Enable Chrome sandboxing on Linux

Fix typo

Enable Chrome sandboxing on Linux
a2e8827b · Darl Cat · b3efcb8b · a2e8827b · a2e8827b · a2e8827b
Commit a2e8827b authored 3 years ago by Darl Cat
--- a/indra/newview/linux_tools/chrome_sandboxing_permissions_setup.sh
+++ b/indra/newview/linux_tools/chrome_sandboxing_permissions_setup.sh
+#!/usr/bin/env bash
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+SANDBOX_BIN="$SCRIPT_DIR/../bin/llplugin/chrome-sandbox"
+
+chown root:root $SANDBOX_BIN
+chmod 4755 $SANDBOX_BIN
--- a/indra/newview/linux_tools/install.sh
+++ b/indra/newview/linux_tools/install.sh
@@ -88,6 +88,18 @@ function install_to_prefix()
    echo " - Installing to $1"

    cp -a "${tarball_path}"/* "$1/" || die "Failed to complete the installation!"
+    
+    SANDBOX_BIN="$1/bin/llplugin/chrome-sandbox"
+    if [ "$UID" == "0" ]; then
+        "$1/etc/chrome_sandboxing_permissions_setup.sh"
+    else
+        echo "Permissions on $SANDBOX_BIN need to be set to enable security sandboxing for the integrated browser. You may be asked to authorize this step with administrative credentials."
+        prompt "This step is optional, though recommended for safety and security. Proceed with the installation? [Y/N]: "
+        if [[ $? == 0 ]]; then
+            exit 0 
+        fi
+        pkexec "$1/etc/chrome_sandboxing_permissions_setup.sh" || die "Failed to set permissions on chrome-sandbox"
+    fi
 }

 function backup_previous_installation()

--- a/indra/newview/linux_tools/wrapper.sh
+++ b/indra/newview/linux_tools/wrapper.sh
@@ -100,6 +100,15 @@ for ARG in "$@"; do
    fi
 done

+# Check chrome-sandbox permissions, and try to set them if they are not already
+SANDBOX_BIN=bin/chrome-sandbox
+# if set-user-id = false || is writable || executable = false || read is false || is owned by effective uid || is owned by effective gid
+if [[ !(-u $SANDBOX_BIN) || (-w $SANDBOX_BIN) || !(-x $SANDBOX_BIN) || !(-r $SANDBOX_BIN) || ( -O $SANDBOX_BIN) || (-G $SANDBOX_BIN) ]]; then
+    echo "$SANDBOX_BIN permissions are incorrect and will be reset"
+    SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+    pkexec "$SCRIPT_DIR/etc/chrome_sandboxing_permissions_setup.sh"
+fi
+
 # Run the program.
 # Don't quote $LL_WRAPPER because, if empty, it should simply vanish from the
 # command line. But DO quote "${ARGS[@]}": preserve separate args as

--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -1190,6 +1190,7 @@ def construct(self):
                self.path("register_secondlifeprotocol.sh")
                self.path("refresh_desktop_app_entry.sh")
                self.path("launch_url.sh")
+                self.path("chrome_sandboxing_permissions_setup.sh")
            self.path("install.sh")

        with self.prefix(dst="bin"):