Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Unified Diff: mojo/shell/runner/host/linux_sandbox.cc

Issue 1613883002: Linux Sandbox: whitelist arm64 syscalls (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase to apply on head Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: mojo/shell/runner/host/linux_sandbox.cc
diff --git a/mojo/shell/runner/host/linux_sandbox.cc b/mojo/shell/runner/host/linux_sandbox.cc
index 545511e0c14ab337d22633da262f5e6c3e1dbaee..1142cb8b6b2cd4c7b66152d55cf5b998136d956e 100644
--- a/mojo/shell/runner/host/linux_sandbox.cc
+++ b/mojo/shell/runner/host/linux_sandbox.cc
@@ -77,15 +77,18 @@ class SandboxPolicy : public sandbox::BaselinePolicy {
sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
// This policy is only advisory/for noticing FS access for the moment.
switch (sysno) {
+#if !defined(__aarch64__)
Elliot Glaysher 2016/02/11 18:39:05 So I'm not an expert on this, but doesn't this mea
mdempsky 2016/02/11 18:48:13 __NR_access and __NR_open don't exist on ARM64. T
case __NR_access:
case __NR_open:
+#endif
case __NR_faccessat:
case __NR_openat:
return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_);
case __NR_sched_getaffinity:
return sandbox::RestrictSchedTarget(policy_pid(), sysno);
case __NR_ftruncate:
-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
+ defined(__aarch64__)
// Per #ifdefs in
// content/common/sandbox_linux/bpf_renderer_policy_linux.cc
case __NR_getrlimit:

Powered by Google App Engine
This is Rietveld 408576698