/handle_policy_test.cc | 114 + .../chromium/sandbox/win/src/heap_helper.cc | 124 + .../sandbox/chromium/sandbox/win/src/heap_helper.h | 26 + .../sandbox/win/src/integrity_level_test.cc | 118 + .../chromium/sandbox/win/src/interception.cc | 512 +++ .../chromium/sandbox/win/src/interception.h | 290 ++ .../chromium/sandbox/win/src/interception_agent.cc | 234 + .../chromium/sandbox/win/src/interception_agent.h | 87 + .../sandbox/win/src/interception_internal.h | 77 + .../sandbox/win/src/interception_unittest.cc | 263 ++ .../chromium/sandbox/win/src/interceptors.h | 73 + .../chromium/sandbox/win/src/interceptors_64.cc | 531 +++ .../chromium/sandbox/win/src/interceptors_64.h | 330 ++ .../chromium/sandbox/win/src/internal_types.h | 68 + .../sandbox/chromium/sandbox/win/src/ipc_args.cc | 96 + .../sandbox/chromium/sandbox/win/src/ipc_args.h | 24 + .../chromium/sandbox/win/src/ipc_ping_test.cc | 58 + .../sandbox/chromium/sandbox/win/src/ipc_tags.h | 59 + .../chromium/sandbox/win/src/ipc_unittest.cc | 632 +++ security/sandbox/chromium/sandbox/win/src/job.cc | 117 + security/sandbox/chromium/sandbox/win/src/job.h | 66 + .../chromium/sandbox/win/src/job_unittest.cc | 197 + .../sandbox/win/src/named_pipe_dispatcher.cc | 95 + .../sandbox/win/src/named_pipe_dispatcher.h | 46 + .../sandbox/win/src/named_pipe_interception.cc | 80 + .../sandbox/win/src/named_pipe_interception.h | 41 + .../chromium/sandbox/win/src/named_pipe_policy.cc | 89 + .../chromium/sandbox/win/src/named_pipe_policy.h | 43 + .../sandbox/win/src/named_pipe_policy_test.cc | 121 + .../chromium/sandbox/win/src/nt_internals.h | 983 ++++ .../chromium/sandbox/win/src/policy_broker.cc | 123 + .../chromium/sandbox/win/src/policy_broker.h | 27 + .../sandbox/win/src/policy_engine_opcodes.cc | 450 ++ .../sandbox/win/src/policy_engine_opcodes.h | 379 ++ .../sandbox/win/src/policy_engine_params.h | 190 + .../sandbox/win/src/policy_engine_processor.cc | 103 + .../sandbox/win/src/policy_engine_processor.h | 143 + .../sandbox/win/src/policy_engine_unittest.cc | 103 + .../chromium/sandbox/win/src/policy_low_level.cc | 355 ++ .../chromium/sandbox/win/src/policy_low_level.h | 189 + .../sandbox/win/src/policy_low_level_unittest.cc | 684 +++ .../sandbox/win/src/policy_opcodes_unittest.cc | 364 ++ .../chromium/sandbox/win/src/policy_params.h | 70 + .../chromium/sandbox/win/src/policy_target.cc | 138 + .../chromium/sandbox/win/src/policy_target.h | 46 + .../chromium/sandbox/win/src/policy_target_test.cc | 486 ++ .../sandbox/win/src/process_mitigations.cc | 622 +++ .../chromium/sandbox/win/src/process_mitigations.h | 56 + .../src/process_mitigations_win32k_dispatcher.cc | 592 +++ .../src/process_mitigations_win32k_dispatcher.h | 89 + .../src/process_mitigations_win32k_interception.cc | 523 +++ .../src/process_mitigations_win32k_interception.h | 151 + .../win/src/process_mitigations_win32k_policy.cc | 410 ++ .../win/src/process_mitigations_win32k_policy.h | 91 + .../sandbox/win/src/process_policy_test.cc | 548 +++ .../sandbox/win/src/process_thread_dispatcher.cc | 275 ++ .../sandbox/win/src/process_thread_dispatcher.h | 69 + .../sandbox/win/src/process_thread_interception.cc | 520 +++ .../sandbox/win/src/process_thread_interception.h | 101 + .../sandbox/win/src/process_thread_policy.cc | 269 ++ .../sandbox/win/src/process_thread_policy.h | 91 + .../sandbox/win/src/registry_dispatcher.cc | 167 + .../chromium/sandbox/win/src/registry_dispatcher.h | 51 + .../sandbox/win/src/registry_interception.cc | 261 ++ .../sandbox/win/src/registry_interception.h | 38 + .../chromium/sandbox/win/src/registry_policy.cc | 230 + .../chromium/sandbox/win/src/registry_policy.h | 56 + .../sandbox/win/src/registry_policy_test.cc | 322 ++ .../sandbox/chromium/sandbox/win/src/resolver.cc | 63 + .../sandbox/chromium/sandbox/win/src/resolver.h | 107 + .../chromium/sandbox/win/src/resolver_32.cc | 95 + .../chromium/sandbox/win/src/resolver_64.cc | 95 + .../chromium/sandbox/win/src/restricted_token.cc | 432 ++ .../chromium/sandbox/win/src/restricted_token.h | 207 + .../sandbox/win/src/restricted_token_unittest.cc | 829 ++++ .../sandbox/win/src/restricted_token_utils.cc | 480 ++ .../sandbox/win/src/restricted_token_utils.h | 105 + .../sandbox/chromium/sandbox/win/src/sandbox.cc | 47 + .../sandbox/chromium/sandbox/win/src/sandbox.h | 228 + .../chromium/sandbox/win/src/sandbox.vcproj | 648 +++ .../chromium/sandbox/win/src/sandbox_factory.h | 52 + .../chromium/sandbox/win/src/sandbox_globals.cc | 18 + .../chromium/sandbox/win/src/sandbox_nt_types.h | 47 + .../chromium/sandbox/win/src/sandbox_nt_util.cc | 755 +++ .../chromium/sandbox/win/src/sandbox_nt_util.h | 220 + .../chromium/sandbox/win/src/sandbox_policy.h | 296 ++ .../sandbox/win/src/sandbox_policy_base.cc | 832 ++++ .../chromium/sandbox/win/src/sandbox_policy_base.h | 198 + .../chromium/sandbox/win/src/sandbox_rand.cc | 22 + .../chromium/sandbox/win/src/sandbox_rand.h | 15 + .../chromium/sandbox/win/src/sandbox_types.h | 199 + .../chromium/sandbox/win/src/sandbox_utils.cc | 32 + .../chromium/sandbox/win/src/sandbox_utils.h | 24 + .../sandbox/win/src/security_capabilities.cc | 33 + .../sandbox/win/src/security_capabilities.h | 34 + .../chromium/sandbox/win/src/security_level.h | 300 ++ .../chromium/sandbox/win/src/service_resolver.cc | 47 + .../chromium/sandbox/win/src/service_resolver.h | 158 + .../sandbox/win/src/service_resolver_32.cc | 476 ++ .../sandbox/win/src/service_resolver_64.cc | 290 ++ .../sandbox/win/src/service_resolver_unittest.cc | 278 ++ .../sandbox/win/src/sharedmem_ipc_client.cc | 193 + .../sandbox/win/src/sharedmem_ipc_client.h | 140 + .../sandbox/win/src/sharedmem_ipc_server.cc | 346 ++ .../sandbox/win/src/sharedmem_ipc_server.h | 137 + security/sandbox/chromium/sandbox/win/src/sid.cc | 163 + security/sandbox/chromium/sandbox/win/src/sid.h | 74 + .../chromium/sandbox/win/src/sid_unittest.cc | 182 + .../chromium/sandbox/win/src/signed_dispatcher.cc | 68 + .../chromium/sandbox/win/src/signed_dispatcher.h | 37 + .../sandbox/win/src/signed_interception.cc | 97 + .../chromium/sandbox/win/src/signed_interception.h | 30 + .../chromium/sandbox/win/src/signed_policy.cc | 102 + .../chromium/sandbox/win/src/signed_policy.h | 39 + .../chromium/sandbox/win/src/sync_dispatcher.cc | 82 + .../chromium/sandbox/win/src/sync_dispatcher.h | 44 + .../chromium/sandbox/win/src/sync_interception.cc | 177 + .../chromium/sandbox/win/src/sync_interception.h | 46 + .../chromium/sandbox/win/src/sync_policy.cc | 243 + .../sandbox/chromium/sandbox/win/src/sync_policy.h | 49 + .../chromium/sandbox/win/src/sync_policy_test.cc | 145 + .../chromium/sandbox/win/src/sync_policy_test.h | 18 + .../sandbox/win/src/target_interceptions.cc | 136 + .../sandbox/win/src/target_interceptions.h | 43 + .../chromium/sandbox/win/src/target_process.cc | 393 ++ .../chromium/sandbox/win/src/target_process.h | 143 + .../chromium/sandbox/win/src/target_services.cc | 264 ++ .../chromium/sandbox/win/src/target_services.h | 73 + .../sandbox/win/src/threadpool_unittest.cc | 97 + .../sandbox/win/src/top_level_dispatcher.cc | 178 + .../sandbox/win/src/top_level_dispatcher.h | 54 + .../chromium/sandbox/win/src/unload_dll_test.cc | 100 + .../chromium/sandbox/win/src/win2k_threadpool.cc | 67 + .../chromium/sandbox/win/src/win2k_threadpool.h | 61 + .../sandbox/chromium/sandbox/win/src/win_utils.cc | 619 +++ .../sandbox/chromium/sandbox/win/src/win_utils.h | 156 + .../chromium/sandbox/win/src/win_utils_unittest.cc | 258 ++ .../sandbox/chromium/sandbox/win/src/window.cc | 147 + security/sandbox/chromium/sandbox/win/src/window.h | 37 + 458 files changed, 100280 insertions(+) create mode 100644 security/sandbox/chromium/LICENSE create mode 100644 security/sandbox/chromium/base/at_exit.cc create mode 100644 security/sandbox/chromium/base/at_exit.h create mode 100644 security/sandbox/chromium/base/atomic_ref_count.h create mode 100644 security/sandbox/chromium/base/atomic_sequence_num.h create mode 100644 security/sandbox/chromium/base/atomicops.h create mode 100644 security/sandbox/chromium/base/atomicops_internals_portable.h create mode 100644 security/sandbox/chromium/base/atomicops_internals_x86_msvc.h create mode 100644 security/sandbox/chromium/base/base_export.h create mode 100644 security/sandbox/chromium/base/base_paths.h create mode 100644 security/sandbox/chromium/base/base_paths_win.h create mode 100644 security/sandbox/chromium/base/base_switches.cc create mode 100644 security/sandbox/chromium/base/base_switches.h create mode 100644 security/sandbox/chromium/base/bind.h create mode 100644 security/sandbox/chromium/base/bind_helpers.h create mode 100644 security/sandbox/chromium/base/bind_internal.h create mode 100644 security/sandbox/chromium/base/bit_cast.h create mode 100644 security/sandbox/chromium/base/bits.h create mode 100644 security/sandbox/chromium/base/callback.h create mode 100644 security/sandbox/chromium/base/callback_forward.h create mode 100644 security/sandbox/chromium/base/callback_internal.cc create mode 100644 security/sandbox/chromium/base/callback_internal.h create mode 100644 security/sandbox/chromium/base/compiler_specific.h create mode 100644 security/sandbox/chromium/base/containers/adapters.h create mode 100644 security/sandbox/chromium/base/containers/buffer_iterator.h create mode 100644 security/sandbox/chromium/base/containers/checked_iterators.h create mode 100644 security/sandbox/chromium/base/containers/circular_deque.h create mode 100644 security/sandbox/chromium/base/containers/span.h create mode 100644 security/sandbox/chromium/base/containers/stack.h create mode 100644 security/sandbox/chromium/base/containers/util.h create mode 100644 security/sandbox/chromium/base/containers/vector_buffer.h create mode 100644 security/sandbox/chromium/base/cpu.cc create mode 100644 security/sandbox/chromium/base/cpu.h create mode 100644 security/sandbox/chromium/base/debug/alias.cc create mode 100644 security/sandbox/chromium/base/debug/alias.h create mode 100644 security/sandbox/chromium/base/debug/crash_logging.h create mode 100644 security/sandbox/chromium/base/debug/debugger.h create mode 100644 security/sandbox/chromium/base/debug/leak_annotations.h create mode 100644 security/sandbox/chromium/base/debug/profiler.cc create mode 100644 security/sandbox/chromium/base/debug/profiler.h create mode 100644 security/sandbox/chromium/base/environment.cc create mode 100644 security/sandbox/chromium/base/environment.h create mode 100644 security/sandbox/chromium/base/file_descriptor_posix.h create mode 100644 security/sandbox/chromium/base/files/file_path.h create mode 100644 security/sandbox/chromium/base/files/file_path_constants.cc create mode 100644 security/sandbox/chromium/base/format_macros.h create mode 100644 security/sandbox/chromium/base/guid.h create mode 100644 security/sandbox/chromium/base/hash/hash.cc create mode 100644 security/sandbox/chromium/base/hash/hash.h create mode 100644 security/sandbox/chromium/base/immediate_crash.h create mode 100644 security/sandbox/chromium/base/lazy_instance.h create mode 100644 security/sandbox/chromium/base/lazy_instance_helpers.cc create mode 100644 security/sandbox/chromium/base/lazy_instance_helpers.h create mode 100644 security/sandbox/chromium/base/location.cc create mode 100644 security/sandbox/chromium/base/location.h create mode 100644 security/sandbox/chromium/base/logging.h create mode 100644 security/sandbox/chromium/base/macros.h create mode 100644 security/sandbox/chromium/base/memory/aligned_memory.h create mode 100644 security/sandbox/chromium/base/memory/free_deleter.h create mode 100644 security/sandbox/chromium/base/memory/platform_shared_memory_region.cc create mode 100644 security/sandbox/chromium/base/memory/platform_shared_memory_region.h create mode 100644 security/sandbox/chromium/base/memory/platform_shared_memory_region_win.cc create mode 100644 security/sandbox/chromium/base/memory/ptr_util.h create mode 100644 security/sandbox/chromium/base/memory/raw_scoped_refptr_mismatch_checker.h create mode 100644 security/sandbox/chromium/base/memory/ref_counted.cc create mode 100644 security/sandbox/chromium/base/memory/ref_counted.h create mode 100644 security/sandbox/chromium/base/memory/scoped_refptr.h create mode 100644 security/sandbox/chromium/base/memory/shared_memory_mapping.cc create mode 100644 security/sandbox/chromium/base/memory/shared_memory_mapping.h create mode 100644 security/sandbox/chromium/base/memory/singleton.h create mode 100644 security/sandbox/chromium/base/memory/unsafe_shared_memory_region.cc create mode 100644 security/sandbox/chromium/base/memory/unsafe_shared_memory_region.h create mode 100644 security/sandbox/chromium/base/memory/weak_ptr.h create mode 100644 security/sandbox/chromium/base/no_destructor.h create mode 100644 security/sandbox/chromium/base/numerics/checked_math.h create mode 100644 security/sandbox/chromium/base/numerics/checked_math_impl.h create mode 100644 security/sandbox/chromium/base/numerics/clamped_math.h create mode 100644 security/sandbox/chromium/base/numerics/clamped_math_impl.h create mode 100644 security/sandbox/chromium/base/numerics/safe_conversions.h create mode 100644 security/sandbox/chromium/base/numerics/safe_conversions_arm_impl.h create mode 100644 security/sandbox/chromium/base/numerics/safe_conversions_impl.h create mode 100644 security/sandbox/chromium/base/numerics/safe_math.h create mode 100644 security/sandbox/chromium/base/numerics/safe_math_arm_impl.h create mode 100644 security/sandbox/chromium/base/numerics/safe_math_clang_gcc_impl.h create mode 100644 security/sandbox/chromium/base/numerics/safe_math_shared_impl.h create mode 100644 security/sandbox/chromium/base/optional.h create mode 100644 security/sandbox/chromium/base/os_compat_android.h create mode 100644 security/sandbox/chromium/base/path_service.h create mode 100644 security/sandbox/chromium/base/posix/can_lower_nice_to.cc create mode 100644 security/sandbox/chromium/base/posix/can_lower_nice_to.h create mode 100644 security/sandbox/chromium/base/posix/eintr_wrapper.h create mode 100644 security/sandbox/chromium/base/posix/safe_strerror.cc create mode 100644 security/sandbox/chromium/base/posix/safe_strerror.h create mode 100644 security/sandbox/chromium/base/process/environment_internal.cc create mode 100644 security/sandbox/chromium/base/process/environment_internal.h create mode 100644 security/sandbox/chromium/base/process/kill.h create mode 100644 security/sandbox/chromium/base/process/memory.h create mode 100644 security/sandbox/chromium/base/process/process.h create mode 100644 security/sandbox/chromium/base/process/process_handle.h create mode 100644 security/sandbox/chromium/base/process/process_handle_win.cc create mode 100644 security/sandbox/chromium/base/rand_util.h create mode 100644 security/sandbox/chromium/base/rand_util_win.cc create mode 100644 security/sandbox/chromium/base/scoped_clear_last_error.h create mode 100644 security/sandbox/chromium/base/scoped_clear_last_error_win.cc create mode 100644 security/sandbox/chromium/base/sequence_checker.h create mode 100644 security/sandbox/chromium/base/sequence_checker_impl.h create mode 100644 security/sandbox/chromium/base/sequence_token.h create mode 100644 security/sandbox/chromium/base/sequenced_task_runner.h create mode 100644 security/sandbox/chromium/base/sequenced_task_runner_helpers.h create mode 100644 security/sandbox/chromium/base/single_thread_task_runner.h create mode 100644 security/sandbox/chromium/base/stl_util.h create mode 100644 security/sandbox/chromium/base/strings/char_traits.h create mode 100644 security/sandbox/chromium/base/strings/nullable_string16.cc create mode 100644 security/sandbox/chromium/base/strings/nullable_string16.h create mode 100644 security/sandbox/chromium/base/strings/safe_sprintf.cc create mode 100644 security/sandbox/chromium/base/strings/safe_sprintf.h create mode 100644 security/sandbox/chromium/base/strings/safe_sprintf_unittest.cc create mode 100644 security/sandbox/chromium/base/strings/string16.cc create mode 100644 security/sandbox/chromium/base/strings/string16.h create mode 100644 security/sandbox/chromium/base/strings/string_number_conversions.cc create mode 100644 security/sandbox/chromium/base/strings/string_number_conversions.h create mode 100644 security/sandbox/chromium/base/strings/string_piece.cc create mode 100644 security/sandbox/chromium/base/strings/string_piece.h create mode 100644 security/sandbox/chromium/base/strings/string_piece_forward.h create mode 100644 security/sandbox/chromium/base/strings/string_split.cc create mode 100644 security/sandbox/chromium/base/strings/string_split.h create mode 100644 security/sandbox/chromium/base/strings/string_util.cc create mode 100644 security/sandbox/chromium/base/strings/string_util.h create mode 100644 security/sandbox/chromium/base/strings/string_util_constants.cc create mode 100644 security/sandbox/chromium/base/strings/string_util_posix.h create mode 100644 security/sandbox/chromium/base/strings/string_util_win.h create mode 100644 security/sandbox/chromium/base/strings/stringprintf.cc create mode 100644 security/sandbox/chromium/base/strings/stringprintf.h create mode 100644 security/sandbox/chromium/base/strings/utf_string_conversion_utils.cc create mode 100644 security/sandbox/chromium/base/strings/utf_string_conversion_utils.h create mode 100644 security/sandbox/chromium/base/strings/utf_string_conversions.cc create mode 100644 security/sandbox/chromium/base/strings/utf_string_conversions.h create mode 100644 security/sandbox/chromium/base/synchronization/atomic_flag.h create mode 100644 security/sandbox/chromium/base/synchronization/condition_variable.h create mode 100644 security/sandbox/chromium/base/synchronization/condition_variable_posix.cc create mode 100644 security/sandbox/chromium/base/synchronization/lock.cc create mode 100644 security/sandbox/chromium/base/synchronization/lock.h create mode 100644 security/sandbox/chromium/base/synchronization/lock_impl.h create mode 100644 security/sandbox/chromium/base/synchronization/lock_impl_posix.cc create mode 100644 security/sandbox/chromium/base/synchronization/lock_impl_win.cc create mode 100644 security/sandbox/chromium/base/synchronization/waitable_event.h create mode 100644 security/sandbox/chromium/base/synchronization/waitable_event_posix.cc create mode 100644 security/sandbox/chromium/base/task_runner.h create mode 100644 security/sandbox/chromium/base/template_util.h create mode 100644 security/sandbox/chromium/base/third_party/cityhash/COPYING create mode 100644 security/sandbox/chromium/base/third_party/cityhash/city.cc create mode 100644 security/sandbox/chromium/base/third_party/cityhash/city.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/LICENSE create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/bignum-dtoa.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/bignum-dtoa.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/bignum.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/bignum.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/cached-powers.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/cached-powers.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/diy-fp.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/double-conversion.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/double-to-string.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/double-to-string.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/fast-dtoa.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/fast-dtoa.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/fixed-dtoa.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/fixed-dtoa.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/ieee.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/string-to-double.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/string-to-double.