Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h

Issue 1133303005: Non-SFI mode: Open primary IPC::Channel before seccomp-sandbox enabled. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/nacl/loader/nacl_helper_linux.cc ('K') | « components/nacl/loader/nonsfi/nonsfi_listener.cc ('k') | components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_ 5 #ifndef COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
6 #define COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_ 6 #define COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
7 7
8 #include "base/files/scoped_file.h" 8 #include "base/files/scoped_file.h"
9 #include "base/macros.h" 9 #include "base/macros.h"
10 #include "base/memory/scoped_ptr.h" 10 #include "base/memory/scoped_ptr.h"
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 // Seal the layer-1 sandbox, making it enforcing. 61 // Seal the layer-1 sandbox, making it enforcing.
62 void SealLayerOneSandbox(); 62 void SealLayerOneSandbox();
63 // Check that the current sandboxing state matches the level of sandboxing 63 // Check that the current sandboxing state matches the level of sandboxing
64 // expected for NaCl in the current configuration. Crash if it does not. 64 // expected for NaCl in the current configuration. Crash if it does not.
65 void CheckSandboxingStateWithPolicy(); 65 void CheckSandboxingStateWithPolicy();
66 66
67 bool layer_one_enabled() { return layer_one_enabled_; } 67 bool layer_one_enabled() { return layer_one_enabled_; }
68 bool layer_two_enabled() { return layer_two_enabled_; } 68 bool layer_two_enabled() { return layer_two_enabled_; }
69 69
70 private: 70 private:
71 void CheckForExpectedNumberOfOpenFds(); 71 void CheckForExpectedNumberOfOpenFds(bool uses_nonsfi_mode);
72 72
73 bool layer_one_enabled_; 73 bool layer_one_enabled_;
74 bool layer_one_sealed_; 74 bool layer_one_sealed_;
75 bool layer_two_enabled_; 75 bool layer_two_enabled_;
76 bool layer_two_is_nonsfi_; 76 bool layer_two_is_nonsfi_;
77 // |proc_fd_| must be released before the layer-1 sandbox is considered 77 // |proc_fd_| must be released before the layer-1 sandbox is considered
78 // enforcing. 78 // enforcing.
79 base::ScopedFD proc_fd_; 79 base::ScopedFD proc_fd_;
80 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; 80 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
81 DISALLOW_COPY_AND_ASSIGN(NaClSandbox); 81 DISALLOW_COPY_AND_ASSIGN(NaClSandbox);
82 }; 82 };
83 83
84 } // namespace nacl 84 } // namespace nacl
85 85
86 #endif // COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_ 86 #endif // COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
OLDNEW
« components/nacl/loader/nacl_helper_linux.cc ('K') | « components/nacl/loader/nonsfi/nonsfi_listener.cc ('k') | components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698