Google Git
Sign in
chromium / chromium / src / 8f8cc0b66bd9466cb5a3d64e4328cf0e6e8ca080
commit8f8cc0b66bd9466cb5a3d64e4328cf0e6e8ca080[log] [tgz]
authorkinuko@chromium.org <kinuko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>Thu Nov 29 10:38:52 2012
committerkinuko@chromium.org <kinuko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>Thu Nov 29 10:38:52 2012
tree024ed1ab98d0ef555df9ae9fbba9a729b504d3c6
parentf6caf151551030c83dbc635879d89d28f486d0d5 [diff]
Do not give blanket permission to the Sandboxed FileSystem directory and verify resolved paths

- Avoid giving unconditional blanket permission to the entire sandbox FileSystem data directory
- Perform the sanity check that the resolved path from the database is under the expected directory

BUG=162114
TEST=manual

Review URL: https://codereview.chromium.org/11308194

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@170159 0039d316-1c4b-4281-b951-d872f2087c98
6 files changed
tree: 024ed1ab98d0ef555df9ae9fbba9a729b504d3c6
  1. android_webview/
  2. ash/
  3. base/
  4. breakpad/
  5. build/
  6. cc/
  7. chrome/
  8. chrome_frame/
  9. chromeos/
  10. cloud_print/
  11. content/
  12. courgette/
  13. crypto/
  14. dbus/
  15. device/
  16. extensions/
  17. google_apis/
  18. google_update/
  19. gpu/
  20. ipc/
  21. jingle/
  22. media/
  23. native_client_sdk/
  24. net/
  25. ppapi/
  26. printing/
  27. remoting/
  28. rlz/
  29. sandbox/
  30. sdch/
  31. skia/
  32. sql/
  33. sync/
  34. testing/
  35. third_party/
  36. tools/
  37. ui/
  38. webkit/
  39. win8/
  40. .DEPS.git
  41. .gitignore
  42. .gitmodules
  43. Android.mk
  44. AUTHORS
  45. codereview.settings
  46. DEPS
  47. LICENSE
  48. LICENSE.chromium_os
  49. OWNERS
  50. PRESUBMIT.py
  51. PRESUBMIT_test.py
  52. WATCHLISTS