Google Git
Sign in
chromium/chromium/src/46e23c8166086ef63e7d383149d4c91f30b7415e
commit
46e23c8166086ef63e7d383149d4c91f30b7415e
[log]
author
Robert Sesek <rsesek@chromium.org>
Fri Feb 26 22:19:47 2021
committer
Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Feb 26 22:19:47 2021
tree
aa169561c24941967546c0dca752715f766466fc
parent
5704813b064370530b15b440ef1b949ca963282c [diff]
mac: Enable process-wide CPU mitigations where available.

The existing mitigation flag is per-thread, so this offers stronger
protections. The thread-specific mitigation will remain enabled in
order to support older macOS versions. The new process-wide flag does
not conflict with it (task takes precedence over thread).

The posix_spawnattr option is used instead of the libproc API, because
the latter requires permitting (allow system-sched (target self)) in the
sandbox, which would grant additional capabilities beyond the CPU
mitigations control.

Bug: 1129602
Change-Id: I876f2aae3a3e26a622c67ad181efbdfd91fa8b76
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2722913
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858301}
6 files changed
tree: aa169561c24941967546c0dca752715f766466fc
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. codelabs/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. weblayer/
  53. .clang-format
  54. .clang-tidy
  55. .eslintrc.js
  56. .git-blame-ignore-revs
  57. .gitattributes
  58. .gitignore
  59. .gn
  60. .vpython
  61. .vpython3
  62. .yapfignore
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. ENG_REVIEW_OWNERS
  70. LICENSE
  71. LICENSE.chromium_os
  72. OWNERS
  73. PRESUBMIT.py
  74. PRESUBMIT_test.py
  75. PRESUBMIT_test_mocks.py
  76. README.md
  77. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.