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/strtod.cc create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/strtod.h create mode 100644 security/sandbox/chromium/base/third_party/double_conversion/double-conversion/utils.h create mode 100644 security/sandbox/chromium/base/third_party/dynamic_annotations/LICENSE create mode 100644 security/sandbox/chromium/base/third_party/dynamic_annotations/dynamic_annotations.h create mode 100644 security/sandbox/chromium/base/third_party/icu/LICENSE create mode 100644 security/sandbox/chromium/base/third_party/icu/icu_utf.cc create mode 100644 security/sandbox/chromium/base/third_party/icu/icu_utf.h create mode 100644 security/sandbox/chromium/base/third_party/superfasthash/LICENSE create mode 100644 security/sandbox/chromium/base/third_party/superfasthash/README.chromium create mode 100644 security/sandbox/chromium/base/third_party/superfasthash/superfasthash.c create mode 100644 security/sandbox/chromium/base/third_party/valgrind/LICENSE create mode 100644 security/sandbox/chromium/base/third_party/valgrind/valgrind.h create mode 100644 security/sandbox/chromium/base/thread_annotations.h create mode 100644 security/sandbox/chromium/base/threading/platform_thread.cc create mode 100644 security/sandbox/chromium/base/threading/platform_thread.h create mode 100644 security/sandbox/chromium/base/threading/platform_thread_internal_posix.cc create mode 100644 security/sandbox/chromium/base/threading/platform_thread_internal_posix.h create mode 100644 security/sandbox/chromium/base/threading/platform_thread_posix.cc create mode 100644 security/sandbox/chromium/base/threading/platform_thread_win.cc create mode 100644 security/sandbox/chromium/base/threading/platform_thread_win.h create mode 100644 security/sandbox/chromium/base/threading/thread_checker_impl.h create mode 100644 security/sandbox/chromium/base/threading/thread_collision_warner.cc create mode 100644 security/sandbox/chromium/base/threading/thread_collision_warner.h create mode 100644 security/sandbox/chromium/base/threading/thread_id_name_manager.cc create mode 100644 security/sandbox/chromium/base/threading/thread_id_name_manager.h create mode 100644 security/sandbox/chromium/base/threading/thread_local.h create mode 100644 security/sandbox/chromium/base/threading/thread_local_internal.h create mode 100644 security/sandbox/chromium/base/threading/thread_local_storage.cc create mode 100644 security/sandbox/chromium/base/threading/thread_local_storage.h create mode 100644 security/sandbox/chromium/base/threading/thread_local_storage_posix.cc create mode 100644 security/sandbox/chromium/base/threading/thread_local_storage_win.cc create mode 100644 security/sandbox/chromium/base/threading/thread_restrictions.cc create mode 100644 security/sandbox/chromium/base/threading/thread_restrictions.h create mode 100644 security/sandbox/chromium/base/time/time.cc create mode 100644 security/sandbox/chromium/base/time/time.h create mode 100644 security/sandbox/chromium/base/time/time_exploded_posix.cc create mode 100644 security/sandbox/chromium/base/time/time_now_posix.cc create mode 100644 security/sandbox/chromium/base/time/time_override.h create mode 100644 security/sandbox/chromium/base/time/time_win.cc create mode 100644 security/sandbox/chromium/base/time/time_win_features.cc create mode 100644 security/sandbox/chromium/base/time/time_win_features.h create mode 100644 security/sandbox/chromium/base/token.cc create mode 100644 security/sandbox/chromium/base/token.h create mode 100644 security/sandbox/chromium/base/tuple.h create mode 100644 security/sandbox/chromium/base/unguessable_token.cc create mode 100644 security/sandbox/chromium/base/unguessable_token.h create mode 100644 security/sandbox/chromium/base/version.cc create mode 100644 security/sandbox/chromium/base/version.h create mode 100644 security/sandbox/chromium/base/win/current_module.h create mode 100644 security/sandbox/chromium/base/win/pe_image.cc create mode 100644 security/sandbox/chromium/base/win/pe_image.h create mode 100644 security/sandbox/chromium/base/win/scoped_handle.cc create mode 100644 security/sandbox/chromium/base/win/scoped_handle.h create mode 100644 security/sandbox/chromium/base/win/scoped_handle_verifier.cc create mode 100644 security/sandbox/chromium/base/win/scoped_handle_verifier.h create mode 100644 security/sandbox/chromium/base/win/scoped_process_information.cc create mode 100644 security/sandbox/chromium/base/win/scoped_process_information.h create mode 100644 security/sandbox/chromium/base/win/startup_information.cc create mode 100644 security/sandbox/chromium/base/win/startup_information.h create mode 100644 security/sandbox/chromium/base/win/static_constants.cc create mode 100644 security/sandbox/chromium/base/win/static_constants.h create mode 100644 security/sandbox/chromium/base/win/windows_types.h create mode 100644 security/sandbox/chromium/base/win/windows_version.cc create mode 100644 security/sandbox/chromium/base/win/windows_version.h create mode 100644 security/sandbox/chromium/build/build_config.h create mode 100644 security/sandbox/chromium/build/buildflag.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl_forward.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/bpf_dsl_impl.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/codegen.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/codegen.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/cons.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/dump_bpf.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/dump_bpf.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/errorcode.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/linux_syscall_ranges.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/policy.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/policy.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/policy_compiler.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/policy_compiler.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/seccomp_macros.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/syscall_set.cc create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/syscall_set.h create mode 100644 security/sandbox/chromium/sandbox/linux/bpf_dsl/trap_registry.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/die.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/die.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall.h create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/syscall_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc create mode 100644 security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.h create mode 100644 security/sandbox/chromium/sandbox/linux/services/syscall_wrappers.cc create mode 100644 security/sandbox/chromium/sandbox/linux/services/syscall_wrappers.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_ucontext.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/capability.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/i386_linux_ucontext.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_filter.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_futex.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_seccomp.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_signal.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/linux_ucontext.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h create mode 100644 security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h create mode 100644 security/sandbox/chromium/sandbox/sandbox_export.h create mode 100644 security/sandbox/chromium/sandbox/win/src/acl.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/acl.h create mode 100644 security/sandbox/chromium/sandbox/win/src/app_container_profile.h create mode 100644 security/sandbox/chromium/sandbox/win/src/app_container_profile_base.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/app_container_profile_base.h create mode 100644 security/sandbox/chromium/sandbox/win/src/app_container_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/broker_services.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/broker_services.h create mode 100644 security/sandbox/chromium/sandbox/win/src/crosscall_client.h create mode 100644 security/sandbox/chromium/sandbox/win/src/crosscall_params.h create mode 100644 security/sandbox/chromium/sandbox/win/src/crosscall_server.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/crosscall_server.h create mode 100644 security/sandbox/chromium/sandbox/win/src/eat_resolver.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/eat_resolver.h create mode 100644 security/sandbox/chromium/sandbox/win/src/file_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/filesystem_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_closer.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_closer.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_closer_agent.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_closer_agent.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_closer_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_inheritance_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/handle_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/heap_helper.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/heap_helper.h create mode 100644 security/sandbox/chromium/sandbox/win/src/integrity_level_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/interception_agent.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/interception_agent.h create mode 100644 security/sandbox/chromium/sandbox/win/src/interception_internal.h create mode 100644 security/sandbox/chromium/sandbox/win/src/interception_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/interceptors.h create mode 100644 security/sandbox/chromium/sandbox/win/src/interceptors_64.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/interceptors_64.h create mode 100644 security/sandbox/chromium/sandbox/win/src/internal_types.h create mode 100644 security/sandbox/chromium/sandbox/win/src/ipc_args.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/ipc_args.h create mode 100644 security/sandbox/chromium/sandbox/win/src/ipc_ping_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/ipc_tags.h create mode 100644 security/sandbox/chromium/sandbox/win/src/ipc_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/job.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/job.h create mode 100644 security/sandbox/chromium/sandbox/win/src/job_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/named_pipe_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/nt_internals.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_broker.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_broker.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_opcodes.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_opcodes.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_params.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_processor.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_processor.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_engine_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_low_level.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_low_level.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_low_level_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_opcodes_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_params.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_target.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_target.h create mode 100644 security/sandbox/chromium/sandbox/win/src/policy_target_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_mitigations_win32k_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/process_thread_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/registry_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/resolver.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/resolver.h create mode 100644 security/sandbox/chromium/sandbox/win/src/resolver_32.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/resolver_64.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/restricted_token.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/restricted_token.h create mode 100644 security/sandbox/chromium/sandbox/win/src/restricted_token_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/restricted_token_utils.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox.vcproj create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_factory.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_globals.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_nt_types.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_nt_util.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_nt_util.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_rand.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_rand.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_types.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_utils.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sandbox_utils.h create mode 100644 security/sandbox/chromium/sandbox/win/src/security_capabilities.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/security_capabilities.h create mode 100644 security/sandbox/chromium/sandbox/win/src/security_level.h create mode 100644 security/sandbox/chromium/sandbox/win/src/service_resolver.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/service_resolver.h create mode 100644 security/sandbox/chromium/sandbox/win/src/service_resolver_32.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/service_resolver_64.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/service_resolver_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_client.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_client.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_server.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sharedmem_ipc_server.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sid.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sid.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sid_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/signed_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_interception.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_interception.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_policy.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_policy.h create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_policy_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/sync_policy_test.h create mode 100644 security/sandbox/chromium/sandbox/win/src/target_interceptions.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/target_interceptions.h create mode 100644 security/sandbox/chromium/sandbox/win/src/target_process.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/target_process.h create mode 100644 security/sandbox/chromium/sandbox/win/src/target_services.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/target_services.h create mode 100644 security/sandbox/chromium/sandbox/win/src/threadpool_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/top_level_dispatcher.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/top_level_dispatcher.h create mode 100644 security/sandbox/chromium/sandbox/win/src/unload_dll_test.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/win2k_threadpool.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/win2k_threadpool.h create mode 100644 security/sandbox/chromium/sandbox/win/src/win_utils.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/win_utils.h create mode 100644 security/sandbox/chromium/sandbox/win/src/win_utils_unittest.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/window.cc create mode 100644 security/sandbox/chromium/sandbox/win/src/window.h (limited to 'security/sandbox/chromium') diff --git a/security/sandbox/chromium/LICENSE b/security/sandbox/chromium/LICENSE new file mode 100644 index 0000000000..a32e00ce6b --- /dev/null +++ b/security/sandbox/chromium/LICENSE @@ -0,0 +1,27 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/security/sandbox/chromium/base/at_exit.cc b/security/sandbox/chromium/base/at_exit.cc new file mode 100644 index 0000000000..eb7d26cdc7 --- /dev/null +++ b/security/sandbox/chromium/base/at_exit.cc @@ -0,0 +1,114 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/at_exit.h" + +#include +#include +#include + +#include "base/bind.h" +#include "base/callback.h" +#include "base/logging.h" + +namespace base { + +// Keep a stack of registered AtExitManagers. We always operate on the most +// recent, and we should never have more than one outside of testing (for a +// statically linked version of this library). Testing may use the shadow +// version of the constructor, and if we are building a dynamic library we may +// end up with multiple AtExitManagers on the same process. We don't protect +// this for thread-safe access, since it will only be modified in testing. +static AtExitManager* g_top_manager = nullptr; + +static bool g_disable_managers = false; + +AtExitManager::AtExitManager() : next_manager_(g_top_manager) { +// If multiple modules instantiate AtExitManagers they'll end up living in this +// module... they have to coexist. +#if !defined(COMPONENT_BUILD) + DCHECK(!g_top_manager); +#endif + g_top_manager = this; +} + +AtExitManager::~AtExitManager() { + if (!g_top_manager) { + NOTREACHED() << "Tried to ~AtExitManager without an AtExitManager"; + return; + } + DCHECK_EQ(this, g_top_manager); + + if (!g_disable_managers) + ProcessCallbacksNow(); + g_top_manager = next_manager_; +} + +// static +void AtExitManager::RegisterCallback(AtExitCallbackType func, void* param) { + DCHECK(func); + RegisterTask(base::BindOnce(func, param)); +} + +// static +void AtExitManager::RegisterTask(base::OnceClosure task) { + if (!g_top_manager) { + NOTREACHED() << "Tried to RegisterCallback without an AtExitManager"; + return; + } + + AutoLock lock(g_top_manager->lock_); +#if DCHECK_IS_ON() + DCHECK(!g_top_manager->processing_callbacks_); +#endif + g_top_manager->stack_.push(std::move(task)); +} + +// static +void AtExitManager::ProcessCallbacksNow() { + if (!g_top_manager) { + NOTREACHED() << "Tried to ProcessCallbacksNow without an AtExitManager"; + return; + } + + // Callbacks may try to add new callbacks, so run them without holding + // |lock_|. This is an error and caught by the DCHECK in RegisterTask(), but + // handle it gracefully in release builds so we don't deadlock. + base::stack tasks; + { + AutoLock lock(g_top_manager->lock_); + tasks.swap(g_top_manager->stack_); +#if DCHECK_IS_ON() + g_top_manager->processing_callbacks_ = true; +#endif + } + + // Relax the cross-thread access restriction to non-thread-safe RefCount. + // It's safe since all other threads should be terminated at this point. + ScopedAllowCrossThreadRefCountAccess allow_cross_thread_ref_count_access; + + while (!tasks.empty()) { + std::move(tasks.top()).Run(); + tasks.pop(); + } + +#if DCHECK_IS_ON() + AutoLock lock(g_top_manager->lock_); + // Expect that all callbacks have been run. + DCHECK(g_top_manager->stack_.empty()); + g_top_manager->processing_callbacks_ = false; +#endif +} + +void AtExitManager::DisableAllAtExitManagers() { + AutoLock lock(g_top_manager->lock_); + g_disable_managers = true; +} + +AtExitManager::AtExitManager(bool shadow) : next_manager_(g_top_manager) { + DCHECK(shadow || !g_top_manager); + g_top_manager = this; +} + +} // namespace base diff --git a/security/sandbox/chromium/base/at_exit.h b/security/sandbox/chromium/base/at_exit.h new file mode 100644 index 0000000000..fa652ac0c9 --- /dev/null +++ b/security/sandbox/chromium/base/at_exit.h @@ -0,0 +1,87 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_AT_EXIT_H_ +#define BASE_AT_EXIT_H_ + +#include "base/base_export.h" +#include "base/callback.h" +#include "base/containers/stack.h" +#include "base/macros.h" +#include "base/synchronization/lock.h" +#include "base/thread_annotations.h" + +namespace base { + +// This class provides a facility similar to the CRT atexit(), except that +// we control when the callbacks are executed. Under Windows for a DLL they +// happen at a really bad time and under the loader lock. This facility is +// mostly used by base::Singleton. +// +// The usage is simple. Early in the main() or WinMain() scope create an +// AtExitManager object on the stack: +// int main(...) { +// base::AtExitManager exit_manager; +// +// } +// When the exit_manager object goes out of scope, all the registered +// callbacks and singleton destructors will be called. + +class BASE_EXPORT AtExitManager { + public: + typedef void (*AtExitCallbackType)(void*); + + AtExitManager(); + + // The dtor calls all the registered callbacks. Do not try to register more + // callbacks after this point. + ~AtExitManager(); + + // Registers the specified function to be called at exit. The prototype of + // the callback function is void func(void*). + static void RegisterCallback(AtExitCallbackType func, void* param); + + // Registers the specified task to be called at exit. + static void RegisterTask(base::OnceClosure task); + + // Calls the functions registered with RegisterCallback in LIFO order. It + // is possible to register new callbacks after calling this function. + static void ProcessCallbacksNow(); + + // Disable all registered at-exit callbacks. This is used only in a single- + // process mode. + static void DisableAllAtExitManagers(); + + protected: + // This constructor will allow this instance of AtExitManager to be created + // even if one already exists. This should only be used for testing! + // AtExitManagers are kept on a global stack, and it will be removed during + // destruction. This allows you to shadow another AtExitManager. + explicit AtExitManager(bool shadow); + + private: + base::Lock lock_; + + base::stack stack_ GUARDED_BY(lock_); + +#if DCHECK_IS_ON() + bool processing_callbacks_ GUARDED_BY(lock_) = false; +#endif + + // Stack of managers to allow shadowing. + AtExitManager* const next_manager_; + + DISALLOW_COPY_AND_ASSIGN(AtExitManager); +}; + +#if defined(UNIT_TEST) +class ShadowingAtExitManager : public AtExitManager { + public: + ShadowingAtExitManager() : AtExitManager(true) {} +}; +#endif // defined(UNIT_TEST) + +} // namespace base + +#endif // BASE_AT_EXIT_H_ diff --git a/security/sandbox/chromium/base/atomic_ref_count.h b/security/sandbox/chromium/base/atomic_ref_count.h new file mode 100644 index 0000000000..5e48c82380 --- /dev/null +++ b/security/sandbox/chromium/base/atomic_ref_count.h @@ -0,0 +1,69 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This is a low level implementation of atomic semantics for reference +// counting. Please use base/memory/ref_counted.h directly instead. + +#ifndef BASE_ATOMIC_REF_COUNT_H_ +#define BASE_ATOMIC_REF_COUNT_H_ + +#include + +namespace base { + +class AtomicRefCount { + public: + constexpr AtomicRefCount() : ref_count_(0) {} + explicit constexpr AtomicRefCount(int initial_value) + : ref_count_(initial_value) {} + + // Increment a reference count. + // Returns the previous value of the count. + int Increment() { return Increment(1); } + + // Increment a reference count by "increment", which must exceed 0. + // Returns the previous value of the count. + int Increment(int increment) { + return ref_count_.fetch_add(increment, std::memory_order_relaxed); + } + + // Decrement a reference count, and return whether the result is non-zero. + // Insert barriers to ensure that state written before the reference count + // became zero will be visible to a thread that has just made the count zero. + bool Decrement() { + // TODO(jbroman): Technically this doesn't need to be an acquire operation + // unless the result is 1 (i.e., the ref count did indeed reach zero). + // However, there are toolchain issues that make that not work as well at + // present (notably TSAN doesn't like it). + return ref_count_.fetch_sub(1, std::memory_order_acq_rel) != 1; + } + + // Return whether the reference count is one. If the reference count is used + // in the conventional way, a refrerence count of 1 implies that the current + // thread owns the reference and no other thread shares it. This call + // performs the test for a reference count of one, and performs the memory + // barrier needed for the owning thread to act on the object, knowing that it + // has exclusive access to the object. + bool IsOne() const { return ref_count_.load(std::memory_order_acquire) == 1; } + + // Return whether the reference count is zero. With conventional object + // referencing counting, the object will be destroyed, so the reference count + // should never be zero. Hence this is generally used for a debug check. + bool IsZero() const { + return ref_count_.load(std::memory_order_acquire) == 0; + } + + // Returns the current reference count (with no barriers). This is subtle, and + // should be used only for debugging. + int SubtleRefCountForDebug() const { + return ref_count_.load(std::memory_order_relaxed); + } + + private: + std::atomic_int ref_count_; +}; + +} // namespace base + +#endif // BASE_ATOMIC_REF_COUNT_H_ diff --git a/security/sandbox/chromium/base/atomic_sequence_num.h b/security/sandbox/chromium/base/atomic_sequence_num.h new file mode 100644 index 0000000000..717e37a60b --- /dev/null +++ b/security/sandbox/chromium/base/atomic_sequence_num.h @@ -0,0 +1,33 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_ATOMIC_SEQUENCE_NUM_H_ +#define BASE_ATOMIC_SEQUENCE_NUM_H_ + +#include + +#include "base/macros.h" + +namespace base { + +// AtomicSequenceNumber is a thread safe increasing sequence number generator. +// Its constructor doesn't emit a static initializer, so it's safe to use as a +// global variable or static member. +class AtomicSequenceNumber { + public: + constexpr AtomicSequenceNumber() = default; + + // Returns an increasing sequence number starts from 0 for each call. + // This function can be called from any thread without data race. + inline int GetNext() { return seq_.fetch_add(1, std::memory_order_relaxed); } + + private: + std::atomic_int seq_{0}; + + DISALLOW_COPY_AND_ASSIGN(AtomicSequenceNumber); +}; + +} // namespace base + +#endif // BASE_ATOMIC_SEQUENCE_NUM_H_ diff --git a/security/sandbox/chromium/base/atomicops.h b/security/sandbox/chromium/base/atomicops.h new file mode 100644 index 0000000000..429e2457fc --- /dev/null +++ b/security/sandbox/chromium/base/atomicops.h @@ -0,0 +1,150 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// For atomic operations on reference counts, see atomic_refcount.h. +// For atomic operations on sequence numbers, see atomic_sequence_num.h. + +// The routines exported by this module are subtle. If you use them, even if +// you get the code right, it will depend on careful reasoning about atomicity +// and memory ordering; it will be less readable, and harder to maintain. If +// you plan to use these routines, you should have a good reason, such as solid +// evidence that performance would otherwise suffer, or there being no +// alternative. You should assume only properties explicitly guaranteed by the +// specifications in this file. You are almost certainly _not_ writing code +// just for the x86; if you assume x86 semantics, x86 hardware bugs and +// implementations on other archtectures will cause your code to break. If you +// do not know what you are doing, avoid these routines, and use a Mutex. +// +// It is incorrect to make direct assignments to/from an atomic variable. +// You should use one of the Load or Store routines. The NoBarrier +// versions are provided when no barriers are needed: +// NoBarrier_Store() +// NoBarrier_Load() +// Although there are currently no compiler enforcement, you are encouraged +// to use these. +// + +#ifndef BASE_ATOMICOPS_H_ +#define BASE_ATOMICOPS_H_ + +#include + +// Small C++ header which defines implementation specific macros used to +// identify the STL implementation. +// - libc++: captures __config for _LIBCPP_VERSION +// - libstdc++: captures bits/c++config.h for __GLIBCXX__ +#include + +#include "base/base_export.h" +#include "build/build_config.h" + +namespace base { +namespace subtle { + +typedef int32_t Atomic32; +#ifdef ARCH_CPU_64_BITS +// We need to be able to go between Atomic64 and AtomicWord implicitly. This +// means Atomic64 and AtomicWord should be the same type on 64-bit. +#if defined(__ILP32__) || defined(OS_NACL) +// NaCl's intptr_t is not actually 64-bits on 64-bit! +// http://code.google.com/p/nativeclient/issues/detail?id=1162 +typedef int64_t Atomic64; +#else +typedef intptr_t Atomic64; +#endif +#endif + +// Use AtomicWord for a machine-sized pointer. It will use the Atomic32 or +// Atomic64 routines below, depending on your architecture. +typedef intptr_t AtomicWord; + +// Atomically execute: +// result = *ptr; +// if (*ptr == old_value) +// *ptr = new_value; +// return result; +// +// I.e., replace "*ptr" with "new_value" if "*ptr" used to be "old_value". +// Always return the old value of "*ptr" +// +// This routine implies no memory barriers. +Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value); + +// Atomically store new_value into *ptr, returning the previous value held in +// *ptr. This routine implies no memory barriers. +Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr, Atomic32 new_value); + +// Atomically increment *ptr by "increment". Returns the new value of +// *ptr with the increment applied. This routine implies no memory barriers. +Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr, Atomic32 increment); + +Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr, + Atomic32 increment); + +// These following lower-level operations are typically useful only to people +// implementing higher-level synchronization operations like spinlocks, +// mutexes, and condition-variables. They combine CompareAndSwap(), a load, or +// a store with appropriate memory-ordering instructions. "Acquire" operations +// ensure that no later memory access can be reordered ahead of the operation. +// "Release" operations ensure that no previous memory access can be reordered +// after the operation. "Barrier" operations have both "Acquire" and "Release" +// semantics. +Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value); +Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value); + +void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value); +void Acquire_Store(volatile Atomic32* ptr, Atomic32 value); +void Release_Store(volatile Atomic32* ptr, Atomic32 value); + +Atomic32 NoBarrier_Load(volatile const Atomic32* ptr); +Atomic32 Acquire_Load(volatile const Atomic32* ptr); +Atomic32 Release_Load(volatile const Atomic32* ptr); + +// 64-bit atomic operations (only available on 64-bit processors). +#ifdef ARCH_CPU_64_BITS +Atomic64 NoBarrier_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value); +Atomic64 NoBarrier_AtomicExchange(volatile Atomic64* ptr, Atomic64 new_value); +Atomic64 NoBarrier_AtomicIncrement(volatile Atomic64* ptr, Atomic64 increment); +Atomic64 Barrier_AtomicIncrement(volatile Atomic64* ptr, Atomic64 increment); + +Atomic64 Acquire_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value); +Atomic64 Release_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value); +void NoBarrier_Store(volatile Atomic64* ptr, Atomic64 value); +void Acquire_Store(volatile Atomic64* ptr, Atomic64 value); +void Release_Store(volatile Atomic64* ptr, Atomic64 value); +Atomic64 NoBarrier_Load(volatile const Atomic64* ptr); +Atomic64 Acquire_Load(volatile const Atomic64* ptr); +Atomic64 Release_Load(volatile const Atomic64* ptr); +#endif // ARCH_CPU_64_BITS + +} // namespace subtle +} // namespace base + +#if defined(OS_WIN) && defined(ARCH_CPU_X86_FAMILY) +// TODO(jfb): Try to use base/atomicops_internals_portable.h everywhere. +// https://crbug.com/559247. +# include "base/atomicops_internals_x86_msvc.h" +#else +# include "base/atomicops_internals_portable.h" +#endif + +// On some platforms we need additional declarations to make +// AtomicWord compatible with our other Atomic* types. +#if defined(OS_MACOSX) || defined(OS_OPENBSD) +#include "base/atomicops_internals_atomicword_compat.h" +#endif + +#endif // BASE_ATOMICOPS_H_ diff --git a/security/sandbox/chromium/base/atomicops_internals_portable.h b/security/sandbox/chromium/base/atomicops_internals_portable.h new file mode 100644 index 0000000000..3b75be32c4 --- /dev/null +++ b/security/sandbox/chromium/base/atomicops_internals_portable.h @@ -0,0 +1,219 @@ +// Copyright (c) 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This file is an internal atomic implementation, use atomicops.h instead. +// +// This implementation uses C++11 atomics' member