Skip to content
Commit 411ce7e1 authored by Greg Kerr's avatar Greg Kerr Committed by Commit Bot
Browse files

macOS V2 Sandbox: Harden sandbox by specifying vnode-type for writes. 

This hardens the macOS sandbox by specifying an explicit vnode type for
all writeable files, reducing the risk that an attacker can symlink a
file Chrome has write access to, and modify the filesystem at will.

Bug: 793402
Change-Id: I53bbcc84345e432756eff0d2dc18a505719fd521
Reviewed-on: https://chromium-review.googlesource.com/829877


Reviewed-by: default avatarRobert Sesek <rsesek@chromium.org>
Commit-Queue: Greg Kerr <kerrnel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#524413}
parent d94535b3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment