Chromium Code Reviews Chromium Code Reviews
Issue 13529027:
Switch Linux Auru ports over to POSIX SHM instead of legacy SYSV SHM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <asm/unistd.h> | 5 #include <asm/unistd.h> |
| 6 #include <dlfcn.h> | 6 #include <dlfcn.h> |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <linux/audit.h> | 9 #include <linux/audit.h> |
| 10 #include <linux/filter.h> | 10 #include <linux/filter.h> |
| (...skipping 1368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1379 case __NR_sched_getscheduler: | 1379 case __NR_sched_getscheduler: |
| 1380 case __NR_sched_setscheduler: | 1380 case __NR_sched_setscheduler: |
| 1381 case __NR_setpriority: | 1381 case __NR_setpriority: |
| 1382 case __NR_sysinfo: | 1382 case __NR_sysinfo: |
| 1383 case __NR_times: | 1383 case __NR_times: |
| 1384 case __NR_uname: | 1384 case __NR_uname: |
| 1385 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1385 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1386 case __NR_prlimit64: | 1386 case __NR_prlimit64: |
| 1387 return ErrorCode(EPERM); // See crbug.com/160157. | 1387 return ErrorCode(EPERM); // See crbug.com/160157. |
| 1388 default: | 1388 default: |
| 1389 // These need further tightening. | 1389 #if defined(TOOLKIT_GTK) |
|
jln (very slow on Chromium)
2013/04/06 00:22:23
Please, make an IfUsingToolKitGtk() function above
| |
| 1390 #if defined(__x86_64__) || defined(__arm__) | 1390 #if defined(__x86_64__) || defined(__arm__) |
| 1391 if (IsSystemVSharedMemory(sysno)) | 1391 if (IsSystemVSharedMemory(sysno)) |
| 1392 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1392 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1393 #endif | 1393 #endif |
| 1394 #if defined(__i386__) | 1394 #if defined(__i386__) |
| 1395 if (IsSystemVIpc(sysno)) | 1395 if (IsSystemVIpc(sysno)) |
| 1396 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1396 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1397 #endif | 1397 #endif |
| 1398 #endif | |
| 1398 | 1399 |
| 1399 // Default on the baseline policy. | 1400 // Default on the baseline policy. |
| 1400 return BaselinePolicy(sandbox, sysno); | 1401 return BaselinePolicy(sandbox, sysno); |
| 1401 } | 1402 } |
| 1402 } | 1403 } |
| 1403 | 1404 |
| 1404 ErrorCode FlashProcessPolicy(Sandbox *sandbox, int sysno, void *) { | 1405 ErrorCode FlashProcessPolicy(Sandbox *sandbox, int sysno, void *) { |
| 1405 switch (sysno) { | 1406 switch (sysno) { |
| 1406 case __NR_sched_get_priority_max: | 1407 case __NR_sched_get_priority_max: |
| 1407 case __NR_sched_get_priority_min: | 1408 case __NR_sched_get_priority_min: |
| 1408 case __NR_sched_getaffinity: | 1409 case __NR_sched_getaffinity: |
| 1409 case __NR_sched_getparam: | 1410 case __NR_sched_getparam: |
| 1410 case __NR_sched_getscheduler: | 1411 case __NR_sched_getscheduler: |
| 1411 case __NR_sched_setscheduler: | 1412 case __NR_sched_setscheduler: |
| 1412 case __NR_times: | 1413 case __NR_times: |
| 1413 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1414 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1414 case __NR_ioctl: | 1415 case __NR_ioctl: |
| 1415 return ErrorCode(ENOTTY); // Flash Access. | 1416 return ErrorCode(ENOTTY); // Flash Access. |
| 1416 default: | 1417 default: |
| 1417 // These need further tightening. | 1418 #if defined(TOOLKIT_GTK) |
|
jln (very slow on Chromium)
2013/04/06 00:22:23
Same remark here.
| |
| 1418 #if defined(__x86_64__) || defined(__arm__) | 1419 #if defined(__x86_64__) || defined(__arm__) |
| 1419 if (IsSystemVSharedMemory(sysno)) | 1420 if (IsSystemVSharedMemory(sysno)) |
| 1420 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1421 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1421 #endif | 1422 #endif |
| 1422 #if defined(__i386__) | 1423 #if defined(__i386__) |
| 1423 if (IsSystemVIpc(sysno)) | 1424 if (IsSystemVIpc(sysno)) |
| 1424 return ErrorCode(ErrorCode::ERR_ALLOWED); | 1425 return ErrorCode(ErrorCode::ERR_ALLOWED); |
| 1425 #endif | 1426 #endif |
| 1427 #endif | |
| 1426 | 1428 |
| 1427 // Default on the baseline policy. | 1429 // Default on the baseline policy. |
| 1428 return BaselinePolicy(sandbox, sysno); | 1430 return BaselinePolicy(sandbox, sysno); |
| 1429 } | 1431 } |
| 1430 } | 1432 } |
| 1431 | 1433 |
| 1432 ErrorCode BlacklistDebugAndNumaPolicy(Sandbox *sandbox, int sysno, void *) { | 1434 ErrorCode BlacklistDebugAndNumaPolicy(Sandbox *sandbox, int sysno, void *) { |
| 1433 if (!Sandbox::IsValidSyscallNumber(sysno)) { | 1435 if (!Sandbox::IsValidSyscallNumber(sysno)) { |
| 1434 // TODO(jln) we should not have to do that in a trivial policy. | 1436 // TODO(jln) we should not have to do that in a trivial policy. |
| 1435 return ErrorCode(ENOSYS); | 1437 return ErrorCode(ENOSYS); |
| (...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1623 // should enable it, enable it or die. | 1625 // should enable it, enable it or die. |
| 1624 bool started_sandbox = StartBpfSandbox(command_line, process_type); | 1626 bool started_sandbox = StartBpfSandbox(command_line, process_type); |
| 1625 CHECK(started_sandbox); | 1627 CHECK(started_sandbox); |
| 1626 return true; | 1628 return true; |
| 1627 } | 1629 } |
| 1628 #endif | 1630 #endif |
| 1629 return false; | 1631 return false; |
| 1630 } | 1632 } |
| 1631 | 1633 |
| 1632 } // namespace content | 1634 } // namespace content |
| OLD | NEW |
