Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(562)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/renderer_main_platform_delegate_android.cc

Issue 180783019: [Android] Define a baseline seccomp-bpf sandbox policy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/content_renderer.gypi ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/renderer_main_platform_delegate.h" 5 #include "content/renderer/renderer_main_platform_delegate.h"
6
6 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/rand_util.h"
9 #include "base/sys_info.h"
10 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h"
11 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
12 #include "third_party/skia/include/ports/SkFontConfigInterface.h"
13 #include "v8/include/v8.h"
7 14
8 #ifdef ENABLE_VTUNE_JIT_INTERFACE 15 #ifdef ENABLE_VTUNE_JIT_INTERFACE
9 #include "content/public/common/content_switches.h" 16 #include "content/public/common/content_switches.h"
10 #include "v8/src/third_party/vtune/v8-vtune.h" 17 #include "v8/src/third_party/vtune/v8-vtune.h"
11 #endif 18 #endif
12 19
13 namespace content { 20 namespace content {
14 21
22 namespace {
23
24 bool GenerateEntropy(unsigned char* buffer, size_t length) {
25 base::RandBytes(buffer, length);
26 return true;
27 }
28
29 void PreSandboxWarmUp() {
30 base::RandUint64();
31
32 base::SysInfo::AmountOfPhysicalMemory();
33 base::SysInfo::MaxSharedMemorySize();
34 base::SysInfo::NumberOfProcessors();
35
36 v8::V8::SetEntropySource(&GenerateEntropy);
37 v8::V8::Initialize();
38
39 SkFontConfigInterface::GetSingletonDirectInterface();
40 }
41
42 } // namespace
43
15 RendererMainPlatformDelegate::RendererMainPlatformDelegate( 44 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
16 const MainFunctionParams& parameters) 45 const MainFunctionParams& parameters)
17 : parameters_(parameters) { 46 : parameters_(parameters) {
18 } 47 }
19 48
20 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() { 49 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
21 } 50 }
22 51
23 void RendererMainPlatformDelegate::PlatformInitialize() { 52 void RendererMainPlatformDelegate::PlatformInitialize() {
24 #ifdef ENABLE_VTUNE_JIT_INTERFACE 53 #ifdef ENABLE_VTUNE_JIT_INTERFACE
25 const CommandLine& command_line = parameters_.command_line; 54 const CommandLine& command_line = parameters_.command_line;
26 if (command_line.HasSwitch(switches::kEnableVtune)) 55 if (command_line.HasSwitch(switches::kEnableVtune))
27 vTune::InitializeVtuneForV8(); 56 vTune::InitializeVtuneForV8();
28 #endif 57 #endif
29 } 58 }
30 59
31 void RendererMainPlatformDelegate::PlatformUninitialize() { 60 void RendererMainPlatformDelegate::PlatformUninitialize() {
32 } 61 }
33 62
34 bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) { 63 bool RendererMainPlatformDelegate::InitSandboxTests(bool no_sandbox) {
35 return true; 64 return true;
36 } 65 }
37 66
38 bool RendererMainPlatformDelegate::EnableSandbox() { 67 bool RendererMainPlatformDelegate::EnableSandbox() {
39 return true; 68 PreSandboxWarmUp();
69
70 sandbox::SandboxBPF sandbox;
71 sandbox.SetSandboxPolicy(new sandbox::BaselinePolicyAndroid);
72 sandbox.StartSandbox();
73 bool enabled = sandbox.SupportsSeccompSandbox(-1) ==
74 sandbox::SandboxBPF::STATUS_ENABLED;
75 CHECK(enabled);
76 return enabled;
40 } 77 }
41 78
42 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) { 79 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {
43 } 80 }
44 81
45 } // namespace content 82 } // namespace content
OLDNEW
« no previous file with comments | « content/content_renderer.gypi ('k') | sandbox/linux/sandbox_linux.gypi » ('j') | sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698