OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/logging.h" | |
13 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
14 #include "content/public/common/sandbox_linux.h" | 13 #include "content/public/common/sandbox_linux.h" |
15 | 14 |
16 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ | 15 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ |
17 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ | 16 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ |
18 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) | 17 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) |
19 #include <sanitizer/common_interface_defs.h> | 18 #include <sanitizer/common_interface_defs.h> |
20 #define ANY_OF_AMTLU_SANITIZER 1 | 19 #define ANY_OF_AMTLU_SANITIZER 1 |
21 #endif | 20 #endif |
22 | 21 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
112 | 111 |
113 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 112 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
114 // never be called with threads started. If we detect that threads have | 113 // never be called with threads started. If we detect that threads have |
115 // started we will crash. | 114 // started we will crash. |
116 bool StartSeccompBPF(const std::string& process_type); | 115 bool StartSeccompBPF(const std::string& process_type); |
117 | 116 |
118 // Limit the address space of the current process (and its children). | 117 // Limit the address space of the current process (and its children). |
119 // to make some vulnerabilities harder to exploit. | 118 // to make some vulnerabilities harder to exploit. |
120 bool LimitAddressSpace(const std::string& process_type); | 119 bool LimitAddressSpace(const std::string& process_type); |
121 | 120 |
122 // Returns a file descriptor to proc. The file descriptor is no longer valid | |
123 // after the sandbox has been sealed. | |
124 int proc_fd() const { | |
125 DCHECK_NE(-1, proc_fd_); | |
126 return proc_fd_; | |
127 } | |
128 | |
129 #if defined(ANY_OF_AMTLU_SANITIZER) | 121 #if defined(ANY_OF_AMTLU_SANITIZER) |
130 __sanitizer_sandbox_arguments* sanitizer_args() const { | 122 __sanitizer_sandbox_arguments* sanitizer_args() const { |
131 return sanitizer_args_.get(); | 123 return sanitizer_args_.get(); |
132 }; | 124 }; |
133 #endif | 125 #endif |
134 | 126 |
135 private: | 127 private: |
136 friend struct DefaultSingletonTraits<LinuxSandbox>; | 128 friend struct DefaultSingletonTraits<LinuxSandbox>; |
137 | 129 |
138 LinuxSandbox(); | 130 LinuxSandbox(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
176 #if defined(ANY_OF_AMTLU_SANITIZER) | 168 #if defined(ANY_OF_AMTLU_SANITIZER) |
177 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | 169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; |
178 #endif | 170 #endif |
179 | 171 |
180 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); | 172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); |
181 }; | 173 }; |
182 | 174 |
183 } // namespace content | 175 } // namespace content |
184 | 176 |
185 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |