Skip to content
Commit b00f780a authored by Tom Burgin's avatar Tom Burgin Committed by Chromium LUCI CQ
Browse files

code sign safe updates: clone browser app at startup 

Prevent code sign verification issues of the running instance of Chrome
when it has been updated on disk. `CodeSignCloneManager` does this by
creating a temporary clone of the on-disk app and a hard link of the
main executable during browser startup. The clone and hard link keeps
files covered by the code signature reachable on the file system for
verification.

For more details see the design doc:
https://docs.google.com/document/u/1/d/e/2PACX-1vSWYGCD-hFxN64Fdha43dIqtiC06ckoOW0nNPnjv4m_hwnAfOS6vZuWp04k8hCCX9s1fZRnQuI2cwAv/pub

Low-Coverage-Reason: TRIVIAL_CHANGE for sandbox_type.cc.

Bug: 338582873
Change-Id: I8d7660afc1ae710263864fe9cd198272bab97d6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5516058


Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Reviewed-by: default avatarAvi Drissman <avi@chromium.org>
Commit-Queue: Tom Burgin <bur@google.com>
Reviewed-by: default avatarWill Harris <wfh@chromium.org>
Reviewed-by: default avatarMark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1312727}
parent 8e100c56
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment