OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h" | |
6 | |
7 #include <sys/types.h> | |
8 | |
9 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h" | |
10 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" | |
11 | |
12 namespace sandbox { | |
13 | |
14 BaselinePolicyAndroid::BaselinePolicyAndroid() | |
15 : BaselinePolicy() {} | |
16 | |
17 BaselinePolicyAndroid::~BaselinePolicyAndroid() {} | |
18 | |
19 ErrorCode BaselinePolicyAndroid::EvaluateSyscall(SandboxBPF* sandbox, | |
20 int sysno) const { | |
21 bool allowed = false; | |
22 | |
23 switch (sysno) { | |
24 case __NR_open: | |
jln (very slow on Chromium)
2014/03/07 01:30:30
Very excited if this works!
We may want to experi
Robert Sesek
2014/03/25 21:57:17
Yes, this does work! This mostly appears to be rea
| |
25 | |
26 case __NR_uname: | |
27 | |
28 case __NR_flock: | |
29 case __NR_sigaltstack: | |
30 case __NR_rt_sigtimedwait: | |
31 case __NR_mremap: | |
32 case __NR_ioctl: | |
33 case __NR_pread64: | |
34 case __NR_getpriority: | |
35 case __NR_setpriority: | |
36 case __NR_ugetrlimit: | |
37 allowed = true; | |
38 break; | |
39 } | |
40 | |
41 if (allowed) | |
42 return ErrorCode(ErrorCode::ERR_ALLOWED); | |
43 | |
44 return BaselinePolicy::EvaluateSyscall(sandbox, sysno); | |
45 } | |
46 | |
47 } // namespace sandbox | |
OLD | NEW |