functions. The code base is +// currently written assuming atomicity revolves around accesses instead of +// C++11's memory locations. The burden is on the programmer to ensure that all +// memory locations accessed atomically are never accessed non-atomically (tsan +// should help with this). +// +// TODO(jfb) Modify the atomicops.h API and user code to declare atomic +// locations as truly atomic. See the static_assert below. +// +// Of note in this implementation: +// * All NoBarrier variants are implemented as relaxed. +// * All Barrier variants are implemented as sequentially-consistent. +// * Compare exchange's failure ordering is always the same as the success one +// (except for release, which fails as relaxed): using a weaker ordering is +// only valid under certain uses of compare exchange. +// * Acquire store doesn't exist in the C11 memory model, it is instead +// implemented as a relaxed store followed by a sequentially consistent +// fence. +// * Release load doesn't exist in the C11 memory model, it is instead +// implemented as sequentially consistent fence followed by a relaxed load. +// * Atomic increment is expected to return the post-incremented value, whereas +// C11 fetch add returns the previous value. The implementation therefore +// needs to increment twice (which the compiler should be able to detect and +// optimize). + +#ifndef BASE_ATOMICOPS_INTERNALS_PORTABLE_H_ +#define BASE_ATOMICOPS_INTERNALS_PORTABLE_H_ + +#include + +#include "build/build_config.h" + +namespace base { +namespace subtle { + +// This implementation is transitional and maintains the original API for +// atomicops.h. This requires casting memory locations to the atomic types, and +// assumes that the API and the C++11 implementation are layout-compatible, +// which isn't true for all implementations or hardware platforms. The static +// assertion should detect this issue, were it to fire then this header +// shouldn't be used. +// +// TODO(jfb) If this header manages to stay committed then the API should be +// modified, and all call sites updated. +typedef volatile std::atomic* AtomicLocation32; +static_assert(sizeof(*(AtomicLocation32) nullptr) == sizeof(Atomic32), + "incompatible 32-bit atomic layout"); + +inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + ((AtomicLocation32)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_relaxed, + std::memory_order_relaxed); + return old_value; +} + +inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr, + Atomic32 new_value) { + return ((AtomicLocation32)ptr) + ->exchange(new_value, std::memory_order_relaxed); +} + +inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr, + Atomic32 increment) { + return increment + + ((AtomicLocation32)ptr) + ->fetch_add(increment, std::memory_order_relaxed); +} + +inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr, + Atomic32 increment) { + return increment + ((AtomicLocation32)ptr)->fetch_add(increment); +} + +inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + ((AtomicLocation32)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_acquire, + std::memory_order_acquire); + return old_value; +} + +inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + ((AtomicLocation32)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_release, + std::memory_order_relaxed); + return old_value; +} + +inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) { + ((AtomicLocation32)ptr)->store(value, std::memory_order_relaxed); +} + +inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) { + ((AtomicLocation32)ptr)->store(value, std::memory_order_relaxed); + std::atomic_thread_fence(std::memory_order_seq_cst); +} + +inline void Release_Store(volatile Atomic32* ptr, Atomic32 value) { + ((AtomicLocation32)ptr)->store(value, std::memory_order_release); +} + +inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { + return ((AtomicLocation32)ptr)->load(std::memory_order_relaxed); +} + +inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) { + return ((AtomicLocation32)ptr)->load(std::memory_order_acquire); +} + +inline Atomic32 Release_Load(volatile const Atomic32* ptr) { + std::atomic_thread_fence(std::memory_order_seq_cst); + return ((AtomicLocation32)ptr)->load(std::memory_order_relaxed); +} + +#if defined(ARCH_CPU_64_BITS) + +typedef volatile std::atomic* AtomicLocation64; +static_assert(sizeof(*(AtomicLocation64) nullptr) == sizeof(Atomic64), + "incompatible 64-bit atomic layout"); + +inline Atomic64 NoBarrier_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + ((AtomicLocation64)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_relaxed, + std::memory_order_relaxed); + return old_value; +} + +inline Atomic64 NoBarrier_AtomicExchange(volatile Atomic64* ptr, + Atomic64 new_value) { + return ((AtomicLocation64)ptr) + ->exchange(new_value, std::memory_order_relaxed); +} + +inline Atomic64 NoBarrier_AtomicIncrement(volatile Atomic64* ptr, + Atomic64 increment) { + return increment + + ((AtomicLocation64)ptr) + ->fetch_add(increment, std::memory_order_relaxed); +} + +inline Atomic64 Barrier_AtomicIncrement(volatile Atomic64* ptr, + Atomic64 increment) { + return increment + ((AtomicLocation64)ptr)->fetch_add(increment); +} + +inline Atomic64 Acquire_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + ((AtomicLocation64)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_acquire, + std::memory_order_acquire); + return old_value; +} + +inline Atomic64 Release_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + ((AtomicLocation64)ptr) + ->compare_exchange_strong(old_value, + new_value, + std::memory_order_release, + std::memory_order_relaxed); + return old_value; +} + +inline void NoBarrier_Store(volatile Atomic64* ptr, Atomic64 value) { + ((AtomicLocation64)ptr)->store(value, std::memory_order_relaxed); +} + +inline void Acquire_Store(volatile Atomic64* ptr, Atomic64 value) { + ((AtomicLocation64)ptr)->store(value, std::memory_order_relaxed); + std::atomic_thread_fence(std::memory_order_seq_cst); +} + +inline void Release_Store(volatile Atomic64* ptr, Atomic64 value) { + ((AtomicLocation64)ptr)->store(value, std::memory_order_release); +} + +inline Atomic64 NoBarrier_Load(volatile const Atomic64* ptr) { + return ((AtomicLocation64)ptr)->load(std::memory_order_relaxed); +} + +inline Atomic64 Acquire_Load(volatile const Atomic64* ptr) { + return ((AtomicLocation64)ptr)->load(std::memory_order_acquire); +} + +inline Atomic64 Release_Load(volatile const Atomic64* ptr) { + std::atomic_thread_fence(std::memory_order_seq_cst); + return ((AtomicLocation64)ptr)->load(std::memory_order_relaxed); +} + +#endif // defined(ARCH_CPU_64_BITS) +} // namespace subtle +} // namespace base + +#endif // BASE_ATOMICOPS_INTERNALS_PORTABLE_H_ diff --git a/security/sandbox/chromium/base/atomicops_internals_x86_msvc.h b/security/sandbox/chromium/base/atomicops_internals_x86_msvc.h new file mode 100644 index 0000000000..d9846f64b8 --- /dev/null +++ b/security/sandbox/chromium/base/atomicops_internals_x86_msvc.h @@ -0,0 +1,179 @@ +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// This file is an internal atomic implementation, use base/atomicops.h instead. + +#ifndef BASE_ATOMICOPS_INTERNALS_X86_MSVC_H_ +#define BASE_ATOMICOPS_INTERNALS_X86_MSVC_H_ + +#include "base/win/windows_types.h" + +#include + +#include + +#include "base/macros.h" +#include "build/build_config.h" + +namespace base { +namespace subtle { + +inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + LONG result = _InterlockedCompareExchange( + reinterpret_cast(ptr), + static_cast(new_value), + static_cast(old_value)); + return static_cast(result); +} + +inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr, + Atomic32 new_value) { + LONG result = _InterlockedExchange( + reinterpret_cast(ptr), + static_cast(new_value)); + return static_cast(result); +} + +inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr, + Atomic32 increment) { + return _InterlockedExchangeAdd( + reinterpret_cast(ptr), + static_cast(increment)) + increment; +} + +inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr, + Atomic32 increment) { + return Barrier_AtomicIncrement(ptr, increment); +} + +inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + return NoBarrier_CompareAndSwap(ptr, old_value, new_value); +} + +inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr, + Atomic32 old_value, + Atomic32 new_value) { + return NoBarrier_CompareAndSwap(ptr, old_value, new_value); +} + +inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) { + *ptr = value; +} + +inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) { + NoBarrier_AtomicExchange(ptr, value); + // acts as a barrier in this implementation +} + +inline void Release_Store(volatile Atomic32* ptr, Atomic32 value) { + *ptr = value; // works w/o barrier for current Intel chips as of June 2005 + // See comments in Atomic64 version of Release_Store() below. +} + +inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { + return *ptr; +} + +inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) { + Atomic32 value = *ptr; + return value; +} + +inline Atomic32 Release_Load(volatile const Atomic32* ptr) { + std::atomic_thread_fence(std::memory_order_seq_cst); + return *ptr; +} + +#if defined(_WIN64) + +// 64-bit low-level operations on 64-bit platform. + +static_assert(sizeof(Atomic64) == sizeof(PVOID), "atomic word is atomic"); + +inline Atomic64 NoBarrier_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + PVOID result = _InterlockedCompareExchangePointer( + reinterpret_cast(ptr), + reinterpret_cast(new_value), reinterpret_cast(old_value)); + return reinterpret_cast(result); +} + +inline Atomic64 NoBarrier_AtomicExchange(volatile Atomic64* ptr, + Atomic64 new_value) { + PVOID result = + _InterlockedExchangePointer(reinterpret_cast(ptr), + reinterpret_cast(new_value)); + return reinterpret_cast(result); +} + +inline Atomic64 Barrier_AtomicIncrement(volatile Atomic64* ptr, + Atomic64 increment) { + return _InterlockedExchangeAdd64(reinterpret_cast(ptr), + static_cast(increment)) + + increment; +} + +inline Atomic64 NoBarrier_AtomicIncrement(volatile Atomic64* ptr, + Atomic64 increment) { + return Barrier_AtomicIncrement(ptr, increment); +} + +inline void NoBarrier_Store(volatile Atomic64* ptr, Atomic64 value) { + *ptr = value; +} + +inline void Acquire_Store(volatile Atomic64* ptr, Atomic64 value) { + NoBarrier_AtomicExchange(ptr, value); + // acts as a barrier in this implementation +} + +inline void Release_Store(volatile Atomic64* ptr, Atomic64 value) { + *ptr = value; // works w/o barrier for current Intel chips as of June 2005 + + // When new chips come out, check: + // IA-32 Intel Architecture Software Developer's Manual, Volume 3: + // System Programming Guide, Chatper 7: Multiple-processor management, + // Section 7.2, Memory Ordering. + // Last seen at: + // http://developer.intel.com/design/pentium4/manuals/index_new.htm +} + +inline Atomic64 NoBarrier_Load(volatile const Atomic64* ptr) { + return *ptr; +} + +inline Atomic64 Acquire_Load(volatile const Atomic64* ptr) { + Atomic64 value = *ptr; + return value; +} + +inline Atomic64 Release_Load(volatile const Atomic64* ptr) { + std::atomic_thread_fence(std::memory_order_seq_cst); + return *ptr; +} + +inline Atomic64 Acquire_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + return NoBarrier_CompareAndSwap(ptr, old_value, new_value); +} + +inline Atomic64 Release_CompareAndSwap(volatile Atomic64* ptr, + Atomic64 old_value, + Atomic64 new_value) { + return NoBarrier_CompareAndSwap(ptr, old_value, new_value); +} + + +#endif // defined(_WIN64) + +} // namespace subtle +} // namespace base + +#endif // BASE_ATOMICOPS_INTERNALS_X86_MSVC_H_ diff --git a/security/sandbox/chromium/base/base_export.h b/security/sandbox/chromium/base/base_export.h new file mode 100644 index 0000000000..cf7ebd7816 --- /dev/null +++ b/security/sandbox/chromium/base/base_export.h @@ -0,0 +1,29 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_BASE_EXPORT_H_ +#define BASE_BASE_EXPORT_H_ + +#if defined(COMPONENT_BUILD) +#if defined(WIN32) + +#if defined(BASE_IMPLEMENTATION) +#define BASE_EXPORT __declspec(dllexport) +#else +#define BASE_EXPORT __declspec(dllimport) +#endif // defined(BASE_IMPLEMENTATION) + +#else // defined(WIN32) +#if defined(BASE_IMPLEMENTATION) +#define BASE_EXPORT __attribute__((visibility("default"))) +#else +#define BASE_EXPORT +#endif // defined(BASE_IMPLEMENTATION) +#endif + +#else // defined(COMPONENT_BUILD) +#define BASE_EXPORT +#endif + +#endif // BASE_BASE_EXPORT_H_ diff --git a/security/sandbox/chromium/base/base_paths.h b/security/sandbox/chromium/base/base_paths.h new file mode 100644 index 0000000000..2a163f48d4 --- /dev/null +++ b/security/sandbox/chromium/base/base_paths.h @@ -0,0 +1,55 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_BASE_PATHS_H_ +#define BASE_BASE_PATHS_H_ + +// This file declares path keys for the base module. These can be used with +// the PathService to access various special directories and files. + +#include "build/build_config.h" + +#if defined(OS_WIN) +#include "base/base_paths_win.h" +#elif defined(OS_MACOSX) +#include "base/base_paths_mac.h" +#elif defined(OS_ANDROID) +#include "base/base_paths_android.h" +#endif + +#if defined(OS_POSIX) || defined(OS_FUCHSIA) +#include "base/base_paths_posix.h" +#endif + +namespace base { + +enum BasePathKey { + PATH_START = 0, + + DIR_CURRENT, // Current directory. + DIR_EXE, // Directory containing FILE_EXE. + DIR_MODULE, // Directory containing FILE_MODULE. + DIR_ASSETS, // Directory that contains application assets. + DIR_TEMP, // Temporary directory. + DIR_HOME, // User's root home directory. On Windows this will look + // like "C:\Users\" which isn't necessarily a great + // place to put files. + FILE_EXE, // Path and filename of the current executable. + FILE_MODULE, // Path and filename of the module containing the code for + // the PathService (which could differ from FILE_EXE if the + // PathService were compiled into a shared object, for + // example). + DIR_SOURCE_ROOT, // Returns the root of the source tree. This key is useful + // for tests that need to locate various resources. It + // should not be used outside of test code. + DIR_USER_DESKTOP, // The current user's Desktop. + + DIR_TEST_DATA, // Used only for testing. + + PATH_END +}; + +} // namespace base + +#endif // BASE_BASE_PATHS_H_ diff --git a/security/sandbox/chromium/base/base_paths_win.h b/security/sandbox/chromium/base/base_paths_win.h new file mode 100644 index 0000000000..2db16a6271 --- /dev/null +++ b/security/sandbox/chromium/base/base_paths_win.h @@ -0,0 +1,53 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_BASE_PATHS_WIN_H_ +#define BASE_BASE_PATHS_WIN_H_ + +// This file declares windows-specific path keys for the base module. +// These can be used with the PathService to access various special +// directories and files. + +namespace base { + +enum { + PATH_WIN_START = 100, + + DIR_WINDOWS, // Windows directory, usually "c:\windows" + DIR_SYSTEM, // Usually c:\windows\system32" + // 32-bit 32-bit on 64-bit 64-bit on 64-bit + // DIR_PROGRAM_FILES 1 2 1 + // DIR_PROGRAM_FILESX86 1 2 2 + // DIR_PROGRAM_FILES6432 1 1 1 + // 1 - C:\Program Files 2 - C:\Program Files (x86) + DIR_PROGRAM_FILES, // See table above. + DIR_PROGRAM_FILESX86, // See table above. + DIR_PROGRAM_FILES6432, // See table above. + + DIR_IE_INTERNET_CACHE, // Temporary Internet Files directory. + DIR_COMMON_START_MENU, // Usually "C:\ProgramData\Microsoft\Windows\ + // Start Menu\Programs" + DIR_START_MENU, // Usually "C:\Users\\AppData\Roaming\ + // Microsoft\Windows\Start Menu\Programs" + DIR_APP_DATA, // Application Data directory under the user + // profile. + DIR_LOCAL_APP_DATA, // "Local Settings\Application Data" directory + // under the user profile. + DIR_COMMON_APP_DATA, // Usually "C:\ProgramData". + DIR_APP_SHORTCUTS, // Where tiles on the start screen are stored, + // only for Windows 8. Maps to "Local\AppData\ + // Microsoft\Windows\Application Shortcuts\". + DIR_COMMON_DESKTOP, // Directory for the common desktop (visible + // on all user's Desktop). + DIR_USER_QUICK_LAUNCH, // Directory for the quick launch shortcuts. + DIR_TASKBAR_PINS, // Directory for the shortcuts pinned to taskbar. + DIR_IMPLICIT_APP_SHORTCUTS, // The implicit user pinned shortcut directory. + DIR_WINDOWS_FONTS, // Usually C:\Windows\Fonts. + + PATH_WIN_END +}; + +} // namespace base + +#endif // BASE_BASE_PATHS_WIN_H_ diff --git a/security/sandbox/chromium/base/base_switches.cc b/security/sandbox/chromium/base/base_switches.cc new file mode 100644 index 0000000000..6a47487961 --- /dev/null +++ b/security/sandbox/chromium/base/base_switches.cc @@ -0,0 +1,149 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/base_switches.h" +#include "build/build_config.h" + +namespace switches { + +// Delays execution of TaskPriority::BEST_EFFORT tasks until shutdown. +const char kDisableBestEffortTasks[] = "disable-best-effort-tasks"; + +// Disables the crash reporting. +const char kDisableBreakpad[] = "disable-breakpad"; + +// Comma-separated list of feature names to disable. See also kEnableFeatures. +const char kDisableFeatures[] = "disable-features"; + +// Force disabling of low-end device mode when set. +const char kDisableLowEndDeviceMode[] = "disable-low-end-device-mode"; + +// Indicates that crash reporting should be enabled. On platforms where helper +// processes cannot access to files needed to make this decision, this flag is +// generated internally. +const char kEnableCrashReporter[] = "enable-crash-reporter"; + +// Comma-separated list of feature names to enable. See also kDisableFeatures. +const char kEnableFeatures[] = "enable-features"; + +// Force low-end device mode when set. +const char kEnableLowEndDeviceMode[] = "enable-low-end-device-mode"; + +// This option can be used to force field trials when testing changes locally. +// The argument is a list of name and value pairs, separated by slashes. If a +// trial name is prefixed with an asterisk, that trial will start activated. +// For example, the following argument defines two trials, with the second one +// activated: "GoogleNow/Enable/*MaterialDesignNTP/Default/" This option can +// also be used by the browser process to send the list of trials to a +// non-browser process, using the same format. See +// FieldTrialList::CreateTrialsFromString() in field_trial.h for details. +const char kForceFieldTrials[] = "force-fieldtrials"; + +// Generates full memory crash dump. +const char kFullMemoryCrashReport[] = "full-memory-crash-report"; + +// Logs information about all tasks posted with TaskPriority::BEST_EFFORT. Use +// this to diagnose issues that are thought to be caused by +// TaskPriority::BEST_EFFORT execution fences. Note: Tasks posted to a +// non-BEST_EFFORT UpdateableSequencedTaskRunner whose priority is later lowered +// to BEST_EFFORT are not logged. +const char kLogBestEffortTasks[] = "log-best-effort-tasks"; + +// Suppresses all error dialogs when present. +const char kNoErrorDialogs[] = "noerrdialogs"; + +// Starts the sampling based profiler for the browser process at startup. This +// will only work if chrome has been built with the gn arg enable_profiling = +// true. The output will go to the value of kProfilingFile. +const char kProfilingAtStart[] = "profiling-at-start"; + +// Specifies a location for profiling output. This will only work if chrome has +// been built with the gyp variable profiling=1 or gn arg enable_profiling=true. +// +// {pid} if present will be replaced by the pid of the process. +// {count} if present will be incremented each time a profile is generated +// for this process. +// The default is chrome-profile-{pid} for the browser and test-profile-{pid} +// for tests. +const char kProfilingFile[] = "profiling-file"; + +// Controls whether profile data is periodically flushed to a file. Normally +// the data gets written on exit but cases exist where chromium doesn't exit +// cleanly (especially when using single-process). A time in seconds can be +// specified. +const char kProfilingFlush[] = "profiling-flush"; + +// When running certain tests that spawn child processes, this switch indicates +// to the test framework that the current process is a child process. +const char kTestChildProcess[] = "test-child-process"; + +// When running certain tests that spawn child processes, this switch indicates +// to the test framework that the current process should not initialize ICU to +// avoid creating any scoped handles too early in startup. +const char kTestDoNotInitializeIcu[] = "test-do-not-initialize-icu"; + +// Sends trace events from these categories to a file. +// --trace-to-file on its own sends to default categories. +const char kTraceToFile[] = "trace-to-file"; + +// Specifies the file name for --trace-to-file. If unspecified, it will +// go to a default file name. +const char kTraceToFileName[] = "trace-to-file-name"; + +// Gives the default maximal active V-logging level; 0 is the default. +// Normally positive values are used for V-logging levels. +const char kV[] = "v"; + +// Gives the per-module maximal V-logging levels to override the value +// given by --v. E.g. "my_module=2,foo*=3" would change the logging +// level for all code in source files "my_module.