OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 12 #include "base/logging.h" |
12 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
13 #include "content/public/common/sandbox_linux.h" | 14 #include "content/public/common/sandbox_linux.h" |
14 | 15 |
15 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ | 16 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \ |
16 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ | 17 defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \ |
17 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) | 18 defined(UNDEFINED_SANITIZER) || defined(SANITIZER_COVERAGE) |
18 #include <sanitizer/common_interface_defs.h> | 19 #include <sanitizer/common_interface_defs.h> |
19 #define ANY_OF_AMTLU_SANITIZER 1 | 20 #define ANY_OF_AMTLU_SANITIZER 1 |
20 #endif | 21 #endif |
21 | 22 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
111 | 112 |
112 // Check the policy and eventually start the seccomp-bpf sandbox. This should | 113 // Check the policy and eventually start the seccomp-bpf sandbox. This should |
113 // never be called with threads started. If we detect that threads have | 114 // never be called with threads started. If we detect that threads have |
114 // started we will crash. | 115 // started we will crash. |
115 bool StartSeccompBPF(const std::string& process_type); | 116 bool StartSeccompBPF(const std::string& process_type); |
116 | 117 |
117 // Limit the address space of the current process (and its children). | 118 // Limit the address space of the current process (and its children). |
118 // to make some vulnerabilities harder to exploit. | 119 // to make some vulnerabilities harder to exploit. |
119 bool LimitAddressSpace(const std::string& process_type); | 120 bool LimitAddressSpace(const std::string& process_type); |
120 | 121 |
| 122 // Returns a file descriptor to proc. The file descriptor is no longer valid |
| 123 // after the sandbox has been sealed. |
| 124 int proc_fd() const { |
| 125 DCHECK_NE(-1, proc_fd_); |
| 126 return proc_fd_; |
| 127 } |
| 128 |
121 #if defined(ANY_OF_AMTLU_SANITIZER) | 129 #if defined(ANY_OF_AMTLU_SANITIZER) |
122 __sanitizer_sandbox_arguments* sanitizer_args() const { | 130 __sanitizer_sandbox_arguments* sanitizer_args() const { |
123 return sanitizer_args_.get(); | 131 return sanitizer_args_.get(); |
124 }; | 132 }; |
125 #endif | 133 #endif |
126 | 134 |
127 private: | 135 private: |
128 friend struct DefaultSingletonTraits<LinuxSandbox>; | 136 friend struct DefaultSingletonTraits<LinuxSandbox>; |
129 | 137 |
130 LinuxSandbox(); | 138 LinuxSandbox(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 #if defined(ANY_OF_AMTLU_SANITIZER) | 176 #if defined(ANY_OF_AMTLU_SANITIZER) |
169 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; | 177 scoped_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; |
170 #endif | 178 #endif |
171 | 179 |
172 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); | 180 DISALLOW_COPY_AND_ASSIGN(LinuxSandbox); |
173 }; | 181 }; |
174 | 182 |
175 } // namespace content | 183 } // namespace content |
176 | 184 |
177 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ | 185 #endif // CONTENT_COMMON_SANDBOX_LINUX_SANDBOX_LINUX_H_ |
OLD | NEW |