chrome/nacl/nacl_sandbox_linux.cc - Issue 16881004: Move chrome/nacl to components/nacl.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/nacl/nacl_sandbox_linux.cc

Issue 16881004: Move chrome/nacl to components/nacl. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Create a zygote folder Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/nacl/nacl_sandbox_linux.cc

diff --git a/chrome/nacl/nacl_sandbox_linux.cc b/chrome/nacl/nacl_sandbox_linux.cc

deleted file mode 100644

index 0f45d151def27612cafb1017a3669a3ce9ca4213..0000000000000000000000000000000000000000

--- a/chrome/nacl/nacl_sandbox_linux.cc

+++ /dev/null

@@ -1,72 +0,0 @@

-// Use of this source code is governed by a BSD-style license that can be

-// found in the LICENSE file.

-#include "chrome/nacl/nacl_sandbox_linux.h"

-#include <signal.h>

-#include <sys/ptrace.h>

-#include "base/callback.h"

-#include "base/compiler_specific.h"

-#include "base/logging.h"

-#include "content/public/common/sandbox_init.h"

-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

-#include "sandbox/linux/services/linux_syscalls.h"

-using playground2::ErrorCode;

-using playground2::Sandbox;

-namespace {

-// This policy does very little:

-// - Any invalid system call for the current architecture is handled by

-// the baseline policy.

-// - ptrace() is denied.

-// - Anything else is allowed.

-// Note that the seccomp-bpf sandbox always prevents cross-architecture

-// system calls (on x86, long/compatibility/x32).

-// So even this trivial policy has a security benefit.

-ErrorCode NaClBpfSandboxPolicy(

- playground2::Sandbox* sb, int sysnum, void* aux) {

- const playground2::BpfSandboxPolicyCallback baseline_policy =

- content::GetBpfSandboxBaselinePolicy();

- if (!playground2::Sandbox::IsValidSyscallNumber(sysnum)) {

- return baseline_policy.Run(sb, sysnum, aux);

- }

- switch (sysnum) {

- case __NR_ptrace:

- return ErrorCode(EPERM);

- default:

- return ErrorCode(ErrorCode::ERR_ALLOWED);

- }

- NOTREACHED();

- // GCC wants this.

- return ErrorCode(EPERM);

-void RunSandboxSanityChecks() {

- errno = 0;

- // Make a ptrace request with an invalid PID.

- long ptrace_ret = ptrace(PTRACE_PEEKUSER, -1 /* pid */, NULL, NULL);

- CHECK_EQ(-1, ptrace_ret);

- // Without the sandbox on, this ptrace call would ESRCH instead.

- CHECK_EQ(EPERM, errno);

-} // namespace

-bool InitializeBpfSandbox() {

- bool sandbox_is_initialized =

- content::InitializeSandbox(NaClBpfSandboxPolicy);

- RunSandboxSanityChecks();

- if (sandbox_is_initialized) {

- // TODO(jln): Find a way to fix this.

- // The sandbox' SIGSYS handler trips NaCl, so we disable it.

- // If SIGSYS is triggered it'll now execute the default action

- // (CORE). This will make it hard to track down bugs and sandbox violations.

- CHECK(signal(SIGSYS, SIG_DFL) != SIG_ERR);

- return true;

- }

- return false;

« no previous file with comments | « chrome/nacl/nacl_sandbox_linux.h ('k') | chrome/nacl/nacl_validation_db.h » ('j') | no next file with comments »