*" and "foo*.*" +// ("-inl" suffixes are also disregarded for this matching). +// +// Any pattern containing a forward or backward slash will be tested +// against the whole pathname and not just the module. E.g., +// "*/foo/bar/*=2" would change the logging level for all code in +// source files under a "foo/bar" directory. +const char kVModule[] = "vmodule"; + +// Will wait for 60 seconds for a debugger to come to attach to the process. +const char kWaitForDebugger[] = "wait-for-debugger"; + +#if defined(OS_WIN) +// Disable high-resolution timer on Windows. +const char kDisableHighResTimer[] = "disable-highres-timer"; + +// Disables the USB keyboard detection for blocking the OSK on Win8+. +const char kDisableUsbKeyboardDetect[] = "disable-usb-keyboard-detect"; +#endif + +#if defined(OS_LINUX) && !defined(OS_CHROMEOS) +// The /dev/shm partition is too small in certain VM environments, causing +// Chrome to fail or crash (see http://crbug.com/715363). Use this flag to +// work-around this issue (a temporary directory will always be used to create +// anonymous shared memory files). +const char kDisableDevShmUsage[] = "disable-dev-shm-usage"; +#endif + +#if defined(OS_POSIX) +// Used for turning on Breakpad crash reporting in a debug environment where +// crash reporting is typically compiled but disabled. +const char kEnableCrashReporterForTesting[] = + "enable-crash-reporter-for-testing"; +#endif + +#if defined(OS_ANDROID) +// Enables the reached code profiler that samples all threads in all processes +// to determine which functions are almost never executed. +const char kEnableReachedCodeProfiler[] = "enable-reached-code-profiler"; +#endif + +#if defined(OS_LINUX) +// Controls whether or not retired instruction counts are surfaced for threads +// in trace events on Linux. +// +// This flag requires the BPF sandbox to be disabled. +const char kEnableThreadInstructionCount[] = "enable-thread-instruction-count"; +#endif + +} // namespace switches diff --git a/security/sandbox/chromium/base/base_switches.h b/security/sandbox/chromium/base/base_switches.h new file mode 100644 index 0000000000..b1923efc1e --- /dev/null +++ b/security/sandbox/chromium/base/base_switches.h @@ -0,0 +1,60 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Defines all the "base" command-line switches. + +#ifndef BASE_BASE_SWITCHES_H_ +#define BASE_BASE_SWITCHES_H_ + +#include "build/build_config.h" + +namespace switches { + +extern const char kDisableBestEffortTasks[]; +extern const char kDisableBreakpad[]; +extern const char kDisableFeatures[]; +extern const char kDisableLowEndDeviceMode[]; +extern const char kEnableCrashReporter[]; +extern const char kEnableFeatures[]; +extern const char kEnableLowEndDeviceMode[]; +extern const char kForceFieldTrials[]; +extern const char kFullMemoryCrashReport[]; +extern const char kLogBestEffortTasks[]; +extern const char kNoErrorDialogs[]; +extern const char kProfilingAtStart[]; +extern const char kProfilingFile[]; +extern const char kProfilingFlush[]; +extern const char kTestChildProcess[]; +extern const char kTestDoNotInitializeIcu[]; +extern const char kTraceToFile[]; +extern const char kTraceToFileName[]; +extern const char kV[]; +extern const char kVModule[]; +extern const char kWaitForDebugger[]; + +#if defined(OS_WIN) +extern const char kDisableHighResTimer[]; +extern const char kDisableUsbKeyboardDetect[]; +#endif + +#if defined(OS_LINUX) && !defined(OS_CHROMEOS) +extern const char kDisableDevShmUsage[]; +#endif + +#if defined(OS_POSIX) +extern const char kEnableCrashReporterForTesting[]; +#endif + +#if defined(OS_ANDROID) +extern const char kEnableReachedCodeProfiler[]; +extern const char kOrderfileMemoryOptimization[]; +#endif + +#if defined(OS_LINUX) +extern const char kEnableThreadInstructionCount[]; +#endif + +} // namespace switches + +#endif // BASE_BASE_SWITCHES_H_ diff --git a/security/sandbox/chromium/base/bind.h b/security/sandbox/chromium/base/bind.h new file mode 100644 index 0000000000..0bbc2aceb1 --- /dev/null +++ b/security/sandbox/chromium/base/bind.h @@ -0,0 +1,470 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_BIND_H_ +#define BASE_BIND_H_ + +#include +#include +#include +#include + +#include "base/bind_internal.h" +#include "base/compiler_specific.h" +#include "build/build_config.h" + +#if defined(OS_MACOSX) && !HAS_FEATURE(objc_arc) +#include "base/mac/scoped_block.h" +#endif + +// ----------------------------------------------------------------------------- +// Usage documentation +// ----------------------------------------------------------------------------- +// +// Overview: +// base::BindOnce() and base::BindRepeating() are helpers for creating +// base::OnceCallback and base::RepeatingCallback objects respectively. +// +// For a runnable object of n-arity, the base::Bind*() family allows partial +// application of the first m arguments. The remaining n - m arguments must be +// passed when invoking the callback with Run(). +// +// // The first argument is bound at callback creation; the remaining +// // two must be passed when calling Run() on the callback object. +// base::OnceCallback cb = base::BindOnce( +// [](short x, int y, long z) { return x * y * z; }, 42); +// +// When binding to a method, the receiver object must also be specified at +// callback creation time. When Run() is invoked, the method will be invoked on +// the specified receiver object. +// +// class C : public base::RefCounted { void F(); }; +// auto instance = base::MakeRefCounted(); +// auto cb = base::BindOnce(&C::F, instance); +// std::move(cb).Run(); // Identical to instance->F() +// +// base::Bind is currently a type alias for base::BindRepeating(). In the +// future, we expect to flip this to default to base::BindOnce(). +// +// See //docs/callback.md for the full documentation. +// +// ----------------------------------------------------------------------------- +// Implementation notes +// ----------------------------------------------------------------------------- +// +// If you're reading the implementation, before proceeding further, you should +// read the top comment of base/bind_internal.h for a definition of common +// terms and concepts. + +namespace base { + +namespace internal { + +// IsOnceCallback is a std::true_type if |T| is a OnceCallback. +template +struct IsOnceCallback : std::false_type {}; + +template +struct IsOnceCallback> : std::true_type {}; + +// Helper to assert that parameter |i| of type |Arg| can be bound, which means: +// - |Arg| can be retained internally as |Storage|. +// - |Arg| can be forwarded as |Unwrapped| to |Param|. +template +struct AssertConstructible { + private: + static constexpr bool param_is_forwardable = + std::is_constructible::value; + // Unlike the check for binding into storage below, the check for + // forwardability drops the const qualifier for repeating callbacks. This is + // to try to catch instances where std::move()--which forwards as a const + // reference with repeating callbacks--is used instead of base::Passed(). + static_assert( + param_is_forwardable || + !std::is_constructible&&>::value, + "Bound argument |i| is move-only but will be forwarded by copy. " + "Ensure |Arg| is bound using base::Passed(), not std::move()."); + static_assert( + param_is_forwardable, + "Bound argument |i| of type |Arg| cannot be forwarded as " + "|Unwrapped| to the bound functor, which declares it as |Param|."); + + static constexpr bool arg_is_storable = + std::is_constructible::value; + static_assert(arg_is_storable || + !std::is_constructible&&>::value, + "Bound argument |i| is move-only but will be bound by copy. " + "Ensure |Arg| is mutable and bound using std::move()."); + static_assert(arg_is_storable, + "Bound argument |i| of type |Arg| cannot be converted and " + "bound as |Storage|."); +}; + +// Takes three same-length TypeLists, and applies AssertConstructible for each +// triples. +template +struct AssertBindArgsValidity; + +template +struct AssertBindArgsValidity, + TypeList, + TypeList, + TypeList> + : AssertConstructible, Unwrapped, Params>... { + static constexpr bool ok = true; +}; + +// The implementation of TransformToUnwrappedType below. +template +struct TransformToUnwrappedTypeImpl; + +template +struct TransformToUnwrappedTypeImpl { + using StoredType = std::decay_t; + using ForwardType = StoredType&&; + using Unwrapped = decltype(Unwrap(std::declval())); +}; + +template +struct TransformToUnwrappedTypeImpl { + using StoredType = std::decay_t; + using ForwardType = const StoredType&; + using Unwrapped = decltype(Unwrap(std::declval())); +}; + +// Transform |T| into `Unwrapped` type, which is passed to the target function. +// Example: +// In is_once == true case, +// `int&&` -> `int&&`, +// `const int&` -> `int&&`, +// `OwnedWrapper&` -> `int*&&`. +// In is_once == false case, +// `int&&` -> `const int&`, +// `const int&` -> `const int&`, +// `OwnedWrapper&` -> `int* const &`. +template +using TransformToUnwrappedType = + typename TransformToUnwrappedTypeImpl::Unwrapped; + +// Transforms |Args| into `Unwrapped` types, and packs them into a TypeList. +// If |is_method| is true, tries to dereference the first argument to support +// smart pointers. +template +struct MakeUnwrappedTypeListImpl { + using Type = TypeList...>; +}; + +// Performs special handling for this pointers. +// Example: +// int* -> int*, +// std::unique_ptr -> int*. +template +struct MakeUnwrappedTypeListImpl { + using UnwrappedReceiver = TransformToUnwrappedType; + using Type = TypeList()), + TransformToUnwrappedType...>; +}; + +template +using MakeUnwrappedTypeList = + typename MakeUnwrappedTypeListImpl::Type; + +// Used below in BindImpl to determine whether to use Invoker::Run or +// Invoker::RunOnce. +// Note: Simply using `kIsOnce ? &Invoker::RunOnce : &Invoker::Run` does not +// work, since the compiler needs to check whether both expressions are +// well-formed. Using `Invoker::Run` with a OnceCallback triggers a +// static_assert, which is why the ternary expression does not compile. +// TODO(crbug.com/752720): Remove this indirection once we have `if constexpr`. +template +constexpr auto GetInvokeFunc(std::true_type) { + return Invoker::RunOnce; +} + +template +constexpr auto GetInvokeFunc(std::false_type) { + return Invoker::Run; +} + +template