Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(624)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc

Issue 1029283003: WIP: Implement seccomp-bpf sandbox for nacl_helper_nonsfi. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/sandbox_linux/sandbox_init_linux.cc ('k') | content/content_nacl_nonsfi.gyp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
diff --git a/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
index 2f24b62719e60f32662ae1f095ccf1705a0446b2..7b4ad8aee6f3fcb3e58447b0354b801431728954 100644
--- a/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc
@@ -64,6 +64,8 @@ namespace {
void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy,
base::ScopedFD proc_fd);
+#if !defined(OS_NACL_NONSFI)
+
inline bool IsChromeOS() {
#if defined(OS_CHROMEOS)
return true;
@@ -144,7 +146,7 @@ void RunSandboxSanityChecks(const std::string& process_type) {
#endif // !defined(NDEBUG)
}
}
-
+#endif // !defined(OS_NACL_NONSFI)
// This function takes ownership of |policy|.
void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy,
@@ -160,6 +162,7 @@ void StartSandboxWithPolicy(sandbox::bpf_dsl::Policy* policy,
CHECK(sandbox.StartSandbox(SandboxBPF::SeccompLevel::SINGLE_THREADED));
}
+#if !defined(OS_NACL_NONSFI)
// nacl_helper needs to be tiny and includes only part of content/
// in its dependencies. Make sure to not link things that are not needed.
#if !defined(IN_NACL_HELPER)
@@ -220,6 +223,7 @@ bool StartBPFSandbox(const base::CommandLine& command_line,
return false;
}
#endif // !defined(IN_NACL_HELPER)
+#endif // !defined(OS_NACL_NONSFI)
} // namespace
@@ -237,6 +241,7 @@ bool SandboxSeccompBPF::IsSeccompBPFDesired() {
}
}
+#if !defined(OS_NACL_NONSFI)
bool SandboxSeccompBPF::ShouldEnableSeccompBPF(
const std::string& process_type) {
#if defined(USE_SECCOMP_BPF)
@@ -249,6 +254,7 @@ bool SandboxSeccompBPF::ShouldEnableSeccompBPF(
#endif // USE_SECCOMP_BPF
return false;
}
+#endif // !defined(OS_NACL_NONSFI)
bool SandboxSeccompBPF::SupportsSandbox() {
#if defined(USE_SECCOMP_BPF)
@@ -258,6 +264,7 @@ bool SandboxSeccompBPF::SupportsSandbox() {
return false;
}
+#if !defined(OS_NACL_NONSFI)
bool SandboxSeccompBPF::SupportsSandboxWithTsync() {
#if defined(USE_SECCOMP_BPF)
return SandboxBPF::SupportsSeccompSandbox(
@@ -285,6 +292,7 @@ bool SandboxSeccompBPF::StartSandbox(const std::string& process_type,
#endif
return false;
}
+#endif // !defined(OS_NACL_NONSFI)
bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
scoped_ptr<sandbox::bpf_dsl::Policy> policy,
@@ -299,6 +307,7 @@ bool SandboxSeccompBPF::StartSandboxWithExternalPolicy(
return false;
}
+#if !defined(OS_NACL_NONSFI)
scoped_ptr<sandbox::bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() {
#if defined(USE_SECCOMP_BPF)
return scoped_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy);
@@ -306,5 +315,6 @@ scoped_ptr<sandbox::bpf_dsl::Policy> SandboxSeccompBPF::GetBaselinePolicy() {
return scoped_ptr<sandbox::bpf_dsl::Policy>();
#endif // defined(USE_SECCOMP_BPF)
}
+#endif // !defined(OS_NACL_NONSFI)
} // namespace content
« no previous file with comments | « content/common/sandbox_linux/sandbox_init_linux.cc ('k') | content/content_nacl_nonsfi.gyp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698