| Index: sandbox/linux/bpf_dsl/trap_registry.h
|
| diff --git a/sandbox/linux/bpf_dsl/trap_registry.h b/sandbox/linux/bpf_dsl/trap_registry.h
|
| index 94d4722c8cc359dce0574f0982279b0d1e5d58db..0a5d2f14cccfcd2c51ed80e7bfa39d8811d79464 100644
|
| --- a/sandbox/linux/bpf_dsl/trap_registry.h
|
| +++ b/sandbox/linux/bpf_dsl/trap_registry.h
|
| @@ -49,10 +49,19 @@ class SANDBOX_EXPORT TrapRegistry {
|
|
|
| // EnableUnsafeTraps tries to enable unsafe traps and returns
|
| // whether it was successful. This is a one-way operation.
|
| + //
|
| + // CAUTION: Enabling unsafe traps effectively defeats the security
|
| + // guarantees provided by the sandbox policy. TrapRegistry
|
| + // implementations should ensure unsafe traps are only enabled
|
| + // during testing.
|
| virtual bool EnableUnsafeTraps() = 0;
|
|
|
| protected:
|
| TrapRegistry() {}
|
| +
|
| + // TrapRegistry's destructor is intentionally non-virtual so that
|
| + // implementations can omit their destructor. Instead we protect against
|
| + // misuse by marking it protected.
|
| ~TrapRegistry() {}
|
|
|
| DISALLOW_COPY_AND_ASSIGN(TrapRegistry);
|
|
|
Chromium Code Reviews
Issue 1001833005:
Update from https://crrev.com/320343 (Closed)
Base URL: git@github.com:domokit/mojo.git@master