OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" | 5 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/stat.h> | 10 #include <sys/stat.h> |
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
163 | 163 |
164 std::unique_ptr<SandboxBPFBasePolicy> GetGpuProcessSandbox() { | 164 std::unique_ptr<SandboxBPFBasePolicy> GetGpuProcessSandbox() { |
165 const base::CommandLine& command_line = | 165 const base::CommandLine& command_line = |
166 *base::CommandLine::ForCurrentProcess(); | 166 *base::CommandLine::ForCurrentProcess(); |
167 bool allow_sysv_shm = false; | 167 bool allow_sysv_shm = false; |
168 if (command_line.HasSwitch(switches::kGpuSandboxAllowSysVShm)) { | 168 if (command_line.HasSwitch(switches::kGpuSandboxAllowSysVShm)) { |
169 DCHECK(IsArchitectureArm()); | 169 DCHECK(IsArchitectureArm()); |
170 allow_sysv_shm = true; | 170 allow_sysv_shm = true; |
171 } | 171 } |
172 | 172 |
| 173 // XXX: Generalize CrosArmGpuProcessPolicy to a new |
| 174 // GpuProcessPolicyEarlySandbox then here just rely on if |
| 175 // has switches::kGpuSandboxStartEarly |
173 if (IsChromeOS() && IsArchitectureArm()) { | 176 if (IsChromeOS() && IsArchitectureArm()) { |
174 return std::unique_ptr<SandboxBPFBasePolicy>( | 177 return std::unique_ptr<SandboxBPFBasePolicy>( |
175 new CrosArmGpuProcessPolicy(allow_sysv_shm)); | 178 new CrosArmGpuProcessPolicy(allow_sysv_shm)); |
176 } else { | 179 } else { |
177 bool allow_mincore = command_line.HasSwitch(switches::kUseGL) && | 180 bool allow_mincore = command_line.HasSwitch(switches::kUseGL) && |
178 command_line.GetSwitchValueASCII(switches::kUseGL) == | 181 command_line.GetSwitchValueASCII(switches::kUseGL) == |
179 gfx::kGLImplementationEGLName; | 182 gfx::kGLImplementationEGLName; |
180 return std::unique_ptr<SandboxBPFBasePolicy>( | 183 return std::unique_ptr<SandboxBPFBasePolicy>( |
181 new GpuProcessPolicy(allow_mincore)); | 184 new GpuProcessPolicy(allow_mincore)); |
182 } | 185 } |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
303 SandboxSeccompBPF::GetBaselinePolicy() { | 306 SandboxSeccompBPF::GetBaselinePolicy() { |
304 #if defined(USE_SECCOMP_BPF) | 307 #if defined(USE_SECCOMP_BPF) |
305 return std::unique_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); | 308 return std::unique_ptr<sandbox::bpf_dsl::Policy>(new BaselinePolicy); |
306 #else | 309 #else |
307 return std::unique_ptr<sandbox::bpf_dsl::Policy>(); | 310 return std::unique_ptr<sandbox::bpf_dsl::Policy>(); |
308 #endif // defined(USE_SECCOMP_BPF) | 311 #endif // defined(USE_SECCOMP_BPF) |
309 } | 312 } |
310 #endif // !defined(OS_NACL_NONSFI) | 313 #endif // !defined(OS_NACL_NONSFI) |
311 | 314 |
312 } // namespace content | 315 } // namespace content |
OLD | NEW |