[fuchsia] Add ambient-executable feature flag

Adding ambient-executable feature flag to component sandboxes as a preflight for restricting the use of replace_as_executable with an invalid handle. Bug: SEC-354 Change-Id: If23482218720e8024f054a7dafc3f4366d1db7f9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1687945 Commit-Queue: Oliver Hunt <ojh@google.com> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Yuchen Liu <yucliu@chromium.org> Reviewed-by: Fabrice de Gans-Riberi <fdegans@chromium.org> Cr-Commit-Position: refs/heads/master@{#675848}
Denger-Network · Jul 9, 2019 · 9628153 · 9628153
1 parent ea214ea
commit 9628153
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 7 deletions.
diff --git a/build/config/fuchsia/tests.cmx b/build/config/fuchsia/tests.cmx
@@ -4,7 +4,8 @@
       "isolated-persistent-storage",
       "root-ssl-certificates",
       "system-temp",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
     ],
     "dev": [
       "null",

diff --git a/chromecast/cast_shell.cmx b/chromecast/cast_shell.cmx
@@ -4,7 +4,8 @@
       "isolated-persistent-storage",
       "root-ssl-certificates",
       "system-temp",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
     ],
     "dev": [
       "null",

diff --git a/fuchsia/engine/web_engine.cmx b/fuchsia/engine/web_engine.cmx
@@ -2,7 +2,8 @@
   "sandbox": {
     "features": [
       "root-ssl-certificates",
-      "vulkan"
+      "vulkan",
+      "deprecated-ambient-replace-as-executable"
     ],
     "services": [
       "fuchsia.logger.LogSink",

diff --git a/fuchsia/engine/web_engine_integration_tests.cmx b/fuchsia/engine/web_engine_integration_tests.cmx
@@ -3,7 +3,8 @@
     "features": [
       "isolated-persistent-storage",
       "deprecated-shell",
-      "system-temp"
+      "system-temp",
+      "deprecated-ambient-replace-as-executable"
     ],
     "services": [
       "fuchsia.device.NameProvider",

diff --git a/fuchsia/http/http.cmx b/fuchsia/http/http.cmx
@@ -1,7 +1,8 @@
 {
   "sandbox": {
     "features": [
-      "root-ssl-certificates"
+      "root-ssl-certificates",
+      "deprecated-ambient-replace-as-executable"
     ],
     "services": [
       "fuchsia.device.NameProvider",

diff --git a/fuchsia/runners/cast/cast_runner.cmx b/fuchsia/runners/cast/cast_runner.cmx
@@ -1,6 +1,8 @@
 {
   "sandbox": {
-    "features": [],
+    "features": [
+      "deprecated-ambient-replace-as-executable"
+    ],
     "services": [
       "chromium.cast.ApplicationConfigManager",
       "fuchsia.device.NameProvider",

diff --git a/fuchsia/runners/web/web_runner.cmx b/fuchsia/runners/web/web_runner.cmx
@@ -1,7 +1,8 @@
 {
   "sandbox": {
     "features": [
-      "isolated-persistent-storage"
+      "isolated-persistent-storage",
+      "deprecated-ambient-replace-as-executable"
     ],
     "services": [
       "fuchsia.device.NameProvider",