OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "mojo/runner/host/linux_sandbox.h" | 5 #include "mojo/runner/host/linux_sandbox.h" |
6 | 6 |
7 #include <fcntl.h> | 7 #include <fcntl.h> |
8 #include <sys/syscall.h> | 8 #include <sys/syscall.h> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
76 // This policy is only advisory/for noticing FS access for the moment. | 76 // This policy is only advisory/for noticing FS access for the moment. |
77 switch (sysno) { | 77 switch (sysno) { |
78 case __NR_access: | 78 case __NR_access: |
79 case __NR_open: | 79 case __NR_open: |
80 case __NR_faccessat: | 80 case __NR_faccessat: |
81 case __NR_openat: | 81 case __NR_openat: |
82 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_); | 82 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_); |
83 case __NR_sched_getaffinity: | 83 case __NR_sched_getaffinity: |
84 return sandbox::RestrictSchedTarget(policy_pid(), sysno); | 84 return sandbox::RestrictSchedTarget(policy_pid(), sysno); |
85 case __NR_ftruncate: | 85 case __NR_ftruncate: |
| 86 #if defined(__NR_getrlimit) |
| 87 // __NR_getrlimit does not exist on all systems (e.g. in the arm/linux |
| 88 // build). |
86 case __NR_getrlimit: | 89 case __NR_getrlimit: |
| 90 #endif |
87 case __NR_uname: | 91 case __NR_uname: |
88 case __NR_getsockopt: | 92 case __NR_getsockopt: |
89 case __NR_setsockopt: | 93 case __NR_setsockopt: |
90 return sandbox::bpf_dsl::Allow(); | 94 return sandbox::bpf_dsl::Allow(); |
91 } | 95 } |
92 | 96 |
93 return BaselinePolicy::EvaluateSyscall(sysno); | 97 return BaselinePolicy::EvaluateSyscall(sysno); |
94 } | 98 } |
95 | 99 |
96 private: | 100 private: |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
146 ALLOW_UNUSED_LOCAL(leaked_broker); | 150 ALLOW_UNUSED_LOCAL(leaked_broker); |
147 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker); | 151 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker); |
148 } | 152 } |
149 | 153 |
150 void LinuxSandbox::Seal() { | 154 void LinuxSandbox::Seal() { |
151 proc_fd_.reset(); | 155 proc_fd_.reset(); |
152 } | 156 } |
153 | 157 |
154 } // namespace runner | 158 } // namespace runner |
155 } // namespace mojo | 159 } // namespace mojo |
OLD | NEW |