Skip to content

Commit a56377e

Browse files
author
Kaloyan Chehlarski
committed
Allow multiple extra "no-execute" storage paths
Currently, Chromium only allows a single extra path where the deny execute ACE will be set for files within. However, since we allow multiple non-OTR profiles to be alive at the same time, we need to have multiple storage folders with execution protection (particularly for blob files). This change modifies the current extra path key in file_util_win.cc to instead be a vector of keys, allowing multiple paths to be whitelisted (provided those keys have been registered with the path service beforehand). Change-Id: Ic6869d89055821e4fdb9175b1191685632ed74f4 Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/565784 Reviewed-by: Allan Sandfeld Jensen <[email protected]>
1 parent 6256c98 commit a56377e

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

chromium/base/files/file_util_win.cc

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ namespace base {
6060

6161
namespace {
6262

63-
int g_extra_allowed_path_for_no_execute = 0;
63+
std::vector<int> g_extra_allowed_paths_for_no_execute;
6464

6565
const DWORD kFileShareAll =
6666
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
@@ -384,8 +384,8 @@ bool IsPathSafeToSetAclOn(const FilePath& path) {
384384
}
385385
#endif // BUILDFLAG(CLANG_PROFILING)
386386
std::vector<int> valid_path_keys({DIR_TEMP});
387-
if (g_extra_allowed_path_for_no_execute) {
388-
valid_path_keys.push_back(g_extra_allowed_path_for_no_execute);
387+
for (int key : g_extra_allowed_paths_for_no_execute) {
388+
valid_path_keys.push_back(key);
389389
}
390390

391391
// MakeLongFilePath is needed here because temp files can have an 8.3 path
@@ -1195,12 +1195,10 @@ bool PreventExecuteMapping(const FilePath& path) {
11951195
}
11961196

11971197
void SetExtraNoExecuteAllowedPath(int path_key) {
1198-
DCHECK(!g_extra_allowed_path_for_no_execute ||
1199-
g_extra_allowed_path_for_no_execute == path_key);
1200-
g_extra_allowed_path_for_no_execute = path_key;
1198+
g_extra_allowed_paths_for_no_execute.push_back(path_key);
12011199
base::FilePath valid_path;
12021200
DCHECK(
1203-
base::PathService::Get(g_extra_allowed_path_for_no_execute, &valid_path));
1201+
base::PathService::Get(path_key, &valid_path));
12041202
}
12051203

12061204
// -----------------------------------------------------------------------------

0 commit comments

Comments
 (0)