Index: content/common/sandbox_seccomp_bpf_linux.cc |
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc |
index a2bfecf3b351ab73fae2498202e8f47c1c505092..9ee2820499d6e601534c2d567e1700ff68deb2a6 100644 |
--- a/content/common/sandbox_seccomp_bpf_linux.cc |
+++ b/content/common/sandbox_seccomp_bpf_linux.cc |
@@ -48,14 +48,6 @@ inline bool IsChromeOS() { |
#endif |
} |
-inline bool IsArchitectureI386() { |
-#if defined(__i386__) |
- return true; |
-#else |
- return false; |
-#endif |
-} |
- |
inline bool IsArchitectureArm() { |
#if defined(__arm__) |
return true; |
@@ -1201,18 +1193,11 @@ bool IsBaselinePolicyWatched(int sysno) { |
} |
} |
+// x86_64 and ARM for now. Needs to be adapted and tested for i386. |
ErrorCode BaselinePolicy(int sysno) { |
if (IsBaselinePolicyAllowed(sysno)) { |
return ErrorCode(ErrorCode::ERR_ALLOWED); |
} |
- |
-#if defined(__i386__) |
- // socketcall(2) should be tightened. |
- if (IsSocketCall(sysno)) { |
- return ErrorCode(ErrorCode::ERR_ALLOWED); |
- } |
-#endif |
- |
// TODO(jln): some system calls in those sets are not supposed to |
// return ENOENT. Return the appropriate error. |
if (IsFileSystem(sysno) || IsCurrentDirectory(sysno)) { |
@@ -1287,21 +1272,17 @@ ErrorCode RendererOrWorkerProcessPolicy(int sysno, void *) { |
case __NR_prlimit64: |
return ErrorCode(EPERM); // See crbug.com/160157. |
default: |
- // These need further tightening. |
#if defined(__x86_64__) || defined(__arm__) |
if (IsSystemVSharedMemory(sysno)) |
return ErrorCode(ErrorCode::ERR_ALLOWED); |
#endif |
-#if defined(__i386__) |
- if (IsSystemVIpc(sysno)) |
- return ErrorCode(ErrorCode::ERR_ALLOWED); |
-#endif |
// Default on the baseline policy. |
return BaselinePolicy(sysno); |
} |
} |
+// x86_64 and ARM for now. Needs to be adapted and tested for i386. |
ErrorCode FlashProcessPolicy(int sysno, void *) { |
switch (sysno) { |
case __NR_sched_getaffinity: |
@@ -1311,15 +1292,12 @@ ErrorCode FlashProcessPolicy(int sysno, void *) { |
case __NR_ioctl: |
return ErrorCode(ENOTTY); // Flash Access. |
default: |
- // These need further tightening. |
#if defined(__x86_64__) || defined(__arm__) |
+ // These are under investigation, and hopefully not here for the long |
+ // term. |
if (IsSystemVSharedMemory(sysno)) |
return ErrorCode(ErrorCode::ERR_ALLOWED); |
#endif |
-#if defined(__i386__) |
- if (IsSystemVIpc(sysno)) |
- return ErrorCode(ErrorCode::ERR_ALLOWED); |
-#endif |
// Default on the baseline policy. |
return BaselinePolicy(sysno); |
@@ -1370,11 +1348,11 @@ void WarmupPolicy(Sandbox::EvaluateSyscall policy) { |
Sandbox::EvaluateSyscall GetProcessSyscallPolicy( |
const CommandLine& command_line, |
const std::string& process_type) { |
+#if defined(__x86_64__) || defined(__arm__) |
if (process_type == switches::kGpuProcess) { |
// On Chrome OS, --enable-gpu-sandbox enables the more restrictive policy. |
- // However, we don't yet enable the more restrictive GPU process policy |
- // on i386 or ARM. |
- if (IsArchitectureI386() || IsArchitectureArm() || |
+ // However, we never enable the more restrictive GPU process policy on ARM. |
+ if (IsArchitectureArm() || |
(IsChromeOS() && !command_line.HasSwitch(switches::kEnableGpuSandbox))) |
return BlacklistDebugAndNumaPolicy; |
else |
@@ -1399,6 +1377,12 @@ Sandbox::EvaluateSyscall GetProcessSyscallPolicy( |
NOTREACHED(); |
// This will be our default if we need one. |
return AllowAllPolicy; |
+#else |
+ // On other architectures (currently IA32), |
+ // we only have a small blacklist at the moment. |
+ (void) process_type; |
+ return BlacklistDebugAndNumaPolicy; |
+#endif // __x86_64__ || __arm__ |
} |
// Initialize the seccomp-bpf sandbox. |