Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(507)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 1128733002: Update from https://crrev.com/328418 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 282e72775d3441ba3a101483bd51a2b0b0f6a2f7..60c16d37302b880a63db88fcd2ebbbcb97f6a1da 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -11,7 +11,6 @@
#include <sched.h>
#include <signal.h>
#include <stdint.h>
-#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/resource.h>
@@ -32,6 +31,11 @@
#include "sandbox/linux/system_headers/linux_futex.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
+// PNaCl toolchain does not provide sys/ioctl.h header.
+#if !defined(OS_NACL_NONSFI)
+#include <sys/ioctl.h>
+#endif
+
#if defined(OS_ANDROID)
#if !defined(F_DUPFD_CLOEXEC)
@@ -104,6 +108,7 @@ using sandbox::bpf_dsl::ResultExpr;
namespace sandbox {
+#if !defined(OS_NACL_NONSFI)
// Allow Glibc's and Android pthread creation flags, crash on any other
// thread creation attempts and EPERM attempts to use neither
// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
@@ -261,21 +266,6 @@ ResultExpr RestrictGetSetpriority(pid_t target_pid) {
.Else(CrashSIGSYS());
}
-ResultExpr RestrictClockID() {
- static_assert(4 == sizeof(clockid_t), "clockid_t is not 32bit");
- const Arg<clockid_t> clockid(0);
- return If(
-#if defined(OS_CHROMEOS)
- // Allow the special clock for Chrome OS used by Chrome tracing.
- clockid == base::TimeTicks::kClockSystemTrace ||
-#endif
- clockid == CLOCK_MONOTONIC ||
- clockid == CLOCK_PROCESS_CPUTIME_ID ||
- clockid == CLOCK_REALTIME ||
- clockid == CLOCK_THREAD_CPUTIME_ID,
- Allow()).Else(CrashSIGSYS());
-}
-
ResultExpr RestrictSchedTarget(pid_t target_pid, int sysno) {
switch (sysno) {
case __NR_sched_getaffinity:
@@ -306,5 +296,21 @@ ResultExpr RestrictGetrusage() {
const Arg<int> who(0);
return If(who == RUSAGE_SELF, Allow()).Else(CrashSIGSYS());
}
+#endif // !defined(OS_NACL_NONSFI)
+
+ResultExpr RestrictClockID() {
+ static_assert(4 == sizeof(clockid_t), "clockid_t is not 32bit");
+ const Arg<clockid_t> clockid(0);
+ return If(
+#if defined(OS_CHROMEOS)
+ // Allow the special clock for Chrome OS used by Chrome tracing.
+ clockid == base::TimeTicks::kClockSystemTrace ||
+#endif
+ clockid == CLOCK_MONOTONIC ||
+ clockid == CLOCK_PROCESS_CPUTIME_ID ||
+ clockid == CLOCK_REALTIME ||
+ clockid == CLOCK_THREAD_CPUTIME_ID,
+ Allow()).Else(CrashSIGSYS());
+}
} // namespace sandbox.
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ('k') | sandbox/linux/seccomp-bpf/syscall.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698