Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(169)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc

Issue 1671333003: Revert of [Android] Fix Microdump generation when Seccomp-BPF is enabled. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
index 7074a2d44f9cc5841cd5b325e8477466613a3f14..c3b1605fc7dc6f091ae5456aad0371bcf2ee7c1a 100644
--- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
+++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
@@ -4,32 +4,16 @@
#include "content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.h"
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include "build/build_config.h"
#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
-using sandbox::bpf_dsl::AllOf;
using sandbox::bpf_dsl::Allow;
-using sandbox::bpf_dsl::AnyOf;
-using sandbox::bpf_dsl::Arg;
-using sandbox::bpf_dsl::If;
-using sandbox::bpf_dsl::Error;
using sandbox::bpf_dsl::ResultExpr;
namespace content {
-
-#ifndef SOCK_CLOEXEC
-#define SOCK_CLOEXEC O_CLOEXEC
-#endif
-
-#ifndef SOCK_NONBLOCK
-#define SOCK_NONBLOCK O_NONBLOCK
-#endif
SandboxBPFBasePolicyAndroid::SandboxBPFBasePolicyAndroid()
: SandboxBPFBasePolicy() {}
@@ -46,10 +30,8 @@
case __NR_flock:
#if defined(__x86_64__) || defined(__aarch64__)
case __NR_newfstatat:
- case __NR_getdents64:
#elif defined(__i386__) || defined(__arm__) || defined(__mips__)
case __NR_fstatat64:
- case __NR_getdents:
#endif
case __NR_getpriority:
case __NR_ioctl:
@@ -74,30 +56,8 @@
case __NR_getrlimit:
#endif
case __NR_uname:
-
- // Permit socket operations so that renderers can connect to logd and
- // debuggerd. The arguments to socket() are further restricted below.
- case __NR_socket:
- case __NR_connect:
-
- // Ptrace is allowed so the Breakpad Microdumper can fork in a renderer
- // and then ptrace the parent.
- case __NR_ptrace:
override_and_allow = true;
break;
- }
-
- if (sysno == __NR_socket) {
- const Arg<int> domain(0);
- const Arg<int> type(1);
- const Arg<int> protocol(2);
- const int kSockFlags = SOCK_CLOEXEC | SOCK_NONBLOCK;
- return If(AllOf(domain == AF_UNIX,
- AnyOf((type & ~kSockFlags) == SOCK_DGRAM,
- (type & ~kSockFlags) == SOCK_STREAM),
- protocol == 0),
- Allow())
- .Else(Error(EPERM));
}
if (override_and_allow)
« no previous file with comments | « no previous file | sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698