Google Git
Sign in
cos / mirrors / cros / chromiumos / third_party / autotest / refs/heads/release-R20-2268.B^! / .
commite903b10bab259364d5f12432ec482c328ea6da6f[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@chromium.org>Fri Jun 22 15:54:54 2012 -0700
committerJorge Lucangeli Obes <jorgelo@chromium.org>Mon Jul 16 14:48:59 2012 -0700
tree969f500f137f969ecd0ff90424540d1cbdb2f736
parentcbb2642f951bb6f10f347b3de19bc8df283ba7b2 [diff]
Fix security_RendererSandbox

To fix http://code.google.com/p/chromium/issues/detail?id=129884
we hacked the GPU process cmdline to "make it look like a renderer".
This makes the test fail, because the GPU process is not sandboxed.

BUG=chromium-os:32085
TEST=security_RendererSandbox passes again.

Reviewed-on: https://gerrit.chromium.org/gerrit/25972
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>

Clean backport.

Change-Id: I0211534b0a72fdb1e5eac5646e3a25ab61b2873a
Reviewed-on: https://gerrit.chromium.org/gerrit/27542
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jim Hebert <jimhebert@chromium.org>

diff --git a/client/site_tests/security_RendererSandbox/security_RendererSandbox.py b/client/site_tests/security_RendererSandbox/security_RendererSandbox.py
index 4b0cfe3..2c0e1b5 100644
--- a/client/site_tests/security_RendererSandbox/security_RendererSandbox.py
+++ b/client/site_tests/security_RendererSandbox/security_RendererSandbox.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -68,10 +68,19 @@
     # queries pgrep for the pid of the renderer. since this function is passed
     # as an argument to utils.poll_for_condition, the return values are set
     # to true/false depending on whether a pid has been found
-    def _get_renderer_pid(self):                             
-        pgrep = subprocess.Popen(['pgrep', '-f', '%s' % 'type=renderer'],
+    def _get_renderer_pid(self):
+        pgrep = subprocess.Popen(['pgrep', '-f', '-l', 'type=renderer'],
                                  stdout=subprocess.PIPE)
-        pids = pgrep.communicate()[0].split()
+        procs = pgrep.communicate()[0].splitlines()
+        pids = []
+        # we're adding '--ignored= --type=renderer' to the GPU process cmdline
+        # to fix http://code.google.com/p/chromium/issues/detail?id=129884
+        # this confuses 'pgrep' above, returning the pid of the GPU process,
+        # which is not sandboxed, as the pid of a renderer, breaking the test
+        for proc in procs:
+            if '--ignored= --type=renderer' not in proc:
+                pids.append(proc.split()[0])
+
         if pids:
             self.render_pid = pids[0]
             return True