Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(51)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc

Issue 1613883002: Linux Sandbox: whitelist arm64 syscalls (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase to apply on head Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/common/sandbox_linux/bpf_renderer_policy_linux.cc » ('j') | mojo/shell/runner/host/linux_sandbox.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h" 5 #include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/macros.h" 9 #include "base/macros.h"
10 #include "build/build_config.h" 10 #include "build/build_config.h"
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 } 99 }
100 100
101 switch (sysno) { 101 switch (sysno) {
102 #if defined(__i386__) || defined(__mips__) 102 #if defined(__i386__) || defined(__mips__)
103 // Needed on i386 to set-up the custom segments. 103 // Needed on i386 to set-up the custom segments.
104 case __NR_modify_ldt: 104 case __NR_modify_ldt:
105 #endif 105 #endif
106 // NaCl uses custom signal stacks. 106 // NaCl uses custom signal stacks.
107 case __NR_sigaltstack: 107 case __NR_sigaltstack:
108 // Below is fairly similar to the policy for a Chromium renderer. 108 // Below is fairly similar to the policy for a Chromium renderer.
109 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) 109 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
110 defined(__aarch64__)
Mark Seaborn 2016/02/26 20:25:30 This implies that we support running this NaCl cod
110 case __NR_getrlimit: 111 case __NR_getrlimit:
111 #endif 112 #endif
112 #if defined(__i386__) || defined(__arm__) 113 #if defined(__i386__) || defined(__arm__)
113 case __NR_ugetrlimit: 114 case __NR_ugetrlimit:
114 #endif 115 #endif
115 // NaCl runtime uses flock to simulate POSIX behavior for pwrite. 116 // NaCl runtime uses flock to simulate POSIX behavior for pwrite.
116 case __NR_flock: 117 case __NR_flock:
117 case __NR_pread64: 118 case __NR_pread64:
118 case __NR_pwrite64: 119 case __NR_pwrite64:
119 case __NR_sched_get_priority_max: 120 case __NR_sched_get_priority_max:
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
171 std::move(proc_fd)); 172 std::move(proc_fd));
172 if (sandbox_is_initialized) { 173 if (sandbox_is_initialized) {
173 RunSandboxSanityChecks(); 174 RunSandboxSanityChecks();
174 return true; 175 return true;
175 } 176 }
176 #endif // defined(USE_SECCOMP_BPF) 177 #endif // defined(USE_SECCOMP_BPF)
177 return false; 178 return false;
178 } 179 }
179 180
180 } // namespace nacl 181 } // namespace nacl
OLDNEW
« no previous file with comments | « no previous file | content/common/sandbox_linux/bpf_renderer_policy_linux.cc » ('j') | mojo/shell/runner/host/linux_sandbox.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698