Skip to content

Commit 27c30aa

Browse files
author
Kaloyan Chehlarski
committed
Allow multiple extra "no-execute" storage paths
Currently, Chromium only allows a single extra path where the deny execute ACE will be set for files within. However, since we allow multiple non-OTR profiles to be alive at the same time, we need to have multiple storage folders with execution protection (particularly for blob files). This change modifies the current extra path key in file_util_win.cc to instead be a vector of keys, allowing multiple paths to be whitelisted (provided those keys have been registered with the path service beforehand). Pick-to: 118-based Change-Id: Ic6869d89055821e4fdb9175b1191685632ed74f4 Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/565761 Reviewed-by: Allan Sandfeld Jensen <[email protected]>
1 parent fc4dffd commit 27c30aa

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

chromium/base/files/file_util_win.cc

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ namespace base {
6060

6161
namespace {
6262

63-
int g_extra_allowed_path_for_no_execute = 0;
63+
std::vector<int> g_extra_allowed_paths_for_no_execute;
6464

6565
bool g_disable_secure_system_temp_for_testing = false;
6666

@@ -386,8 +386,8 @@ bool IsPathSafeToSetAclOn(const FilePath& path) {
386386
}
387387
#endif // BUILDFLAG(CLANG_PROFILING)
388388
std::vector<int> valid_path_keys({DIR_TEMP});
389-
if (g_extra_allowed_path_for_no_execute) {
390-
valid_path_keys.push_back(g_extra_allowed_path_for_no_execute);
389+
for (int key : g_extra_allowed_paths_for_no_execute) {
390+
valid_path_keys.push_back(key);
391391
}
392392

393393
// MakeLongFilePath is needed here because temp files can have an 8.3 path
@@ -1209,12 +1209,10 @@ bool PreventExecuteMapping(const FilePath& path) {
12091209
}
12101210

12111211
void SetExtraNoExecuteAllowedPath(int path_key) {
1212-
DCHECK(!g_extra_allowed_path_for_no_execute ||
1213-
g_extra_allowed_path_for_no_execute == path_key);
1214-
g_extra_allowed_path_for_no_execute = path_key;
1212+
g_extra_allowed_paths_for_no_execute.push_back(path_key);
12151213
base::FilePath valid_path;
12161214
DCHECK(
1217-
base::PathService::Get(g_extra_allowed_path_for_no_execute, &valid_path));
1215+
base::PathService::Get(path_key, &valid_path));
12181216
}
12191217

12201218
// -----------------------------------------------------------------------------

0 commit comments

Comments
 (0)