Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(44)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mojo/runner/host/linux_sandbox.cc

Issue 1491463002: build CrOS chrome with gn (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: tested for arm board Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« build/toolchain/cros/BUILD.gn ('K') | « content/common/BUILD.gn ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "mojo/runner/host/linux_sandbox.h" 5 #include "mojo/runner/host/linux_sandbox.h"
6 6
7 #include <fcntl.h> 7 #include <fcntl.h>
8 #include <sys/syscall.h> 8 #include <sys/syscall.h>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 // This policy is only advisory/for noticing FS access for the moment. 76 // This policy is only advisory/for noticing FS access for the moment.
77 switch (sysno) { 77 switch (sysno) {
78 case __NR_access: 78 case __NR_access:
79 case __NR_open: 79 case __NR_open:
80 case __NR_faccessat: 80 case __NR_faccessat:
81 case __NR_openat: 81 case __NR_openat:
82 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_); 82 return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_);
83 case __NR_sched_getaffinity: 83 case __NR_sched_getaffinity:
84 return sandbox::RestrictSchedTarget(policy_pid(), sysno); 84 return sandbox::RestrictSchedTarget(policy_pid(), sysno);
85 case __NR_ftruncate: 85 case __NR_ftruncate:
86 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
87 // Per #ifdefs in
88 // content/common/sandbox_linux/bpf_renderer_policy_linux.cc
86 case __NR_getrlimit: 89 case __NR_getrlimit:
90 #endif
91 #if defined(__i386__) || defined(__arm__)
92 case __NR_ugetrlimit:
93 #endif
87 case __NR_uname: 94 case __NR_uname:
88 case __NR_getsockopt: 95 case __NR_getsockopt:
89 case __NR_setsockopt: 96 case __NR_setsockopt:
90 return sandbox::bpf_dsl::Allow(); 97 return sandbox::bpf_dsl::Allow();
91 } 98 }
92 99
93 return BaselinePolicy::EvaluateSyscall(sysno); 100 return BaselinePolicy::EvaluateSyscall(sysno);
94 } 101 }
95 102
96 private: 103 private:
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
146 ALLOW_UNUSED_LOCAL(leaked_broker); 153 ALLOW_UNUSED_LOCAL(leaked_broker);
147 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker); 154 ANNOTATE_LEAKING_OBJECT_PTR(leaked_broker);
148 } 155 }
149 156
150 void LinuxSandbox::Seal() { 157 void LinuxSandbox::Seal() {
151 proc_fd_.reset(); 158 proc_fd_.reset();
152 } 159 }
153 160
154 } // namespace runner 161 } // namespace runner
155 } // namespace mojo 162 } // namespace mojo
OLDNEW
« build/toolchain/cros/BUILD.gn ('K') | « content/common/BUILD.gn ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698